Public, Private, and Hybrid Clouds

Transcript

1. Public, Private, and Hybrid Clouds Adam Nelson http://kili.io [email protected] @varud

   Different Models for Different Scenarios

2. Cloud? • A compute or storage resource over which the

   user has no physical control but does retain strong logical control • It should be available on-demand - i.e. a Service • To the end user, the appearance of infinite scalability

3. Service? • Can a credit card, mPesa, bitcoin, or quota

   system (for private clouds) be used without interacting with a human? • Can more or fewer resources be allocated without interacting with a human? • Can it be managed programmatically via application programming interfaces (APIs)?

4. Software as a Service (SaaS) (user = normal person) •

   Dropbox • Github • Gmail • Google Drive • Uhasibu (Kenyan accounting system)

5. Platform as a Service (PaaS) (user = software developer) •

   Heroku • Salesforce • If corporate application developers can allocate and leverage databases without having to communicate with the DBA team

6. Infrastructure as a Service (IaaS) (user = Systems Administrator) •

   Amazon Web Services (AWS) • Rackspace • HP Cloud • Kili (Kenyan Public Cloud)

7. Bank of America

8. Bank of America? • Bank of America has a large

   private cloud • It runs on OpenStack (same as Rackspace and Kili Cloud) • Hundreds of workloads have been migrated to it already • Nobody else has access to it (it’s private)

9. CIA/NSA? • Oh yeah … the CIA runs a private

   cloud using Amazon Web Services’ software in their data center • And the NSA uses OpenStack in their data center • They’re both the most secure large-scale organizations on the planet - and they’ve deployed private clouds

10. Private? Public? • Private Cloud - Physically inside of a

    private data center, one tenant uses the infrastructure. • Public Cloud - Lives on the Internet, can be connected-to via VPN, multiple tenants share the same infrastructure.

11. What’s the Point of Private? • Private clouds can follow

    existing IT rules around security and use existing infrastructure • Private clouds can separate operations functions (air conditioning, hard drive replacement, server maintenance) from application delivery (high level networking, OS maintenance, programming)

12. What’s the Point of Public? • For Internet-facing groups (Netflix),

    it’s more scalable • For those without $10MM annual security budgets, it’s more secure • Totally outsource physical security (guards at the door, locked doors, access policy) • Totally outsource environmental security (data center grade fire suppression, air conditioning) • Totally outsource low-level networking (Internet uplinks, MPLS networks)

13. Public more secure? • Public clouds have teams with security

    experience that is often much stronger than teams at other organizations • Hypervisor exploits and similar cross-tenant attacks are extremely valuable - and hence not wasted on anything but financial institutions and enemies of the state

14. Hybrid • Private and public clouds can be connected •

    VPN or private line to connect the two • Apps for a physical office building would live in the local private cloud while Internet apps would live in the public section

15. Hybrid Security • Extremely sensitive apps live in the private

    cloud (i.e. core ledger systems) • Public-facing (i.e. Internet banking) applications live in the public cloud which allows the private cloud to be more thoroughly hardened than would otherwise be possible (i.e. no HTTPS access to the entire private cloud subnet)

16. Why? • More secure - separate application security from physical

    and low- level networking to better match skill-sets • More organizationally efficient - App developers can deploy without a requisition form from central IT • More economical - Servers are typically closer to capacity when allocated by the hour than when purchased for 3-5 year installations • More scalable - Allocation of resources done via API and on a public cloud can dip into the large fleets of servers available • More extensible - Adding a service (caching) can be as easy as a few application changes without involving an IT department

17. How? • Decide whether you want a private or public

    cloud or a hybrid solution • Find a local vendor like Kili Cloud to install your private cloud • Check out an OpenStack distribution from Ubuntu, Mirantis, or Piston • Use a public cloud like Kili Cloud (local) or Amazon Web Services (global) or both!

18. Adam Nelson http://kili.io [email protected] @varud