EasyStack True Private Cloud | Quek Keng Oei

1. Modern, Private, Automated
Private Cloud
Partnering with Altera Technologies

2. Who are we?
Award winning Global Catalyst Advisory spinoff –
Clientele List
Ministry of Foreign Affairs
Civil Service College
Temasek Foundation
OECD
Setia Berhad
1 Group
Association of Small Medium Enterprises
Franchising and Licensing Association of Singapore
Awards
Winner of RHT RMF Green Asia Initiatives Leadership (GAIL)
Sustainability Awards
- Gamechanger
- Innovation
Altera Technologies focusing on
cloud management & technology

3. Established in February 2014, founding team ex-IBM
• In 5+ years, accumulated more than USD110M in 5 rounds venture
capital funding - latest round C++ in August 2018
• Largest Series C funding round in China Open Source history
• OpenStack Foundation Gold Member
• Linux Foundation & CNCF Silver Member
• 5 out of 10 China Largest OpenStack Deployments in 2016
• Awarded Gartner 2016 China Cool Vendor
• Ranked No. 2 in 2018 OpenStack Foundation User Survey
• Ranked Top 8 Gartner 2017 OpenStack Most Competitive Provider
• Officially certified as CNCF Kubernetes Service Provider in 2018
Leadership
• 2014 May: OpenStack Enterprise Distribution
• 2014 Nov: China’s 1st OpenStack Hybrid Cloud
• 2017 Mar: China’s 1st OpenStack with Kubernetes Converged Platform
• 2018 May: Cloud Ready HCI Product ECS Stack
• 2019 May: True Private Cloud Product ECS
Innovation
• Elected Independent Board Director OpenStack Foundation
• Elected Heat Project PTL OpenStack Foundation
• Ranked Top 10 Globally in TC-Approved Code Contribution
OpenStack/Kubernetes/Ceph
• Led China Linux Kernel Code Contribution
Research Development
EASYSTACK— Making Cloud Computing Easier
500+ large enterprise customers
200+ employees, focused on enterprise cloud
computing software and services
EasyStack has branch offices in 16 cities across mainland
China and in silicon valley, Singapore, Sydney and Taipei
Achievements
100+ Ecosystem Partners

4. Enterprise IT spending on the true private cloud market
worldwide from 2016 to 2027, by segment (in billion U.S. dollars)
Region
Worldwide
Survey time period
2016 to 2018
Supplementary notes
* Forecast.
The source defines true private cloud as including:
• a transaction relationship with a single provider;
• flexibility in how IT resources are consumed;
• an ability to accommodate hybrid cloud application use cases;
• and availability on a self-service basis;
- and excluding:
• converged systems with limited orchestration and automation;
• self-integrated private cloud involving numerous vendors;
• spending by service providers on public cloud infrastructure;
• services outside the maintenance and management of an
enterprise private cloud, such as data center outsourcing,
colocation, general cloud consulting, etc.;
• and virtual private clouds.

5. Cloud – The New Business Platform
PUBLIC
CLOUD
PRIVATE
CLOUD
Managed by IT Managed by provider
Two Models Today:
Applications are delivered
and built on cloud platforms
Developers asking for self-service
platforms for faster delivery
IT is being pressured to provide that
or move to AWS

6. How Public Cloud Looks
CHALLENGES:
Cost scales rapidly
Performance unpredictability
No visibility below VMs
One way migration path
PUBLIC
CLOUD
Admins / Users
CLOUD
UI/API

7. Challenges with Public Clouds
Issues Description
Rapid cost increase
Total cost over 3 years more than private cloud as network
traffic, etc are not included in the cost
Unpredictable performance Sharing the same physical server with other unknown users
Additional Security risk &
compliance
Require additional security services, audits, etc to secure
cloud
Misconfiguration of security
& services
Experience & review of services and security must be done
with audits to ensure data not accessible by public (see
CapitalOne data leak)
No control below VM
No management of environment below VMs or virtual
network
Lack of OpenAPI
APIs are proprietary, not fully defined and changes regularly.
Tools have to be compatible with the APIs in order to
automate services

8. Security – Top 5 concerns
Top 5 Security Concerns of Public cloud:
1. Data Breaches – Access of data by unauthorized personnel (eg CapitalOne)
2. Hijacking of Accounts – Usernames/Password hacked, leaked private key, etc
3. Insecure APIs and Interfaces – Proprietary APIs that may have loopholes and
weakness allowing illegal control
4. Insufficient Due Diligence – Due to lack of experience, knowledge or time, system not
properly secured or protected
5. Malware Injections & APT - Malicious code injected into cloud services and runs in the
cloud servers themselves to eavesdrop, compromise the integrity of sensitive
information, and steal data

9. Rack 1
Cloud Region 1 Cloud Region N
Domain 1
Domain 1
True Private Cloud Feature: Secure Platform
including configuration & data
Tenant
Project 1
Tenant
Project N
Tenant
Project 1
Tenant
Project N
…
… …
Domain N
Multi-Tenant
Organization/Quota
Management
• Each region can be
physically or logically
designed and implemented
• Domain can be
company/organization/busin
ess unit/department
• Tenant Project can be sub-
domain separation
Tenant
Project N
Tenant
Project 1
Tenant
Project N
…
…
Domain N
… Tenant
Project 1
…
Physical and Logical Network Separation
Host 2FA
• Backend host access is protected
by 2FA login
• Ensure only authorized person(s)
allowed into host server(s) console
Server 1
Server N
TOR Switch
1
…
FW
Device(s)
Core
Switch
Rack N
Server 1
Server N
TOR Switch
N
…
…
VM
Instance
Router
Instance
Network
Instance
Network
Instance
VM
Instance
SecurityGroup
Instance
FWaaS
Instance
Floating IP
Instance
Logical Network
Physical Network

10. Conclusion
Factors Public Cloud Private Cloud
Flexibility on resources – able to turn on / call on
resources on demand 5 4
Control – Able to control the cloud from hardware
to software and service level 2 4.5
Security and privacy – Able to keep the data
securely in the right hand and person and prevent
access by non-authorized entities 1.5 4
Cost – Overall cost of starting and running the cloud
solution 1.5 - 4.5 4
My scoring of the cloud:
Rank scoring: 1 – Weakest, 5 - Strongest

12. CapitalOne Data Breach – What is it
• CNN – “In one of the biggest data breaches ever, a hacker gained access to more than 100
million Capital One customers' accounts and credit card applications earlier this year.”… “tech
company software engineer for Amazon (AMZN) Web Services, the cloud hosting company
that Capital One was using, the Justice Department said. She was able to gain access by exploiting
a misconfigured web application firewall, according to a court filing…”
• DigitalTrends – “…filed a class-action lawsuit Tuesday against Capital One Financial
Corporation “for negligence in failing to safeguard consumers’ personal information” in the recent
data breach that impacted 100 million consumers… ”
• InfoSecurity Magazine – “…the intruder was able to enumerate over 700 S3 Buckets and
ultimately copy sensitive data out of the environment…”
CNN – https://edition.cnn.com/2019/07/29/business/capital-one-data-breach/index.html
DigitalTrends – https://www.digitaltrends.com/news/capital-one-data-breach-class-action-lawsuit/
InfoSecurity Magazine – https://www.infosecurity-magazine.com/infosec/lessons-from-the-capital-one-data/