|
Integrated Cloud Service Management
|
ICSM Summary In order to take advantage of cloud computing benefits enterprise and government organizations must deploy Integrated Cloud Service Management solutions. ICSM is primarily concerned with reducing costs associated with switching to a new cloud-based infrastructure. ICSM reduces cost of operations in the cloud and enables smoother migration into the cloud by: *Extending asset management systems to track and provision cloud resources *Providing tools that set, enforce new and existing IT governance policies in the cloud *Establishing project and role based access control to cloud-based resources *Facilitating secure application deployments through enhanced data and network security *Addressing new and cloud specific security risks *Automating infrastructure and application management tasks *Enabling transparency in cloud infrastructure and applications lifecycle *Providing tools to enforce and track compliance with standards such as PCI and HIPAA *Integrating cloud specific monitoring instrumentation with existing ESM infrastructure *Enabling secure, transparent and governed self-service for infrastructure consumers *Integrating existing billing codes and other financial metadata with cloud-based assets *Reducing instances of abandoned and mis-used computing infrastructure ICSM Roles In order to accomplish its objectives, ICSM recognizes various organizational roles that are involved in the process of managing and consuming infrastructure. Infrastructure Managers In a traditional non-cloud environment IMs are responsible for managing: *Servers, storage and networking gear *Datacenter floorspace, power and cooling *External and internal network connectivity *Physical and network security *Datacenter capacity *Contracts with hardware and network providers In a cloud based environment IMs are responsible for: Setting and enforcing standards that apply to individual cloud providers Negotiating contracts and service level agreements with cloud providers Deploying asset management solutions to track cloud based resources Deploying reporting tools that allow infrastructure consumers receive cloud usage statements Deploying infrastructure and application portals that enable self-service wherever possible Implementing strategy for cloud independence Implementing auditing mechanisms to track and control infrastructure management activities Evaluating and selecting cloud providers Ensuring infrastructure consumers and staff use provider neutral management tools Maintaining network connectivity and data replication between corporate and cloud data centers ICSM recognizes this set of activities under term Cloud Provider Management and Cloud Governance. System Administrators System Administrators are responsible for administration of: Operating Systems Firewalls and VPN Backup Systems Middleware and Databases ERP Software Collaboration Monitoring Under ICSM, in addition to existing responsibilities, System Administrators are responsible for maintaining their software specific virtual images and templates. The ensures that infrastructure consumers can quickly provision standardized images containing specific software such as Application Server or Sharepoint environment. System Administrators must deploy tools that help them to manage both images as well as templates where service consumers can specify application specific configuration parameters. In a cloud based environment, System Administrators need to learn how to manage environments using images and templates rather than by performing administrating on specific server instances. ICSM generally refers to these set of activities as Configuration Management. Network and Firewall administrators must participate in cloud management solution selection process to ensure that the chosen solution can implement organizational network security policy. For example, corporate network security policy may state that by default there should be no connectivity from development to production environments. Network and Firewall administrators must then ensure that the cloud management solution implements this policy by default when virtual infrastructure is provisioned into cloud network perimeters. ICSM recognizes these activities under a term Cloud Network Policy Enforcement and Cloud Governance. Backup Administrators must also participate in cloud provider and cloud management selection process to ensure that providers and management solutions provide adequate facilities to perform data backup that is in line with corporate standards. Backup Administrators must find ways to extend existing backup management solutions into the cloud or deploy similar cloud-specific implementations. ICSM recognizes these activities under a term Cloud Backup. Enterprise Monitoring group is responsible for blending cloud provider instrumentation data with existing monitoring infrastructure. ESM should select could management tools that facilitate rollup of instrumentation data from multiple cloud providers. ESM must ensure consistent deployment of application and OS specific monitoring packages to images deployed across all cloud providers. ICSM recognizes these activities under a term Cloud Monitoring. Architecture and Information Security Architecture and Information Security group is responsible for setting cloud provider specific default settings and security policies. Under principles of ICSM, Information Security group is responsible for setting default data and network security settings. For example, Information Security group must be able to enforce disk or network encryption for certain types of applications. IS group must also select cloud management platform where chosen security policies can be enforced. Architecture group is responsible for setting policies and usage of cloud SaaS offerings (This will be discussed in a separate white paper). ICSM recognizes these activities under a term Cloud Security and Cloud Governance. Infrastructure Consumers Infrastructure Consumers and consume and leverage computing infrastructure. ICSM assumes infrastructure consumers perform following key activities. Request and decommission computing, storage and network infrastructure Coordinate application new releases and QA efforts Promote application releases to new environments Restart and troubleshoot applications Modify computing, storage and network allocated to application Request access control changes to application resources Viewing cloud resource usage reports Responding to instrumentation events Request that data and network security controls enabled or disabled ICSM organizes theses activities into an overall set of activities called Cloud Application Management.
|
|
|