Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Smarter DefenceCloud Computing för Försvarsområdet
Stefan Söderlund
Sesam 21 Nov 2012
© 2012 IBM Corporation
IBM Kund-arkitekt Försvarsmakten
Nov 21 2012
Agenda
Cloud computing för försvarsmakten– vad är cloud
– drivkrafter
– cloud referensarkitektur
– olika tillämpningsområden
© 2012 IBM CorporationCloud computing för försvarsområdet2 Sesam 2012 21 Nov
© 2012 IBM CorporationCloud computing för försvarsområdet3 Sesam 2012 21 Nov
VAD ÄR CLOUD
Cloud computing has four essential characteristics:
Elasticity and the ability to scale up and down,
Self-service provisioning and automatic de-provisioning
Application programming interfaces (APIs),
Billing and metering of service usage in a pay-as-you-go model
© 2012 IBM CorporationCloud computing för försvarsområdet4 Sesam 2012 21 Nov
Billing and metering of service usage in a pay-as-you-go model
Picture: dummies.com
Cloud service model definitionsTermTerm DefinitionDefinition SourceSource
The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created NIST1
SaaS
The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
NIST1
Business process services are any business process (horizontal or vertical) delivered through the Cloud service model (Multi-tenant, self-service provisioning, elastic scaling and usage metering or pricing) via the Internet with access via Web-centric interfaces and exploiting Web-oriented cloud architecture. The BPaaS provider is responsible for the related business function(s).
BPaaSIBM2
© 2012 IBM CorporationCloud computing för försvarsområdet5 Sesam 2012 21 Nov
1. National Institute of Standards and Technologies; Draft NIST Working Definition of Cloud Computing, May 14, 2009 2. IBM MI and IPR definition bridge between Gartner and IDC, Aug 19, 2010
IaaS
The capability provided to the consumer is to rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).
NIST1
PaaS
The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.
NIST1
Note: Across all cloud service models the definition is determined by the management scope covered by the provider.For example, in IaaS “the consumer does not manage or control the underlying cloud infrastructure […]”, in PaaS “the consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage […]”, etc.. So this essentially about the tasks the operations staff of the provider takes on, it is not about the virtualization technology being used. For example, it’s possible to use hypervisor-level virtualization to realize PaaS, SaaS or BPaaS.
Movement from traditional environments to Cloud –one step or an evolution
A client call-to-action to prepare for cloud CLOUD
Dynamic provisioning for workloads
SHARED RESOURCESCommon workload profiles
© 2012 IBM CorporationCloud computing för försvarsområdet6 Sesam 2012 21 Nov
CONSOLIDATEPhysical Infrastructure
VIRTUALIZEIncrease Utilization
STANDARDIZEOperational Efficiency
AUTOMATEFlexible delivery & Self Service
Traditional IT
Cloud services may be deployed across a spectrum of possibilities.
Private PublicIT capabilities are provided “as a service,” over an intranet, within the enterprise, and behind the firewall
IT activities / functions are provided “as a service,”
over the Internet
Third-partyoperated
Third-party hosted and operated
Enterprise data center
Enterprise data center
Private cloud Hosted private cloud
Managed private cloud
Enterprise
Shared cloud services
A
Enterprise
B
Public cloud services
A
Users
B
Traditional
Enterprise data center
© 2012 IBM CorporationCloud computing för försvarsområdet7 Sesam 2012 21 Nov
operated and operated
Ownership /Location
OperatorEnterprise
Enterprise
Time & materials, fixed price, etc.
Internal enterprise network
Single enterprise
Dedicated (single tenant)
Provider
Provider
Time & materials, fixed price, variable/mixed
Single enterprise or hybrid
Public internet
Any enterprise/ user
Multi-tenantAsset use
Access
Consumer
Pricing modelPay-as-you-go
Access through public internet or VPN
Multiple enterprises
Mixed
Components/Services/Solutions
Platform as a Service TechnologiesPlatform as a Service Technologies
Smarter Cities
Social Business
Smarter Commerce
Business Analytics and Optimization
Business Process as a ServiceSoftware as a Service
BPaaSSaaS
SaaS
BPaaSCloud
Strategy
© 2012 IBM CorporationCloud computing för försvarsområdet8 Sesam 2012 21 Nov
Cloud Components
Cloud
Services/ Solutions
“Consume over Internet”“Design and Build Private
Clouds or Service Provider Clouds”
Platform as a Service Technologies
Infrastructure as a Service Technologies
InfrastructurePlatform
Usage and Accounting
Availability and Performance
Managementand Administration
Security and Compliance
Application Lifecycle
Application Resources
Application Environments
Application Management
Integration
Platform as a Service Technologies
Infrastructure as a Service Technologies
InfrastructurePlatform
Usage and Accounting
Availability and Performance
Managementand Administration
Security and Compliance
Application Lifecycle
Application Resources
Application Environments
Application Management
Integration
Consulting &Implementation
Services
IaaS
PaaS
“Design my cloud”
IaaS
PaaS
Nation A
Nation B
What is key to the FMN ?
Note the position of NATOin a federation of networks:just as any other nation
© 2012 IBM CorporationCloud computing för försvarsområdet9 Sesam 2012 21 Nov
Nation n…
NATO SECRETMission Domain
National extensions must correspond to NATO- security and -policies to protect the network
NATO
© 2012 IBM CorporationCloud computing för försvarsområdet10 Sesam 2012 21 Nov
DRIVKRAFTER
Infrastructure Teams
Line of BusinessTeams
How can I accelerate my
application release cycle
How can I improve my resource utilization
What are Defence and Industry asking for?
© 2012 IBM CorporationCloud computing för försvarsområdet11 Sesam 2012 21 Nov
Development & Operations Teams
release cycle and optimize its
deployment ?
utilization and reduce cost ?
How can I improve the performance of my infrastructure, gain insight into my operations and deliver service assurance ?
How can I ensure continued business operations, deliver
resiliency and security ?
11
How can I scale my infrastructure to support
scaled, accelerated deployment while reducing
operational costs ?
Defense benefits from cloud computing are real…
Mission System provisioning Weeks Minutes
Event-based Scalability Fixed Elastic
Workload Runtime Location Static Movable
Increasing Mission
Agility
On-demand, event-based access to mission services that can autonomically react to changing events
© 2012 IBM CorporationCloud computing för försvarsområdet12 Sesam 2012 21 Nov
Service access Administered Self-service
Standardization Complex Reuse/share
Metering/billing Fixed cost Variable cost
Server/storage utilization 10–20% 70–90%
Return of Investment Years Months
Reducing costs
IT cost reduction to free up budget for greater mission capability investment
•Ease restructuring and reform of agencies and command structure by applying cloud computingtechnologies to make existing systems and resources available as services across agencies.
•Reduce operational costs by utilizing Storage Solutions and Storage as a Service.
•Integrate multiple test environments that exist within the NATO structure - such as: CombinedFederated Battle Lab Network (CBLnet), Distributed Network Battle Labs, PMIC test environment,NATO Centers of Excellence, Active Layered Theatre Ballistic Missile Defence test environments; etc.to:
●Reduce operational and support costs.●Reduce capital costs.●Exploit specific expertise that might otherwise be unavailable to all.
Nato Operations drivers
© 2012 IBM CorporationCloud computing för försvarsområdet13 Sesam 2012 21 Nov
●Exploit specific expertise that might otherwise be unavailable to all.
•Enable the new NATO HQ data centre to:●Maximise capital utilisation, thus reducing license costs.●Enable more rapid CIS deployment.●Improve quality through increased standardization.●Reduce IT labour costs (operations, management, maintenance and monitoring).
•Host information services to enable the rapid integration of coalition partners.
•Fully reuse and exploit existing NATO investments in hardware and storage.
•Deploy additional resources quickly to boost existing services in the cloud, enabling rapid tacticalsupport to be provided to operations in the field.
Källa: NIAG Sub-Group 153(SG153)
Cloud Computing is a new way of delivering computing services, with the promise of significant economicand efficiency benefits coupled with significant new operational capabilities. It provides economies ofscale, resource optimization and flexibility for adopting organizations.
Cloud Computing creates opportunities for improving security and resilience by enabling:
Nato - Cloud Computing Initiative / business drivers
© 2012 IBM CorporationCloud computing för försvarsområdet14 Sesam 2012 21 Nov
•The protection of confidential information in a classified network by separating classified information fromunclassified and changing access mechanisms to be more secure and stringent.
•Increased redundancy and independence from failure, due to the availability of multiple access andstorage mechanisms thus increasing operational resilience.
•Localized security and threat management by identifying threats that are specific and concentrating onthose specific threats.
•Audit and evidence gathering for forensic analysis. This information is more readily available since cloudenvironments have to be monitored more rigorously to ensure availability.
© 2012 IBM CorporationCloud computing för försvarsområdet15 Sesam 2012 21 Nov
© 2012 IBM CorporationCloud computing för försvarsområdet16 Sesam 2012 21 Nov Källa :
© 2012 IBM CorporationCloud computing för försvarsområdet17 Sesam 2012 21 Nov
CLOUD REFERENS ARKITEKTUR
What is a Reference Architecture
What is a Reference Architecture?A Reference Architecture (RA) provides a blueprint of a to-be-model with a well-defined scope, requirements it satisfies, and architectural decisions it realizes. By delivering best practices in a standardized, methodical way, an RA ensures consistency and quality across development and delivery projects. It consists of a set of formal Unified Method Framework models, defining requirements, functional and operational aspects.
© 2012 IBM CorporationCloud computing för försvarsområdet18 Sesam 2012 21 Nov
What’s the purpose of the Cloud Computing Reference Architecture?It is a cross-brands effort enabling cloud economics by optimizing resource and labor utilization, and delivering the foundational cloud management infrastructure for both private and public clouds.
The CC RA guides both internal development teams and practitioners in the field in developing clouds in a single, consistent fashion.
Cloud ServiceCreator
Cloud ServiceCreator
Cloud ServiceCreator
Cloud ServiceConsumer
Cloud ServiceConsumer
Cloud ServiceConsumer
Cloud Service Provider
IBM Cloud Computing Reference Architecture (CC RA) – Overview
Common CloudManagement Platform (CCMP)
Operational
Cloud Services
Software-as-a-Service
Business-Process-as-a-Service
Business
Cloud Service
IntegrationTools
Service
Existing & 3rd party services, Partner
Ecosystems
© 2012 IBM CorporationCloud computing för försvarsområdet19 Sesam 2012 21 Nov Governance
Security, Resiliency, Performance & Consumability
Operational Support Services (OSS)
Infrastructure-as-a-Service
Platform-as-a-Service
Business Support Services
(BSS)
ConsumerIn-house IT
Service Creation
Tools
Infrastructure
IBM Cloud Computing Reference Architecture (CC RA) – Overall drill-down
Cloud ServiceCreator
Cloud Service ProviderCloud ServiceConsumer
Cloud Services
SaaS
BPaaS
Common CloudManagement Platform
Cloud Service Integration
Tools
OSS – Operational Support Services
BSS – Business Support Services
Subscription Entitlement
Customer Account
Management
Service Offering
Catalog
Service Offering
Management
Contracts & Agreement
Management
Service Request
Management
Order Management
Consumer End
user
Service Creation
Service
Component
Developer
Service
Manager
Business
Manager
Service Composer
Offering
ManagerService
Integrator
Serv
ice C
onsum
er P
orta
l & A
PI
Serv
ice D
evelo
pm
ent
Porta
l & A
PI
AP
I
AP
I
Existing & 3rd party services, Partner
Ecosystems
Service Automation Management
Service Delivery Catalog
Service Request
Management
Change & Configuration
Management
Image Lifecycle
ManagementSoftw
are
M
gm
tIn
terf
aces
BP
Mg
mt
Inte
rfaces
© 2012 IBM CorporationCloud computing för försvarsområdet20 Sesam 2012 21 Nov Governance
Security, Resiliency, Performance & Consumability
IaaS
PaaSConsumer In-
house IT
Infrastructure
Middleware
Applications
Business Processes
Subscription Management
PricingEntitlement
Management
Metering Rating Billing
Clearing & Settlement
Accounts Payable
Accounts Receivable
Transition
Manager
Deployment
Architect
Operations
Manager
Service Provider Portal & API
Consumer
Administrator
Consumer Business
Manager
Service Creation
Tools
Service Management Development
Tools
Service Runtime Development
Tools
Software Development
Tools
Image Creation Tools
Inf rastructure
Security &
Risk Manager
Customer
Care
Serv
ice M
ana
gem
en
t
Serv
ice C
onsum
er P
orta
l & A
PI
Serv
ice D
evelo
pm
ent
Porta
l & A
PI
AP
I
AP
I
ProvisioningIncident & Problem
Management
IT Service Level
Management
Monitoring & Event
Management
IT Asset & License
Management
Capacity & Performance
Management
Platform & Virtualization Management
Infr
astr
uctu
reM
gm
t In
terf
aces
Pla
tform
Mg
mt
Inte
rfaces
© 2011 IBM Corporation
IBM Cloud Computing Reference ArchitectureWork Products
Architectural Principles
Architecture Overview
Standards & Terminology
Cloud Service Creation
Use cases & Roles
Non-functional Requirements
ConsumabilityCommon Cloud Management
Platform
Component Model
Operational Model
© 2012 IBM CorporationCloud computing för försvarsområdet21 Sesam 2012 21 Nov
RequirementsPlatform
Model Model
Architectural Decisions
Management Processes
Security ResiliencyPerformance &
Scalability
Multi-tenancyProduction
Clouds
Virtualization Management across server,
storage, network
Hybrid CloudMetering,
Accounting & Rating
Cloud Computing User Roles V2
Customer Account Manager,
Business Office
may includemay include
Cloud
Service
Creator
Consumer Business
Manager
Service Component
Developer
Transition Manager
Deployment Architect
Offering Manager
Business Manager
Service Composer
Service Integrator
© 2012 IBM CorporationCloud computing för försvarsområdet22 Sesam 2012 21 Nov
Operator,
Green IT Analyst,
IT Administrator
may include
may act as
Cloud
Service
Provider
Cloud
Service
Consum
erSecurity & Risk Manager
Consumer End User
Consumer
Administrator
Operations Manager
Facilities
Manager
Tenant Administrator,
Workload Administrator,
Data Administrator,
Security Administrator
Cloud Service Consultant,
Cloud Education Specialist
Service Manager
Customer
Support & Care
IT Administrator specialties:
Storage Admin., Network Admin., OS Admin., Virtualization Admin.
© 2012 IBM CorporationCloud computing för försvarsområdet23 Sesam 2012 21 Nov
OLIKA TILLÄMPNINGSOMRÅDEN
Nato and US DoD Cloud strategy
© 2012 IBM CorporationCloud computing för försvarsområdet24 Sesam 2012 21 Nov
Study on the implication Cloud Computing Developments for NATO Operational Structures
IBM’s history with Cloud Computing in DefenseA Framework developed through real-world operational experience
� The NRO R&D Cloud – i2p, one of the first operationally deployed Cloud infrastructures with the US Intelligence community
� Provides self-service on-demand access to imagery exploitation assets
� NATO ACT announces their Mission Development Cloud, a platform for federating various NATO strategic and tactical mission experiments
© 2012 IBM CorporationCloud computing för försvarsområdet25 Sesam 2012 21 Nov
Time & Innovation
2009 2010 2011+
� Through the NCOIC, demonstrates a cloud-delivered Common Operational Picture integrating real-time track data across nine worldwide nodes
� Joint effort with the US Air Force creates an advanced cyber security and analytics system on a hardened Cloud Infrastructure capable of protecting national data
assets
Business Problem Solution Overview
� Prototyping lab for Government Agency chartered with discovery and integration of new technologies that enable interoperability and information sharing between US Government programs
� Issues with virtualized test and development environment:
- Manually developing virtual machines was labor intensive and error prone- Difficulty managing licensed software on deployed virtual machines
� Private cloud :
� built on IBM and HP blades and storage
� Linux and Windows operating systems
� VMWare-based virtual infrastructure
� Provides infrastructure services to Department of Defense users
� Tivoli Service Automation Manager enables users to request, deploy and utilize virtual machine environments
US National Reconnaissance Office R&D Lab
© 2012 IBM CorporationCloud computing för försvarsområdet26 Sesam 2012 21 Nov
2
Cloud Business Benefit
- Lack of monitoring tools for software utilization- Lack of auditing tools to verify configuration compliance- Lack of a request management system to track requests
� Reduced service delivery time from days to hours
� Increased accuracy, repeatability, traceability and compliance
� Reduced operational expense
� Resource allocation / de-allocation
� Self service
request, deploy and utilize virtual machine environments through a service catalog containing customized offerings
NATO ACT Mission Development CloudCloud-delivered Mission Experiment Platform
� Private Cloud that enables NATO ACT Mission experiments (Command and Control, Intelligence, etc.)
� Self-service, on-demand access to NATO mission assets
� Integration point for NATO Enterprise SOA Services
© 2012 IBM CorporationCloud computing för försvarsområdet27 Sesam 2012 21 Nov
� Cloud Architecture is based on Service Delivery Manager (ISDM) and fully automates NATO’s existing investments in hardware, storage and virtualization
� Initially focused on NATO ACT HQs with possible expansion to NATO organizations worldwide
� Includes technologies and Strategic Planning services for Cloud Roadmap development
Q & A
© 2012 IBM CorporationCloud computing för försvarsområdet28 Sesam 2012 21 Nov
Q & A