Security and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser

(1)

Presented by 5nine Software and Cloud Cruiser

Security and Billing for Azure Pack

(2)

Paul Zinn

Senior Product Manager

Cloud Cruiser

[email protected]

@pzmusician

Symon Perriman

VP of Business Development

5nine Software

[email protected]

@SymonPerriman

Meet our Speakers

(3)

Key Topics for Today

3

● Understanding Windows Azure Pack

● Security & Protection for Windows Azure Pack

● Chargeback & Billing for Windows Azure Pack

● Integrating Solutions for Windows Azure Pack

● Discussion

(4)

Understanding

Windows Azure Pack

poll #1

(5)

Development Management Identity Data Virtualization

(6)

Microsoft Azure

IT Admin

Customers

(7)

Windows Azure Pack - Tenant

Customers

IT Admin

7

(8)

Windows Azure Pack - Admin

Customers

IT Admin

(9)

Windows

Azure Pack

Windows Azure Pack

Customers

IT Admin

9

(10)

Azure Pack Services

Web Platform

application

Services

(PaaS)

Infrastructure

Services (IaaS)

Reliable

Messaging

Service Management REST API

Virtual

Networking

SQL Server &

MySQL

Database

(DBaaS)

5nine Cloud

Security

(SECaaS)

Cloud Cruiser

(11)

Security & Protection for

Windows Azure Pack

poll #2

(12)

Meet 5nine Software

● Founded in 2009

● Headquartered in Chicago, with staff in an additional 14 regions worldwide, including 9 MVPs

● More than 68,000 Hyper-V users globally, representing companies and datacenters of all sizes

● The #1 leading solutions provider of security & management applications for Hyper-V

● 5nine Cloud Security – Agentless firewall, antivirus, and intrusion detection security

for Hyper-V, System Center and Azure Pack

● 5nine Manager - Integrated Hyper-V and Cluster Management for SMBs

● 5nine V2V Easy Converter - Free VMware to Hyper-V virtual machine migration tool

● Visit www.5nine.com for more info

9x .

(13)

A Suite of Virtualized Security Tools for Hyper-V

● Security designed specifically

for Hyper-V virtual machines,

disks, networks and hosts

● Regulation now have requirements for virtualization

● Hackers now know how to exploit virtualization

● Firewall

● Antivirus / Antimalware

● Active Network Detection

● Intrusion Detection

● Standard datacenter security

practices are still needed

● Physical security, BitLocker, VPN, Active Directory, etc.

(14)

Automatically & Immediately Protect Everything

● Hosted environments are never secure

● A single security breach can ruin your reputation and business

● Security for virtualized environments is different

● It is impossible to guarantee security

using traditional “endpoint protection”

● Requires installation

● Slows deployment

● Complicates management

● Virtualized environments are dynamic

● Virtual machines

● Virtual disks

● Virtual networks

(15)

How 5nine Cloud Security Works

(16)

Host-Based Protection for Firewall, AV/AM & IDS

(17)

Host-Based Protection for Firewall, AV/AM & IDS

(18)

Abstract & Hide Security from Users

● The public is “renting” your hardware

● Remove the burden of security from the tenants

● Manage security for the tenants

● Update signatures for the tenants

● Ensure the tenants cannot disable security

– Accidently

– Purposely with bad intentions

● Centrally manage security

● Cisco Snort

(19)

Guarantee Isolation & Resource Access

● Isolation and privacy is critical in a cloud

● An admin should not access a tenant’s VM

● A VM cannot affect the host

● A VM cannot affect another VM

● Use Quality of Service (QoS) or throttling for

memory, CPU, network & storage bandwidth

● Avoid Denial of <Resource> attacks

(20)

Protect All Virtual Networks

● Traditional security protect traffic between hosts

● Does not protect traffic between VMs on the same host

● Threats can spread if one tenant becomes infected

● Virtual Network Types

● External

● Internal

● Private

Network

Security

Appliance

(21)

Use a Single Solution for all VMs

● Intercept traffic before it gets to the VM

● Manage traffic at the network protocol level

● TCP, UDP, GRE, ICMP, IGMP, etc.

Hyper-V Guest OS List: aka.ms/HyperVGuestOS

21

(22)

Use a Single Solution for all VMs

● Intercept traffic before it gets to the VM

● Manage traffic at the network protocol level

● TCP, UDP, GRE, ICMP, IGMP, etc.

Server

• Windows Server 2016

• Windows Server 2012 R2

• Windows Server 2012

• Windows Server 2008 R2

• Home Server 2011

• Small Business Server 2011

• Windows Server 2003

tenant

• Windows 10

• Windows 8.1

• Windows 8

• Windows 7

• Windows Vista

• Windows XP

Linux & UNIX

• CentOS

• Debian

• FreeBSD

• Oracle Linux

• Red Hat RHEL

• SUSE

• Ubuntu

(23)

Active Detection of Incoming Threats

● Immediately identify incoming threats

● Unencrypted traffic

● HTTP (more coming soon)

● Automatically alert admins

● Email

● PowerShell

● Event Logs

(24)

Fast AV Scanning with No Performance Impact

● Agent-based scanning causes “scanning storms”

● Decreases VM performance for all tenants

● Reduces VM density on the hosts

● 5nine uses its proprietary

Change Block Tracking (CBT) driver

● Scan only changed

blocks on the disk

● Scan up to 70x faster

(25)

Automate Security Task Management

● PowerShell support

● Task scheduling

● Enables scalability

● Ensures consistent SLAs

● Eliminates human error

● For tasks with high resource

utilization, stagger the action

to avoid performance impact

(26)

Hyper-V Hosts & Clusters SQL Server

5nine Cloud Security

Management Server / VM

Redundant Management Group

SQL Server

Branch Office

SQL Server

5nine

Sync

5nine Cloud Security Management

5nine Console | 5nine PowerShell | Azure Pack Extension | SCVMM

Enterprise High-Availability for Security

(27)

Protection from Inbound, Outbound & Internal Threats

Hyper-V Hosts

SQL Server

5nine Cloud Security

Management Server / VM

Public Internet

0 10 20 30 40 50 60 70 80 90 100

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

Normal Traffic

0 10 20 30 40 50 60 70 80 90 100

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

Unusual Traffic

(28)

System Center Virtual Machine Manager Plugin

● Centralized virtualization security management through SCVMM

● Full 5nine Cloud Security integration

● Integration with the SCVMM Console, Network Services & Logical Switch

● Free add-on for 5nine Cloud Security

(29)

Azure Pack Security as a Service (SECaaS)

● Azure Pack allows you to run Azure IaaS services in your datacenter

● Improved security for your infrastructure and your tenants

● Differentiate & monetize your services by offering “secure VMs”

● Simplify security management for tenants through on/off buttons

● Firewall, Active Network Detection & Intrusion Detection

● Preconfigure firewall templates for different VM roles

● Free add-on for 5nine Cloud Security

(30)

Demo: 5nine Cloud Security

(31)

How to Acquire 5nine Cloud Security

● www.5nine.com or [email protected]

● Cloud Security: http://www.5nine.com/CloudSecurity

● Licensing options

● Licensed per 2 CPUs

● Flexible pricing based on VM density

● Service provider licenses (per VM / month or per VM / year)

● Includes the Kaspersky Lab or ThreatTrack plus Cisco Snort license

● Sales direct or through resellers, distributors,

partners & solution integrators

31

(32)

Chargeback & Billing for

Windows Azure Pack

(33)

Meet Cloud Cruiser

● Founded in 2009

● Headquartered in Silicon Valley

● Industry-leading financial management solution for hybrid cloud

● Customers include the largest enterprises and service providers in the world

33

(34)

Cloud Cruiser Overview

● Cost analytics for the hybrid cloud

● Single solution to price, bill for cloud usage, and optimize spend

● Broadest scope of collectors

● Most sophisticated cloud analytics

(35)

Cloud Cruiser Overview

● Cost analytics for the hybrid cloud

● Deep partnership with Microsoft

● First embedded partner solution for Windows Azure Pack

● Plus integrations to Azure public cloud, System Center, Hyper-V

35

(36)

Cloud Cruiser Overview

● Cost analytics for the hybrid cloud

● Deep partnership with Microsoft

● Integrations to industry-leading public/private clouds, apps,

databases, and more

(37)

SINGLE TENANT MULTI TENANT

Azure

HYBRID CLOUD

WAP

Windows Azure Pack (WAP)

Manage usage and

costs of WAP resources,

such as VMs, website

and database instances ^$

Azure Azure Public

Manage IT spend across

your public cloud assets

like compute, storage,

data, networking, & apps

$

Financial Management for Microsoft Hybrid Cloud

37

poll #3

(38)

Microsoft customer needs

Improve

forecasting

Compare costs

across clouds

Implement

chargeback/billing

Match supply

and demand

57%

of total surveyed

59%

of public cloud users

44%

of cloud adopters

47%

of cloud adopters

(39)

Why is this so hard?

39

Complex pricing required for

different services, bundles,

promotions, and customers

No consistency across vendor

bills and internal spreadsheets –

big manual effort

complex financial models

Hard to scale as you acquire

more customers

No ability to map consumption

to organizational structure

(departments, divisions, projects)

multiple clients

Diverse cloud offerings plus

managed services, such as

security, backups, help desk

Mix of public, private, and

traditional IT services

multiple services

service providers enterprises

(40)

Cost Management for Enterprises & Service Providers

Enterprise Service

Providers

A NAL YTICS FOUND ATI ON

AUTOMATED

CHARGEBACK

BUDGETS

& ALERTS

DECISION

ANALYTICS

TRENDS &

FORECASTS

SELF-SERVICE

REPORTING

AUTOMATED

BILLING

PROFIT

ANALYSIS

CUSTOM

DASHBOARDS

MULTI-SOURCE

COLLECTORS

FLEXIBLE DATA

TRANSFORMATION

FLEXIBLE

PRICING

COST

TRANSPARENCY

(41)

Demo: Cloud Cruiser

(42)

Integrating Solutions for

Windows Azure Pack

(43)

Benefits of Adding Cloud Cruiser & 5nine Software

• Completes the Microsoft cloud solution stack with best-in-class IT

financial management and security

• Protects your cloud investment

• Automates security and financial controls which saves money,

time, & risk

• Provides 24x7 visibility into the health of your cloud

• Improves customer satisfaction and trust

• Provides additional revenue opportunities

43

(44)

Case Study: Monetizing Value-added Services

Track and bill for 5nine

security products, such as

firewall and intrusion

detection

(45)

Resources

45

• Cloud Cruiser Product Overview:

http://www.cloudcruiser.com/product/

• Cloud Cruiser for Azure Pack:

http://www.cloudcruiser.com/partners/microsoft/

• Microsoft Virtual Academy: Cloud Cruiser for Azure

Pack:

http://www.cloudcruiser.com/resource/video-microsoft-partner-solutions-

cloud-cruiser-express-for-windows-azure-pack/

• Datasheet: Cloud Cruiser for Windows Azure Pack

http://www.cloudcruiser.com/wp-content/uploads/2013/10/Solution-

Brief_Microsoft-Azure-Pack1.pdf

• Webcast: Microsoft Hybrid Cloud: Best of Both

Worlds

http://www.cloudcruiser.com/resource/webcast-microsoft-hybrid-cloud-best-

both-worlds/

Cloud Cruiser

• 5nine Cloud Security:

http://www.5nine.com/CloudSecurity

• 5nine Cloud Security Azure Pack Extension:

http://www.5nine.com/5nine-security-for-hyper-v-product.aspx#Azure

• Microsoft Virtual Academy: 5nine Cloud Security

for Azure Pack:

https://channel9.msdn.com/Series/Windows-Azure-Pack-Partner-

Solutions/10

• Whitepaper: Challenges of Securing Hosted

Hyper-V Multi-Tenant Environments:

http://www.5nine.com/Docs/Brien_Posey_Securing_Hosting_Hyper_Environ

ment.pdf

• Upcoming webinars: www.5nine.com/webinars

5nine Software

(46)

Thanks for joining us today! Let’s connect!

[email protected]

www.5nine.com

@5nine_Software

[email protected]

www.cloudcruiser.com

@CloudCruiserInc

Cloud Cruiser 5nine Software