BMC Software, profile picture
Uploaded byBMC Software
PPTX, PDF1,417 views

Building and Operating Clouds

The document outlines effective strategies for building and operating cloud environments, emphasizing the importance of service availability and management in cloud operations. It identifies critical capabilities needed to meet user expectations for service quality, including proactive performance management and continuous resource optimization. Additionally, it discusses trust in cloud services, presenting recommendations on transparency, accountability, and security to foster consumer confidence.

Downloaded 114 times
Building and Operating Clouds:What to Do Once You Hit The On SwitchRoy Ritthaler, Sr. Director Product Marketing, BMCRich Plane, Director, Solution Development and Delivery, Harris Corp.
ObjectivesYou should leave today’s session knowing….Building and operating cloud environments is a known scienceThere are commercially viable software and solution provider opportunities in the market today for cloudLeveraging out-of-the-box software, it’s now possible to achieve an enterprise-level, fully operational cloud
AgendaCloud Operations – Delivering Highly Available CloudsRoy Ritthaler, Sr. Director, Product MarketingTrust in the Cloud – From Definition to DeliveryRich Plane, Director, Solution Development and Delivery, Harris CorporationQuestion & Answers
Cloud availability is business criticalSo far, cloud projects have focused on automated provisioning…but availability and cloud operations are usually an after thought
Clouds are difficult to manage …With new cloud complexity:Incredible, global scale
Local and public resources
Highly movable workloads
Ongoing new/ retired services
End-user expectationsTraditional challenges remain:Complex IT infrastructures
End-to-End application monitoring
Multiple data sources
Security considerationsThe result, a loss of business reputationFrustrated CustomersLong Recovery TimesCost and Efficiency Overruns
Cloud Operations use casesEnforce service levels for services delivered through cloudImprove service quality with hybrid cloudIdentify issues with cloud infrastructure to avoid outagesEnsure quality of transient cloud servicesOptimally balance workload distribution in the cloudEnsure service availability of unpredictable workloads
Operations is asking for three key capabilitiesMeet the user’s ongoing expectations for service qualityService Level EnforcementProactive Service Performance ManagementEnsure the performance of services and infrastructureContinuous Resource OptimizationRight-size capacity of individual services and the entire cloudCloud Operations SolutionIncorporate all three capabilities into a unified, modular solution
Meet the user’s ongoing expectations for service qualityBMC End User Experience ManagementCloud OperationsService Level EnforcementProactive Service Performance ManagementContinuous Resource Optimization
Ensuring Infrastructure PerformanceBMC ProactiveNet Performance ManagementCloud OperationsService Level EnforcementProactive Service Performance ManagementContinuous Resource OptimizationPredictive analytics and prioritization based on business impactExtend service views into cloud, virtual and physical infrastructureSingle platform to monitor private and public (Harris, AWS, Azure) clouds
Right-size capacity of cloud services and the entire cloudBMC Capacity OptimizationCloud OperationsCloud Infrastructure PlanningIntelligent PlacementService Level EnforcementProactive Service Performance ManagementAssess overall health and performance of your cloud environmentCross-cloud visibility of resource capacity utilization and efficiencyProvide intelligent placement advisory to Cloud Lifecycle ManagementOptimally allocate workload according to performance and policy constraintsContinuous Resource Optimization
Cloud Operations – The Critical CapabilitiesEnd User Behavior MonitoringReal-time business and end user impact analysisPredictive Service ImpactProactive identification of service performance problemsBusiness-Aware Capacity PlanningContinuously alignment of Cloud capacity with business demandOpen, Heterogeneous DesignPrevention of vendor lock-in and protection of long term business valueIntegrated Operating ModelIntegration with existing IT processes to maintain cloud services
Harris builds a trusted cloud using BMC SoftwareHarris Corp.More than 16,000 employees including nearly 7,000 engineers and scientists
$6 billion annual revenue
Industry leader in mission critical networked systemsCloud GoalsDelivering secure services in the cloud to their customersKey Use CasesRapidly provision new services for customers
Ensure customer service levels are met
Automated event identification & remediationImplementation HighlightsGreenfield implementation, building a new business from the ground upTrust in the Cloud – From Definition to DeliveryTrust – The Industry PerspectiveHarris Perspectives on TrustImplementing TrustYou Can Trust the Cloud!
About the TechAmerica CLOUD2 CommissionFormed to provide recommendations to Obama Administration Government deployment of cloud technologies
Public policies that will help drive US innovation in the cloudParticipation from 71 experts across industry and academiaCommissioned in April 2011 and final recommendations presented July 26, 2011DeliverablesFinal Report of recommendations
Cloud Buyer’s GuideSummary of CLOUD2 RecommendationsTrustTransparencyEnsuring the combination of factors that allows consumers of cloud services to be confident that the services are meeting their computing needsRequire vendors to share relevant information about their capabilities, offerings and service levelsTransnational Data FlowsTransformationRecommendations in policy, infrastructure, and training to help facilitate broader adoption of the cloudNeed for collaboration & standardization of data access across national bordersCommittee activities were structured around the four T’s
CLOUD2 Recommendations on TrustEnsuring that the cloud is meeting consumer’s needs for security, privacy, availabilityFactors Contributing to TrustTransparency of practices
Accountability
Resiliency
Redundancy
Access and Connectivity
Supply chain provenance
Life cycle integrity
GovernanceSpecific RecommendationsInternational standards for security and assurance Frameworks
Accelerate the development of an identity management ecosystem
Enact and improve legislation related to data breaches
Develop a joint research agenda for cloud technologyContentsTrust – The Industry PerspectiveHarris Perspectives on TrustImplementing TrustYou Can Trust the Cloud!
The Pillars of Trust
Barriers to the Cloud are RealTrustCost & Control
Defining Cyber TrustAssumed Trust:Perimeter-Centric, Heuristic and/or Blacklist-based, used for both Data in Motion and Data at RestExplicit Trust:Infrastructure and Information-Centric with a focus on specific positive image and software reference measurement and attestationIntrinsic Trust:Building explicit, positive and immutable trust methods into the hardware and software systems, for example Root of Trust for Measurement (RTM) and Trusted Platform Modules (TPM’s), along with supply chain-anchored hardware and software provenance and attestation
ContentsTrust – The Industry PerspectiveHarris Perspectives on TrustImplementing TrustYou Can Trust the Cloud!
Trusted Reference Technology> 2.8B code component signatures as deployed directly from the sourceFirmware and software on all active network (switches, routers, firewalls) and computing components continuously monitoredBeyond Security – Explicit TrustControl over your ITCompliance posture delivered on demandSoftware supply chain integrityApplication Data and Signature Database+2000 other vendorsGlobal Trust Repository(GTR)Enterprise Trust ServerReferenceConfigurationsCompliance AssessmentReportingCompliance ReportsInventory ReportsChange ReportsNotificationsIT InfrastructureEcommerce Service
Trading Service

More Related Content

PDF
ThousandEyes Overview
byThousandEyes
 
PPTX
Modernizing Your DNS Platform with NS1 and ThousandEyes
byThousandEyes
 
PPTX
AWS Outage Analysis
byThousandEyes
 
PPTX
The Top Outages of 2021: Analysis and Takeaways
byThousandEyes
 
PDF
AWS security monitoring and compliance validation from Adobe.
bySplunk
 
PPTX
ThousandEyes EMEA - Why 74% of IT Teams Are Not Ready for the Cloud
byThousandEyes
 
PPTX
Finding application problems before they impact users
byCA Application Performance Management (APM)
 
PDF
Automating Performance Monitoring at Microsoft
byThousandEyes
 
ThousandEyes Overview
byThousandEyes
 
Modernizing Your DNS Platform with NS1 and ThousandEyes
byThousandEyes
 
AWS Outage Analysis
byThousandEyes
 
The Top Outages of 2021: Analysis and Takeaways
byThousandEyes
 
AWS security monitoring and compliance validation from Adobe.
bySplunk
 
ThousandEyes EMEA - Why 74% of IT Teams Are Not Ready for the Cloud
byThousandEyes
 
Finding application problems before they impact users
byCA Application Performance Management (APM)
 
Automating Performance Monitoring at Microsoft
byThousandEyes
 

What's hot

PDF
Serverless Computing: Driving Innovation and Business Value
byAlibaba Cloud
 
PPTX
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
byAlibaba Cloud
 
PDF
Keynote: Customer Journey with Streaming Data on AWS - Rahul Pathak, AWS
byFlink Forward
 
PDF
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
byThousandEyes
 
PPTX
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
bySumo Logic
 
PPTX
Can you process 10 trillion logs per day software architecture conference 2015
bySumo Logic
 
PDF
Cisco IT and ThousandEyes
byThousandEyes
 
PDF
Petabytes and Nanoseconds
byRobert Greiner
 
PPTX
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
byCodit
 
Serverless Computing: Driving Innovation and Business Value
byAlibaba Cloud
 
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
byAlibaba Cloud
 
Keynote: Customer Journey with Streaming Data on AWS - Rahul Pathak, AWS
byFlink Forward
 
Monitoring Apps & Networks in a Cloud-Centric World at Gartner IOSS 2016
byThousandEyes
 
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
bySumo Logic
 
Can you process 10 trillion logs per day software architecture conference 2015
bySumo Logic
 
Cisco IT and ThousandEyes
byThousandEyes
 
Petabytes and Nanoseconds
byRobert Greiner
 
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
byCodit
 

Similar to Building and Operating Clouds

PPTX
Cloud Computing dominated by AI in modern world
byDhruvPatel79152
 
PDF
Cloud Services: Powering Enterprise Innovation and Agility in 2025
bybasilmph
 
PPTX
CloudHesive x Datadog Multi Generational Observability
byCloudHesive
 
PPTX
BSM for Cloud Computing
byBMC Software
 
PDF
Fundamentals for Stronger Cloud Security2.pdf
byChinatu Uzuegbu
 
PPTX
Cloud Is Built, Now Who's Managing It?
bydoan_slideshares
 
PPT
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
byEuroCloud
 
PPT
(Dee fleming) Ccloud computing_la_press_final
byLA_IBM_Cloud_Event
 
PPTX
Can I Trust the Cloud?
byLee Technologies
 
PDF
EMC Perspective: What Customers Seek from Cloud Services Providers
byEMC
 
PPTX
Managed Cloud Services CIO Conference Oil Gas
byJeff Holden
 
PDF
Security Considerations When Using Cloud Infrastructure Services.pdf
byCiente
 
PPT
Cloud Computing Realities - Getting past the hype and setting your cloud stra...
byCompuware APM
 
PDF
Cloud Clinique Enterprise IT Certification Program - Module Matrix
byAdrian Hall
 
PPTX
2014 2nd me cloud conference trust in the cloud v01
bypromediakw
 
PPTX
Moving Enterprise Applications to the Cloud
byVISI
 
PDF
ISACA Cloud Computing Risks
byMarc Vael
 
PPTX
Your path to the cloud local event presentation
byawrightKMBS
 
PDF
Securing The Clouds with The Standard Best Practices-1.pdf
byChinatu Uzuegbu
 
PDF
Harvey Nash USA Webinar: Cloud Computing
byHarveyNashUSA
 
Cloud Computing dominated by AI in modern world
byDhruvPatel79152
 
Cloud Services: Powering Enterprise Innovation and Agility in 2025
bybasilmph
 
CloudHesive x Datadog Multi Generational Observability
byCloudHesive
 
BSM for Cloud Computing
byBMC Software
 
Fundamentals for Stronger Cloud Security2.pdf
byChinatu Uzuegbu
 
Cloud Is Built, Now Who's Managing It?
bydoan_slideshares
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
byEuroCloud
 
(Dee fleming) Ccloud computing_la_press_final
byLA_IBM_Cloud_Event
 
Can I Trust the Cloud?
byLee Technologies
 
EMC Perspective: What Customers Seek from Cloud Services Providers
byEMC
 
Managed Cloud Services CIO Conference Oil Gas
byJeff Holden
 
Security Considerations When Using Cloud Infrastructure Services.pdf
byCiente
 
Cloud Computing Realities - Getting past the hype and setting your cloud stra...
byCompuware APM
 
Cloud Clinique Enterprise IT Certification Program - Module Matrix
byAdrian Hall
 
2014 2nd me cloud conference trust in the cloud v01
bypromediakw
 
Moving Enterprise Applications to the Cloud
byVISI
 
ISACA Cloud Computing Risks
byMarc Vael
 
Your path to the cloud local event presentation
byawrightKMBS
 
Securing The Clouds with The Standard Best Practices-1.pdf
byChinatu Uzuegbu
 
Harvey Nash USA Webinar: Cloud Computing
byHarveyNashUSA
 

More from BMC Software

PDF
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2®
byBMC Software
 
PPTX
Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your App
byBMC Software
 
PPTX
How to Manage MLC Costs to Optimize the Mainframe
byBMC Software
 
PDF
Flip the Switch On Continuous Delivery
byBMC Software
 
PDF
Peer Into the Bright Future on the Service Desk Horizon
byBMC Software
 
PDF
BMC Software Remedyforce Case Study
byBMC Software
 
PPTX
Remedyforce Localization and Translation
byBMC Software
 
PDF
Next Generation Technology Utility Benchmarks
byBMC Software
 
PPTX
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
byBMC Software
 
PDF
Remedyforce helps General Dynamics meet ever-changing user needs
byBMC Software
 
PPTX
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...
byBMC Software
 
PPTX
How Will Your Cloud Strategy Impact Your Cyber Strategy?
byBMC Software
 
PPTX
Salesforce Lightning Process Builder IS the next-generation workflow tool
byBMC Software
 
PDF
The Accelerator's Guide to Digital Transformation
byBMC Software
 
PPTX
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
byBMC Software
 
PDF
Mission: Launch a Digital Workplace
byBMC Software
 
PDF
The Power of Monitoring Studio in TrueSight
byBMC Software
 
PDF
Curating Your Digital Workplace: Key Steps for IT
byBMC Software
 
PDF
Delivering the Digital Workplace Without the Chaos
byBMC Software
 
PDF
What Do Executives Need to Do to Go Digital?
byBMC Software
 
MasterCard Optimizes Big Data Management with BMC High Speed Utilities for DB2®
byBMC Software
 
Salesforce and Remedyforce ISV Tech Talk: Pushing New Versions of your App
byBMC Software
 
How to Manage MLC Costs to Optimize the Mainframe
byBMC Software
 
Flip the Switch On Continuous Delivery
byBMC Software
 
Peer Into the Bright Future on the Service Desk Horizon
byBMC Software
 
BMC Software Remedyforce Case Study
byBMC Software
 
Remedyforce Localization and Translation
byBMC Software
 
Next Generation Technology Utility Benchmarks
byBMC Software
 
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
byBMC Software
 
Remedyforce helps General Dynamics meet ever-changing user needs
byBMC Software
 
Data Segregation for Remedyforce SaaS Help Desk and High-Speed Digital Servic...
byBMC Software
 
How Will Your Cloud Strategy Impact Your Cyber Strategy?
byBMC Software
 
Salesforce Lightning Process Builder IS the next-generation workflow tool
byBMC Software
 
The Accelerator's Guide to Digital Transformation
byBMC Software
 
Data Migration for Remedyforce SaaS Help Desk and High-Speed Digital Service ...
byBMC Software
 
Mission: Launch a Digital Workplace
byBMC Software
 
The Power of Monitoring Studio in TrueSight
byBMC Software
 
Curating Your Digital Workplace: Key Steps for IT
byBMC Software
 
Delivering the Digital Workplace Without the Chaos
byBMC Software
 
What Do Executives Need to Do to Go Digital?
byBMC Software
 

Recently uploaded

PDF
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
PDF
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PDF
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
PDF
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
PPTX
Your First Deep Learning project With CNN (workshop).pptx
byMuhammad Fahad Bashir
 
PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PPTX
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
PDF
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
PDF
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
PDF
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
MathML Core in WebKit
byIgalia
 
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
Your First Deep Learning project With CNN (workshop).pptx
byMuhammad Fahad Bashir
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Getting Started with MSP360 Backup for M365/Google
byMSP360
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Create, View and Edit Text Files - RHCSA (RH124).pdf
byLinuxCert Guru
 

Building and Operating Clouds

  • 1.
    Building and OperatingClouds:What to Do Once You Hit The On SwitchRoy Ritthaler, Sr. Director Product Marketing, BMCRich Plane, Director, Solution Development and Delivery, Harris Corp.
  • 2.
    ObjectivesYou should leavetoday’s session knowing….Building and operating cloud environments is a known scienceThere are commercially viable software and solution provider opportunities in the market today for cloudLeveraging out-of-the-box software, it’s now possible to achieve an enterprise-level, fully operational cloud
  • 3.
    AgendaCloud Operations –Delivering Highly Available CloudsRoy Ritthaler, Sr. Director, Product MarketingTrust in the Cloud – From Definition to DeliveryRich Plane, Director, Solution Development and Delivery, Harris CorporationQuestion & Answers
  • 4.
    Cloud availability isbusiness criticalSo far, cloud projects have focused on automated provisioning…but availability and cloud operations are usually an after thought
  • 5.
    Clouds are difficultto manage …With new cloud complexity:Incredible, global scale
  • 6.
  • 7.
  • 8.
  • 9.
    End-user expectationsTraditional challengesremain:Complex IT infrastructures
  • 10.
  • 11.
  • 12.
    Security considerationsThe result,a loss of business reputationFrustrated CustomersLong Recovery TimesCost and Efficiency Overruns
  • 13.
    Cloud Operations usecasesEnforce service levels for services delivered through cloudImprove service quality with hybrid cloudIdentify issues with cloud infrastructure to avoid outagesEnsure quality of transient cloud servicesOptimally balance workload distribution in the cloudEnsure service availability of unpredictable workloads
  • 14.
    Operations is askingfor three key capabilitiesMeet the user’s ongoing expectations for service qualityService Level EnforcementProactive Service Performance ManagementEnsure the performance of services and infrastructureContinuous Resource OptimizationRight-size capacity of individual services and the entire cloudCloud Operations SolutionIncorporate all three capabilities into a unified, modular solution
  • 15.
    Meet the user’songoing expectations for service qualityBMC End User Experience ManagementCloud OperationsService Level EnforcementProactive Service Performance ManagementContinuous Resource Optimization
  • 16.
    Ensuring Infrastructure PerformanceBMCProactiveNet Performance ManagementCloud OperationsService Level EnforcementProactive Service Performance ManagementContinuous Resource OptimizationPredictive analytics and prioritization based on business impactExtend service views into cloud, virtual and physical infrastructureSingle platform to monitor private and public (Harris, AWS, Azure) clouds
  • 17.
    Right-size capacity ofcloud services and the entire cloudBMC Capacity OptimizationCloud OperationsCloud Infrastructure PlanningIntelligent PlacementService Level EnforcementProactive Service Performance ManagementAssess overall health and performance of your cloud environmentCross-cloud visibility of resource capacity utilization and efficiencyProvide intelligent placement advisory to Cloud Lifecycle ManagementOptimally allocate workload according to performance and policy constraintsContinuous Resource Optimization
  • 18.
    Cloud Operations –The Critical CapabilitiesEnd User Behavior MonitoringReal-time business and end user impact analysisPredictive Service ImpactProactive identification of service performance problemsBusiness-Aware Capacity PlanningContinuously alignment of Cloud capacity with business demandOpen, Heterogeneous DesignPrevention of vendor lock-in and protection of long term business valueIntegrated Operating ModelIntegration with existing IT processes to maintain cloud services
  • 19.
    Harris builds atrusted cloud using BMC SoftwareHarris Corp.More than 16,000 employees including nearly 7,000 engineers and scientists
  • 20.
  • 21.
    Industry leader inmission critical networked systemsCloud GoalsDelivering secure services in the cloud to their customersKey Use CasesRapidly provision new services for customers
  • 22.
  • 23.
    Automated event identification& remediationImplementation HighlightsGreenfield implementation, building a new business from the ground upTrust in the Cloud – From Definition to DeliveryTrust – The Industry PerspectiveHarris Perspectives on TrustImplementing TrustYou Can Trust the Cloud!
  • 24.
    About the TechAmericaCLOUD2 CommissionFormed to provide recommendations to Obama Administration Government deployment of cloud technologies
  • 25.
    Public policies thatwill help drive US innovation in the cloudParticipation from 71 experts across industry and academiaCommissioned in April 2011 and final recommendations presented July 26, 2011DeliverablesFinal Report of recommendations
  • 26.
    Cloud Buyer’s GuideSummaryof CLOUD2 RecommendationsTrustTransparencyEnsuring the combination of factors that allows consumers of cloud services to be confident that the services are meeting their computing needsRequire vendors to share relevant information about their capabilities, offerings and service levelsTransnational Data FlowsTransformationRecommendations in policy, infrastructure, and training to help facilitate broader adoption of the cloudNeed for collaboration & standardization of data access across national bordersCommittee activities were structured around the four T’s
  • 27.
    CLOUD2 Recommendations onTrustEnsuring that the cloud is meeting consumer’s needs for security, privacy, availabilityFactors Contributing to TrustTransparency of practices
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
    Accelerate the developmentof an identity management ecosystem
  • 36.
    Enact and improvelegislation related to data breaches
  • 37.
    Develop a jointresearch agenda for cloud technologyContentsTrust – The Industry PerspectiveHarris Perspectives on TrustImplementing TrustYou Can Trust the Cloud!
  • 38.
  • 39.
    Barriers to theCloud are RealTrustCost & Control
  • 40.
    Defining Cyber TrustAssumedTrust:Perimeter-Centric, Heuristic and/or Blacklist-based, used for both Data in Motion and Data at RestExplicit Trust:Infrastructure and Information-Centric with a focus on specific positive image and software reference measurement and attestationIntrinsic Trust:Building explicit, positive and immutable trust methods into the hardware and software systems, for example Root of Trust for Measurement (RTM) and Trusted Platform Modules (TPM’s), along with supply chain-anchored hardware and software provenance and attestation
  • 41.
    ContentsTrust – TheIndustry PerspectiveHarris Perspectives on TrustImplementing TrustYou Can Trust the Cloud!
  • 42.
    Trusted Reference Technology>2.8B code component signatures as deployed directly from the sourceFirmware and software on all active network (switches, routers, firewalls) and computing components continuously monitoredBeyond Security – Explicit TrustControl over your ITCompliance posture delivered on demandSoftware supply chain integrityApplication Data and Signature Database+2000 other vendorsGlobal Trust Repository(GTR)Enterprise Trust ServerReferenceConfigurationsCompliance AssessmentReportingCompliance ReportsInventory ReportsChange ReportsNotificationsIT InfrastructureEcommerce Service
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
    Directory ServersTrust andSupply ChainDo I know that the software elements that I am loading and running on my platform ARE what they say they are?What proof do I have that the code I am using was actually built by the named vendor?Is an increasing concern for software & hardware vendors and users in all sectorsProof that the code was actually built by the named supplier is a crucial element of software and device validation or attestation
  • 49.
    Delivering Cyber AssuranceThrough Continuous Monitoring and Control
  • 50.
    ContentsTrust – TheIndustry PerspectiveHarris Perspectives on TrustImplementing TrustYou Can Trust the Cloud!
  • 51.
    The Trusted EnterpriseCloudWorld-class and purpose-built infrastructure – the Cyber Integration Center and Harris’ network of cyber facilities and operations centersBest-of-breed systems and processes – focused on virtualization, automation, a unique end-to-end service model, and customized control through the client portalTrust Enablement Technology – continuous monitoring and assessment of the device and software supply chain using our Global Trust Repository of industry standard reference images and external vulnerability feedsApplication Data and Signature Database+2000 other vendorsGlobal Trust Repository(GTR)Enterprise Trust ServerCompliance AssessmentReferenceConfigurationsReportingCompliance ReportsInventory ReportsChange ReportsNotificationsIT InfrastructureEcommerce Service
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
    Directory ServersThe industry’sfirst enterprise-grade, high-assurance cloud computing solution
  • 58.
    Trust In TheCloudThe industry’s first enterprise-grade, high-assurance cloud computing solutionWorld class partners providing best of breed technologyCyber integration expertise to cost effectively meet the unique needs of your businessTrust enablement technology that goes beyond security to unprecedented visibility and control of your infrastructurewww.cyber.harris.com
  • 59.
    Q & A To ask a question, Follow Operator InstructionsOr use the webex chat window
  • 61.
  • 62.
    Delivering Explicit Trust:Positive Assurance MethodsWhen the system needs to prove its integrity, it sends the collected measurements in a process called attestation.Before each subsequent level of the stack is loaded, it is measured by the preceding level and the result is stored in trusted hardware. Trust is established at the hardware level via Trusted Computing Group (TCG) defined standard methodologies (TPM, Integrity Management Model)
  • 63.
    Proving Trust: Active& Continuous Transparency
  • 64.
  • 65.
    BMC Cloud LifecycleManagementDelivers the foundation of Cloud OperationsDeliver business services with end-to-end cloud managementAutomatically installs, deploys and configures monitoringGuided monitoring configuration in CLM PlannerIntelligent policy-based placement and ongoing operations with the industry’s first Service GovernorSupport for heterogeneityIntegrated with key operational processes, performance and capacity management
  • 66.
    Organizations are wakingup to the problemThey are asking for three Cloud Management capabilities ….Service Level EnforcementMeet the user’s ongoing expectations for service quality End-user experience is managed according to business priorities, user identity, workload, location and impactProactive Service Performance ManagementEnsure the performance of services and infrastructureDynamically monitor the cloud by analyzing known behaviors against established KPI’s to anticipate and automate management actionContinuous Resource OptimizationRight-size capacity of individual services and the entire cloudOptimize the cloud infrastructure capacity for maximum business impact and utilizationCloud Operations SolutionIncorporate all three capabilities into a unified, modular solution
  • 67.
    Service Level EnforcementEnd to end visibility for cloud and enterprise servicesCloud OperationsService Level EnforcementFrom the data-center perspectiveDB TierCDNService Level EnforcementApp TierEnd to EndWeb TierBMC End User Experience MgmtDeep DiagnosticsProactive Service Performance ManagementFrom the end-user perspectiveContinuous Resource Optimization
  • 68.
    Service Level EnforcementTurnVisibility into ActionCloud OperationsService Level EnforcementProactive Service Performance ManagementContinuous Resource OptimizationManage horizontally – by site, by location, by customer, by delivery networkManage vertically – by application, business priority, audience, high value user, web page
  • 69.
    Proactive Service PerformanceManagementExtend monitoring to public cloud resources Single platform to monitor hybrid (public and private) IT servicesPublic Cloud monitoring OOTB – Amazon Web Services and Microsoft Azure Remote public cloud deployment of agentsCloud OperationsEnterprise Data Center BMC ProactiveNet Performance ManagementReal-Time Predictive AnalyticsService Level EnforcementPredictive Service ImpactPredictive Root CausePredictive CorrelationBehavior LearningProactive Service Performance ManagementPublic Cloud KMCloud Public APIBPPM AgentBPPM AgentSecure ConnectionContinuous Resource OptimizationPublic Cloud ResourcesIn-house Resources
  • 70.
    SLAsRisk ToleranceBusiness VolumeBudgetsTIMEContinuousResource OptimizationMaintaining the Right InfrastructureOptimize Physical Server UtilizationOptimize Virtual Machine DensitySupport multi-platform, multi-vendor physical, virtual cloud resourcesCloud OperationsService Level EnforcementIT INFRASTRUCTUREProactive Service Performance Managementvs.Continuous Resource Optimization
  • 71.
    Current ChallengesAvailability Reactivemanagement processes struggling in an elastic environmentService PerformanceUnmet service expectationsRiskHigh decision latency caused by information silosOperational EfficiencyService delivered by underutilized infrastructure and over burdened human resources
  • 72.
    Meet the user’songoing expectations for service qualityBMC End User Experience ManagementCloud OperationsService Level EnforcementProactive Service Performance ManagementContinuous Resource Optimization
  • 73.
    Ensuring Infrastructure PerformanceBMCProactiveNet Performance ManagementCloud OperationsService Level EnforcementProactive Service Performance ManagementContinuous Resource OptimizationPredictive analytics and prioritization based on business impactExtend service views into cloud, virtual and physical infrastructureSingle platform to monitor private and public (AmazonWS, Azure) clouds
  • 74.
    Right-size capacity ofcloud services and the entire cloudBMC Capacity OptimizationCloud OperationsCloud Infrastructure PlanningIntelligent PlacementService Level EnforcementProactive Service Performance ManagementAssess overall health and performance of your cloud environmentCross-cloud visibility of resource capacity utilization and efficiencySupport for VMWare and Citrix XenServer environmentsProvide intelligent placement advisory to CLMOptimally allocate workload according to performance and policy constraintsIncrease the efficiency and utilization level of the entire cloud infrastructureContinuous Resource Optimization

Editor's Notes

  • #4 Rich PlaneArchitected and built the Harris Trusted Enterprise Cloud and the Harris Cyber Integration Center30-year history as a developer and enterprise consumer of information technologyC-level IT executive and thought leader in cloud computing and enterprise ITReference advisor for BMC, VCE, EMC, Cisco, and HP
  • #5 We know that availability is important to IT, but how important is service availability in the cloud? If we look at recent history, the evidence is clear – availability matters in the cloud. There is no magic to the cloud, and it’s not a given that you can simply turn your cloud on and expect it to work flawlessly. Hardware fails. Networks fail. Even software fails! The cloud must be managed just like anything else in IT. There have recently been several high profile outages of public clouds recently. In some cases, there was no recourse for companies that relied on it to run their business. This represented a huge risk to these businesses, which went unmanaged until it caused damage. There are numerous other examples of cloud services experiencing severe challenges with availability. How can businesses trust their critical workloads to cloud environments? Sticking your head in the sand is not an option as the increased agility and cost benefits that cloud the cloud provides are increasingly leveraged as a competitive advantage.
  • #7 How can I quickly identify issues with my cloud infrastructure to avoid outages?Before – “Silo’d cloud resource monitoring”After - Holistic Cloud Resource Monitoring & AnalyticsWhy BMC (differentiators)Single platform of analytics, events management, service impact management Tightly integrated with BSM Sophisticated analytics engine. Heterogeneous environmentHow do I enforce end-user service levels for services delivered through cloud platforms?Before – “No view of end-user experience”After – End User Service Level AssuranceWhy BMC (differentiators) Single platform to automate operation processes and help make holistic decisionsSelf-learning Analysis and Predictive Root CauseIntegration with BSMHow do I manage service availability of unpredictable real-time workloads in the cloud?Before – “Lack of visibility into cloud capacity”After – Cloud Capacity OptimizationWhy BMC (differentiators)Automated – optimal placement of cloud workloadsHolistic capacity mgmt. (server, storage, network, etc)Automated, exception-based analysis & reportingBusiness-aware capacity mgmt.BSM integrationHow can I improve service quality leveraging hybrid cloud?Before – “Unable to track app. Performance & capacity in hybrid cloud”After – Elastic cloud application service level assuranceWhy BMC (differentiators)Comprehensive coverage from end user experience to cloud resources from private, public, and hybrid cloudMap, monitor & dynamically track elastic cloud resourcesSingle platform of analytics, events management, service impact management in hybrid cloudBusiness-aware capacity optimizationHow do I ensure quality of cloud services when they are transient in nature?Before – “Unable to track movement of cloud resources and services“After – Dynamic Cloud ServicesReal-Time Predictive Service ImpactContinuous deep-dive diagnosticsUnified BSM architecture integrates operations, automation , ITSM and financial processes
  • #9 With real-time global dashboards, you can quickly assess user impact -- you can determine where users are coming from when they access your application, and where any problems are occurring right now
  • #12 Self Explanatory
  • #16 Presenter’s note: The remainder of this discussion will focus in more detail on the CLOUD2 recommendations on trustThe commission’s work focused on the four “T’s”Transnational data flowsNeed for collaboration & standardization of data access across national bordersTransparencyRequire vendors to share relevant information about their capabilities, offerings and service levelsTransformationRecommendations in policy, infrastructure, and training to help facilitate broader adoption of the cloudTrustEnsuring the combination of factors that allows consumers of cloud services to be confident that the services are meeting their computing needsThe remainder of this discussion will focus in more detail on the CLOUD2 recommendations on trustCommission also generated a buyer’s guide:Buyer’s GuideAdvises the government on how to be smart adopters of cloud services
  • #17 Security and assurance framework – specifically mentioned collaboration with NIST to develop best practices and standards and endorsed the work being done on SCAP and FedRAMP
  • #23 Our patented trusted reference technology is comprised of two major components:The Enterprise Trust Server sits inside your infrastructure to provide detailed auditing and configuration information on demand. It can provide reports on the IT inventory, report changes in software load or configuration and assess compliance against a number of different compliance templates. It compares its measurements against known good reference configurations.The enterprise trust server communicates with the second component, the global trust repository. The global trust repository is database of cryptographically derived signatures of over 2.8B unique code components. Because of the partner relationships we have in place, most of these signatures are derived directly from the sources and we have the largest database of known provenance software signatures available.These two components work together to provide complete and high fidelity visibility and control of your platform. You know what is running on your systems, where it came from, how it’s configured and if it’s been modified since it was deployed.This provides an extra layer of protection beyond traditional security tools, but also goes beyond security to provide you with explicit evidence and trust that your platforms are configured to your expectations.Protection against zero day attacks and advanced persistent threats.Some additional stats on the GTR & ETS:The Global Trust Repository is the largest collection of reference images provided directly from the vendor and continuously updated. The GTR is a cloud service providing known-provenance whitelist measurements of commercially available and open source software. The measurements are obtained via direct partnerships with many software vendors covering a broad range of operating systems, device drivers, third-party applications, and many other types of data representing the desired state of systems comprising IT business services. The GTR statistics as of June 2011:Current Product Count ~760,000Number of Vendors over 2,000+Microsoft Windows Platform Count ~100,000 packagesUnique Signature Count over 2.8 billion +Growing at ~5 million Signatures / DayThe Enterprise Trust Server (ETS) continuously monitors all active computing devices (network devices, servers, etc.) in the IT infrastructure, comparing the signatures for all the software and firmware installed in the devices to their reference configuration to the applicable signatures in the GTR and performs change detection to provide alerts of any unauthorized, unintended, or malicious, changes to the environment.
  • #27 1. World Class Purpose Built InfrasturctureInfrastructure built specifically for the cloudUptime Institute Tier III reliabilityTwo physically diverse telecom pathways Two water sources used for coolingDual power sources from two separate substationsPhysical Security100’ perimeter security fence with intrusion detectionInterior and exterior motion-activated video monitoringBiometric access scanners and man-trap portal4/7/365 on-site security guardsGREEN IT:LEED Certified Silver for designA total of 39,000 registered as LEED facilities, various certifications / worldwide (LEED public directory list)13,500 of these are registered at or over 100,000 square feet / world wideTotal 2,300 certified at LEED Silver in USA / various sizesOnly 17 were certified LEED Silver thru design in USA / various sizesOnly 11 centers listed at 100k sq. ft. or larger / in USA – we are one of them.2. Green construction3. High efficiency centrifugal chillers4. Cooling water reuseMulti-zone water containment allows us to repurpose chemical-free water to use as irrigation water….which allows us to conserve water and conserve energy2. Best of Breed Systems and Processes  ITIL v3 ISO 2000024/7/365 COSC3. Trust Enablement technologyThe Global Trust Repository is the largest collection of reference images provided directly from the vendor and continuously updated. The GTR is a cloud service providing known-provenance whitelist measurements of commercially available and open source software. The measurements are obtained via direct partnerships with many software vendors covering a broad range of operating systems, device drivers, third-party applications, and many other types of data representing the desired state of systems comprising IT business services. The GTR statistics as of June 2011:Current Product Count ~760,000Number of Vendors over 2,000+Microsoft Windows Platform Count ~100,000 packagesUnique Signature Count over 2.8 billion +Growing at ~5 million Signatures / DayThe Enterprise Trust Server (ETS) continuously monitors all active computing devices (network devices, servers, etc.) in the IT infrastructure, comparing the signatures for all the software and firmware installed in the devices to their reference configuration to the applicable signatures in the GTR and performs change detection to provide alerts of any unauthorized, unintended, or malicious, changes to the environment.“We’re not building a better network ‘mousetrap’. We’re creating a new cyber delivery model for business and government enterprises.”…..…..The industry’s first enterprise-grade, high-assurance cloud computing solution
  • #30 This slide is designed to be an opening or closing slide. This will allow the presenter to have a presentation cued up in slideshow mode without being on the title slide. The audience can take their seats, leave, or have open discussion with this slide up.
  • #35 BMC CLM provides the foundation for cloud operations. CLM ensures that services run on the cloud can be managed and monitored against service level agreements.Key Cloud Ops features:1. Automatically install, deploy, and configure monitoring as part of CLM installation2. Guided monitoring configuration in CLM Planner3. Intelligent policy-based placement and ongoing operations with the industry’s first Service Governor4. Support for heterogeneity, from physical to virtual, multi-hypervisor, public cloud integrations and more5. Easy-to-use cloud administration and user self-service portal6. Ongoing operations with integrated ITIL operational processes, performance and capacity management Lets take a closer look at CLM. (try to tie these features to what the customer cares about)Industry-first Service Governor – for policy-based placement and ongoing managementIndustry-first multi-tier configurable Service Blueprints – for design and provisioning of cloud services, from functional model to configurable options to deployment modelsEntirely new architecture – creating the foundation for multi-datacenter and cloud-scaling applicationsEnhanced cloud administration – for both cloud service design and resource on-boarding and managementEnhanced My Services portal for request and management of cloud servicesIntegrated performance monitoring of resources and cloud servicesExpanded multi-platform support – Citrix XenServer, NetApp storage, Amazon EC2, and OVF importTighter integration with BSM portfolio – CMDB, SRM and ITSMSouthbound and northbound APIs for integrations with portals and additional resource sourcesAnd… NEW Capacity Management integrations!If the customer has existing BMC technologies, this would be a good time to highlight the role of those solutions in this cloud environment.If not, this is a time to emphasize that this is an integrated, end to end solution
  • #38 To ensure service levels are met, Operations must ensure the availability and performance of mission critical applications running in increasingly complex, hybrid data centers – to include enterprise, SaaS, and cloud applications. Where there is continuous change due to virtualization and cloud technologies, as well as business directives to rapidly deploy new features or applications, it’s critical to proactively monitor and assess the end user experience for critical user scenarios, and to assess the impact application and infrastructure changes may have on end user performance. You need the ability to actively monitor the end-user experience to establish a normal baseline of performance over time, so that you can quickly determine when changes adversely impact performance. BMC End User Experience Mgmt (EUEM) provides both real and synthetic end user monitoring. Real User Experience – The solution monitors real user performance and behavior in real-time, providing insight into how, from where, and when users access the application so that you can be aware of and effectively manage fluctuating user demands. Synthetic – The solution deploys a software ‘robot’, physically located at or near a service consumer population center or end-user site, which periodically runs simple interactive scripts (i.e., "synthetic transactions") against the application interface and records simple statistics, such as availability, response time, and accuracy. These transactions establish a performance baseline for critical transaction flows so that you can evaluate performance over time and quickly assess the impact of application changes on the performance of those key transactions.Thomson Reuters - Quickly interrogated TrueSight’s stored transaction data and drilled down to identify the root cause, well ahead of calls coming to the help deskFull set of widgetsReal-time gauges, A/B bar graphs, etcManage on aggregate, by location, by delivery network, by audience or by user. User-defined dashboardsFocus vertical (application) or horizontal (load)Import web contentSecure export to external portals
  • #39 In the world of hybrid clouds, it’s not enough to simply manage performance within the datacenter. It’s critical to understand and manage the end-user’s experience with services that are provisioned to the public cloud. BMC ProactiveNet Performance Management can run in the data center, in a private cloud, or in the public cloud and provides a single pane of glass to manage the performance of business services coming from outside-in or inside-out.
  • #41 Self-explanatorySpend some time highlighting the challenges in your customer’s IT environment – or in other customers you’ve seen. This is a chance to make this a personal discussion and open up any issues they might be experiencing
  • #42 With real-time global dashboards, you can quickly assess user impact -- you can determine where users are coming from when they access your application, and where any problems are occurring right now