1 / 11

Future Architectures and Technologies John McLaughlin, IBM Corporation

Future Architectures and Technologies John McLaughlin, IBM Corporation. 22 September 2010. Approved for Public Release Distribution Unlimited NCOIC-DefDaily-JFM20100917. Cloud and the Military. .… Customization, efficiency, availability, resiliency, security and privacy___ .

quanda
Download Presentation

Future Architectures and Technologies John McLaughlin, IBM Corporation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Future Architectures and TechnologiesJohn McLaughlin, IBM Corporation 22 September 2010 Approved for Public Release Distribution Unlimited NCOIC-DefDaily-JFM20100917

  2. Cloud and the Military .… Customization, efficiency, availability, resiliency, security and privacy___ .…Standardization, capital preservation, flexibility and time to deploy Flexible Delivery Models • Cloud Computing shows promise in the commercial world • Cost, Schedule, and Performance parameters are encouraging • Private cloud architectures in military context are another thing • Public … • Service provider owned and managed • Access by subscription • Delivers select set of standardized business process, application and/or infrastructure services on a flexible price per use basis. • Private … • Privately managed. • Access limited to command and its partner network. • Drives efficiency, standardization and best practices while retaining greater customization and control Cloud Services Cloud Computing Model • Hybrid … • Access to client, partner network, and third party resources ORGANIZATION CULTURE GOVERNANCE

  3. Cloud and NAVAIR(What’s really needed…..) Despite the IT cost savings, speed to deployment, and performance, cloud computing is not a viable military capability until the following are solved: • Foundational Cloud Computing • Resilience • Compliance • Analytics • Deep Packet Inspection • Multi-tenancy

  4. Foundational Work • NCOIC, among others, is working this problem • Cloud Computing WG is developing a Hybrid Cloud Computing pattern • Potential for an NGA pilot • The NCOIC Cyber Security IPT is working on the global authentication problem • Solutions, technology independent • IBM Mission Oriented Cloud Computing • 10 month project to work the hard engineering problems for AF Cloud Computing • Completion next month

  5. FoundationalCloud Computing • Federated Identity Management Capability • Provide ability for external authentication (think coalition forces…..) • Process governance for approval purposes • Automated and Request Driven Provisioning • Foundational Service Discovery • Operational Service Deployment • Service Delivery Monitoring • Operational Monitoring

  6. Cloud Computing and Compliance • Compliance provides distribution, revocation, and integrity services for security policies • Prove identification and authentication • Prove role provisioning capability • Prove role based permissions authentication to identified entities • Prove auditing of privileged user • Prove patch management of end points

  7. Cloud and Resilience • Can we protect? • Protection for the cloud infrastructure achieved through: • Network attack protection at the perimeter • Virtual firewalls protecting servers • Specialized database protection capabilities • Can we rebuild? • Reconstruction of damaged cloud resources • Rapid restoration from gold copies • Can we relocate? • Relocation of virtualized resources • Rapid relocation to a new VLAN

  8. Analytics – Know It NowDefend at Machine Speed • Step One : Collection • Security and configuration logs • Internal network sensors and network protection devices • Servers • Step Two: Correlation and Reduction • Ingest engine provides filtered sensor data to the analytics engine for classification and correlation • Step Three: Response • The response engine initiates autonomic security policy changes

  9. Deep Packet Inspection Is It Safe? Provide behavior-based, near real time detection and response to network level threats • All network traffic is inspected for behavior based attacks • TCP/IP level network traffic inspection detects out of spec protocols • Behavior based allows zero day protection • Detected threats cause autonomic security policy changes to be implemented

  10. Multi-TenancyPeaceful, Secure Co-existence • Validate VM Isolation Management • Prove that data confidentiality exists between images • Prove ability to detect and correct image provisioning anomalies • Test that deployed VM images are correctly configured • Show that corrective actions for mis-configured VM images can be applied • Prove rapid provisioning capabilities • Rapid deployment of new VM images • Rapid provisioning of new images • Rapid access by new users

  11. The End • Questions? • Contact Information John McLaughlin, IBM Corporation 571.229.0453 johnmcl@us.ibm.com • Thank you

More Related