Integrating Cloud Bryan Doerr

Chief Technology Officer

into Your IT Strategy Ken Owens

Vice President, Security and
October 22, 2009 Webinar Virtualization Technology
 Guest Speakers

Bryan Doerr
Chief Technology Officer
Savvis

Ken Owens
Vice President
Security and Virtualization Technology
Savvis

Savvis Proprietary & Confidential 2

 Webinar Agenda

• Discerning Cloud Computing’s Relevance to the Enterprise

– Defining the Cloud and Moving Beyond the Hype
– Distinguishing Among Cloud Models and Types
– Cloud’s Fit with Enterprise IT Needs
– Anatomy of an Infrastructure Cloud

• Securing the Cloud

– New Threats Introduced by Virtualization
– Newer Benefits to Security
– Security Design Considerations & Reference Architecture
– How to Define SLA for Security

• Savvis Cloud Capabilities & Early Use Cases

• Q&A

Savvis Proprietary & Confidential 3

Discerning Cloud Computing’s
Relevance to the Enterprise

Bryan Doerr
Chief Technology Officer, Savvis

4
 What is the Largest Barrier
to Adoption of Cloud Services?

Cost / benefit unclear (23.69%)

Unknown management headaches (21.89%)
Lack of security (17.07%)
Lack of reliability (6.03%)
No standard way to switch providers (6.43%)
Limited reference cases (6.02%)
Disruption to IT org chart/politics (4.22%)

497 responses Other (13.85%)

Source: Tech Target: Cloud Computing Readership Survey, 2009

Savvis Proprietary & Confidential – 5

 What Is Cloud Computing?
Industry Analysts’ View

Forrester Gartner IDC

A pool of abstracted, A style of computing
highly scalable, and where massively
managed compute scalable IT-enabled
infrastructure capabilities are
capable of hosting delivered 'as a service'
end-customer to external customers
applications and using Internet
billed by consumption. technologies.
– Forrester, Is Cloud Computing – Gartner, Cloud Computing:
Ready for the Enterprise?, March 2008 Defining and Describing an
Emerging Phenomenon, June 2008
An emerging IT
development,
deployment and
delivery model,
enabling real-time
delivery of products,
services and solutions
over the Internet.
– IDC, Defining “Cloud Services” and
“Cloud Computing”, Cloud Computing
Blog, September 23, 2008

Savvis Proprietary & Confidential 6

 Cloud Computing
A New Purchasing Paradigm for Managed Services

Cloud
computing Cloud
isn’t like grid computing
or client- is like
– Usage-based billing online music
server
– Automatic delivery vs. CDs

– Minimal/no commitment
– Customer controlled
service provisioning/
modification/termination
Not a new
A new way
technology
to obtain
data center
services
Savvis Proprietary & Confidential 7
 Cloud Computing
Beyond the Hype

• Enhances managed services • De-risks taking advantage

value proposition of managed services value
proposition
– Lowers cost of adopting
virtualized solutions – Purchasing paradigm
eliminates long-term
– Tailored to specific needs
obligations
and more flexible to
change when using cloud
services

The result is greater adoption of managed services,

with potential for significant market growth

Savvis Proprietary & Confidential 8

 Risk/Benefit Improvements
Reaching the Tipping Point

• Today
– Decision to outsource often reduces
to preference-based
◦ Benefits are real, but seen as risky
by some

 Tomorrow
– Decision will be obvious
◦ Compelling benefit/substantially
reduced perceived risk

To achieve this vision, service providers must work

with suppliers to design and integrate high-efficiency,
low-cost, and improved customer experience.

Savvis Proprietary & Confidential 9

 Cloud Computing
Why Now?

 Moore’s Law across all significant resources:

bandwidth, CPU, memory, storage
 Maturity of client server architectures:
building blocks of IT applications are well defined

Acceptance of virtualization

Ability to deliver services on demand

Savvis Proprietary & Confidential 10

 Cloud Models
Increasing Automation and Flexibility

• Hosted business applications, often replacing

Applications

licensed desktop software

Targeted

Software-as-a-Service

SaaS • Subscribe and Customize

“pay for seats” (e.g., Vovici, Concur, NetSuite, Availity, SF.com)

• Application execution environment that

abstracts infrastructure in exchange for
Platform-as-a-Service
runtime specificity
Reduced Choice
Architectures

PaaS • Subscribe and Develop

“pay for transactions”
(e.g., AppEngine, Azure, Engine Yard)

• Infrastructure deployment platform that

Infrastructure-as-a-Service enables system-based procurement of data
General Purpose

center resources
Technologies

IaaS
• Granular capacity & billing
“pay for usage”
• Specify and Deploy

(e.g., Savvis, Amazon, Rackspace, AT&T)

Savvis Proprietary & Confidential 11

 Types of Clouds

Customer Data Center

customer
Private Cloud Dedicated Cloud

customer

customer

customer

Public Cloud
Savvis Proprietary & Confidential 12
 Infrastructure-as-a-Service Clouds
Multi-Tenancy Models And Cost Structure

Hosted
Current Internal “Clouds” Dedicated Clouds Public Clouds
Customer
Costs
Streamlined Opex Avoided Opex Avoided Opex
Personnel
Opex

Software MTC Internal “Cloud”

Personnel Dedicated
Hardware MTC Hardware MTC Private Cloud Public
Cloud
Facilities & Power
Capex

Software MTC Software MTC* Software MTC*

Server Capex Facilities & Power
Server Capex
Storage Capex Storage Capex Avoided Capex Avoided Capex

15-40% TCO Savings Additional 15-40% TCO Savings

(Solution Dependent) (Workload Dependent)

Savvis Proprietary & Confidential 13

 Cloud Computing
When Is It a Good Fit for the Enterprise?

• Applications and processes have highly variable demand

• Internal data center capacity limits are being reached

• Hardware is at the end of its serviceable life

• Speed of provisioning is constraining business execution

• Your data center no longer offers a competitive advantage

to the organization
– No longer provides a differentiation
– Competitors’ time to market surpasses yours

• In-house application development

Savvis Proprietary & Confidential 14

 Anatomy of an Infrastructure Cloud

Access 1 WAN 14 User Control

13 Tier Provisioning
Availability App Performance
Security 2 SLA
Redirection 3
Network Delivery 4
Web Compute Tier 5

6
Security 7
Data Access/Mobility

App Compute Tier 8 Data Protection

9 Storage (Latency)
Security 10 12
Support
& Monitoring 11 dB Compute Tier

Savvis Proprietary & Confidential 15

 Concerns About Cloud Security

Cloud computing is
IT Leaders
not yet secure enough
(US)
for the Enterprise
IT Leaders
(Global)

44%
56%
36%

64%

Agree
Disagree

Source: Independent research undertaken by Vanson Bourne in 2009, surveying 314 CIOs, CTOs, IT Directors
and heads of IT of global businesses based in the US, UK, and Singapore.
Savvis Proprietary & Confidential 16
Securing the Cloud

Ken Owens
Vice President
Security and Virtualization Technology, Savvis

17
 “Be Careful Up There!”
Concerns About Cloud Computing Security Abound

“The cloud is fraught with security risks…” – InfoWorld

“Analysts warn that the cloud is becoming particularly

attractive to cyber crooks.” – ComputerWeekly

“Corporate use of cloud services slowed by concerns

about data security, reliability.” – ComputerWorld

“Privacy, security issues darken cloud computing plans.” – IDG

"Cloud computing sounds so sweet and wonderful and safe...

we should just be aware of the terminology, if we go around
for a week calling it swamp computing, I think you might
have the right mindset.” – Ron Rivest, co-founder, RSA

“It is a security nightmare and it can't be handled

in traditional ways.” – John Chambers, CEO, Cisco
Savvis Proprietary & Confidential – 18
 Security Tops Cloud Concerns

Source: IDC, 2009

Savvis Proprietary & Confidential – 19
 New Threats Introduced
by Virtualization Layer

• Virtual-machine escapes

• Virtual-machine hopping

• Virtual-server sprawl

• One customer or department being able to gain access to

another customer or department

• Moving a VM can render a once up-to-date VM unsecure

• Network IDS/IPS not being able to inspect inter-VM traffic

• Affects of moving a VM to a new network

Savvis Proprietary & Confidential – 20

 Newer Benefits to Security

• Hypervisor controls physical resources underneath OS

• Extending hypervisor to allow 3rd party to control & secure:
– Memory: read, write and execute
– CPU: context switching, memory mapping, debugging
– Network, Graphics, Disk
• Security software living outside the OS away from the enemy
• Securing VM image files:
– Encryption, access control, offline AV scanning, patches
• Extending v12n management infrastructure:
– Extending virtual storage to support black and white listing
– Extending virtual network switch for IPS capabilities
• VMSafe:
– Memory & CPU security
– Network security
Savvis Proprietary & Confidential – 21
 VMsafe CPU/Memory
Dedicated Security VM

Protection of memory and processor operations

Savvis Proprietary & Confidential – 22
 Expected Growth of VMsafe

Protection over all virtualized devices

Savvis Proprietary & Confidential – 23
 Challenges to VMsafe CPU/Memory

• Performance (cross VM context switching)

• Stability of guest OS due to triggers processing latency

• Loss of guest OS context

Savvis Proprietary & Confidential – 24

 Virtual Applications Security

• Example of basic challenges:

– AV/HIPS does not see virtual application file activities
– Apps mobility allows malware to extend its reach

• New opportunities for security:

– Security deeply integrated into apps
– Enforcing security policy aside from the OS

Savvis Proprietary & Confidential – 25

 Security Design Considerations

• Integrated Cloud Security

– Cloud environments provide limited visibility to inter-VM traffic flows
– Specific architecture and configuration decisions
◦ Physical Segmentation
◦ Integrated (VMsafe) Security

• Cloud Burst Security

– Security Policies
– Baseline information

• Compliance Concerns
– Auditing events
– VM Mobility

• Defense in Depth
– Continue to leverage proven security strategies

Savvis Proprietary & Confidential – 26

 Reference Architecture

Savvis Proprietary & Confidential – 27

 How to Define SLA for Security?

• Security Policy SLAs

– Firewall Rule Auditing
– Firewall Change Request implementation SLA
– Firewall log availability SLA

• Patch Level SLAs

– Time to patch SLAs
– Remediation SLAs

• Threat Management SLAs

– Vulnerabilities against VM Asset Auditing
– Threats detected and prevented SLAs

• Availability SLAs

Savvis Proprietary & Confidential – 28

 Savvis Security Services Portfolio

Perimeter Security
• Managed Firewall
Cloud & Virtual Intrusion Detection
• Multi-Tiered Firewall Environments • Network IDS
• Host IDS
• Mitigation
• Worm Detection / Prevention • Integrity Monitoring

Dedicated
Security

DDoS Detection/
Perimeter Security
• Managed Firewall
Threat & Log • Firewall Care Email Protection
• Multi-Tiered Firewall • Anti-Virus
Management Security Mgmt. • Anti-Spam
• Log Management Service
Intrusion Detection • Patch Management • Content Filtering
• Threat Management Service • Reporting/Logging
• Network IDS Customer • Image Filtering
• Vulnerability Scanning • Vulnerability Scanning
• NIDS Care • URL Filtering
• Host IDS
Data
• Integrity Monitoring

Secure Access
• IP VPN
• Strong Authentication

Secure Access
• IP VPN
• Strong Authentication
Incident Management
• Incident Response

Savvis Proprietary & Confidential 29

Savvis Cloud Capabilities
& Early Use Cases

Savvis Cloud Compute & Project Spirit

30
 Savvis Cloud Services Portfolio
Dedicated Cloud Open Cloud
Project Spirit
Compute Compute

Summary Cloud Computing Cloud Computing Cloud Data Center

Fully Managed Fully Managed Enterprise, Balanced

Management Service Tiers
& Pre-Production* & Essential
Compute Compute Compute
Applications Applications Applications
Virtual Services
Storage Storage Storage
Available
(Security & Network addressed on (Security & Network addressed on
Network
separate Savvis platforms) separate Savvis platforms) Security

Billing Terms Monthly + 1/2/3yr Terms Monthly+ 1/2/3yr Terms Hourly & Monthly

Hosting Area Network Hosting Area Network Application Transport

Connectivity
(HAN) (HAN) Network (ATN)
Select Savvis Internet
Geography Any Managed HAN IDC Regional Virtual IDCs
Data Centers (IDCs)

Service Architecture Dedicated Multi-tenant Multi-tenant

Capacity Management Customer Savvis Savvis

Secure Portal Secure Portal Secure Portal

Interface
XML API*
Savvis Proprietary & Confidential * Future
 Savvis Project Spirit

Industry’s first enterprise-class VPDC

with multi-tiered QoS capabilities
 Multiple Service Grades with Scalable Capacity,
Cost, Security, Support

 Simple Drag-and-Drop Data Center Configuration

 Enterprise-Grade Platform Technologies

 Enhanced Cloud Security

 Suitable for Development, Production and

Mission-Critical Applications

Savvis Proprietary & Confidential 32

 Project Spirit User Experience

 4-step VPDC creation process

 Drag-and-drop designer

 Set network effects and

security policies using GUI

 Price review before deployment

 Account spending limits

 XML API coming soon

 Seamless integration with

SavvisStation Portal for
existing customers

 Demo at www.savvis.com

Savvis Proprietary & Confidential 33

 The Savvis Offering
What Makes Us Different
 Current popular cloud
offerings
– Of limited use due to
performance, security and
SLA deficiencies
– Service deficiencies lead
to limited usage
opportunities
– Use of multiple providers
leads to design and
operational complexity
Savvis enables single-source simplicity with all service types
Savvis Proprietary & Confidential
 Savvis offers
– Lower cost infrastructure for
applications with burstable
utilization
– Faster development cycles for
new applications
– Best-in-class next-generation
platform
– Integration with Savvis ATN
– Aligned with Savvis’ overall IT
outsourcing solution strategy
34
 Savvis Cloud Offerings
Early Use Cases

Data Analysis
1. Analytics Company (Data Analysis Workload)

Runtime (000)
• Burst compute to run large projects fast

2. Software Company (Web Serving Workload)

• Capacity to flex Web site
Burst
3. Banking SaaS Company

Compute Instances
(Web Serving Workload)
• Selected Savvis for security and enterprise
attributes 4

Runtime in minutes (000)

20
• Granular growth with increased users 3

2
Time
4. Unified Comm’s Company (Workgroup Workload)

50
Granular growth
1

100

1000
250

2000
• Evaluating for conversion to a SaaS model

1500
500
Compute Instances
0

Cloud Instances

5. Financial Organization (App Dev Workload)

Time
Savvis Proprietary & Confidential 35
Q&A

36
For more information …
www.savvis.net

Thank You.

© 2009 Savvis, Inc. All rights reserved. Savvis® is the registered trademark of Savvis Communications Corporation. 37