How to protect the "enterprise private Cloud" system

The spread and application of the cloud is constrained by a number of uncertainties, such as cost and service levels, data security and protection, scalability and reliability, auditing and compliance, control and governance, security, performance, and availability. Therefore, it is necessary to ensure the efficient and continuous operation of the private cloud system from the optimization of management and security.

Cloud Management

The general cloud management platform offered by HP mainly provides three functions, such as cloud infrastructure resource management, virtualization and capacity management, and cloud service lifecycle management.

Cloud Infrastructure Resource Management

The core of cloud infrastructure resource management is automatic discovery, monitor and control computing resources in the cloud (both physical and virtual), establish secure, highly available, automated infrastructure service provisioning management to meet planned and unplanned resource changes, and quickly complete the on-demand provisioning of computing resources. In general, managed infrastructure resource management is implemented using platform management tools such as HP SIM. HP SIM is one of the most popular platform integration management software in the world, in addition to the server can manage storage, network, client and printer resources, and can integrate with other basic management software, provide integrated tracking and remote online support. Integrated with HP Storage essential, HP SIM provides integrated heterogeneous storage management capabilities (DAS, SAN, NAS) and storage resource management and application infrastructure management.

Virtualization and Capacity management

The cloud computing environment is an environment that uses virtualization technology to dynamically supply, configure, reconfigure, and eliminate resource provisioning on demand. The cloud infrastructure exists in the form of virtual shared resource pools, including physical machines, virtual machines, and other resources that can be supplied and recycled according to the requirements of the hosting application. Cloud service providers can use virtualized management software such as HP Insight Dynamics-vse to quickly supply and deploy physical or virtual machines, capacity management, and dynamic resource allocation with workload managers. HP Insight Dynamics-vse is an integrated virtualization management software that helps IT managers analyze and optimize managed virtual and physical resources, including the industry's most advanced real-time capacity planning tools, allowing you to collect thousands of data per day/server from virtual and physical resources Continuously analyzes the capacity and power of the server and provides the best matching recommendations for different server workloads.

Cloud Service Lifecycle Management

Hewlett-Packard Cloud services management software HP Cloud Controller delivers a complete cloud service Lifecycle Automation management solution that enables businesses to build a private cloud platform based on the data center's converged infrastructure, providing a run-time environment hosting and managing cloud services capabilities. The software is a model based cloud service management solution that addresses the features of cloud services for global-level services and multi-tenant, from the use of model-defined services to implement on-demand provisioning, and the implementation of service-multi-tenant models through service instantiation, Through real-time monitoring services to achieve the management of services to automate the three aspects of the cloud service delivery model to meet the challenges posed. The software meets the requirements of cloud service management from design, instantiation, allocation, change to termination of the entire lifecycle, and provides a central operation and coordination system platform to effectively deliver cloud services and automatically manage their lifecycle, so that the advantages of using cloud services can be fully realized. Figure 1 is a successful example of using HP Cloud controller to build a hybrid cloud solution.

Figure 1 Hybrid Cloud Solution

Cloud Security

Cloud computing security vulnerabilities are another obstacle to the wider application of cloud services. It has been proved that the security strategy of comprehensively covering all levels of cloud services (from hardware platform, cloud service software hierarchy to end-user devices) must be developed under the guidance of scientific methodology to build a complete security cloud service solution to provide secure and continuous cloud services.

To this end, Hewlett-Packard adopts the ITSA methodology from the business, function, technology and implementation of the four perspectives of comprehensive analysis, put forward a secure cloud services solution function design and implementation methods to ensure the security of various modes of cloud service systems.

Functional design of cloud services solutions

Most of the security problems of cloud services are traditional it already exists, traditional information security theory and practice still apply. But cloud security has its own new features, cloud service systems are highly distributed, highly scalable and resource-sharing in multi-tenant application mode, support for global users and more loosely coupled, so that the uncertainty of cloud-based service systems often stems from broader and more complex variables, making it more difficult to secure them. Therefore, the following security features must be provided, based on the full consideration of the characteristics of the cloud services:

Y Identification and Authentication technology: The first step in securing IT systems is to identify and authenticate users, to ensure that legitimate users are accessible and illegal users refuse to break in. The Security Cloud service solution must adopt various effective identification and authentication techniques to ensure access security at all levels, including: the identification of user roles, the support of two-factor identification mechanism, the use of two-way identity authentication technology in Web Connection, and the provision of single sign-on function;

Y access Control Technology: The purpose is to allow or deny a specific entity (person or program) to use a resource (information). In a secure cloud service solution, controlling access and operation of resources is essential, including role-based authorization mechanism, communication protection between subsystems, etc.

Y Security Management technology: A secure cloud services solution must have a sound security management technology, including compliance and audit management, security threats and vulnerabilities management, set up a dedicated security Management Server, etc.

Y Asset Management technology: a secure cloud services solution must adopt technologies that automatically track and manage physical assets and information assets to ensure security;

Cloud Security Solution Implementation Example

From an implementation perspective, select the appropriate security structure, products, services, and tools to implement the Designed security cloud service solution within the prescribed time schedule and budget.

Security architecture for cloud services solutions

For the characteristics of cloud services, HP chose the isolation hierarchy to implement the cloud services security solution. Each isolation is an independent application operating environment, with the CPU, memory, storage and network connection resources belonging to this isolation, layered software application hierarchy, support resource isolation and security. This mandatory isolation can prevent interference from other applications in a multiuser shared environment.

Secure Cloud Services IT infrastructure

The HP BladeSystem Matrix is a suite of software and hardware-integrated security cloud services IT infrastructures that support the ability to use virtualized resources to build secure isolation and separation applications based on logical servers. This mandatory isolation can prevent other applications from being compromised in a multiuser shared environment. The HP BladeSystem Matrix also uses the Insight Dynamics Global Workload Manager, providing additional protection for shared resources, identity identification and authentication, access control, security development, and asset management to provide customers with a secure cloud services IT infrastructure.

Cloud Services SaaS Development Platform

In addition to providing IAAS products and services, HP also provides SaaS products and services, in which snapping fish (snapfish) is a well-known example of cloud applications. Snapping fish is the world's online photo printing service leader, in 2010 has more than 80 million users, save more than 3 billion photos. The SaaS cloud service platform, which uses the isolation and hierarchy concept to build the isolation architecture shown in Figure 2, is a good example of success.