自AWS某位高管宣稱“云成為了新常態(tài)”后,至今已是第三個(gè)年頭了。這三年中,隨著各企業(yè)對云敏捷性、可擴(kuò)展性和成本優(yōu)勢的日益依賴,云遷移這股風(fēng)頭似乎開始變得更加勢不可擋。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
微軟2017年度《混合云現(xiàn)狀》(State of the Hybrid Cloud)報(bào)告顯示,有63%的大中型企業(yè)已經(jīng)實(shí)施了包含企業(yè)內(nèi)部與公有云基礎(chǔ)架構(gòu)的混合云環(huán)境。思科最新發(fā)布的《全球云指標(biāo)》(Global Cloud Index)預(yù)測,到2020年,92%的企業(yè)工作負(fù)載將在公有云與私有云數(shù)據(jù)中心內(nèi)進(jìn)行處理,物理數(shù)據(jù)中心的處理量將僅占8%。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
由此可見,未來將是云的天下,各企業(yè)將采用混合云戰(zhàn)略以及來自多家提供商的服務(wù)。但無論其使用哪些云服務(wù),或者處于哪個(gè)行業(yè),所有企業(yè)都擁有共同的目標(biāo):讓業(yè)務(wù)應(yīng)用在任何情況下都能提供優(yōu)質(zhì)的用戶體驗(yàn),具備安全和彈性并盡可能高效地運(yùn)行。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
共同的責(zé)任
實(shí)現(xiàn)這些目標(biāo)并非易事。計(jì)算機(jī)安全分析師Graham Cluley曾說:“公有云只是別人的計(jì)算機(jī)。”雖然服務(wù)提供商理應(yīng)為高性能與安全的應(yīng)用提供強(qiáng)大基礎(chǔ),各企業(yè)仍須責(zé)無旁貸地承擔(dān)與這些應(yīng)用相關(guān)的流程安全性、可用性、性能和管理責(zé)任。更重要的是,企業(yè)應(yīng)負(fù)責(zé)正確配置并管理由云服務(wù)商所提供的安全控制。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
下面,就讓我們審視一下各企業(yè)在確保云應(yīng)用安全性、提供優(yōu)質(zhì)用戶體驗(yàn)以及確保應(yīng)用經(jīng)濟(jì)高效方面所面臨的各種挑戰(zhàn)。
挑戰(zhàn)#1:云安全
確保穩(wěn)健而沒有后顧之憂的云安全充滿了挑戰(zhàn),原因有三。首先,無論是內(nèi)部環(huán)境還是云端環(huán)境,了解企業(yè)機(jī)構(gòu)的當(dāng)前安全水平、何處需要增加防護(hù)以及何處存在潛在漏洞將非常困難。由于在復(fù)雜的混合環(huán)境內(nèi)需要管理的產(chǎn)品與平臺(tái)越來越多,獲得統(tǒng)一而全面的安全狀況視圖變得愈加困難。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
其次,高度動(dòng)態(tài)的云環(huán)境,加之不斷擴(kuò)大的網(wǎng)絡(luò)威脅狀況要求這些環(huán)境內(nèi)的安全性必須靈活且易變。策略需要隨著所保護(hù)的基礎(chǔ)架構(gòu)而擴(kuò)展。其三,安全技能不足,IT團(tuán)隊(duì)竭盡全力管理混合環(huán)境內(nèi)部署的各種工具與流程。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
云安全解決方案也引發(fā)了大量的安全事件,它們讓相關(guān)人員難以區(qū)分風(fēng)險(xiǎn)的優(yōu)先次序并加以補(bǔ)救。
挑戰(zhàn)#2:用戶體驗(yàn)
雖然不同應(yīng)用的服務(wù)等級協(xié)議和用戶預(yù)期不盡相同(只要試想訓(xùn)練沙盒與實(shí)時(shí)在線零售應(yīng)用之間的差別),但用戶體驗(yàn)通常具有兩個(gè)基本要素,即應(yīng)用性能與服務(wù)可用性。當(dāng)這兩個(gè)方面受損時(shí),用戶不滿將迅速導(dǎo)致業(yè)務(wù)損失。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
而公有云內(nèi)從硬件架構(gòu)到專為不同應(yīng)用而優(yōu)化的實(shí)例類型,多種設(shè)計(jì)選項(xiàng)的復(fù)雜性,讓保障一致的用戶體驗(yàn)變得越發(fā)復(fù)雜。托管應(yīng)用的相關(guān)云基礎(chǔ)架構(gòu)、用戶與應(yīng)用之間的網(wǎng)絡(luò)連接性、應(yīng)用交付要素的性能(例如會(huì)話負(fù)載平衡器)以及應(yīng)用的實(shí)際設(shè)計(jì)與架構(gòu)等因素都會(huì)影響用戶體驗(yàn)。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
挑戰(zhàn)#3:成本與效率
云服務(wù)商提供了多種選項(xiàng),用于創(chuàng)建經(jīng)濟(jì)高效、可擴(kuò)展且高度可用的應(yīng)用。從基于效用的按需計(jì)費(fèi)模式,到保留價(jià)格選項(xiàng)以及競價(jià)實(shí)例或競價(jià),企業(yè)可以靈活地選擇適合其需求的模式。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
成本優(yōu)化是指根據(jù)所討論的企業(yè)特定需求權(quán)衡價(jià)格與性能。產(chǎn)品設(shè)置與架構(gòu)設(shè)計(jì)必須經(jīng)過優(yōu)化,以實(shí)現(xiàn)所需的應(yīng)用自動(dòng)擴(kuò)展,并支持所產(chǎn)生的需求高峰與低谷。與保障工作負(fù)載相關(guān)的設(shè)計(jì)選項(xiàng)包括在各實(shí)例內(nèi)運(yùn)行的安全端點(diǎn)、各地網(wǎng)絡(luò)安全設(shè)備以及云提供商所提供的安全控制等。
上述選項(xiàng)具有不同的成本率。它們通過不同方式影響著性能,并帶來不同水平的安全效力。鑒于這種復(fù)雜性,除非各企業(yè)機(jī)構(gòu)能夠?qū)?yīng)用以及瞄準(zhǔn)這些應(yīng)用的威脅媒介進(jìn)行建模,否則了解如何選擇最高效的解決方案實(shí)屬不易。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
應(yīng)對挑戰(zhàn):如何通過測試實(shí)現(xiàn)價(jià)值
為了應(yīng)對這些挑戰(zhàn),在生產(chǎn)前期以及生產(chǎn)過程中,將其部分或全部工作流遷移至云端的企業(yè)機(jī)構(gòu)必須做好準(zhǔn)備將統(tǒng)一的測試應(yīng)用于各個(gè)流程。測試與風(fēng)險(xiǎn)息息相關(guān),如果從一開始就正確執(zhí)行測試程序,那么企業(yè)就可以顯著降低風(fēng)險(xiǎn)暴露,并確保成功利用云的全部優(yōu)勢。
生產(chǎn)前期,在云遷移實(shí)際發(fā)生之前,測試能夠提供可量化的洞察,借以在供應(yīng)商選擇、性能與成本優(yōu)化過程、擴(kuò)展、可用性以及培訓(xùn)中為安全架構(gòu)師、網(wǎng)絡(luò)架構(gòu)師和安全團(tuán)隊(duì)助上一臂之力。例如,在供應(yīng)商選擇方面,假設(shè)功能性要求都能得到滿足,采購經(jīng)理必須確定哪一家公有云供應(yīng)商能夠提供高性價(jià)比服務(wù)。他們需要證明哪種確保應(yīng)用工作負(fù)載的可用工具是高效和安全的,且最終全面滿足具體需求。
關(guān)于性能與成本優(yōu)化的問題,IT與安全管理員必須明確如何優(yōu)化安全策略與架構(gòu),以及針對自動(dòng)擴(kuò)展策略的最佳設(shè)置。這些決策制定基于一系列因素,從內(nèi)存利用到新連接率,而且只有通過嚴(yán)格、真實(shí)的測試流程才能完成對這些因素的歸納與分析。
關(guān)于云架構(gòu)在部署后將如何執(zhí)行的問題也必須加以考慮。應(yīng)用架構(gòu)擴(kuò)展會(huì)在哪些地方遭遇瓶頸?應(yīng)用從錯(cuò)誤中自動(dòng)恢復(fù)過來的速度有多快,以及在某些應(yīng)用服務(wù)失效的情況下,用戶體驗(yàn)將受到怎樣的影響?
覆蓋整個(gè)生產(chǎn)過程的測試
回答這些問題需要依靠一種廣泛的生產(chǎn)前測試計(jì)劃,它具備真實(shí)的工作負(fù)載并對威脅向量和故障切換場景進(jìn)行建模。這能確保云架構(gòu)促進(jìn)業(yè)務(wù),而非限制業(yè)務(wù);還能讓安全工程師與分析師更好地了解其工作內(nèi)容。
而且,測試不能因云環(huán)境上線而終止。在生產(chǎn)階段,連續(xù)測試是服務(wù)質(zhì)量監(jiān)測的基本要求,而連續(xù)的安全驗(yàn)證對于提供安全服務(wù)保證則是必不可少。
總而言之,隨著云成為新常態(tài),在應(yīng)用部署與交付的所有階段,云工作負(fù)載的連續(xù)測試也須被奉為新常態(tài)。測試是確保企業(yè)機(jī)構(gòu)在充分實(shí)現(xiàn)云優(yōu)勢的同時(shí)避免安全漏洞風(fēng)險(xiǎn)、用戶體驗(yàn)下降或不必要成本的唯一途徑。
【此文章原創(chuàng)來自于158機(jī)床網(wǎng)轉(zhuǎn)載請注明出處】