www.sungardas.com
The Secure Enterprise Cloud
Indu KodukulaExecutive Vice President and Chief Technology Officer
Satish HemachandranDirector Product Management
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 2
Production + DR are 80+% of Enterprise Cloud Priorities
*IDG Research, 2010
What services are you planning to enhance with cloud computing?
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 3
The Cloud Promise:
COSTFLEXIBILITY
RISK
POSITIVEPOSITIVE
??
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 4
And Reality Bears Out There is Risk…
Jan 2011: Online image service provider mistakenly deletes 4,000 pictures from a paid user’s account
Feb 2011: Online email service provider loses mails from 150K user accounts during a weekend outage
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 5
Traditional Enterprise IT Risks
Changing Market/Business conditions might
need you to expand or contract capacity
Unplanned disaster scenarios can
significantly disrupt regular business
operations
Breach of security and policy controls
can lead to business and
regulatory issues
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 6
Security
Cloud Risks are (Mostly) Old Wine in New Bottles
Compliance Connectivity
AvailabilityManageability
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 7
Security & Compliance:
Platform & Policies
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 8
Most Regulations Share a Common Concern:Implementation and Enforcement of Policies
Tracks all access to network and cardholder data
Documentation of actions & activities with 6 yr data
retention
Organization wide security for IT systems to support
ops. and assets
Protect customer information & identify/ resolve sec. violations
Financial and accounting functions segregation of
duties
Secure Remote Access
Role-Based Access Control
Separation of Management, Control and Customer Planes
Availability and Fault Isolation
Issue Prevention, Detection, Remediation
Log Management
Security and Auditing
Business Continuity & Disaster Recovery
Data Retention/Archival
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 9
Layered Security with Common Base of Controls
Presentation Models and Platforms
Presentation Models and Platforms
Application InterfacesApplication Interfaces
ApplicationsApplications
DataData MetaDataMetaData ContentContent
Hardware InfrastructureHardware Infrastructure
Facilities InfrastructureFacilities Infrastructure
Connectivity ConnectivityAbstract LayerAbstract Layer
Integration and MiddlewareIntegration and Middleware
Logical, Physical, and Environmental Security
Host hardening, Encryption, Separation and segregation (Network, Host and Storage)Performance and security monitoring Patch and release management
Abstract layer hardening, Monitoring, Separation, Patch and release management, and policy controls
Identity Management Policy, Auditing, & Compliance
Security Detection, Response, Containment, Eradication, and Forensics
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 10
Creating a Secure Cloud Foundation for Enterprise
ComplianceMgmt.
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 11
Connectivity:
Cloud, Non-Cloud/Hybrid
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 12
Choice of Connectivity to Meet Every Business Need
Site to Site VPN
INTERNETDEDICATED
CIRCUIT
MPLS
SUNGARD ENTERPRISE CLOUD
CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTERCUSTOMERS’ CUSTOMER
Public Internet Client VPN
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 13
Hybrid Cloud Use Case
Internal Cloud
IaaS Cloud 1 Colocation
Leverage existing/legacy infrastructure e.g. mainframes
Integrate with other external virtual clouds for burst (flex) capacity
Host applications requiring physical/dedicated and virtual systems (e.g. Oracle)
Integrate with third-party hosted applications e.g. ASP, PaaS, SaaS,
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 14
Building a Hybrid Cloud
SUNGARDNETWORK
Site to Site VPN
SUNGARDDATACENTER
INTERNETDEDICATED
CIRCUIT
MPLS
SUNGARD ENTERPRISE CLOUD
Cross Connect
CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTERCUSTOMERS’ CUSTOMER
Public Internet Client VPN
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 15
Manageability:
Monitoring and Remote Hands
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 16
The Cloud Management Challenge
Customers are still the same • Complex architectures with point-to-point
connections
• Legacy platform support dependencies (Win2k, Mainframes)
• Non-(x86)cloud integrations (Mainframes, Unix)
Enterprise needs from cloud providers• A full portfolio of management services (OS,
Database, Security)
• Migration assistance and custom policies
• Integration of cloud & non-cloud
• Auditability of the platform and datacenter
• SLA’s for the platform & service
• Periodic reporting and guidance
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 17
Cloud Extends Traditional Management (but with different tools)
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 18
Request for Change
Incident
Request for InformationService ReportingPerformance ReportingAvailability ReportingConfiguration ReportingKPI and SLA Reporting
ITIL Based Support Process
Service Operation
Tier 1Tier 2Tier 3
Service Desk
Service Delivery
Request Fulfillment
Change Management
Problem Management
Configuration Management
ResolutionCustomer
Customer
Portal
Aggregation EngineCorrelationValidation
Event Management
CMDB
Front EndTicketingSystem
Verification
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 19
Intrusion Detection System – Incident Handling Process Flow
Ext
erna
l E
xper
tsS
OC
NO
C
Info
rmat
ion
Sec
urity
IT O
rgan
izat
ion
Man
agem
ent
Sys
tem
Sen
sor
Monitors and Identifies
Security Event
Receives event information,
analyzes and notifies
NOC and Information
Security Office
Event Ticket and Report
Critical Event Notice
Non-Critical and Critical
Other sensors and monitoring systems
Proactive Indicators IT
Operations
Triage Analyze Event
If no responseIs needed
Closed Ticket
Planned Technical Response
Technical Response Execution
Management Response
If Management orLegal response is needed
Provide guidance and/or assistance(Forensics, legal
console, etc.)
Closed Event
Pro
vide
add
ition
al
Info
rmat
ion
to u
sers
System Users
Enterprise Cloud: Platform + Automation + Process + People
Technical Focus
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 20
Availability:
Scalability & Recovery
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 21
Scalability
Customer workloads vary in their infrastructure demands. Typically:• Memory Utilization
• Storage I/O
• Network Throughput
Infrastructure needs to distribute/scale load • Without affecting user
sessions
• Without affecting other applications
• Maintaining application interdependencies
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 22
Cloud Apps
Virtualized Apps
Simple Apps
Complex Apps
Legacy Apps
Decreasing Availability
Always Available
Available in hours
Available in days
Mor
e C
ompl
ex
Cloud Enables Application Availability
But… autoscaling is still unattainable for many Replication technologies still offers the most cost
effective solution for the enterprise Cloud makes availability more affordable for complex
applications: database and app/web server Cloud done right can also reduce RTO
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 23
Integrated Recovery: Achieving Continuous Uptime
Customer Applications
& Data
Enterprise Cloud
Customer Data-center
VMs on Cloud-site 1
VMs on Cloud-site 2
Cloud is the production environment Backup and Restore of VMs Active-active deployment mode Site-to-site recovery across multiple
datacenters Recovery of entire application with its
dependencies (VMs and non-virtualized assets)
Cloud is your target recovery platform Web-based backup/replication of data to
cloud based on industry leading technologies
VM cloning and startup Mapping of cloud-based data to
recovered instances
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 2424
SunGard Enterprise Cloud Services
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 25
SunGard Enterprise Cloud Services Vision
Deliver Managed and Recovery Services
for enterprise-grade applications
that ensure availability of business operations
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 26
Fully Managed Infrastructure-as-a-Service
SunGard manages all necessary compute, network, storage and security resources, offering a complete, cost-effective solution
Compute
Virtualized environment providing hypervisor and OS system services Customize your virtual machine configurations to specific requirements SunGard Software Licensing Services options available
Network Broad networking options including multiple VLAN support, robust
internet connectivity, MPLS and dedicated circuit options
Storage Managed storage with integrated backup and restore
Security Managed firewall and virtual private network connectivity Platform built to support compliance requirements
RapidProvisioning
Ability to store custom VM templates in your own private image library Virtualized instances deployed within minutes
Management & Monitoring
24/7/365 management and monitoring of your virtualized infrastructure 99.95% availability Service Level Agreement (per month / per VM)
Portal & Reporting
Customer management portal to view and request compute resources on demand
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 27
Multi-tenant enterprise cloud and dedicated private cloud
All services fully managed by SunGard’s IT experts
Infrastructure architected for compliance and security
All solutions built on enterprise-grade infrastructure
Designed for production workloads
Predictable contract pricing with flexibility for rapid response to the changing IT demands
Customized solutions designed to enterprise needs
Comprehensive consulting services provide complete Cloud Readiness Assessments and Migration services
Cloud Services for the Enterprise
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 28
Why SunGard Enterprise Cloud Services?• Commitment to service delivery and
process discipline• SLA and commitment to reliability• SunGard's emphasis on compliance &
process• Consultative relationship with the
customer
Customer Buying Scenario• Leverage new technology platform to
improve time to market, management, and scalability
• Implementing new SAP application and the customer had no prediction regarding growth
• Customer supports client fulfillment for health services customers (e.g., including pharmacies and health care providers)
• Small business located in Western US supporting over 5,000 industry subsidiaries
• New SAP implementation
Customer Solution Requirements• Wanted to leverage the cloud technology to
implement new SAP application• Needed a solution that would scale quickly
and efficiently (4x scale)• Required an enterprise-level solution that was
fully managed by the service provider due to lack of internal expertise
• Looking for a secure and compliant infrastructure
Customer Deployment – Pharmaceutical Supplier
Customer Overview
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 29
Why SunGard Enterprise Cloud Services?• Industry expertise• Datacenter security• Reputation with financial and large
enterprise companies• SunGard's emphasis on compliance and
process• Future investments in cloud services
Customer Buying Scenario
• Appeal to current customers and prospects to sell archiving software via new delivery method, avoiding s/w, and h/w CapEx
• Elastic SaaS Model to support rapid build-out of infrastructure for on demand E-discovery or growth for any size firm
• Customer is a provider of enterprise-class electronic content archiving software
• Services include E-Discovery, compliance, records management, and storage optimization
• Assists large firms in mitigating risk and managing digital assets from a single point of control and unified set of policies
Customer Solution Requirements
• Looking to increase sales, market size, and penetration
• End-customers want to reduce CapEx and shift to OpEx budget
Customer Deployment – Software Provider
Customer Overview
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 30
SunGard Internal Use of Cloud
Focused on using cloud for new projects in 2011 Using cloud for:
• Development
• Test/QA
• Production
Currently implementing projects for • Enterprise Mobility (IaaS)
• Single Sign-On (IaaS)
• Store Front/Billing (SaaS)
• Ticketing (SaaS)
• Email (SaaS)
• CRM (SaaS)
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 31
Pragmatic Path to Enterprise Cloud
Phase II
Phase III
Phase IV
Phase I
Cloud Readiness Assessment
Cloud Design & Architecture
Cloud Implementation & Transition
Steady State Production
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 32
Secure enterprise-Secure enterprise-grade cloudgrade cloud
Improved IT agility Improved IT agility & scalability& scalability
Rapid provisioning and ability to scale up and down to support new business ventures and peak periods where infrastructure may only be needed for a short time
Flexible contract pricing to respond to your IT requirements
Financial flexibility Financial flexibility & increased ROI& increased ROI
Shift from CapEx to OpEx model so you can pay as you go and only pay for what you need while experiencing faster payback of investment
Reduce labor costs via elimination of time spent on day to day infrastructure management
Highly secure and resilient platform built on IT security best practices and meeting numerous compliance standards
Fully managed infrastructure reduces the IT administrative burden and allows redirection of staff to strategic business initiatives
Key Solution Benefits - Summary
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 33
For More Information
Find out More about SunGard Availability Services’ Enterprise Cloud Solution: visit
www.sungardas.com/cloud