2016년 및 이후의 기업향 클라우드 보안 - kosta 2016_160225_a... · 2016-03-02 ·...

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |

2016년 및 이후의 기업향 클라우드, 보안, IT 인프라의 이노베이션 한국오라클

김상현 부사장/CTO 세일즈컨설팅, 한국오라클 2016년 2월 25일

A New Era in Cloud


2016 and Beyond

Disruption

Digital

Cloud – Cost, Innovation, Agility

Security

Hardware Innovation

Oracle Confidential – Internal/Restricted/Highly Restricted 2


Business Cycles Are Faster than Ever Before

3

Over the last 50 years, the average lifespan of companies on the S&P 500

has shrunk from 60 to 18 years

Year

s

75

65

55

45

35

25

15

5

1930 1940 1950 1960 1970 1980 1990 2000 2010


“Old” IT No Longer Works in Today’s Economy

4

Must adopt a new approach to IT

It’ll take six months to build

your development environment

To get that done, you’ll need to file a

ticket

That change will have to wait for our next build in three

months

Apache Zookeeper went

down again...

We already spent all of the money we

allocated for hardware

I’m frustrated that my important cool new app is prioritized the

same as payroll



Smart Software Segmenting

5

Different software has different needs


Find the Next Business

Run the Current Business

Run the Back Office

New IT

Old IT


Innovation and Differentiation Require a New Style of IT

6

Today’s IT does not meet today’s needs. Must re-invent.

Old IT Self-manage the entire hardware and software lifecycle

Quarterly releases to production

Deploy to one data center with one database; latency-sensitive apps

Large horizontal teams organized around technology layers

New IT Consume services, infrastructure-agnostic

Daily releases to production

Deploy to multiple data centers, many datastores; latency-tolerant apps

Small vertical teams organized around business domains

Characterized by Cloud


Infrastructure Compute, Networking, Storage

Cloud (*-as-a-Service) is Key to Innovation

7

Cloud changes everything – business/technology/finance/operations

Start consuming resources as a service

Platforms Java EE, Java SE, Node, etc.

Building Blocks Database, NoSQL, Messaging, etc

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 8

Public Cloud

On Premises

75% of enterprise workloads are still

on premises


Hybrid Cloud Challenge

Public Cloud Finance & HR

CRM

BI ID & Security

Core Industry

Systems

?

Enterprise At an Enterprise level, taking any single application to the cloud poses hybrid cloud challenges


Hybrid Cloud Solution Architecture Model: Palette

Cloud Technology Platform

Technical Integration

Access Operation Security Analytics

Hybrid Platform

Information Model

Developer Services

Digital Bank

Digital CX Unified

HCM Digital

Commerce

Business & Industry Solutions

Dev & Test Disaster Recovery

Hybrid PaaS

Backup & Recovery

Technical Solutions … and more

HCM ERP & EPM SCM CX

Data Analytics Social Commerce

Industry Clouds

Applications

… and more

• Keystone applications : Cloud or on-prem • Break down to modules • Can be extended with PaaS


Hybrid Cloud Overview and Approach: Hybrid Patterns


Application Pruning Hub & Spoke Digital Enablement PaaS as the ‘spoke’

Application Component Bursting

Lifecycle Hybridisation

Hybrid PaaS: Federated PaaS

Information Enrichment: Data as a Service

Data Analytics


Challenge: Security in the Cloud and Data Center

12

• High Performance Security for Web, Middleware, and Database • Industry’s fastest Oracle Transparent Data Encryption

Client Web Tier Middleware Tier

Database Tier

ZFS Storage

SSL TLS

HTTPS JMS JDBC

ZFS Encryption

TLS

AES

Archive

TDE

Key Manager

AES

SPARC M7 Security in Silicon • Data at Rest • Data in Motion • Secure Checksum

AES

AES SHA2

SSL TLS

SSL TLS


Previously Unimaginable Results for Apps & Cloud, Attainable Now

Breakthrough Hardware And Software Co-Engineering

Mid-1990’s Larger Memory

Support, Greater Accuracy

Mid-2000’s Multi-core,

Multi-threaded Computing Today:

32-Core Revolution Software in Silicon: Software Functions on Chip

Open Systems Virtualization & Cloud


Security In Silicon: Silicon Secured Memory

Applications Memory

Pointer “Y”

Pointer “R”

GO

Pointer “B” GO

• Protects data in memory

• Hidden “color” bits added to pointers (key), and content (lock)

• Pointer color (key) must match content color or program is aborted

• Set on memory allocation, changed on memory free’

• Protects against access off end of structure, stale pointer access and malicious attacks

M7 Processor


Heartbleed - Impacted Websites Using OpenSSL

Heartbeat request sent to victim

Type Payload_size Payload

HB_REQUEST 65535 Hello

Victim responds with requested payload size (64K bytes)

Type Payload_size Payload

HB_RESPONSE 65535 Hello ………. ………………….

Payload_size does not match Payload Unauthorized data

returned to requestor


Memory access vulnerability discovered in the open source Quick Emulator hypervisor platform (QEMU)

Venom Vulnerability - Impacted Servers Using QEMU

Non-M7 Host System

Sales Server VM

Database Server VM

Web server VM

VM Hypervisor

Host Hardware

Hacker exploits VENOM to escape VM

VENOM executes instructions in hypervisor and gains control of host hardware

Venom escape


SPARC M7: Broadest Set Of Ciphers For All Your Apps

32 Crypto Accelerators per Processor

Clear Data In

Encrypted Data Out


M7 Query Accelerator Engine

• 32 In-Silicon Offload Engines

• Cores/Threads Operate Synchronous or Asynchronous to Offload Engines

• User Level Synchronization Through Shared Memory

• High Performance at Low Power

• 3x more Memory Bandwidth than x86

Decompress

Unpack/ Alignment

Scan, Filter, Join

Result Format/ Encode

Data Input Queues

Local SRAM

Decompress

Unpack/ Alignment


Decompress

Unpack/ Alignment


Decompress

Unpack/ Alignment


Data Output Queues M7 Query

Engine (1 of 32)

On-Chip Network

Data Input Queues

Data Output Queues

On-Chip Network

On-Chip Network

On-Chip Network

Scan, Filter, Join

Scan, Filter, Join

Scan, Filter, Join


DAX: Data Analytics Accelerator

M7 In-Memory Database Advantages

19

• Industry-leading M7 memory bandwidth

• DAX decompresses data at same rate as scan-only

• DAX performs one-step scans, range scans, and assists Bloom filter joins

SQL: select sum(lo_extendedprice*lo_discount) as revenue from lineorder, date_dim where lo_orderdate = d_datekey and d_year = 2012 and lo_quantity between 6 and 25 and lo_discount between 1 and 3

Processes: Decode values (DAX) & Sum aggregation (cores)

Hash Joins (cores) Bloom Filter Joins (DAX & cores)

Scans (DAX) Range Scans (DAX)


Dramatically Simplified Secure Computing

Today’s Approach to Managing Data Slower, Unsecure, Complex

Unsecured Data Encrypted

Fully Secure & Efficient Data Center Protect & Accelerate Your Business


2016 and Beyond, What’s Your Strategy?

Disruption

Digital

Cloud – Cost, Innovation, Agility

Security

Hardware Innovation


2016년 및 이후의 기업향 클라우드 보안 - kosta 2016_160225_a... · 2016-03-02 ·...

Documents