If they are already struggling within their controlled environment, how can they handle those issues when the infrastructure is out of their control?
Most private or hybrid cloud implementations use VMware as the underlying hypervisor, with Hyper-V being the next most popular. On top of that, there is typically a Windows or Linux operating environment, with an application framework layer like the .NET or JavaEE framework (e.g., WebSphere, JBoss, Oracle,), then the applications themselves. Given that a stack of environments (i.e. a hypervisor, an operating environment, an application framework, etc.) are used to build our virtual instances in the cloud infrastructure, how do we create the most secure stack to run our applications?
Secure environments have grown up one of two ways – either by adding security onto what already exists, or by designing it in from the beginning and as part of all changes and enhancements. The problem with this second scenario is that it often uses proprietary or specialized hardware. This doesn’t play well with the desire to move to a cloud, where everything is based on running on the same infrastructure.
The ideal would be a combination of both, where an operating environment, and more broadly, the entire application stack --, designed from the ground up for security -- could be run in a cloud, supporting all the benefits a cloud architecture brings. To meet that potential, Unisys is in the process of turning its traditional enterprise environment, ClearPath Forward™, into a pure software based application stack running on a cloud infrastructure. ClearPath Forward is known for its reliability, availability, resilient database, hack-resistant architecture and security. This process has been a deliberate and longstanding creation of a secure integrated application stack containing an operating environment, application environment, transaction manager, database and open development tools. The first step in the transition started in the mid 1990’s when Unisys started running its environment on Intel processors (having previously run it on proprietary processors), spending years ensuring that it met all the expectations of a secure and reliable environment. In 2008, the concerted process of moving the entire product line to Intel began and was completed in 2015, as the Intel- based systems exceeded the proprietary servers in performance. In 2016, the first pure software- only stacks were released.
The result is a highly secure integrated application stack, for Intel x86 (Xeon), that is cloud deployable , running under VMware or Hyper-V, containing an operating environment, application environment, transaction manager and database, and using open development tools. We call this new architecture / application stack ClearPath Software Series.
ClearPath Software Series provides an application environment that uses AB Suite, a Microsoft Visual Studio-based development language specifically geared for business processing. AB Suite integrates application, database and user interface design into a single generative framework, supporting DevOps and ALM via Microsoft TFS. The application environment also supports all existing ClearPath Forward applications and languages unchanged, such as applications written in COBOL. In addition to the application stack, any good secure environment limits accessibility between applications, systems, and users needing to communicate with each other. Typically, this is done through LAN segmentation, router rules, VPNs etc. That security scheme works well for small environments, but becomes complex in a large consolidated data center, such as a private cloud. Micro-segmentation, or limiting applications to only seeing and communicating with those applications they need, is the only truly secure solution for a large network in a private or hybrid cloud. Unisys Stealth® provides software configured micro-segmentation of the cloud and user network. Stealth uses a concept called communities of interest (COI), which is a set of application or systems that are allowed to communicate with each other. A single system may belong to multiple COI. Only systems or applications that belong to the same COI are visible to each other, and can communicate with each other. All data sent between the systems is encrypted. Stealth provides advantages to a cloud even when not using the ClearPath Software Series application stack. Together the ClearPath Software Series application stack and Stealth can turn your cloud into a highly secure environment –mitigating risk when moving to a multi-tenant cloud environment while allowing you to take advantage of the advantages a cloud can offer. Related links:
|
