Becomming a cloud governance ninja linthicum interop fall 2013

Editor's Notes

• #23: Cloud Management Platform is a product or integration of products used to manage the use of private, public, and multi-cloud (combination of private and public cloud consumption). The cloud management platform simplifies the use of the cloud(s) by allowing self-service provisioning of resources, capturing billing and metering data, managing resource quotas, image lifecycle management, and providing resource optimization. There is typically many dynamics that are factored into determining which cloud environments an application will reside. Examples of these factors include workload type (DEV, TEST, QA, Pre-Prod, Prod), sensitivity of the data in the application, and the need for elasticity of the application resources. Based on the defined factors, the cloud management platform provides automated management of the underlying compute environment of the applications to the appropriate cloud end-points and simplifies overall operability. Without a cloud management platform, the operability of the cloud will be cumbersome, labor intensive, and prone to errors.
• #26: NOTES: As mentioned earlier, we use the Gartner category description of “Cloud Management Platform” for convenience… We actually think there’s room for Gartner to improve this…but it’s a good way to look at it from a high level.  Generally speaking, you can divide the capabilities defined by Gartner into two categories – those oriented toward implementing clouds and those oriented toward providing functionality across numerous clouds. Gartner basically describes four different levels. Starting from the bottom.. up…Resource level is at the bottom. Which includes your cloud infrastructure. Your servers, disks, hypervisors, storage area networks, etc. Next you’ve got Resource Mgmt. This where you start to introduce basic management capabilities to do things like resource assignments, and basic infrastructure monitoring.An example of resource mgmt could be vCenterNext you’ve got a Service Optimization layer that performs the orchestration of various workloads and topologies that you deploy, and enforces governance on those deployments using various policies. On top of that you’ve go the Service Management layer. Here you start abstracting underlying capabilities… and rolling them up and exposing them in different tools…like:A service catalog, to publish and consume different offeringsA designer tool, to assemble workloads and topologies and configure them for deploymentThe highest layer, Access Management, includes identity management… to determine if someone should have access and subscriber management, to determine what actions they’re permitted to do
• #27: This problem has not gone unnoticed. All of the major software companies have offered solutions, most of them with a traditional service management foundation. New vendors have entered the market, most of them from the pure cloud perspective. They have either an application or Infrastructure focus. Many started with a specific (usually public) platform or from a specific set of use cases, e.g. monitoring, deployment.
• #28: NOTES: The focus on applications and platforms is important… but those apps and platforms don’t do you much good unless you’ve also got effective governance in place…. otherwise you can’t deliver them with any meaningful self-service automation. So the way you do Could Governance and policy matters… Whatyou need is to take an application-centric approach with an extensible policy engine on the back end… When we’re talking about cloud governance in the Cloud Management Platform, we’re talking about much more than just Role-based Access Control. Or simple provisioning constraints.  Out of the box with the Cloud Management Platform, we provide over a dozen different types of application-centric policy controls. Everything from…Regulatory compliance policiesSLA policies including compound auto-scaling rules.Configuration management policies for continuous compliance of workloads after they’ve been deployed. Detailed Security zone policies including configuring firewall rules and embedding security agents and utilities. Lifecycle event policies to customize environments based on SDLC stage.Orchestration policies. Entitlement policies.Workload placement policies to limit workloads to authorized environments.Quotas, scheduling, leasing, chargeback, backup, failover, resource capacity policies.Storage tier policiesAnd much more….. And these policies apply up and down the application topology shown in the middle. So they absolutely apply to the infrastructure layer… for configuring network, for storage tiering… including storage provisioningBut also all the way up through configuration the application components, and the actually application itself The CMP insulates the cloud services consumers from needing to understand what needs to fit where and why? So the CMP represents this “control plane”…And the idea is to fully automate and govern IT resource consumption ….. and simplify the complexity of doing that across different types of clouds.
• #29: NOTES:I mentioned the policy controls available in the Cloud Management Platform. Well, there is a lot of power and flexibility when you apply these to each stage of the SDLC.  For example:For the Dev team, You can have policies to allow EC2 usage for some projectsOr provide chargeback reports to managersFor QA, You can require that deployments only go to the internal private cloud (based on the live customer test data that’s used). You can enable autoscaling for performance testing purposes. For production, you can embed a completely different set of monitoring and security agents, and enforce different security zones, to give you a different security postureAnd yet… there are some things you may want to keep totally consistentLike the SOE… which enables certain services to be installed on all instances within a project.Or adhering to regulatory constraints … like geographic location or some other industry compliance mandate.  These policy controls provide you with a lot of flexibility and control, and allow you to set the right balance between customization and consistency for your environments.