COPING WITH CLOUD

MIGRATION CHALLENGES: BEST PRACTICES AND

SECURITY CONSIDERATIONS

Agenda & Speakers

®

Rishi Vaish

VP of Product

Amrit Williams

CTO

• RightScale’s State of the Cloud

survey

• Why hybrid cloud is the standard of

choice

• 3 strategies for existing cloud server

workloads

• Benefits and security challenges of

migrating to cloud infrastructures

• Choosing a hybrid strategy

Cloud Usage is Ubiquitous…

Enterprises are Choosing Multiple Clouds

0%

20%

40%

60%

80%

100%

Cloud Beginners Cloud Explorers Cloud Focused

% o

f R

esp

on

de

nts

Benefits Grow with Cloud Maturity % of Respondents Reporting these Benefits

CapEx to OpEx

Business continuity

IT staff efficiency

Geographic reach

Higher performance

Cost savings

Faster time-to-market

Higher availability

Faster access to infrastructure

Greater scalability

Adoption is Driven by Clear Benefits

Source: RightScale 2014 State of the Cloud Report

What about

Existing

Workloads?

How can I migrate

existing workloads

to the cloud?

What Everyone Wants

vSphere

AWS or

other clouds

Greenfield

workloads

Migrated

workloads

Best Practice 1; Understand the realities

Best Practice:

Understand the

Realities

• Newer OS versions

• SSL termination

• Clustering of LBs

• App clustering

• Multi-cast

• Shared Filesystems

• Static IPs

14 Considerations for Migration

8

• Licensing

• Tenancy

• Scale-down Logic

• Bandwidth

• Virtual IP requirements

• Multi-master DB

• Database I/O

requirements

Three Strategies for Existing Workloads

9

Manage natively

Migrate elsewhere

Make portable

Best Practice: Be

Smart about

Strategy

Photo: stevendepolo

Segment Your App Portfolio

• Web architecture

• Elastic design

• Monolithic

• Legacy

• Traditional vendors

Cloud-Ready

• Greenfield

• Designed for cloud

Elastic Web

Traditional

Assess Apps for Cloud Readiness

12

REFACTOR

DON’T MIGRATE HOLD OFF

QUICK WINS

Technical Fit

Bu

sin

ess Im

pa

ct

App 1

App 7

App 3

App 12

App 4

App 6

App 2

App 5

App 8

App 11

App 10

App 9

Best Practice 3; Consider portability

Best Practice:

Plan for

Portability

• Lifecycle-based multi-cloud deployment

• Dev vs. Test vs. Staging vs. Prod

• New (Unpredictable) vs. Mature (Steady-State)

• Disaster Recovery

• Private for primary, Public for backup

• Geographic Reach

• Use clouds in different geographies

• Arbitrage costs

• Leverage different clouds based on costs

• Cloudbursting

• Base capacity in private, burst to public

Why Portability?

14

How to Make Portable Apps

15

RIghtScale Cloud-Enables your Enterprise

Your Cloud Portfolio

Self-Service Cloud Analytics Cloud Management

Manage Govern Optimize

RightScale Cloud Portfolio Management

Public

Clouds

Private

Clouds

Virtualized

Environments

What about

Security

and Compliance?

Place Cloud Beginners Cloud Focused

#1 Security (31%) Compliance (18%)

#2 Compliance (30%) Cost (17%)

#3 Managing multiple cloud

services (28%)

Performance (15%)

#4 Integration to internal

systems (28%)

Managing multiple cloud

services (13%)

#5 Governance/Control (26%) Security (13%)

Top 5 Challenges Change with Maturity

Top 5 Challenges Change with Cloud Maturity

Source: RightScale 2014 State of the Cloud Report

What makes cloud infrastructure great also breaks existing security approaches

19

Virtualized networks

New topologies

Highly Portable

Highly dynamic

Shared infrastructure

These cloud “pros”

become security “cons”

The days of simple infrastructure security…

20

… have given way to tremendous complexity.

21

The problem becomes more challenging in multi-cloud environments

22

Cloud Provider A

Cloud Provider B

Private Datacenter

www-

4

! www-

5

! www-

6

! www-

7

! www-

8

! www-

9

! www-10

!

www-

7

! www-

8

! www-

9

! www-10

!

www-1 www-2 www-3 www-4

Workloads become highly transient across multiple cloud environments.

ww

w-4

ww

w-4

ww

w-4

ww

w-4

Traditional Security Solutions Break…

23

Endpoint Security • Resource intensive • Licensing models • Do not work across disparate cloud environments

Virtual Appliances • No hardware acceleration • No gateway to deploy against • Do not well work across disparate cloud environments

Hypervisor Security • Affects density of virtualized environments • Limited visibility into workloads themselves • Cannot deploy into public cloud infrastructures

Cloud Security Responsibility Has Added More Complexity

24

Cu

sto

mer

Resp

on

sib

ility

Pro

vid

er

Resp

on

sib

ili

ty

Physical Facilities

Compute & Storage

Shared Network

Hypervisor

Virtual Machine

Data

App Code

App Framework

Operating System

“…the customer should assume responsibility

and management of, but not limited to, the

guest operating system.. and associated

application software...”

“it is possible for customers to enhance security

and/or meet more stringent compliance

requirements with the addition of… host

based firewalls, host based intrusion

detection/prevention, encryption and key

management.”

Amazon Web Services: Overview of Security

Processes

Shared Responsibility Model

Addressing security & compliance needs as infrastructure models migrate to cloud

25

• Strong access control

– User-auditing, privilege access monitoring, multi-factor authentication, device verification, etc…

• Exposure management

– Vulnerability assessment, configuration security monitoring, file integrity monitoring, etc…

• Compromise prevention

– Firewall management, application whitelisting, intrusion detection / prevention, data leak prevention, etc.

• Security & compliance intelligence, adherence to corporate policies

– Reporting and analytics, auditing, and standardized policy implementation, etc.

Needs Haven’t Changed

• Must work anywhere

– Traditional environments, public cloud infrastructures, private cloud infrastructures and hybrid cloud environments

• Diminished to no visibility and control

– Underlying security and control maintained by the infrastructure provider

• Hardware device limitations

– Traditional network appliance or security approaches that leverage underlying hardware are not effective or appropriate

• Dramatically higher rate of code & infrastructure change

– Highly transient workloads often in a continuous integration / delivery model

Delivery Parameters Have

CloudPassage Halo

26

• Highly automated security &

compliance platform

• Builds security directly into

compute workloads

• Secures any compute

workloads, at any scale

• Supports any cloud or

datacenter environment

• SaaS delivery model

Halo secure workloads anywhere at any scale and extends existing security investments

27

Halo API Halo Portal

# 28 #

#rightscale

Q & A and Resources

Access the 2014 State of the Cloud Report:

RightScale.com/lp/2014-state-of-the-cloud-report

Start a Free Trial of Halo

CloudPassage.com/halo

Check out our blogs

rightscale.com/blog

blog.cloudpassage.com ®