CloudComputing

Architect our Smarter Planet

CLOUD Computing IBM Cloud Computing Reference Architecture

Optionally insert picture of presenter in this area, or delete blue square.

Anshu Kak
Distinguished Engineer CTO SWG Tech Sales Cloud Computing

IBM Cloud Computing Reference Architecture

2013 IBM Corporation

Adoption patterns to help customers achieve real business value

Cloud Enabled Datacenter Cloud Platform Services Business Solutions on Cloud Cloud Service Provider

Database licensingcost by68% Taxrevenue increaseby USD$1.4min 3months

Newsoftwarerollout fromweeksto14 mins,drivingmore consistentquality

Boostonlinerev 2,500%and conversiontosale by1,700%.

6xincreaseinRev whileholding operationalcosts flat. Timetoprovision 200VMs reduced 90%

2013 IBM Corporation

The IBM Cloud Computing Reference Architecture (CCRA)

Represents the aggregate experience from hundreds of cloud client engagements and IBM-hosted cloud implementations
Public Cloud RA whitepaper available on ibm.com: http://public.dhe.ibm.com/common/ssi/ecm/en/ciw03078usen/CIW03078USEN.PDF CCRA OpenGroup submission: http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc

Based on knowledge of IBMs services, software & system experiences, including IBM Research Provides prescriptive guidance on how to build IaaS, PaaS, SaaS and service provider clouds using IBM technologies
Reflected in the design of
Cloud-enabled Cloud-enabled data data center center / / building building IaaS IaaS Platform Platform Services Services

CCRA 3.0
Cloud Cloud Service Service Provider Provider Building SaaS SaaS Building

Clouds IBM implements for clients IBM-hosted cloud services IBM cloud appliances IBM cloud products
Focuses on cloud specifics
Cloud Service Integration Tools

Common Common Reference Reference Architecture Architecture Foundation Foundation

Cloud Service Consumer

Cloud Services

Cloud Service Provider

Common Cloud Management Platform (CCMP)

Cloud Service Creator

Existing & 3rd party services, Partner Ecosystems

Business-Processas-a-Service

Sof tware-as-a-Service Operational Support Services (OSS) Platf orm-as-a-Service Business Support Services (BSS) Service Creation Tools

Radical cost reduction Achievement of high degrees of security, reliability, scalability and control
Consists of multiple detailed documents representing best-of-industry knowledge and insight
Consumer In-house IT Inf rastructure-as-a-Service

Inf rastructure

How to architect, design and implement clouds

4

Security, Resiliency, Performance & Consumability Governance

2013 IBM Corporation

Evolution of the Cloud Computing Reference Architecture (CCRA 3.0)

July 2011 April 2011 February 2011

Submitted CCRA to The Open Group Public Cloud RA whitepaper available on ibm.com Released CCRA 2.0 for Business Partners

2012/13
CCRA Standardization ongoing

October 2010
Used in Cloud Launch and various customer/analyst sessions

Early 2012 March 2011 March 2010

Release CCRA 2.0 Release CCRA 2.5 Reach milestone of ~1500 IBMers formally educated on the CCRA

October 2012
Release CCRA 3.0 Adoption Patterns Prescriptive guidance on IaaS/PaaS/CSP/SaaS

March 2009
Initiated CCMP Reference Architecture

Published CC & CCMP Reference Architecture 1.0

Defined overall architectural foundation 5

Added product- and integration focused solution architectures

2013 IBM Corporation

The Business Benefits of the IBM Cloud Computing Reference Architecture

The IBM Cloud Computing Reference Architecture (CCRA) saves the client time and money by providing detailed documentation on the steps and components required for constructing a cloud implementation across all deployment models.

Customers can benefit from IBMs experience in creating public, private and hybrid clouds with one common architecture with reusable assets or product recommendations.

Clients receive a quicker start to creating an industrial strength cloud with pre-defined use cases and documentation on the architectural requirements or decisions that must be made for security, service management, performance, scalability and virtualization.

Utilize sound architectural principles to speed development and reduce errors across the entire development process ensuring designs can scale for efficiencies and can fulfill important cloud requirements such as elasticity, self-service and flexible sourcing

Increased business flexibility with a common cloud reference architecture across deployment models (private, public or hybrid cloud implementations)
6

2013 IBM Corporation

WHAT IS NEW IN CCRA 3.0

Delivers prescriptive guidance to architect solutions for IaaS, PaaS or SaaS with IBM product recommendations and roadmap to get on cloud journey Consists of various architectural work products representing best of breed IT industry knowledge and insight on how to architect, design, implement and manage clouds

Defines the business and technical requirements needed for various cloud roles and responsibilities such as the cloud consumer, the cloud provider and the cloud services creator

Is a modular framework that allows you to focus on the area thats most important for your cloud deployment (IaaS, PaaS, SaaS, CSP)

Provides the comparison blueprint to perform client cloud gap analysis and to identify integration points

2013 IBM Corporation

CCRA 3.0 organizational structure - Prescriptive solution architectures per cloud adoption pattern
New four main workstreams have been added as part of the CCRA 3.0
Pre-3.0 content has been reworked in the context of 4 top-level workstreams
CCRA Leadership Team: CCRA Stefan Leadership Pappe, Team: Gerd Breiter, Anshu Kak, Michael M Behrendt, Robert Flaherty (PM)

Cloud Adoption Pattern deliverables

One presentation per adoption pattern (4 in total) containing:
Business Drivers Actors & Use Cases Non-functional requirements System Context Architectural Decisions Architecture Overview Component Model Operational Model Roadmap Cross-cutting documents for: Introduction & Architecture Overview Use Cases & Roles Non-functional requirements Architectural Decisions Security Performance & Scalability Resiliency Hybrid Cloud Workload Migration Standards Consumability

CCRA CCRA 3.0 3.0

Leaders: Leaders: Jochen JochenBreh,, Breh,Pietro Pietro Iannucci Iannucci

Cloud-enabled Cloud-enabled data data center center (building (building private private IaaS, IaaS, as as a a mgd mgd service) service)

Ashok Iyengar, Robbie Minshall, Prasad Vishnubhotla

Platform Platform Services Services (building (building private private PaaS, PaaS, as as a a mgd mgd service) service) Leader:

Cloud Cloud Service Service Provider Provider (CSP2, (CSP2, commercial commercial XaaS) XaaS) Leader:
Joe McIntyre Tom Creamer

Building SaaS SaaS Building (using IBMIBM(using hosted hosted services) services)
Leader: Jeff Klink

Common Common Reference Reference Architecture Architecture Foundation Foundation

Use Use cases cases Non-functional Non-functional requirements requirements Architecture Architecture Overview Overview Architectural Architectural Decisions Decisions Security Security Performance Performance Resiliency Resiliency Standards Standards

Public Cloud RA whitepaper available on ibm.com: http://public.dhe.ibm.com/common/ssi/ecm/en/ciw03078usen/CIW03078USEN.PDF CCRA OpenGroup submission: http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.d oc

2013 IBM Corporation

Cloud Service Consumer Cloud Service Consumer

Cloud Services

Cloud Service Provider

Common Cloud

Cloud Service Creator Cloud Service Creator

Cloud Service Provider Platform (CCMP) Management

Business-Processas-a-Service Common Cloud Management Platform (CCMP)

Prescriptive, Consumable IBM Solutions Cloud Adoption Patterns - driven by clients

CCRA Adoption Patterns
Cloud Enablement Data Center Simple IaaS with Cloud Governance
VMs provisioning and images mgmt Usage metering and Accounting Monitoring & Capacity PlanningBackup&Restore,Endp oint compliance and PatchMgmt Events Management

Services ExistingCloud & 3rd party services, Partner Ecosystems Cloud Service Integration Tools Cloud Service Integration Tools

Existing & 3rd party Business-Processservices, Partner as-a-Service Ecosystems Sof tware-as-a-Service Operational Business Support Support Services Services (OSS) (BSS) Operational Business Support Support Services Services (OSS) (BSS) Service Creation Tools Service Creation Tools

Sof tware-as-a-Service Platf orm-as-a-Service

Consumer In-house IT Consumer In-house IT

Platf orm-as-a-Service Inf rastructure-as-a-Service

Inf rastructure-as-a-Service Inf rastructure

Security, Resiliency, Performance & Consumability Inf rastructure Governance Security, Resiliency, Performance & Consumability Governance

Platform Services - Management & deployment of middleware - Application Lifecycle Mgmt DevOps, Dev test - Cloud Service Integration Southbound integration with CEDC / IaaS

Building SaaS (using IBMhosted services)

Business Solutions in cloud Exploit IaaS and PaaS for building a SaaS Address ISV space Use of hosted offerings Multi-tenancy options & design considerations Cost considerations -3rd party tools recommended where appropriate

Cloud Service Provider (CSP2, commercial XaaS)

Storefront Business Support Services Customer, User & Partner Management White-labeling Billing integration Order Management Integrates with cloudenabled data center content

Advanced IaaS
Cloud Services Orchestration Storage Provisioning and mgmt Network Provisioning and mgmt Hybrid Cloud Integration Advanced Security (Identity & access mgmt, security information, events mgmt

ITIL Managed IaaS

Change&configutation mgmt, Problem mgmt, Incident mgmt, License mgmt

Common Reference Architecture Foundation

Use cases Use cases Architecture Overview && Architecture Overview Introduction Introduction Architectural Decisions Architectural Decisions Security Security Standards Standards Performance && Scalability Performance Scalability

Non-functional requirements Non-functional requirements

2013 IBM Corporation

IaaS Cloud Maturity Model

10

2013 IBM Corporation

IBM Cloud Reference Architecture Cloud Enabled Data Center Pattern

Allowstocompletelyintegratedthecloudworldwiththe remainingpartoftheenterprisebyincludingthecloud infrastructureandservicesintheenterpriseITIL processes.

AdvancedIaaS servicesintegratedwithITIL processes

IaaS:CutITexpenseand complexity throughacloud enableddatacenter

4
AdvancedIaaS Services(VMs,Storage,Network ortheircombinations)

Allowscreatingamoresophisticatedcloudinfrastructure forthedeliveryofmorecomplexandcriticalIaaS services inhighlydemandingenvironments.

3
Complementsthefirstmacropatternbyadding governancecapabilitiesthatallowtoeffectivelymanage aspectslikeSLAs,security,resiliency,capacityplanning, etc forboththevirtualizedinfrastructurethatprovides thecloudserviceaswellasthecloudserviceitself.

VirtualizationManagement

KeyBusinessDrivers:
Decreasecostsanddeliverytimefornewservices AlignITServiceswithbusinessgoals Increaseservicelevelcompliance Centralizedaccounting&billing IndustrializationofIT
11 TheentrypointintheIaaS cloudspacesinceitallowsto startbuildingamultitenantcloudinfrastructureand modelforthedeliveryofsimpleVMS(configuredwith thepropernetworkandstorage)thatcoversthe70%of therequestscomingfromthedifferentbusinesslines.

2
SimpleIaaS Services(VMs)

1
2013 IBM Corporation

Incremental approach for building Cloud enabled Data Center solutions

ITILManagedIaaS services Problem & Incident Management Change & Configuration Management

AdvancedIaaS services integratedwithITILprocess

License Management Service Desk Release Management

IT Asset Management

Allowstocompletelyintegratedthe cloudworldwiththeremainingpart oftheenterprisebyincludingthe cloudinfrastructureandservicesin theenterpriseITILprocesses.

AdvancedIaaS Services Storage Provisioning & Automation Management Network Provisioning & Automation Management

Services Orchestration

Hybrid Cloud Integration

Threat & vulnerability, identity & access, Security info and events mgmt

AdvancedIaaS Services(VMs, Storage,Network,and combinations)

Allowscreatingamoresophisticated cloudinfrastructurefordeliveryof complexandcriticalIaaS servicesin highlydemandingenvironments.

CloudManagement Virtualised Infrastructure Monitoring Capacity Management and Planning Endpoint Compliance & Management

CloudManagement
Event Management Backup & Restore Patches Management

Complementsfirstmacropatternby addingmanagementcapabilitiesthat allowtomanageaspectslikeSLAs, security,resiliency,capacity planning,etc forboththe infrastructurethatprovidesthe cloudandthecloudserviceitself.

SimpleIaaS Services(VMs) Usage metering, accounting & chargeback

SimpleIaaS Services(VMs)
Role & Authentication Management VM Image Construction Image Management EntrypointintheIaaS cloudspace.It allowstostartbuildingamulti tenantcloudinfrastructureand modeldeliveringsimpleVMS (configuredwithpropernetworkand storage)thatcovers70%of requestsfrombusinesslines. 2013 IBM Corporation

VM provisioning & On-boarding

Cloud Management

12

CloudenabledDataCenterArchitectureOverview
AdvancedIaaS servicesintegratedwithITILprocesses Problem & Incident Management IT Asset Management Management Change & ITIL processesConfiguration integration License Management Service Desk Release Management

AdvancedIaaS Services Storage Network component ServicesOrchestration Provisioning Provisioning Services & Automation & Automation Orchestration StorageConfiguration NetworkConfiguration Management Management CloudManagement Virtualised Capacity HealthMonitoring & Infrastructure Management CapacityManagement Monitoring and Planning Event Events Management Management

Hybrid HybridClouds Cloud Integration Integration

Intrusionprevention vulnerability, identity & access, Security Log VirtualServer info and events mgmt Management Protection

Identity Threat & Management

Backup & Backup& Restore Restore

Endpoint Compliance Patch Patches Management and & Management SecurityCompliance Management

SimpleIaaS Services(VMs) VM Role & Authenticatio provisioning VMs Provisioning Cloud & Onn Management boarding Management

VirtualImages VirtualImages VM Image Image Construction Management Construction Management

Usage Metering & metering, accounting & chargeback chargeback

1 0

Compute,StorageandNetworkVirtualizationlayer
13

2013 IBM Corporation

CloudenabledDataCenterSolutionstack
AdvancedIaaS servicesintegratedwithITILprocesses Problem & Incident Management IT Asset Management Change & License Configuration SmartCloud Control Desk Management Management Service Desk Release Management

AdvancedIaaS Services Storage Network TivoliService Automation Services Provisioning Provisioning Manager/ SCO Orchestration SmartCloud Virtual & Automation TivoliNetCool & Automation StorageCenter ConfigurationManager Management Management VirtualizationManagement Virtualised Capacity Infrastructure Management SmartCloud Monitoring Monitoring and Planning Tivoli NetCool Event Omnibus, Management Impact

Hybrid Cloud CastIron Integration HCI Extensions

vulnerability, Intrusionprevention identity & access, Security VirtualServer Qradar Log info and events Manager Protectionmgmt forVMWare

TivoliIdentity Threat & Manager

SecurityNetwork

Tivoli Storage Backup & Manager Suite Restore forUR

Endpoint Patch Compliance SmartCloud Management & PatchManagement Management

SimpleIaaS Services(VMs) VM Role & Cloud VM Image provisioning Authenticatio SmartCloud Provisioning Management Construction & Onn boarding Management
Required components Recommended components

Usage SmartCloud Image metering, Cost & Management accounting Management chargeback

Optional components 2013 IBM Corporation

14

IBM Cloud Reference Architecture PaaS Pattern

Paas based Lifecycle or PaaS based DevOps AllowstoimplementaDevOps processbycreatinga continuousdeliveryflowthatautomatesthebuild,test anddeliveryofapplicationsintoacloudenvironment

Acceleratetimetomarket withnewworkloadswith CloudPlatformServices

4
Inadditiontothemanagedmiddlewarepatterns, applicationscanleverageadditionalserviceslike programmingservices(e.g.DBordatacachingservices) orintegrationservicesthatallowtointegratewith externalapplicationorpubliccloudsandtoimplement autoscalingandcloudburstingscenarios,Cloud Integration Complementsthefirstmacropatternbyadding governanceservicesthatallowtoeffectivelymanagethe SLAa andQoS aspectsoftheprovisionedmiddleware, likeforexampleresiliency,applicationperformance, security,etc..

Advanced/AutonomicPaaS Services

ManagedPaaS

KeyBusinessDrivers:
ReduceCAPEX(CapitalExpenditure)andOPEX (OperationalExpenditure)todeliverbusinessservices. DrivedownITcostsbyimprovingdeliverytimeand quality,andloweringrisksassociatedwithdeliveryof newITenvironmentstobusinessandsoftware applicationdevelopmentanddelivery.Increase flexibilityandintegrationbetweenmiddleware components.
15

2
TheentrypointintothePaaS space,itallowstomodel multitieredmiddlewarepatterns,exposethemas servicesintoaselfservicecatalogue,automatetheir deploymentandmetertheresourcesusedbythis service.

Foundations/SimplePaaS Services

1
2013 IBM Corporation

Middleware Deployment & Management Platform

Desires Public Cloud No Yes

Integrated hardware & software solution is key factor No Broad hypervisor support including KVM, HyperV, Xen Interested only in PowerVM and vCenter Currently using IBM middleware and products for which patterns are available? No Yes Looking for application patterns? Yes Yes

SCAS

IPAS

Support for Virtual Applications (Vapps) is a critical factor

SCP

Using 3rd party or nonIBM software

Time to value a significant factor

SCP

IWD

This is changing as SCP is the way to go in next releases

16

For any other options a deeper analysis would be required 2013 IBM Corporation

IBM Cloud Reference Architecture for PaaS solutions

PaaS
Paas basedLifecycleorPaaS basedDevOps Application Development Application testing Application Lifecycle Mgmt Application governance Application onboarding Continuous Delivery

Advanced/AutonomicPaaS Services Cloud services data cache, Service Registry routing, messaging

Mobile management Integration Services

&

SLA-centric workload management

cloud-bursting, hybrid services (Integration)

Workload Automation and Scheduling Services

ManagedPaaS Services Identity management and Security Multi-tenancy / isolation License Management Workload/transaction Monitoring

Foundational/SimplePaaS Services Provisioning and automation services M/W Patterns deployment Metering

17

2013 IBM Corporation

IBM Cloud Reference Architecture for PaaS solutions

PaaS
ProcessOrientedPaaS Service Application Application Application RationalSuite lifecycle Application Application development testing CLM / RTC RTWtesting Management RSA/RAD Application Lifecycle Mgmt Development Application Application governance RAM governance Application Application on boarding RAF /AMC onboarding

SmartCloud Continuous Continuous SCCD, APM Continuous delivery Delivery Delivery

Advanced/AutonomicPaaS Services Cloud services data cache, Service Registry IWD/ Pure App routing, messaging

SLA-centric workload management

Mobile management Integration Services

& Worklight/TEM

cloud-bursting, hybrid Castservices iron (Integration)

Workload Tivoli Automation and Workload Scheduling Scheduler Services

ManagedPaaS Services

Security products Identity management and Security (SCIM,SCAM)

Multi-tenancy / isolation

License TLM Management

Workload/transaction SmartCloud Monitoring APM

Foundational/SimplePaaS Services Provisioning and M/W Patterns SmartCloud Provisioning/IWD automation services deployment

SmartCloud Cost Metering Mgmt

18

2013 IBM Corporation

IBM Cloud Reference Architecture for PaaS solutions

PaaS
Paas basedLifecycleorPaaS basedDevOps Application Development Application testing Application Rational Suite Lifecycle Mgmt Application governance Application onboarding

SCCD, APM Continuous

Delivery

Advanced/AutonomicPaaS Services
Service Registry Cloud services data cache, routing, messaging

Mobile management Integration Services

& Worklight/TEM

SLA-centric workload management

cloud-bursting, hybrid Castservices iron (Integration)

Workload Tivoli Workload Automation and Workload Scheduling Scheduler Services Scheduler

ManagedPaaS Services Identity management and Security Multi-tenancy / isolation

SmartCloud APM Management Monitoring IBMPure Application System

License

Workload/transaction

Foundational/SimplePaaS Services Provisioning and Provisioning/IWD M/W Patterns SmartCloud automation services deployment

SmartCloud SmartCloud Cost Metering Cost mgmt Mgmt

19

2013 IBM Corporation

Cloud Adoption Pattern Cloud Service Provider (CSP)

Business Drivers Competitive environment to become CSP, cost effective delivery, Retain and enhance customer relationship, differentiation in products offered (value of the products in realizing market leadership) differentiation in service provided (value of the Service Provider brand), Monetize their infrastructure. Solutions/ Patterns Develop Strategy and Select Business Models to become a successful CSP Select Services and Infrastructure Develop Ecosystem and Supporting Infrastructure Extend Applications in Cloud

Customer Applications Provider Applications Third Party Applications Cloud Aggregation White-label Cloud

Incorporate hosted Clouds built on IaaS and PaaS architecture from cloud-enabled data center and platform services solutions

20

2013 IBM Corporation

CSP Patterns, Micro-Patterns, Capabilities & Explanation

Patterns Cloud Services Host for Customer Applications Capabilities
Storefront Customer Access Management Customer Management Service Onboarding Service Management Customer Images Management Storefront Provider Access Management Provider Service Management Provider Service Onboarding Provider Image Management Storefront Partner Access Management Provider Service Management Provider Service Onboarding Provider Image Management Cloud Hosting Third-Party Applications Capabilities and OSS/BSS integration Federated cloud with on-/off- premise services Focus areas: Multi-tenancy, granular access control, service management, OSS/BS integration Portal Re-branding Wrappers Cloud Management (OSS/BSS) re-branding wrappers Enable customer to re-brand cloud (and hosted services) Focus areas: Multi-tenancy, storefront & OSS/BSS integration Focus areas: Multi-tenancy, customer management

Explanation
Extend cloud deployment to allow customers to host their applications.

Cloud Services Host for Provider Applications

Offer services hosted on (internal) cloud to customers.

Focus areas: Multi-tenancy, Application & Service Management

Cloud Hosting Third-party Applications

Extend cloud to offer both Provider and Third-Party services Focus areas: Multi-tenancy, access control, service management

Cloud Aggregation Cloud Provider Front-end for White-label Cloud

21

2013 IBM Corporation

CSP Maturity model

Maturity level 5
Advancedlibraryservices, Fullyautomated, AMAZON

Maturity level 4
ProvidingappsasSaaS, verticalmarketopportunities ,Advancedstorefront,partner managemnet,advanced metering,paymentprocess, creditcardprocessing,B2C elemnet

Advanced full CSP/MSP

Increased Capabilities

Maturity level 3
Librarystackprovidebackup asservice,storageasservice etc.basicstorefront,DR,get intoaggregation(google apps, amazon apps),Metering,get intoB2Belemnet

Maturity level 2
ProvideIaaS,PaaS with automationlikedevOps, PatchMgmt,takesnapshots, whitelabelservices.Process foronboarding

Maturity level 1
Basicresourcemanagement, providingbasicIaaS ,PaaS as services.Basicmeteringand billing smallscalewithlow automation

Simple Basic MSP

22

2013 IBM Corporation

IBM Cloud Reference Architecture for CSP2 solutions

Cloud Service Provider

AdvancedCSP2Services Storefront SaaS integration Services Third-party IaaS/PaaS integration services Rating, Accounting, Billing

Provider management

Partner management

SimpleCSP2Services Metering Accounting System integration services

IaaS/PaaS services

Cloud Services Management

Customer Mgmt

Access Mgmt

23

2013 IBM Corporation

Solution view: IaaS Entry Point using SCP

User IBM SmartCloud Provisioning IBM SmartCloud Monitoring Support Systems Integration Customer Management and Access

Customer and Product Mgmt

IBM WebSphere MQ FTP (OS provided)

Cloud Services Management

Local Access Local Access

Hosted Services

Hosted VMs VMWare, KVM Compute: IBM xSeries, pSeries, PureFlex Storage: IBM v7000 Unified Network: Juniper, Cisco

Runtime (hypervisor, OS)

Compute, Storage, Network

24

2013 IBM Corporation

User

Customer Manager

Solution view: Cloud Service Provider Solution Product Customer

Manager Service Rep Access Tivoli WebSeal, Tivoli Access Manager, Tivoli Federated Identity Manager Parallels or Jamcracker or Provider Specific

Storefront Customer Management Partner Management Provider Management

IBM Service Delivery Manager/SCO

Cloud Services Aggregation and Integration

Remote Cloud Provisioning Local SaaS Provisioning Local IaaS Provisioning

IBM Cloud Services Aggregation and Integration Pack IBM WebSphere Cast Iron Integration IBM WebSphere MQ / FTP (OS provided)

Integration Adapter

SaaS Management

IaaS Management

IBM Service Delivery Manager/SCO VMWare, KVM Compute: IBM xSeries, pSeries, PureFlex Storage: IBM v7000 Unified Network: Juniper, Cisco

External Cloud Management

Virtualization Management Resource Management

25

2013 IBM Corporation

SaaS Adoption Pattern

Following topics of prescriptive guidance Security Governance Business Models BSS (Business Support Services) OSS (Operations Support Services) Three primary models of SaaS delivery Primary Hybrid Extending on-premise or hosted deployments into a cloud environment Hybrid Cloud Attaching one or more on-premise or hosted environments to a true IaaS or PaaS environment. Full Cloud & Extended Cloud
26

Delivering a production-ready solution using only cloud services from one or more cloud providers. 2013 IBM Corporation

SaaS and Multi-Tenancy

What is tenancy and how does it relate to SaaS?
A client, end-user, or customer is considered a tenant of an application or service. Multi-tenancy allows a shared environment appear to each tenant as if it was dedicated. In this context, a "virtual slice" is assigned to each tenant and is isolated from the others, in terms of availability, performance & security. The introduction of multi-tenancy to SaaS has allowed businesses to realize methods for attaining their goals of decreased cost for delivery and operation. Multi-tenancy uses the full spectrum of virtualization and application capabilities, from physical hardware to run-time application configuration options.
Note: Tenancy is an optional component of any SaaS deployment.

The Tenancy Spectrum Tenancy Diagram

27

2013 IBM Corporation

Different cloud deployment models also change the way we think about security

Private cloud
On or off premises cloud infrastructure operated solely for an organization and managed by the organization or a third party

Hybrid IT
Traditional IT and clouds (public and/or private) that remain separate but are bound together by technology that enables data and application portability

Public cloud
Available to the general public or a large industry group and owned by an organization selling cloud services.

Changes in Security and Privacy

Customer More Good Easy

responsibility for infrastructure

Provider Less No

responsibility for infrastructure

customization of security controls visibility into day-to-day operations to access to logs and policies and data remain inside the firewall

customization of security controls to access to logs and policies and data are publically exposed

visibility into day-to-day operations

Difficult

Applications

Applications

28

2013 IBM Corporation

Security Intelligence, Analytics and GRC

Security Intelligence with Big Data

Infrastructure

Applications

People

Data

Mobile Security

Cloud Security

29

2013 IBM Corporation

Help the client develop their reference architecture over time

Reference architectures can take a long time to create Harvested from repeated successes Generally broad in scope Reference architectures are not created in a vacuum Help the client begin with one or more reference implementations Determine what does and does not work in the client environment Use portions of the CCRA as a template, but modify with clientspecific aspects Creating a client-specific reference architecture requires participation and input from the client Gather client-specific standards Understand client processes Applicability of the RA is usually at an enterprise level, not limited to a particular department
30
2013 IBM Corporation

Resources
Publically available material
Whitepaper about the CCRA http://www-05.ibm.com/de/cloud/pdf/Gettingcloudcomputingright.pdf Redguide about the Cloud-Enabled Data center / IaaS adoption pattern http://www.redbooks.ibm.com/abstracts/redp4893.html?Open Redguide about the Cloud Service Provider adoption pattern http://www.redbooks.ibm.com/redpapers/pdfs/redp4912.pdf Academy TechNote about the CCRA http://www-05.ibm.com/it/cloud/downloads/Cloud_Computing.pdf CCRA Submission to the OpenGroup http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc

31

2013 IBM Corporation

Thank you

IBM is a registered trademark of International Business Machines Corp. Other product and service names might be trademarks of IBM or other companies. See the current list of IBM trademarks: www.ibm.com/legal/copytrade.shtml.

32

2013 IBM Corporation