Softlayer Overview

© 2015 IBM Corporation

 Agenda

A) Softlayer unique advantages

B) Softlayer – from simple to crazy architectures

2 © 2015 IBM Corporation

 Agenda

A) Softlayer unique advantages

3 © 2015 IBM Corporation

 Working Definition

Cloud (n) On-demand Compute with Consumptive billing

• On-demand
Rapidly provisioned services
• Compute
Servers, network, storage, firewalls, ancillary services
• Consumptive billing
Turns traditional fixed IT costs into variable – monthly or hourly

Initial model—virtualized multi-tenancy computing—does not meet

requirements for 100% of applications and use cases

For broadest applicability, user-selectable levels of performance, security
and isolation are required

4 © 2015 IBM Corporation

 SoftLayer, an IBM company, challenges the norm for cloud
providers that all resources are shared and virtual. SoftLayer
gives our Enterprise clients choices

The initial cloud

SoftLayer® embraces
revolution was based on
the idea that:
assumptions such as:

… virtualization
All resources But cloud is a choice with
are virtualized a flexible set of
computing But you
options
needs have have the
evolved. ultimate
… resources can
All resources be shared, CHOICE
are shared dedicated
or mixed

5 © 2015 IBM Corporation

 Competitive Differentiators: What Makes SoftLayer Different?

Performance Flexibility Control

Consistent A range of options - Self service or
compute power bare metal, virtual fully managed with a full
and a high performance server instances and featured Infrastructure
global network private clouds Management System
for self-service IaaS. support a dynamic hybrid and robust APIs
cloud strategy. to support a dynamic
cloud strategy.

6 © 2015 IBM Corporation

 IBM IaaS – SoftLayer
Which cloud deployment model is a good fit for you?

Public Virtualized
Private Virtualized
Dedicated Bare Metal
SoftLayer an IBM Company Global high-performance network
Single-pane management

Cloud agility – Robust network with Scalable common hardware

Complete Control Pay-as-you-go
Build YO Cloud secure access building blocks

SoftLayer
SoftLayer SoftLayer
A B

Dedicated private cloud services Shared public cloud services

Dedicated (bare metal) cloud (virtualized) (virtualized)

Dedicated servers (bare metal and virtual), virtual servers
Common x86 hardware architecture for all SoftLayer
(private or public shared multi-tenant ) cloud models – ease of scalability and adoption of

Complete control of your cloud environment (2000’s APIs): other models
applications and management – BYO or select from SL’s
Flex Images™ image management – capture an
image catalog image (physical or virtual) provision or migrate

Global, highly secure, agile IPv4 & IPv6 networks end-to-end between technologies
(Triple network architecture), local and global load balancing
Cloud Governance – full control over a hybrid
that is pay-as-you-go environment through a streamlined workflow
7 © 2015 IBM Corporation
 Global DC and Network Footprint
Performance

Over 26 Carrier grade

global private
locations with network with
geographic over 2,000
disperse gbps of
network PoPs connectivity

Ipv4/Ipv6 dual stack

Global DNS

Global DDOS mitigation

Unmetered DC to DC bandwidth
8 © 2015 IBM Corporation
 How SoftLayer is different from other CSPs

Superior Network Automation & Control Flexibility & Choice Other benefits
• High Speed • Industry leading • Multi-tenant Virtual • 24x7x365 support
redundant Global API Server • 500 GB free
Network • Full Transparency • Single-tenant Bandwidth
• Unmetered global and Control Virtual Server • Hourly / Monthly
private Network data integrity, • Bare Metal Server
single-tenant • Managed Service
• 100% uptime SLA • Any OS /
for both private and devices
Hypervisor
public network • Serial-# of HW
used viewable

Security & Auditing

• Triple Network • VLANs • Auditability

Architecture • Firewalls • Any action retraceable to
• VPN • Anti-Virus single user
• IPS / IDS • Two-factor auth.

9 © 2015 IBM Corporation

 Integrated Security reduces risk across Hybrid Cloud

IBM manages and monitors 15 billion security events every day for nearly 1,700 clients around the world and holds more
than 5000 patents and patent applications.
Secure global private network allows inter-server free data transfer without public interface.
The 1st cloud platform to offer bare metal powered by Intel TXT that provides security down to the microchip level.

IaaS PaaS SaaS

Built on Security Ready IT Infrastructure

Manage Identities Monitor and Audit Scan and Protect Establish
and Protect Applications the Network Intelligence
User Access and Data from Threats Across the Cloud

10 © 2015 IBM Corporation

 SoftLayer Compliance
In place now:

Managed to SOC2 Type II HIPAA Ready Safe Harbor

NIST800-53 Self Assertion

Privacy Standards

FFIEC Ready Self Assessment PCI DSS v3.0 AoC

SOC1, SOC2, SOC3 ISO/IEC 27001

Certification

In progress due in 2015:

11 FedRAMP ITAR Certification FISMA Moderate © 2015 IBM Corporation

Certification (FedRAMP Only)
 SoftLayer Network Connectivity

High-performance public network with transit from multiple Tier-1 carriers

– Network redundancy supports High availability

Public network access allows Internet-facing applications
– Can be configured with no Internet access for completely private environment

Secure OOB management via VPN
– Customer control through lockdown of access to private network

Private network has no transit to Internet/public
– Complete isolation from Internet (unless you explicitly route it through a gateway)

Private network for intra-application and inter-facility communications, access to
shared services
– Don’t need to rely on Internet to pull down content including patches

12 © 2015 IBM Corporation

 SoftLayer Network Security
SoftLayer’s innovative network architecture and commitment to using the most advanced
hardware technologies minimize data center and server exposure. The network integrates three
distinct network architectures into the industry’s first Network-Within-a-Network topology.
Systems are fully accessible to your administrative personnel but safely off-limits to others.

■ Public Network handles public traffic to hosted websites or online resources

Network-Within-a- ■ Private Network allows for true out-of-band management through a distinct
stand-alone third carrier over SSL, PPTP, or IPSEC VPN gateways
Network Topology ■ Data Center to Data Center Network provides free, secure connectivity
between servers housed in separate SoftLayer facilities

Through partnerships with leading hardware and software vendors,

Network IDS/IPS SoftLayer offers a complete array of intrusion protection and assessment
Protection options at both the network and host level

2-factor 2-factor authentication for Customer Portal and SoftLayer VPN access
adds greater network security for hosts on the SoftLayer network
Authentication

13 © 2015 IBM Corporation

 SoftLayer Server Security
SoftLayer provides comprehensive tools to help you design and deploy sever level security at
the workload level
SoftLayer offers a comprehensive range of software and hardware security solutions, and strategic partnerships
with industry-leading companies, to help you maximize uptime, protect private information and mitigate
business risk.

■ Multi-tenant and dedicated hardware firewall solutions

available to meet different customer requirements.
Hardware Firewalls ■ Provisioned on demand without service interruptions, and fully
managed through the customer portal—you have complete
control of your systems' protection settings.

Anti-Virus and Anti- McAfee LinuxShield and Windows VirusScan Anti-Virus included
with all servers and cloud compute instances. McAfee Total
Spyware Protection Protection available as upgrade.

SoftLayer partners with Nessus to provide vulnerability scans for

Nessus Vulnerability any device on the SoftLayer Network at no additional charge.
Vulnerability scans can be completed on demand using the
Scanning SoftLayer Customer Portal.

14 © 2015 IBM Corporation

 SoftLayer Data Center Security
Physical and operational security is the foundation of SoftLayer security - no other measures
matter without it. That’s why every SoftLayer data center is fully audited based on SOC 2 Type II
reporting on controls to meet industry-recognized requirements for security.

■ Data centers located only in facilities with controlled access and 24-
hour security
■ No server room doors are public-facing
■ Server rooms are staffed 24/7
Data Center and ■ Un-marked entry and exit doors
■ Digital security video surveillance
Server Room ■ Biometric & Key Card security systems for access to all data
centers
Measures ■ Server room access strictly limited to SoftLayer employees and
escorted contractors or visitors
■ Barcode-only identification on hardware; no customer markings of
any type on the servers themselves

■ Engineers and technicians trained on industry standard policies and

procedures which are audited yearly
Operational ■ Geographic redundancy for all core systems for disaster recovery
and business continuity
Measures ■ All data removed from re-provisioned machines with drive wipe
software approved by the Department of Defense
■ Current SOC 2 Type II report

15 © 2015 IBM Corporation

 SoftLayer Advantage - Security

Security Differentiator:
Dedicated physical and virtual servers
Provide complete isolation of
customer workload and data

Security Differentiator: Incredibly easy to lock down

at network level to control access
to servers and workloads

Security Differentiator: High degree of automation

means low degree of manual support, manual error

16 © 2015 IBM Corporation

 SoftLayer Standard Support

17 © 2015 IBM Corporation

 Agenda

B) Softlayer – from simple to crazy architectures

18 © 2015 IBM Corporation

 Building Block

19 © 2015 IBM Corporation

 Virtual

20 © 2015 IBM Corporation

 Baremetal

21 © 2015 IBM Corporation

SoftLayer:
Case Reference – E-Commerce & Web Application
 Web Application Service Required resources
Architectural Points
01 - DNS, Netscaler VPX, Standard Hardware Firewall,
•Support web application architecture for internet services. 02 – Local Load Balancer, Fortigate Firewall, Vyatta Gateway
•Provide network security and HA architecture. Appliance, NAS, iSCSI, Object Storage

1 DNS DNS

Data Center Data Center

Local Load
5 Balancer

IPS/Firewall

Public VLAN Public VLAN

6
2 WAF / /Load Balancer

WAF / Load Balancer WAF / Load Balancer

3

Web/Was
Server Web Web
Server Server

Private VLAN Private VLAN

4 7
Private VLAN Private VLAN
8
9
Database Database
Server Server

NAS, iSCSI
Storage
Object
Basic Security and High Availability Storage
1. DNS provides authoritative name server services. User can define and update DNS Zone
5. Local Load Balancer provides Load balancer functions. User can choose High Availability
file.
option when he requests Local Load Balancer.
2. Netscaler VPX provides Load Balancer functions. Netscaler VPX Platinum edition provides
6. Fortigate Firewall provides in-bound/out-bound filtering and IPS function. User can choose
Web Application Firewall functions.
High Availability option.
3. Standard Hardware Firewall protects one server’s in-bound traffic. User also can use
7. Vyatta Gateway Appliance provides in-bound/out-bound filtering. High Availability option
Windows system’s built-in firewall function or Linux’s iptables function to protect each server.
is provided.
4. Private VLANs are connected with private network. VMs in same user account can use
8. NAS storage is provided via private network.
private network for communication.
9. Object Storage is provided via public network and private network.