Presentation is loading. Please wait.

Presentation is loading. Please wait.

CalCloud Government End-User Group

Published byGervase Boone Modified over 6 years ago

Similar presentations

Presentation on theme: "CalCloud Government End-User Group"— Presentation transcript:

1 CalCloud Government End-User Group
November 4, 2015

2 Chris Cruz Introducing… Chief Deputy Director, Operations
Department of Technology

3 Agenda Welcome Introduction (Chris or myself)
CDFA migration of 70 apps (Hence) Security (Dave) Technical Architecture (Scott And Kyle) Q/A

4 What is CalCloud? CalCloud is a suite of cloud services offered by the Department of Technology, which includes: IaaS - A private cloud infrastructure service: O/S Licenses with Security updates O/S Licenses (customer managed patching) Customer Provided O/S (customer managed patching) SaaS - Vendor Hosted Subscription Services (VHSS): SalesForce Clarity Remedy on Demand Lines of Business: Disaster Recovery Storage HR

5 CalCloud Strategy

6 CalCloud Architectural Decisions
6 CalCloud Architectural Decisions The CalCloud is engineered for flexible, secure, cost efficient enterprise class workloads The Usability model provides an intuitive, relevant, role-based and customizable user interface Personalization A Flexible Self-service model, which adapts to departmental needs and is able to bring future services on- board Flexible Self-Service Extensibility CalCloud is Extensible with other hypervisors and OS, other storage solutions, and other compute tiers CalCloud supports multiple Security standards and models and is a highly secure multi-tenancy architecture Security & Isolation Control CalCloud supports flexible dashboards, reporting services and service catalogs- state cloud service consumers will feel in Control CalCloud TOM Low-Cost Accommodation Enterprise-Class Scalability The CalCloud provides Enterprise- Class availability and backup/restore and disaster recovery capabilities CalCloud is designed to support the need for Low-cost Accommodation – the ability to combine low cost with the flexibility to accommodate a wide range of diverse government requirements Cloud Service Provider Platform

7 Robert Schmidt Introducing… Office of Technology (OTech) Chief
California Department of Technology

8 Introduction of User Group
User Group was implemented to: Align IT Tactical efforts with IT Strategy; Ensure that the CalCloud achieves its implementation roadmap; Recommend CalCloud requirements; Enhance CalCloud visibility while managing implementation risk; Communicate the organization’s cloud strategy to government business and IT leaders.

9 Introduction of User Group
Members are responsible for: Serve as change champion within their agency; Aligning tactical IT implementation with IT strategy; Assess business impact of moving IT services to the hybrid cloud.

10 New User Group Lead Hence Phillips - CDFA
CDFA has 70 applications running on CalCloud. Time to deploy applications Performance standards of applications Ease of use for customers Security Lessons Learned/Tips

11 User Group Lead Answer as a developer using CalCloud:
How does CalCloud help me do my job? How does CalCloud solve my technical problem? What do developers most appreciate about CalCloud? What technical benefit do I receive from using CalCloud?

12 CDFA CalCloud Architecture
Internet Mercury (Primary Web) Venus (Primary DB) Earth (Utility) Mars (Secondary Web) Jupiter (Sandbox) CDFA Network CDFA Mail Relay

13 California Department of Technology
Introducing… Scott MacDonald CalCloud Chief California Department of Technology Kyle E Pribilski IBM

14 Overview of CalCloud 1414 1414 CalCloud
Flexibility Security and isolation Control Multiple technology platforms Competitive Pay-as-you-go CalCloud CalCloud A B Dedicated virtual private cloud Shared cloud services Dedicated private cloud (IaaS) for State. Service hosted on State data centers and behind State network (LAN/WAN) and security. Provided by a cloud service vendor (IBM). CalCloud Vendor provides hardware, software, portal and OS administration (patching). Usage based with no initial cost to the state. Self-Service business model (via web portal) and Low cost service offering. 14 14 14

15 “Shopping Cart” & Self-Provisioning Model
1515 “Shopping Cart” & Self-Provisioning Model Service Catalog and Shopping Cart Select Base Server Size Small Medium Large Extra Large Select OS Select Extras Disaster Recovery Virtual Appliances Data Encryption RAM Storage Backup 15 15

16 CalCloud “Shopping Cart” and self-provisioning model(2)
1616 CalCloud “Shopping Cart” and self-provisioning model(2) Comprehensive Self-Service Model 1. Shopping and provisioning: Small, Medium, Large, or Extra Large VMs Microsoft Windows Server, Red Hat OS or AIX Add-ons including RAM, Storage and Backup Infrastructure Disaster Recovery services Select IDR tier (0, 1, 2) Select Backup/Restore tier (0, 1, 2) Pick extra memory and storage Put into shopping cart Build application templates and save in shopping cart Press “Submit” 2. Monitoring and reporting: Performance metrics Capacity metrics (total compute, storage, RAM, backup) Billing data broken down by consumer See open trouble tickets All CalCloud Consumer servers along with up/down status Current CPU, RAM, and storage usage for each server Total backup used and available 3. Management and modification: Upgrade or downgrade an existing VM to Small, Medium, Large, or Extra Large VM Increase or decrease add-ons including RAM, Storage, and Backup Stopping existing IDR Services 4. Decommissioning: Decommission a single image or an entire project 16 16

17 CalCloud Flexibility 1717 + + + Department Virtual Private Cloud
CalCloud User Access Layer CalCloud Management & Automation Layer CalCloud Resource Abstraction & Control Layer CalCloud Physical Resource Layer Department Virtual Private Cloud Standard Services My User Roles My Shopping Cart My Templates My Approval Process + My Reports My Dashboards My Trouble Tickets My Billing Status Department Virtual Private Cloud Standard Services My User Roles My Shopping Cart My Templates My Approval Process + My Reports My Dashboards My Trouble Tickets My Billing Status Department Virtual Private Cloud Standard Services My User Roles My Shopping Cart My Templates My Approval Process + My Reports My Dashboards My Trouble Tickets My Billing Status CalCloud/IBM CalCloud Standard Services Two-Factor Authentication LDAP w/ Standard user roles Service Catalog Provisioning Modifications Standard Approval Processes Standard Reports Standard Dashboards Usage & Accounting Backup/Restore Multi-tiered IDR

18 CalCloud Logical Architecture Diagram
1818 CalCloud Logical Architecture Diagram CalCloud Managed Services ** OTech Interfaces Layer 1 <<User Access – CalCloud Portal>> Layer 2 <<Management & Automation >> Layer 3 <<Resource Abstraction & Control>> Layer 4 <<Modular Physical Resources>> Layer 4 <<Physical Resource – Modular Addition>> LDAPs LDAPs 2FA Guides/FAQs/ Videos Compute Nodes (Windows/RHEL x86) zLinux / DS8000 Service Automation Management VMware vSphere Trouble ticketing Trouble ticketing Service Catalog Shopping Cart Compute Nodes (AIX on POWER) Monitoring IBM POWER VM/ PowerVC Tenant Managed AIX Environments Provisioning Image Lifecycle Mgmt Invoicing Invoicing Usage and Accounting Network IBM Storage Virtualization Center Reporting Services Events Dashboard SIEM SIEM Reporting Warehouse *z/VM Common Cloud Storage Backup/ Restore IDR *Solaris Zones Storage and Backup Management STaaS Block Storage *Xen/KVM (open source) Trouble Tickets Billing Status Backup Storage CalCloud Managed Security ** OTech Interfaces

19 CalCloud Logical Architecture Diagram
1919 CalCloud Logical Architecture Diagram ** CDT/ Departmental Interfaces Remedy LDAP Billing LogLogic SIEM CalCloud Managed Security CalCloud Managed Services User Access Layer Management & Automation Layer Physical Resource Layer Resource Abstraction & Control Layer SmartCloud Control Desk SmartCloud Managed Backup Tivoli Common Reporting Jazz/DASH Portal Consumer Dashboard Service Catalog Shopping Cart Provision-ing Lifecycle Mgmt Instant Backup Reporting Scheduled Backup Tivoli Identity Manager Authentication / Authorization Trouble Tickets Tivoli Storage Manager IBM Service Delivery Manager Reporting Warehouse Service Automation Management Usage & Accounting Monitoring Storage Mgmt Device Mgmt Storage Pools Policies IBM Flex System CalCloud Portal and Management VMs CalCloud Tenant VMs (x86 and POWER) NetApp ONTAP Common Cloud Storage IBM Flex Fiber Channel Interconnect TSM for VE Backup Archive Agent VMware vCenter vSRM HA/DRS vSphere VTL Backup Storage Arrays PowerVM PowerHA Live Partition Mobility PowerSC

20 2020 CalCloud R&R 20 20

21 CalCloud Storage Services
2121 CalCloud Storage Services

22 2222 CalCloud Tenant Space A TVN is created via a number of VLANs which implement the isolated network environment. Only the DMZ tier has inbound access from the Internet. Across the four tiers A standard TVN provides a pre-defined number of IP addresses (therefore a pre-defined number of VMs can be supported). For tenants who require additional VMs or environments, the TVN model can be extended. Tier VLANs are all /25 (128 addresses), except the Util VLAN is /24 (256 addresses)

23 CalCloud Backup and Recovery
2323 CalCloud Backup and Recovery Tier 1 storage provides optional services that can be selected for the storage allocated to a VM (all storage for a VM shares the same characteristics). Tier 1 Backup and Recovery (BUR): Tier 1 BUR provides a Recovery Point Objective (RPO) of 1 hour with a retention period of 24 hours. Tier 1 BUR is implemented via a snapshot captured within the storage disks. Tier 2 Backup and Recovery (BUR): Tier 2 BUR provides a Recovery Point Objective (RPO) of 24 hours with a retention period of fourteen days. Tier 2 BUR is implemented via a whole VM backup to the TSM backup subsystem. Restore operations are requested via the portal. For Tier 2 backups, either the entire VM or a selected file can be restored. Encryption: Tier 1 storage can be encrypted on disk. Note that this is purely while the data resides on disk. As data is written to disk it is encrypted, and as it is read from disk it is decrypted.

24 CalCloud Infrastructure Disaster Recovery (IDR)
2424 CalCloud Infrastructure Disaster Recovery (IDR) Tier 1 RTO = 1 hour RPO = 1 hour Tier 2 RTO = 96 hour RPO = 24 hour

25 California Department of Technology
Introducing… David Langston Branch Chief Security Management California Department of Technology

26 CalCloud Security General
Provide services that meet the operational and compliance requirements of the State. SAM/SIMM NIST FedRAMP where applicable Other regulatory if/where applicable Ensure that vendors are conforming to best security practice.

27 CalCloud IaaS Security Goals
Provide a service that is equally or more secure to that which can be provided with a physical, dedicated infrastructure. Support both mission-critical and non-mission-critical systems. Provide an infrastructure that can meet the operational and compliance requirements of the State and supported agencies.

28 CalCloud IaaS Security Stack
CalCloud provides a comprehensive and tiered security model Workload Specific Security (HIPAA) Workload Specific Security (PCI DSS) Workload Specific Security (IRS 1075) Workload Specific Security (SSA) Workload Specific Security (other) The Federal Risk and Authorization Management Program (FEDRAMP V2 – Includes NIST Rev 4) IBM + California Dept of Technology Security Controls (ISeC) (CalCloud Information Security Controls) Base Level Security Profile Hosted inside the California Dept of Technology’s data centers and inside Department of Technology firewall(s)

29 CalCloud IaaS Security Controls
A formal security control program is in place (based on IBM ISeC processes, cloud experience, and FedRAMP V2). ~325 FedRAMP controls assessed against 25+ domains. Compliance support to other authorities available (infrastructure controls only). CalCloud security controls can be shared with customer security personnel under strict controls and agreements.

30 CalCloud IaaS Security Key Elements
Encrypted Two-Factor Authenticated Sessions Cloud Border Security Admin Access Only from Territorial U.S. Log of All Administrative Actions Least Privilege and Separation of Duties Practice Data are Property of the State Infrastructure Hardening Coordinated Security Incident Handling Vendor(s) Background Checked Encryption at Rest (Option) Coordinated Change Control Security Awareness Training Including IRS Disclosure Strong Tenant Isolation Coordinated OS Patching No Shared Credentials Isolated Security Tiers (network) Configuration and Vulnerability Monitoring Controlled Administrative Access

31 CalCloud IaaS - Security Compliance Status
CDT “Authorization to Operate” based on FedRAMP v2 signed in Sept 2015. Major documents and processes in place. System Security Plan Security Assessment Report POAM tracking process Privacy Threshold and Impact Report Annual revue process.

32 CalCloud IaaS Security Then and Now
FedRAMP program contacted to begin formal recognition. Currently, FedRAMP is very Federal Gov’t centric with no State provisions. Formal recognition by FedRAMP generally requires a Federal agency sponsor. FedRAMP “interested” in State/Local participation but specifics not yet determined. Likely months to work with FedRAMP on a State version of FedRAMP and to obtain formal recognition.

33 CalCloud IaaS - Security Dialog - Tenant Space
CalCloud IaaS Infrastructure Tenant Zone #1 Tenant Zone #2 Tenant Zone #n

34 Questions & Answers

35 Thank you for Coming!! For more information, visit
marketing.dts.ca.gov/calcloud and servicecatalog.dts.ca.gov/services/cloud/calcloud/calcloudoverview.html

Download ppt "CalCloud Government End-User Group"

Similar presentations

Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.

Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.

IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
© 2009 IBM Corporation ® IBM Software Group Introduction to Cloud Computing Vivek C Agarwal IBM India Software Labs.

© 2009 IBM Corporation ® IBM Software Group Introduction to Cloud Computing Vivek C Agarwal IBM India Software Labs.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
CTS Private Cloud Status Quarterly Customer Meeting October 22, 2014.

CTS Private Cloud Status Quarterly Customer Meeting October 22, 2014.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Cloud Computing in Large Scale Projects George Bourmas Sales Consulting Manager Database & Options.

Cloud Computing in Large Scale Projects George Bourmas Sales Consulting Manager Database & Options.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.
Cloud as a Service Chetan Shinde Column Software Technologies Pvt. Ltd.

Cloud as a Service Chetan Shinde Column Software Technologies Pvt. Ltd.
608D CloudStack 3.0 Omer Palo Readiness Specialist, WW Tech Support Readiness May 8, 2012.

608D CloudStack 3.0 Omer Palo Readiness Specialist, WW Tech Support Readiness May 8, 2012.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Click to add text May 2012Taking advantage of Virtualisation1 TWA : Taking Advantage of Virtualisation on IBM Platforms TWS Education.

Click to add text May 2012Taking advantage of Virtualisation1 TWA : Taking Advantage of Virtualisation on IBM Platforms TWS Education.
VMware vSphere Configuration and Management v6

VMware vSphere Configuration and Management v6
CalCloud Government End-User Group November 4, 2015 1.

CalCloud Government End-User Group November 4,

Similar presentations

Ads by Google