A compliance aware software defined infrastructure

Abstract

With cloud eclipsing the $100B mark, it is clear that the main driver is no longer strictly cost savings. The focus now is to exploit the cloud for innovation, utilizing the agility to expand resources to quickly build out new designs, products, simulations and analysis. As the cloud lowers the unit cost of IT and improves agility, the time to market for applications will improve significantly. Companies will use this agility and speed as competitive advantage. An example of the agility is the adoption by enterprises of the software-defined datacenter (SDDC)[3] model, which allows for the rapid build of environments with composable infrastructures. With adoption of the SDDC model, intelligent and automated management of the SDDC is an immediate priority, required to support the changing workloads and dynamic patterns of the enterprise. Often, security and compliance become an 'after thought', bolted on later when problems arise. In this paper, we will discuss our experience in developing and deploying a centralized management system for public, as well as an Openstack [4] based cloud platform in SoftLayer, with an innovative, analytics-driven 'security compliance as a service' that constantly adjusts to varying compliance requirements based on workload, security and compliance requirements. In this paper we will also focus on techniques we have developed for capturing and replaying the previous state of a failing client virtual machine (VM) image, roll back, and then re-execute to analyze failures related to security or compliance. This technique contributes to agility, since failing VM's with security issues can quickly be analyzed and brought back online, this is often not the case with security problems, where analysis and forensics can take several days/weeks.