How to Migrate to Cloud with Complete Confidence and Trust

Henry Stapp, Director of Product Management, Apcera

March, 2016

ADA Conference

What We’re Hearing From Customers

2

๏ Drive Revenue ๏ Decrease Costs ๏ Reduce Risk ๏ Improve the Customer Experience

3

Softw

are

Laye

rIn

frast

ruct

ure

Laye

r

Containers and Microservices

Traditional and Legacy Applications

Cloud Native Applications

Mid

dlew

are

Laye

r

Orchestration Tools

Configuration Tools

Container Management Tools

Auditing Tools

Logging Tools

Application PlatformsPlatforms-as-a-Service

Your Cloud Stack

4

Complexity

Leads to

RISKSiloed

Your Cloud StackSo

ftwar

e La

yer

Infra

stru

ctur

e La

yer

Containers and Microservices

Traditional and Legacy Applications

Cloud Native Applications

Mid

dlew

are

Laye

r

Orchestration Tools

Configuration Tools

Container Management Tools

Auditing Tools

Logging Tools

Application PlatformsPlatforms-as-a-Service

Unique

Dependencies

5

You need the cloud to work for you, NOT the other way around.

The Importance of Policy

6

๏ Policy refers to the rules and best practices that set up guard rails for your system. Policy can help: ‣ Governance ‣ Risk ‣ Compliance

๏ Most policies are loosely crafted and live on a sticky note, whiteboard, email or in the heads of your ITOps team.

๏ Declaring consistent, effective policy across your organization generally looks like this…

7

Implementing Policy Across Your Organization Today

Meeting Meeting Meeting Meeting Meeting!

Meeting Meeting Meeting Meeting Meeting

Meeting Meeting Meeting Meeting Meeting

Meeting Meeting Meeting Meeting Meeting

!

!

!

Packaging System enables fine grained policy for versions, workload manifests and what can be used in an un-opinionated system.Service Composition01

Infuse Your System with Policy: Five Key Pillars

Packaging System manifests and what can be used in an un-opinionated system.Service

Resource Management

01

02Container Management System enables isolation and enforced security granular policy for memory/cpu/disk/network quotas.

Infuse Your System with Policy: Five Key Pillars

Packaging System manifests and what can be used in an un-opinionated system.Service

Resource

Scheduling and Placement

01

02

03

Container Management System security granular policy for memory/cpu/disk/network quotas.

Policy Aware Scheduler enables granular control for workloads placement: geographical, affinity-based tagging for service access, compute and infra elasticity.

Infuse Your System with Policy: Five Key Pillars

Packaging System manifests and what can be used in an un-opinionated system.Service

Resource

Schedulingand

Policy Aware Networking enables a truly programmable network at workload abstraction layer that can enforce policy on any infrastructure at the speed of deployment and orchestration, plus the ability to instantly self heal.

Connectivity and Communication

01

02

03

04

Container Management System security granular policy for memory/cpu/disk/network quotas.

Policy Aware Scheduler geographical, affinity-based tagging for service access, compute and

Infuse Your System with Policy: Five Key Pillars

Packaging System manifests and what can be used in an un-opinionated system.Service

Resource

Schedulingand

Policy Aware Networking abstraction layer that can enforce policy on any infrastructure at the speed of deployment and orchestration, plus the ability to instantly self heal.

Connectivity and Communication

01

02

03

04

Container Management System security granular policy for memory/cpu/disk/network quotas.

Policy Aware Scheduler geographical, affinity-based tagging for service access, compute and

What good are rules if they aren’t followed? Effective policy provides visibility within your system so automated enforcement is possible. Automated enforcement removes humans from the equation and greatly reduces the chance of errors.

Automated Enforcement of Your Policy

05

Infuse Your System with Policy: Five Key Pillars

Trust Model for Cloud-Native Applications

MULTI-WORKLOAD

MULTI-CLOUD

POLICYSECURITYENFORCEMENT

DEPLOYORCHESTRATEGOVERN

• Cloud-resident Policy Engine at the core

• Service level evaluation and enforced for GRC

• Every service resource is closed by default

• Every service resource is assumed compromised

• All components are isolated by default

Permissions need to be explicit and granted in all directions

Secure separation of control, management and data planes

Secure message bus to connect all resources

Cloud Native service behavior exception monitoring, alerting and audit logging

•

•

•

•

Request

Policy Agent

Policy Engine (Cloud-Native GRC)

Policy Centric Monitoring, Evaluation & Enforcement

RequestRequest

Policy Agent Policy Agent Legacy Agents SaaS Agents

DB2

Delivering Secure Cloud-Native Services for Governance, Risk and Compliance

SalesforceService

VMware

Service

AWS

Service

OpenStack

How Apcera Handles Trust

The Apcera VisionDeliver platform technology that unlocks the full power of massive amounts of compute resources and data. All in a trusted and unified way.

Derek Collison Founder and CEO at Apcera

๏ CTO, Chief Architect at VMware ๏ Architected CloudFoundry ๏ Technical Director at Google ๏ SVP and Chief Architect at TIBCO

Apcera Value Proposition

Customers

Innovate at speed — with full confidence and trust

Business Benefits: - Risk Mitigation and Full

Compliance - Reduce CapEx and OpEx

- Simplify Operations - Faster Time to Market - Full integration with

“modern” IT tools in use

Q & A

Learn More at

www.apcera.com

Thank You!