Shared Services Canada and Cloud
Computing
Architecture Framework Advisory Committee
Transformation, Service Strategy and Design February 21, 2013
Agenda
TIME TOPICS PRESENTER(S)
9:30 – 9:40 Opening Remarks B. Long, Chair
9:40 – 9:55 Recap: From Cloud Framework to Cloud
Service B. Long
9:55 – 10:30 Cloud Deployment Models P. Littlefield All
10:30 – 10:40 Health Break
10:40 –11:30 SSC’s Cloud Platforms: Discussion P. Littlefield All
11:30 – 12:20 Challenges In-depth B. Long
All
Recap on Cloud-Computing Discussions
December 17, 2012 GCCC architectures and cloud- computing models examined and discussed with AFAC members January 28, 2013 Revised GCCC architectures feedback incorporated Discussion of three use cases Platform strategy discussed February 21, 2013 Focus on platforms Discussion on decision criteria for private versus hybrid versus public cloud services March 2013 Revised GCCC platform endorsed by AFAC
Cloud Computing: Defining Shared Services
Canada’s Role
Internal private cloud and external cloud services should be defined by the same service architecture?
• SSC could be the
Cloud Broker and
could also be a Cloud Provider.
• Some private cloud services could be provided by SSC.
• This would be the “Community Cloud”. • The Cloud Broker
would ensure multi-vendor management. SaaS PaaS IaaS SaaS PaaS IaaS
Resource Abstraction and Control Layer Physical Resource Layer
Hardware Facility Cloud Service Management Service Layer Business Support Provisioning / Configuration Portability /Interoperability Cloud Provider Cloud Broker Service Intermediation Service Aggregation Service Arbitrage Security Audit Cloud Auditor Privacy Impact Audit Performance Audit Cloud Consumer Cloud Carrier
Cross Cutting Concerns: Security, Privacy, etc.
Cloud Deployment Models – Directions
Use Cases
(samples)Private Cloud On-prem Private Cloud Off-prem Virtual Private Cloud Public Cloud
Collaboration tools and applications
Sensitive data and applications
Public-facing websites
GC internal websites and
applications
Public-facing transactional websites
and applications
Databases
GC internal Dev/Test websites and
Platform Technologies – Potential Directions
TBD
Linux on Z/OS Technologies whose disposition will be determined over the coming monthsGrow
Linux on X/86 Windows Technologies where investments will be made, transformation will focus, and new business and workloads will be directedSunset
HP/UX AIX MCP Solaris Technologies which will be phased out over the course of the transformation; workloads will be migrated to “Grow” platformsSustain
Z/OS Technologies that will be maintained at current business volumes, with organic current business growth; no new business or workloads will be directed hereGROW
Platform Technologies – Use Cases
Use Cases
Windows Linux/x86 Z/OSWeb Hosting
Application Hosting
Enterprise Resource Planning
Document Management
Collaboration
Virtual Desktop / Thin Client
File Services
Challenges In-depth:
Cloud Interconnectivity
Challenge: Connecting
resources across clouds and customer premises
Description:
People, process and technology required for multi-CSP, internal IT service management (ITSM)
orchestration
Forward Agenda items:
• CSB architecture and standards • Internal ITSM architecture and
standards
Mitigations
• Cloud service broker architecture / standards • Internal ITIL / ITSM
architecture / standards • GC Identity, Credential,
Access Management (ICAM) • Security and privacy controls
Challenges In-depth:
Identity / Access Control
Challenge 2: Managing identity, federation and access control
Description:
Transformation, migration to Role-Based Access Control (RBAC) and the ICAM strategy
Forward Agenda items:
• ICAM architecture and standards • GC directory architecture and
standards
Mitigations
• ICAM implementation schedule
• GC-wide directory strategy and architecture
• Migration from departmental-based security to role-departmental-based access control
Challenges In-depth:
Multi-tenant Client Isolation
Challenge 3: Isolating tenants in a multi-tenant environment
Description:
Security considerations for multi-tenancy implementations versus the scale economics of sharing
Forward Agenda items:
• ICAM architecture and standards • GC directory architecture and
standards
Mitigations
• Clear definition / documentation of the various multi-tenant deployment architectures• Cross reference / certification against GC security controls • Document application
compatibility considerations and standards
Challenges In-depth:
Network Readiness
Challenge 4: Network latency and capacity considerations
Description:
Cloud introduces new challenges for the network – both the internal GCNet and the Internet Access strategy
Forward Agenda items:
• GCNet considerations for cloud • Internet access architecture and
design for cloud
Mitigations
• Understanding the suite of potential latency sensitive cloud applications
• Data centre and CSP location impact analysis
• Legal review: impact on contracts, terms and SLAs • Develop standards /
architecture that meets or exceeds GC security
First Name Last Name Company/Association Industry Representatives
AFAC Participants: Cloud Computing
First Name Last Name Company/Association Association Representatives
Avvey Peters Communitech
Evan Fox Corporate Executive Board
Jeff Lynt CABiNET
Kris Van Riper Corporate Executive Board
Linda Oliver ITAC
Steve Woodward CATA/Cloud Perspectives
Tim Lewis CITPA Observer
Industry Representatives
Lynn Sutherland Canadian Cloud Council
John Cousens Canadian Cloud Council
Mario Bernier Northern Micro
Peter Fu TeraMach
Chris Makkreel Salesforce
James Lambe Google
John Schouten Dell
Mark Godfrey NetApp
Mike Cardy OnX
Strahan McCarten Bell
Brian O'Higgins Invest Ottawa
Don Powell Enterprise Architect, CABiNET
Jean-Olivier Le Brun CGI
Corey Glynn IBM
Lloyd Switzer Telus
Mike Monteith ThoughtWire
Edward Cordeiro AT Labs Canada
Ron Babin Ryerson University
Sasha Lebovic Cisco
Stuart MacKay HP
Vadim Schvarts VMware
Wally Kowal Canadian Cloud Computing
Jamie Hart Microsoft
Dave Wharry Oracle
Sébastien Boire-Lavigne Sagemcom Canada
