Upload
others
View
24
Download
0
Embed Size (px)
Citation preview
HPE Хибриден облак заедно по-ефективно иефикасно електронноуправление
81%PRIVATECLOUDHPE Хибриден облак за
едно по-ефективно иефикасно електронноуправлениеAleksandar AksentijevicМениджър Hybrid IT Transformation,Hewlett Packard Enterprise Югоизточна Европа
19%PUBLICCLOUD
Understanding the needs and response
More demanding needs infront of e-Government– Increased Citizen Expectations
– Reduce Cost
– Data Sovereignty
– Regulations/Compliances &Security
Typical administrations
– invest independently anduncoordinated to build and developtheir own IT infrastructure,
– encountered many difficulties in themaintenance, renovation andexpansion of capacity, particularlyin implementing new softwareprojects and electronic services
– the usual practice is to purchase anew and separate hardware foreach project, leading to inefficiency,higher operating costs and lowerresistance.
Construction of aGovernment Cloud
– Increased Citizen Expectations
– Reduce Cost
– Data Sovereignty
– Regulations/Compliances &Security
– invest independently anduncoordinated to build and developtheir own IT infrastructure,
– encountered many difficulties in themaintenance, renovation andexpansion of capacity, particularlyin implementing new softwareprojects and electronic services
– the usual practice is to purchase anew and separate hardware foreach project, leading to inefficiency,higher operating costs and lowerresistance.
2
Can Public Cloud be a solution?
3
PrivateCloud
77%PublicCloud
23%PrivateCloud
67%PublicCloud
33%PrivateCloud
73%PublicCloud
27%PrivateCloud
81%PublicCloud
19%
Major Verticals Shifting Spend, Investing in DifferentPrivate and Public Cloud Mixes, over next 2 yearsIndustry verticals show a consistently strong private cloud mix
4
Manufacturing Telecom Retail Insurance
PrivateCloud
72%PublicCloud
28%
Healthcare
PrivateCloud
78%PublicCloud
22%
Government
PrivateCloud
71%PublicCloud
29%
Finance/Banking
PrivateCloud
77%PublicCloud
23%
Education
+ 451 Research survey from 1,155 enterprise respondents, 08/2015
Transform to Hybrid InfrastructureThe Power of Hybrid – The Potential of Cloud
Hybrid Infrastructure
Your hybrid infrastructure spans Traditional IT, Private and Public Clouds
Traditional IT Private Clouds ManagedClouds
Global PublicClouds
BuildOn-Premises
ConsumeOff-Premises
Automate &Virtualize
Ensure 100% Visibility and Control across YourHybrid Infrastructure
Automate end-to-end acrossmultiple data centersDriving efficiency across the virtualized data centerthrough the power of analytics
Single storefront for ITdelights customers
Security and compliance tomeet regulatory needs
Services cost managementfor efficient deployment
Capacity management tomaximize utilization
Analytics driven monitoringfor issue preventions andrapid resolution
Orchestrate applications andinfrastructure in a hybrid worldAccelerate IT delivery for hybrid, cloud native andtraditional applications
6
Single storefront for ITdelights customers
Security and compliance tomeet regulatory needs
Services cost managementfor efficient deployment
Capacity management tomaximize utilization
Analytics driven monitoringfor issue preventions andrapid resolution
Orchestrate applications andinfrastructure in a hybrid worldAccelerate IT delivery for hybrid, cloud native andtraditional applications
Transform user experience througha service broker modelUnify service delivery and support across hybridenvironments for owned and external services
Challenges : Security and Governance of Information
As public sector is being more dependent on technology, data privacy and sensitive information of citizens isbecoming more critical and difficult to be handled.
– Growing cyber-security threat– Lack of skilled resources and human faults– Lack of regulations and certification of compliance
7
Hanover Research Government IT Security survey
Scenario 1 - Provisioning Of ServicesAutomated end to end provisioning process within the services environment
SCENARIO: 1
8
Scenario 2 – Managing Services At ScaleThe solution can be enhanced to manage the services through different userperspectives
SCENARIO: 2
9
Scenario 3 - Evolving the ServicesAdd additional services to the catalogue
SCENARIO: 3
10
Centralized Cloud - Hungary
Hybrid Cloud
B: Dedicated Hosting(MoD, Police, NSA)
C: CommunityCloud
(eHealth)
A: Federated Cloud
SERVICE CATALOGSERVICE CATALOGSERVICE CATALOGSERVICE CATALOG
ORCHESTRATIONORCHESTRATIONORCHESTRATIONORCHESTRATION
SERVICE CATALOGSERVICE CATALOGSERVICE CATALOGSERVICE CATALOG
• Run by a government owned entity
• Offers Cloud services to all departments
• Each department has unique requests• Dedicated• Federated• Community• Virtual Private Cloud
• SLA exists between each departments and theservice provider
• Some departments share resources such asVMs, storage,
• Standards have been selected acrossgovernment departments
11
Hybrid Cloud C: CommunityCloud
(eHealth)
D: Virtual Private Cloud
Social Security
Healthcarei.e: Hospitals
Municipalities
Others
A: Federated Cloud
MoAMoEMoF
ORCHESTRATIONORCHESTRATIONORCHESTRATIONORCHESTRATION
PROVISIONINGPROVISIONING& MONITORING& MONITORINGPROVISIONINGPROVISIONING& MONITORING& MONITORING
CONVERGEDCONVERGEDINFRASTRUCTUREINFRASTRUCTURE
CONVERGEDCONVERGEDINFRASTRUCTUREINFRASTRUCTURE
ORCHESTRATIONORCHESTRATIONORCHESTRATIONORCHESTRATION
PROVISIONINGPROVISIONING& MONITORING& MONITORINGPROVISIONINGPROVISIONING& MONITORING& MONITORING
CONVERGEDCONVERGEDINFRASTRUCTUREINFRASTRUCTURE
CONVERGEDCONVERGEDINFRASTRUCTUREINFRASTRUCTURE2 sites, Active –Active op
• Run by a government owned entity
• Offers Cloud services to all departments
• Each department has unique requests• Dedicated• Federated• Community• Virtual Private Cloud
• SLA exists between each departments and theservice provider
• Some departments share resources such asVMs, storage,
• Standards have been selected acrossgovernment departments
HPE Recommendations to a Hybrid Infrastructure
It’s time to Plan Your Transformation to Hybrid
Start with businessoutcomes for
success
Establish criteria forworkload placement
Document security andcompliance requirements
12
Start with businessoutcomes for
success
Plan for people andorganizational change
Build skills forOpen
architectures
Champion newpractices and
processes
Благодаря!
13
Security principlesCloud Security Principle Description
1. Data in transit protectionConsumer data transiting networks should be adequately protected against tampering andeavesdropping via a combination of network protection and encryption.
2. Asset protection and resilienceConsumer data, and the assets storing or processing it, should be protected against physicaltampering, loss, damage or seizure.
3. Separation between consumersSeparation should exist between different consumers of the service to prevent one malicious orcompromised consumer from affecting the service or data of another.
4. Governance frameworkThe service provider should have a security governance framework that coordinates and directstheir overall approach to the management of the service and information within it.
5. Operational securityThe service provider should have processes and procedures in place to ensure the operationalsecurity of the service.
6. Personnel securityService provider staff should be subject to personnel security screening and security educationfor their role.
7. Secure development Services should be designed and developed to identify and mitigate threats to their security.
14
7. Secure development Services should be designed and developed to identify and mitigate threats to their security.
8. Supply chain securityThe service provider should ensure that its supply chain satisfactorily supports all of thesecurity principles that the service claims to implement.
9. Secure consumer managementConsumers should be provided with the tools required to help them securely manage theirservice.
10. Identity and authenticationAccess to all service interfaces (for consumers and providers) should be constrained toauthenticated and authorised individuals.
11. External interface protectionAll external or less trusted interfaces of the service should be identified and have appropriateprotections to defend against attacks through them.
12. Secure service administration
The methods used by the service provider’s administrators to manage the operational serviceshould be designed to mitigate any risk of exploitation that could undermine the security of theservice.
13. Audit information provision to consumersConsumers should be provided with the audit records they need to monitor access to theirservice and the data held within it.
14. Secure use of the service by the consumerConsumers have certain responsibilities when using a cloud service in order for this use toremain secure, and for their data to be adequately protected.
Scenario 4 – Driving Iterative ChangeAutomation can be used as part of the development cycle to deploy and publishapplications
SCENARIO: 4
15
Reference project
Business needs– Centralization of management and procurement– Cost optimization, better budget predictability, spending efficiency– Simplification of IT processes and increasing Government transparency– Structuring governance model– Improved time to market for critical projects– Mitigation of security risks
The Request– Create a transactional system for up to 300 million transactions / day– Scale it for up to 30 thousand transactions pro second as a peak load– Let it be secure enough– Calculate with low bandwith uploads– Build it from the minimum resources– It has to work for 7/24 no service outage allowed– Automate everything
Business needs– Centralization of management and procurement– Cost optimization, better budget predictability, spending efficiency– Simplification of IT processes and increasing Government transparency– Structuring governance model– Improved time to market for critical projects– Mitigation of security risks
The Request– Create a transactional system for up to 300 million transactions / day– Scale it for up to 30 thousand transactions pro second as a peak load– Let it be secure enough– Calculate with low bandwith uploads– Build it from the minimum resources– It has to work for 7/24 no service outage allowed– Automate everything
16