August 2019 - Seite 25 von 89 - Cloud Computing Köln

Australian government organizations are looking for cloud managed services providers capable of providing deployment of a platform as a service (PaaS) environment suitable for the processing, storage, and transmission of AU-PROTECTED government data that is compliant with the objectives of the Australian Government Information Security Manual (ISM) produced by the Australian Signals Directorate (ASD).

One of Australia’s largest federal agencies that is responsible for improving and maintaining finances of the state was looking to implement the Information Security Registered Assessors Program (IRAP) which is critical to safeguard sensitive information and ensure security controls around transmission, storage, and retrieval.

The Information Security Registered Assessors Program is an Australian Signals Directorate initiative to provide high-quality information and communications technology (ICT) security assessment services to the government.

The Australian Signals Directorate endorses suitably-qualified information and communications technology professionals to provide relevant security services that aim to secure broader industry and Australian government information and associated systems.

Cloud4C took up this challenge to enable this federal client on the cloud delivery platforms. Cloud4C analyzed and assessed the stringent compliance requirements within the Information Security Registered Assessors Program guidelines.

Following internal baselining, Cloud4C divided the whole assessment into three distinct categories – physical, infrastructure, and managed services. The Information Security Registered Assessors Program has stringent security controls around these three specific areas.

Cloud4C realized that the best way to successfully meet this challenge was to partner and share responsibilities to achieve an improbable but successful and worthy assessment together. In April 2018, the Australian Cyber Security Center (ACSC) announced the certification of Azure and Office 365 at the PROTECTED classification. Microsoft became the first and only public cloud provider to achieve this level of certification. Cloud4C partnered with Microsoft to deploy the SAP applications and SAP HANA database on Azure and utilized all the Information Security Registered Assessors Program compliant infrastructure benefits to enable seamless integration of native and marketplace tools and technologies on Azure.

Cloud4C identified the right Azure data center in Australia, Australia Central and Australia Central 2, which had undergone a very stringent Information Security Registered Assessors Program assessment for physical security and information and communications equipment placements.

This compliance by Azure for infrastructure and disaster recovery gave Cloud4C a tremendous head-start as a managed service provider in focusing energies to address the majority of remaining controls that were focused solely for the cloud service provider.

The Information Security Registered Assessors Program assessment for Cloud4C involved meeting 412 high risks and 19 of the most critical security aspects distributed across 22 major categories, after taking out the controls that were addressed by Azure disaster recovery.

Solution overview

The scope of the engagement was to configure and manage the SAP landscape onto Azure with managed services up to the SAP basis layer while maintaining the Information Security Registered Assessors Program protected classification standards for the processing, storage, and retrieval of classified information. As the engagement model is PaaS, the responsibility matrix was up to the SAP basis layer and application managed services were outside the purview of this engagement.

Platform as a service with single service level agreement and Information Security Registered Assessors Program protected classification

The proposed solution included various SAP solutions including SAP ERP, SAP BW, SAP CRM, SAP GRC, SAP IDM, SAP Portal, SAP Solution Manager, Web Dispatcher, and Cloud Connector with a mix of databases including SAP HANA, SAP MaxDB, and former Sybase databases. Azure Australia Central, the primary disaster recovery, and Australia Central 2, the secondary disaster recovery region, were identified as the physical disaster recovery locations for building the Information Security Registered Assessors Program protected compliant environment. The proposed architecture encompassed certified virtual machine stock keeping units (SKUs) for SAP workloads, optimized storage and disks configuration, right network SKUs with adequate protection, a mechanism to achieve high availability, disaster recovery, backup, and monitoring, an adequate mix of native and external security tools, and most importantly, processes and guidelines around service delivery.

The following Azure services were considered as part of the proposed architecture:

Azure Availability Sets
Azure Active Directory
Azure Privileged Identity Management
Azure Multi-Factor Authentication
Azure ExpressRoute gateway
Azure application gateway with web application firewall
Azure Load Balancer
Azure Monitor
Azure Resource Manager
Azure Security Center
Azure storage and disk encryption
Azure DDoS Protection
Azure Virtual Machines (Certified virtual machines for SAP applications and SAP HANA database)
Azure Virtual Network
Azure Network Watcher
Network security groups

Information Security Registered Assessors Program compliance and assessment process

Cloud4C navigated through the accreditation framework with the help of the Information Security Registered Assessors Program assessor, who helped to understand and implement the Australian government security and build the technical feasibility of porting SAP applications and the SAP HANA database to the Information Security Registered Assessors Program protected setup on the Azure protected cloud.

The Information Security Registered Assessors Program assessor assessed the implementation, appropriateness, and effectiveness of the system's security controls. This was achieved through two security assessment stages, as dictated in the Australian Government Information Security Manual (ISM):

Stage 1: Security assessment identifies security deficiencies that the system owner rectifies or mitigates
Stage 2: Security assessment assesses residual compliance

Cloud4C has achieved successful assessment under all applicable information security manual controls, ensuring the zero risk environment and protection of the critical information systems with support from Microsoft.

The Microsoft team provided guidance around best practices on how to leverage Azure native tools to achieve compliance. The Microsoft solution architect and engineering team participated in the design discussions and brought an existing knowledge base around Azure native security tools, integration scenarios for third party security tools, and possible optimizations in the architecture.

During the assessment, Cloud4C and the Information Security Registered Assessors Program assessor performed the following activities:

Designed the system architecture incorporating all components and stakeholders involved in the overall communication
Mapped security compliance against the Australian government security policy
Identified physical facilities, the Azure Data centers Australia Central and Australia Central 2, that are certified by the Information Security Registered Assessors Program
Implemented Information Security Manual security controls
Defined mitigation strategies for any non-compliance
Identified risks to the system and defined the mitigation strategy

Steps to ensure automation and process improvement

Quick deployment using Azure Resource Manager (ARM) templates combined with tools. This helped in the deployment of large landscapes comprising of more than 100 virtual machines and 10 SAP solutions in less than a month.
Process automation using Robotic Process Automation (RPA) tools. This helped to identify the business as usual stage within the SAP eco-system deployed for the Information Security Registered Assessors Program environment and enhanced the process to ensure minimum disruption to actual business processes on top of automation that takes care of the infrastructure level ensuring the application availability.

Learnings and respective solutions that were implemented during the process

The Azure Central and Azure Central 2 regions were connected to each other over fibre links offering less than sub-ms latency, with the SAP application and SAP HANA database replication in synchronous mode and zero recovery point objective (RPO) was achieved.
Azure Active Directory Domain Services were not available in the Australia Central region, so the Azure South-East region was leveraged to ensure seamless delivery.
Azure Site Recovery was successfully used for replication of an SAP Max DB database.
Traffic flowing over Azure ExpressRoute was not encrypted by default, it was encrypted using a network virtual appliance from a Microsoft security partner.

Complying with the Information Security Registered Assessors Program requires Australian Signals Directorate defined qualifications to be fulfilled and to pass through assessment phases. Cloud4C offered the following benefits:

Reduced time to market – Cloud4C completed the assessment process in 9 months as compared to the industry achievement of nearly 1-2 years.
Cloud4C’s experience and knowledge of delivering multiple regions and industry specific compliances for customers on Azure helped in mapping the right controls with Azure native and external security tools.

The partnership with Microsoft helped Cloud4C reach another milestone and take advantage of all the security features that Azure Hyperscaler has to offer to meet stringent regulatory and geographic compliances.

Cloud4C has matured in the use of many of the security solutions that are readily available from Azure Native, as well as Azure Marketplace to reduce time-to-market. Cloud4C utilized the Azure portfolio to its fullest in terms of securing the customer's infrastructure as well as encourage a secure culture in supporting their clients as an Azure Expert Managed Service Provider (MSP). The Azure security portfolio has been growing and so has Cloud4C's use of its solution offerings.

Cloud4C and Microsoft plan to take this partnership to even greater heights in terms of providing an unmatched cloud experience to customers in the marketplace across various geographies and industry verticals.

Learn more

Azure Security Solutions from Microsoft
Azure Native Products
Workloads Migration to Azure
Cloud4C Azure Managed Services
Cloud4C solutions for SAP on Azure

Quelle: Azure

22. August 2019

da Agency

Simplify the digital enterprise journey with hybrid multicloud

Organizations are adopting a hybrid multicloud environment to accelerate their journey to becoming digital enterprises. IT leaders are faced with a challenge of demystifying the hybrid multicloud environment to unlock the true value of digital transformation.
According to IBM Institute for Business Value, by 2021, 90 percent of the organizations that are already on cloud plan to adopt multiple hybrid clouds. However, only 30 percent have the required procedures and tools in place and just 30 percent have a multicloud orchestrator or other multicloud management platforms.
Build for variety, velocity and volume
Moving IT functions to the cloud can give organizations many benefits, but orchestration and automation across multiple technologies, cloud environments and service providers can be complex and expensive. To ensure success, enterprises must seek answers to the following:

How to build cloud native and DevOps capabilities in a safe, secure and cost-effective manner
How to avoid vendor lock-in and leverage the benefits of open architectures
How to orchestrate across multiple technologies and clouds
How to quickly build a virtualized or containerized platform for faster application development and deployment
How to enable development team to provision or deprovision environments efficiently
How to build infrastructure services for a multicloud environment

To ride on the success of cloud initiatives in the digital era, businesses today must build their cloud for variety, velocity and volume.

Variety – Build cloud to manage the variety of heterogeneous technology complexities of both container and virtual workloads and topologies of cloud deployment models.
Velocity – Build cloud to manage the speed of change and reduce the timelines to incorporate changes across multiple cloud end points.
Volume – Build cloud design to manage the scalability of capacity as required without disruption in efficiencies.

Address hybrid multicloud orchestration challenges
Businesses are grappling with cloud orchestration challenges owing to complexities of multiple technologies, cloud platforms and service provider environments. IBM Cloud Deployment Services (ICDS) offers a multicloud orchestration and automation platform for both virtualization and container workloads powered by enterprise-ready standard blueprints.
IBM Cloud Deployment Servicesis technology agnostic, supports open architecture and can help businesses

Automate delivery of infrastructure, applications, and custom IT services
Deploy application workloads across on-premises and off-premises environments (for example, public and private clouds)
Offer integration with all leading public cloud providers, such as Amazon Web Services (AWS) and Microsoft Azure
Offer integration for ServiceNow, resiliency offerings, managed security services, and so on
Available in both single-tenant and multitenant architectures
Available with Red Hat OpenShift Container Platform in addition to IBM and VMware orchestration capabilities
Enables design and build of solution blueprints
Includes build and deployment services (with required hardware and software licenses and delivery services of the platform)

IBM Cloud Deployment Services simplifies the journey to cloud by building cloud for variety, velocity and volume. To know more, visit us at https://ibm.co/2He4rDJ.
The post Simplify the digital enterprise journey with hybrid multicloud appeared first on Cloud computing news.
Quelle: Thoughts on Cloud

22. August 2019

da Agency

Going to VMWorld? Learn to help data scientists and application developers accelerate AI/ML initiatives

IT experts from around the world are headed to VMworld 2019 in San Francisco to learn how they can leverage emerging technologies from VMware and ecosystem partners (e.g. Red Hat, NVIDIA, etc.) to help achieve the digital transformation for their organizations. Artificial Intelligence (AI)/Machine Learning (ML) is a very popular technology trend, with Red Hat OpenShift customers like HCA Healthcare, BMW, Emirates NBD, and several more are offering differentiated value to their customers. Investments are ramping up across many industries to develop intelligent digital services that help improve customer satisfaction, and gain competitive business advantages. Early deployment trends indicate AI/ML solution architectures are spanning across edge, data center, and public clouds.
If you are part of the IT group, you may have already been asked to support the data scientists and software developers in your organization that are driving the development of machine learning models and the associated intelligent applications.
Data scientists play a vital role in the success of AI/ML projects. They are primarily responsible for ML model selection, training, and testing. They also need to collaborate with data engineers and software developers to make sure the source data is credible, and the machine learning models are successful deployed in application development processes.
Here are some of the key challenges faced by data scientists as they strive to efficiently build the ML models:

Selecting & deploying the right ML tooling or framework
Complexities and time required to train, test, and select the ML model providing the highest prediction accuracy
Slow execution of ML modeling computational tasks because of lack of powerful IT infrastructure
Dependency on IT to provision and manage infrastructure
Collaboration with other key contributors e.g. data engineers, application developers, etc.

If I were a data scientist, I would want a “self-service cloud like” experience for my ML projects. This experience should allow me to access a rich set of ML modelling frameworks, data, and computational resources across edge, data center, and public clouds. I should be able to share work and collaborate with my colleagues, and deliver my work into production with agility and repeatability to achieve business value.
This is where containers and Kubernetes-based hybrid cloud solutions like Red Hat OpenShift Container Platform and NVIDIA GPUs, on VMware vSphere, come into play. It can help extend the value of your vSphere investments, and drive the mainstream adoption of AI/ML powered intelligent apps.
There are several benefits that can be achieved with this solution, including:

Agility across the ML pipeline by automating the install, provisioning, and autoscaling of the containers based ML models/frameworks. NVIDIA GPUs can help speed up the massive computational tasks required to train, test, and fine tune the ML models without having to buy more compute and storage resources, with Red Hat OpenShift serving as the container and Kubernetes based “self service cloud.”
Portability and flexibility for ML powered apps to be developed and delivered across data center, edge, and public clouds. OpenShift also provides flexibility to offer ML-as-a-service to apps without having to embed the ML models directly in the application code for production use.
Efficient operations and lifecycle management for ML powered intelligent applications with automation of the CI/CD process, enabling more efficient collaboration and helping to boost productivity.

While you are at VMworld, don’t miss your chance to learn more on this topic. Come check out the mini-theatre session from Red Hat’s Andrew Sullivan at the NVIDIA booth in the expo center at 12:45pm on Monday, August 26th, 2019.
Please also check out the Red Hat AI/ML blog here to learn more, and also our announcement with NVIDIA to learn more about the strategic partnership between Red Hat and NVIDIA to accelerate and scale AI/ML across Hybrid Cloud.
The post Going to VMWorld? Learn to help data scientists and application developers accelerate AI/ML initiatives appeared first on Red Hat OpenShift Blog.
Quelle: OpenShift