DATA CENTER OPERATIONS
In order for Cloud Computing to evolve, the provider must advance the enterprise data center beyond simply using virtualization to manage server assets.
In order to enable business agility, green technology, provider openness, increasingly unique ideas in power generation and data center construction and management, the data center has to morph for long-term cloud success.
The “Next Generation Data Center”, a term that has been around for several years, has grown into data center operations that includes business intelligence adaptation within the data center, understanding the applications running in the data center, and the requirement of hosting large scale analytical clusters are evolving as well.
The data center is not a standalone entity but an entity that needs to be as agile as the application and also be connected to other data centers so that latency is managed as well as security.
This domain will address the following topics:
(A) Physical security considerations as related in the CCM
(B) Automated data center use case mapping
(C) The new data center? Cloud computing at home
(D) Cloud infrastructure dissemination and the data center
8.1 Data Center Operations
New concepts in this section:
(I) Cloud Application Mission : The industry or application mission housed within the data center. For example, a health care or e-commerce application mission.
(II) Data Center Dissemination : Cloud infrastructures that operate together but are in physically separate physical locations.
Service based automation and predictive analytics to enable service-based automation have been long represented by Information Technology Service Management (ITSM) using Information Technology Infrastructure Library (ITIL) standards for data center evolution.
Different types of applications housed by data centers require automation. Those who operate the data center benefit greatly by understanding what is running inside it and how the data center as a whole needs to respond to varying use.
The Cloud Security Alliance’s Cloud Controls Matrix has a number of physical requirements based upon different standards and regulatory requirements.
The physical security domain in this version of guidance and the Cloud Controls Matrix should be read by the data center professional to get an understanding of requirements inside and outside the data center.
For reference, the following table illustrates data center controls needed based upon the mission of the applications housed within the data center. The table is not all-inclusive but provides some examples cross-referencing a Cloud Control Matrix control and specification to an application type or mission.
HIPAA - Healthcare Information Portability and Protection Act
PCI - Payment Card Industry. Specifically PCI DSS, which is Data Security Standard
NERC CIP - North American Electric Reliability Corporation Critical Infrastructure Protection
An application running in the data center that contains regulated information (governed under an information security or application security standard) will be audited.
The result of the physical audit findings undertaken by the data center operator can then be published to the customers of the data center operator or included in an application query infrastructure such as that provided by Cloud Audit.
In past versions of the Guidance, the reader was instructed to conduct their own audits. For many data center operators or cloud providers this might not be physically possible.
In multi-tenant environments the operator or provider cannot normally accommodate visits by every customer to conduct an audit. The customer should require the operator or provider to provide independent audit results.
This idea brings in service automation. By automating reporting, logging, and the publication of audit results the data center operator can provide their customer with evidence that, based upon the application mission, the data center specific controls are in place and satisfactory.
Cloud Audit, Cloud Trust Protocol, and CYBEX (X.1500) can automate the publication of audit findings through a common accessible interface.
Further automation in the data center relies on the library that contains the assets being housed with the data center. By understanding how the assets in the library use resources in the data center, the operations management can predict which tenants are using resources.
If the data center uses concepts such as PoD’s and virtual data center VMDC then the data center is as agile as it can be promoting the cloud or virtualized business quickly.
PoD - Point of Delivery. A rack-able aggregated set of power, compute, storage access, and network components contained in a single unit
VMDC - Virtual Multi-tenant Data Center. A concept using modular, easily rack-able components to quickly expand a data center such as PoD’s
8.1.1 New and Emerging Models
Recently (Summer 2011) there was more news about home-based cloud platforms. In these types of infrastructures modeled after SETI@home, a cloud is based on the compute assets of volunteers exposing their home/office computers to support other applications.
The data centers in these cases are the homes of each of the volunteers. These types of clouds would work well as community-based application hosting environments, but not regulated environments where standards are audited.
For example, if a cloud is hosted on 100,000 home computers there would be no way to audit a data center that is effectively cut up into 100,000 pieces and scattered across a large geographical area.
This type of infrastructure would host a community based set of applications based upon interest (book club for example) or a residential web site.
The cloud is increasingly being viewed as a commodity or as a utility. There are efforts in the industry to create Security as a Service or create broker infrastructures for identity, interoperability, and business continuity amongst other reasons.
The application then is being pulled apart and placed into specialized physical environments that focus on specific needs of an organization or the applications they run.
Data center dissemination takes the application and places it across many other specialized data centers that house and manage specific needs. By disseminating the application across physical boundaries the application is less burdened in the cloud but harder to control and manage.
8.2 Permissions
(A) Dissemination of data center collaboration. Data center automation having to span multiple physical unrelated data centers will need software to orchestrate what the data center needs for logging and report generation during audits.
(B) Home based clouds where the data center is personal. Auditing for standards and compliance are near impossible in home based clouds. Regulated environments and standards based environments will have difficulty with home-based clouds based on the controls needed.
There may be aspects to an application where some part of the application can be disseminated to home-based infrastructure.
8.3 Recommendations
(A) Organizations building cloud data centers should incorporate management processes, practices, and software to understand and react to technology running inside the data center.
(B) Organizations buying cloud services should ensure that the provider has adopted service management processes and practices to run their data centers and have adopted racking techniques that ensure agile and highly available resources inside the data center.
(C) Understand the mission of what is running in the data center. Given the controls in the Cloud Control Matrix the data center being built or purchased must conform to physical and asset security requirements.
(D) Data center locations are important. If technology and application components are spread across data centers, then there will be latency between the data centers.
(E) Organizations buying cloud services must clearly understand and document which parties are responsible for meeting compliance requirements, and the roles they and their cloud provider when assessing compliance.
8.4 Requirements
The Cloud Security Alliance has many sources of information to help with the construction or remodeling of data centers for the cloud.
The controls matrix highlights requirements across a very broad set of security standards and regulations. Cloud Audit and other projects within the CSA also can help with construction and management of data centers and the technology running within them.
(A) Fully understand Control Matrix requirements based upon what is going to run in the data center. Use a common denominator that satisfies most application missions.
(B) Use IT service management techniques to ensure availability, security, and asset delivery and management.
(C) If the data center is owned by a provider, audit against a regulatory and security standard template and publish results to the customer.
--== || END || ==--
No comments:
Post a Comment