2016년 및 이후의 기업향 클라우드 보안 - kosta 2016_160225_a... · 2016-03-02 ·...
TRANSCRIPT
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
2016년 및 이후의 기업향 클라우드, 보안, IT 인프라의 이노베이션 한국오라클
김상현 부사장/CTO 세일즈컨설팅, 한국오라클 2016년 2월 25일
A New Era in Cloud
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
2016 and Beyond
Disruption
Digital
Cloud – Cost, Innovation, Agility
Security
Hardware Innovation
Oracle Confidential – Internal/Restricted/Highly Restricted 2
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Business Cycles Are Faster than Ever Before
3
Over the last 50 years, the average lifespan of companies on the S&P 500
has shrunk from 60 to 18 years
Year
s
75
65
55
45
35
25
15
5
1930 1940 1950 1960 1970 1980 1990 2000 2010
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
“Old” IT No Longer Works in Today’s Economy
4
Must adopt a new approach to IT
It’ll take six months to build
your development environment
To get that done, you’ll need to file a
ticket
That change will have to wait for our next build in three
months
Apache Zookeeper went
down again...
We already spent all of the money we
allocated for hardware
I’m frustrated that my important cool new app is prioritized the
same as payroll
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Smart Software Segmenting
5
Different software has different needs
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Find the Next Business
Run the Current Business
Run the Back Office
New IT
Old IT
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Innovation and Differentiation Require a New Style of IT
6
Today’s IT does not meet today’s needs. Must re-invent.
Old IT Self-manage the entire hardware and software lifecycle
Quarterly releases to production
Deploy to one data center with one database; latency-sensitive apps
Large horizontal teams organized around technology layers
New IT Consume services, infrastructure-agnostic
Daily releases to production
Deploy to multiple data centers, many datastores; latency-tolerant apps
Small vertical teams organized around business domains
Characterized by Cloud
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Infrastructure Compute, Networking, Storage
Cloud (*-as-a-Service) is Key to Innovation
7
Cloud changes everything – business/technology/finance/operations
Start consuming resources as a service
Platforms Java EE, Java SE, Node, etc.
Building Blocks Database, NoSQL, Messaging, etc
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 8
Public Cloud
On Premises
75% of enterprise workloads are still
on premises
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Hybrid Cloud Challenge
Public Cloud Finance & HR
CRM
BI ID & Security
Core Industry
Systems
?
Enterprise At an Enterprise level, taking any single application to the cloud poses hybrid cloud challenges
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Hybrid Cloud Solution Architecture Model: Palette
Cloud Technology Platform
Technical Integration
Access Operation Security Analytics
Hybrid Platform
Information Model
Developer Services
Digital Bank
Digital CX Unified
HCM Digital
Commerce
Business & Industry Solutions
Dev & Test Disaster Recovery
Hybrid PaaS
Backup & Recovery
Technical Solutions … and more
HCM ERP & EPM SCM CX
Data Analytics Social Commerce
Industry Clouds
Applications
… and more
• Keystone applications : Cloud or on-prem • Break down to modules • Can be extended with PaaS
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Hybrid Cloud Overview and Approach: Hybrid Patterns
Oracle Confidential – Internal/Restricted/Highly Restricted 11
Application Pruning Hub & Spoke Digital Enablement PaaS as the ‘spoke’
Application Component Bursting
Lifecycle Hybridisation
Hybrid PaaS: Federated PaaS
Information Enrichment: Data as a Service
Data Analytics
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Challenge: Security in the Cloud and Data Center
12
• High Performance Security for Web, Middleware, and Database • Industry’s fastest Oracle Transparent Data Encryption
Client Web Tier Middleware Tier
Database Tier
ZFS Storage
SSL TLS
HTTPS JMS JDBC
ZFS Encryption
TLS
AES
Archive
TDE
Key Manager
AES
SPARC M7 Security in Silicon • Data at Rest • Data in Motion • Secure Checksum
AES
AES SHA2
SSL TLS
SSL TLS
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Previously Unimaginable Results for Apps & Cloud, Attainable Now
Breakthrough Hardware And Software Co-Engineering
Mid-1990’s Larger Memory
Support, Greater Accuracy
Mid-2000’s Multi-core,
Multi-threaded Computing Today:
32-Core Revolution Software in Silicon: Software Functions on Chip
Open Systems Virtualization & Cloud
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Security In Silicon: Silicon Secured Memory
Applications Memory
Pointer “Y”
Pointer “R”
GO
Pointer “B” GO
• Protects data in memory
• Hidden “color” bits added to pointers (key), and content (lock)
• Pointer color (key) must match content color or program is aborted
• Set on memory allocation, changed on memory free’
• Protects against access off end of structure, stale pointer access and malicious attacks
M7 Processor
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Heartbleed - Impacted Websites Using OpenSSL
Heartbeat request sent to victim
Type Payload_size Payload
HB_REQUEST 65535 Hello
Victim responds with requested payload size (64K bytes)
Type Payload_size Payload
HB_RESPONSE 65535 Hello ………. ………………….
Payload_size does not match Payload Unauthorized data
returned to requestor
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Memory access vulnerability discovered in the open source Quick Emulator hypervisor platform (QEMU)
Venom Vulnerability - Impacted Servers Using QEMU
Non-M7 Host System
Sales Server VM
Database Server VM
Web server VM
VM Hypervisor
Host Hardware
Hacker exploits VENOM to escape VM
VENOM executes instructions in hypervisor and gains control of host hardware
Venom escape
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
SPARC M7: Broadest Set Of Ciphers For All Your Apps
32 Crypto Accelerators per Processor
Clear Data In
Encrypted Data Out
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
M7 Query Accelerator Engine
• 32 In-Silicon Offload Engines
• Cores/Threads Operate Synchronous or Asynchronous to Offload Engines
• User Level Synchronization Through Shared Memory
• High Performance at Low Power
• 3x more Memory Bandwidth than x86
Decompress
Unpack/ Alignment
Scan, Filter, Join
Result Format/ Encode
Data Input Queues
Local SRAM
Decompress
Unpack/ Alignment
Result Format/ Encode
Decompress
Unpack/ Alignment
Result Format/ Encode
Decompress
Unpack/ Alignment
Result Format/ Encode
Data Output Queues M7 Query
Engine (1 of 32)
On-Chip Network
Data Input Queues
Data Output Queues
On-Chip Network
On-Chip Network
On-Chip Network
Scan, Filter, Join
Scan, Filter, Join
Scan, Filter, Join
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
DAX: Data Analytics Accelerator
M7 In-Memory Database Advantages
19
• Industry-leading M7 memory bandwidth
• DAX decompresses data at same rate as scan-only
• DAX performs one-step scans, range scans, and assists Bloom filter joins
SQL: select sum(lo_extendedprice*lo_discount) as revenue from lineorder, date_dim where lo_orderdate = d_datekey and d_year = 2012 and lo_quantity between 6 and 25 and lo_discount between 1 and 3
Processes: Decode values (DAX) & Sum aggregation (cores)
Hash Joins (cores) Bloom Filter Joins (DAX & cores)
Scans (DAX) Range Scans (DAX)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Dramatically Simplified Secure Computing
Today’s Approach to Managing Data Slower, Unsecure, Complex
Unsecured Data Encrypted
Fully Secure & Efficient Data Center Protect & Accelerate Your Business
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
2016 and Beyond, What’s Your Strategy?
Disruption
Digital
Cloud – Cost, Innovation, Agility
Security
Hardware Innovation
Oracle Confidential – Internal/Restricted/Highly Restricted 21
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 22