Pega Cloud - Best practices on “Deploying a secure, healthy, integrated cloud application”
Mark ReplogleVP, Cloud Technology Platform Pegasystems
This information is not a commitment, promise or legal obligation to deliver any material, code, or functionality and the development, release and timing of any features or functionality described for our products remains at our sole discretion. 2016. Confidential. Pegasystems, Inc.©2016 Pegasystems Inc.
Brian ZhengDirector, Cloud Product Management Pegasystems
YOU WILL LEARN
1. Cloud computing (Mark’s perspective)2. How to manage and run your Pega application in a Cloud deployment 3. Pega Development Best Practices for a Cloud deployment
3
Why is it called Cloud Computing?
6
Cloud computing metaphor: For a user, the network elements representing the provider-rendered services are invisible, as if obscured by a cloud.
Source: Wikipedia
A look at computing patternsTraditional • Unique
• Highly skilled workforce• Requires fabrication• Not repeatable• May be fragile• Very difficult to scale• Very High cost per unit
8
A look at computing patternsHosted • Customized
• Segmented workforce• May require fabrication• Some aspects are
repeatable• May be fragile• Difficult to scale • High cost per unit
9
A look at computing patterns• Cloud • Consistent
• Automated or self service• Uses only premade parts• Repeatable• Less fragile• Scalable• Low cost per unit
10
“You can choose any color you want as long as it’s black”
Henry Ford 1909
Cloud and Pega 7 application design• Everything is disposable
– Everything must be on the clipboard
– File system is transient– No agent/listener node affinity– Replace not restart
• Assume things will fail– Rely on the Pega 7 platform
• Provisioned on-demand– Auto-scaled and elastic
11
Responsibility
14
Application
Pega 7 Platform
Compute Storage
Security
Database
App Dev/Partner
App Dev/Partner & Pega Cloud
Pega CloudPega 7 Strategic Application
Network
Responsibility
17
Application
Pega 7 Platform
Compute Storage
Security
Database
App Dev/Partner
App Dev/Partner & Pega Cloud
Pega CloudPega 7 Strategic Application
Network
Predictive Diagnostic Cloud (PDC)
Assesses the overall performance of your system automatically and quantifies the improvement opportunities
Highlights the 10 most significant opportunities for improvement
Real-time, actionable, notifications delivered via the channel of choice (email & portal)
Prescriptive guidance for resolution
Secure SaaS offering – deploy, maintain, upgrade with minimal effort
INCREASE ROI OF YOUR APPLICATIONAddress issues before they impact your business
IMPROVE RESOURCE ALLOCATIONFocus on issues that make the most business impact
IMPROVE RIGHT FIRST TIME FIX RATEEasy to understand, intuitive, actionable insight
Proactively improve health of your Pega Application
STRENGTHS
BENEFITS
Responsibility
21
Application
Pega 7 Platform
Compute Storage
Security
Database
App Dev/Partner
App Dev/Partner & Pega Cloud
Pega CloudPega 7 Strategic Application
Network
YOU WILL LEARN
1. Integration Challenges2. Pega Cloud Connectivity and Best Practices3. Security Controls and Best Practices
22
Option 3: Public user access, Private integration
• Use secure internet as much as possible
• Transitional model
• Optional private connection
Consider your options before build• Decoupled Architecture
• Connectivity– Reserve private IP ranges Upfront
– Get Network and Security team involved
early
– Minimize infrastructure changes after
creating apps
• Know your Integration points
• Minimize application chattiness
35
Can everything be REST?
Does everything need to be Private?
Option 2
Option 3
Happy Developers Option 1
Responsibility
38
Application
Pega 7 Platform
Compute Storage
Security
Database
App Dev/Partner
App Dev/Partner & Pega Cloud
Pega CloudPega 7 Strategic Application
Network
Cloud Provider Responsibilities• Physical Control and Monitoring• Network and Access Control• Data Protection• Risk Management
39
Customer Responsibilities & Best Practices
40
• Start with a Security Management Program– Data classification and life cycle– User lifecycle Management– Continuous Security Awareness Training– Vulnerability remediation process
Customer Responsibilities & Best Practices
42
• Build great and secure applications• K.I.S.S. • Keeping track of all connectors and end points• Encrypt your traffic in transit• You are the owner of your content and data