自AWS某位高管宣稱“云成為了新常態(tài)”后�,至今已是第三個年頭了�����。這三年中�����,隨著各企業(yè)對云敏捷性����、可擴展性和成本優(yōu)勢的日益依賴��,云遷移這股風頭似乎開始變得更加勢不可擋��。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
微軟2017年度《混合云現(xiàn)狀》(State of the Hybrid Cloud)報告顯示�����,有63%的大中型企業(yè)已經(jīng)實施了包含企業(yè)內(nèi)部與公有云基礎(chǔ)架構(gòu)的混合云環(huán)境��。思科最新發(fā)布的《全球云指標》(Global Cloud Index)預測�,到2020年����,92%的企業(yè)工作負載將在公有云與私有云數(shù)據(jù)中心內(nèi)進行處理�����,物理數(shù)據(jù)中心的處理量將僅占8%��。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
由此可見����,未來將是云的天下,各企業(yè)將采用混合云戰(zhàn)略以及來自多家提供商的服務�。但無論其使用哪些云服務,或者處于哪個行業(yè)��,所有企業(yè)都擁有共同的目標:讓業(yè)務應用在任何情況下都能提供優(yōu)質(zhì)的用戶體驗���,具備安全和彈性并盡可能高效地運行�。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
共同的責任
實現(xiàn)這些目標并非易事���。計算機安全分析師Graham Cluley曾說:“公有云只是別人的計算機��。”雖然服務提供商理應為高性能與安全的應用提供強大基礎(chǔ)�����,各企業(yè)仍須責無旁貸地承擔與這些應用相關(guān)的流程安全性���、可用性����、性能和管理責任����。更重要的是����,企業(yè)應負責正確配置并管理由云服務商所提供的安全控制。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
下面�,就讓我們審視一下各企業(yè)在確保云應用安全性、提供優(yōu)質(zhì)用戶體驗以及確保應用經(jīng)濟高效方面所面臨的各種挑戰(zhàn)�����。
挑戰(zhàn)#1:云安全
確保穩(wěn)健而沒有后顧之憂的云安全充滿了挑戰(zhàn)�,原因有三。首先�����,無論是內(nèi)部環(huán)境還是云端環(huán)境,了解企業(yè)機構(gòu)的當前安全水平��、何處需要增加防護以及何處存在潛在漏洞將非常困難�����。由于在復雜的混合環(huán)境內(nèi)需要管理的產(chǎn)品與平臺越來越多��,獲得統(tǒng)一而全面的安全狀況視圖變得愈加困難�����。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
其次�����,高度動態(tài)的云環(huán)境�����,加之不斷擴大的網(wǎng)絡威脅狀況要求這些環(huán)境內(nèi)的安全性必須靈活且易變���。策略需要隨著所保護的基礎(chǔ)架構(gòu)而擴展�。其三,安全技能不足����,IT團隊竭盡全力管理混合環(huán)境內(nèi)部署的各種工具與流程。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
云安全解決方案也引發(fā)了大量的安全事件��,它們讓相關(guān)人員難以區(qū)分風險的優(yōu)先次序并加以補救��。
挑戰(zhàn)#2:用戶體驗
雖然不同應用的服務等級協(xié)議和用戶預期不盡相同(只要試想訓練沙盒與實時在線零售應用之間的差別)���,但用戶體驗通常具有兩個基本要素,即應用性能與服務可用性�。當這兩個方面受損時,用戶不滿將迅速導致業(yè)務損失�����。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
而公有云內(nèi)從硬件架構(gòu)到專為不同應用而優(yōu)化的實例類型�����,多種設(shè)計選項的復雜性����,讓保障一致的用戶體驗變得越發(fā)復雜�����。托管應用的相關(guān)云基礎(chǔ)架構(gòu)�����、用戶與應用之間的網(wǎng)絡連接性�、應用交付要素的性能(例如會話負載平衡器)以及應用的實際設(shè)計與架構(gòu)等因素都會影響用戶體驗�����。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
挑戰(zhàn)#3:成本與效率
云服務商提供了多種選項��,用于創(chuàng)建經(jīng)濟高效�����、可擴展且高度可用的應用��。從基于效用的按需計費模式��,到保留價格選項以及競價實例或競價��,企業(yè)可以靈活地選擇適合其需求的模式。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
成本優(yōu)化是指根據(jù)所討論的企業(yè)特定需求權(quán)衡價格與性能�����。產(chǎn)品設(shè)置與架構(gòu)設(shè)計必須經(jīng)過優(yōu)化���,以實現(xiàn)所需的應用自動擴展�����,并支持所產(chǎn)生的需求高峰與低谷���。與保障工作負載相關(guān)的設(shè)計選項包括在各實例內(nèi)運行的安全端點、各地網(wǎng)絡安全設(shè)備以及云提供商所提供的安全控制等���。
上述選項具有不同的成本率。它們通過不同方式影響著性能����,并帶來不同水平的安全效力。鑒于這種復雜性����,除非各企業(yè)機構(gòu)能夠?qū)靡约懊闇蔬@些應用的威脅媒介進行建模,否則了解如何選擇最高效的解決方案實屬不易。
Although different application service level agreements and user expectations is not the same (as long as you imagine training sandbox, and the differences between real-time online retail application), but the user experience is usually has two basic elements, namely the application performance and availability of services. When these two aspects are damaged, user dissatisfaction will quickly result in business loss.
應對挑戰(zhàn):如何通過測試實現(xiàn)價值
為了應對這些挑戰(zhàn)�����,在生產(chǎn)前期以及生產(chǎn)過程中�,將其部分或全部工作流遷移至云端的企業(yè)機構(gòu)必須做好準備將統(tǒng)一的測試應用于各個流程。測試與風險息息相關(guān)��,如果從一開始就正確執(zhí)行測試程序����,那么企業(yè)就可以顯著降低風險暴露,并確保成功利用云的全部優(yōu)勢����。
生產(chǎn)前期,在云遷移實際發(fā)生之前���,測試能夠提供可量化的洞察����,借以在供應商選擇��、性能與成本優(yōu)化過程���、擴展����、可用性以及培訓中為安全架構(gòu)師、網(wǎng)絡架構(gòu)師和安全團隊助上一臂之力�����。例如��,在供應商選擇方面����,假設(shè)功能性要求都能得到滿足,采購經(jīng)理必須確定哪一家公有云供應商能夠提供高性價比服務�����。他們需要證明哪種確保應用工作負載的可用工具是高效和安全的�����,且最終全面滿足具體需求���。
關(guān)于性能與成本優(yōu)化的問題,IT與安全管理員必須明確如何優(yōu)化安全策略與架構(gòu),以及針對自動擴展策略的最佳設(shè)置�。這些決策制定基于一系列因素,從內(nèi)存利用到新連接率�����,而且只有通過嚴格�����、真實的測試流程才能完成對這些因素的歸納與分析�。
關(guān)于云架構(gòu)在部署后將如何執(zhí)行的問題也必須加以考慮。應用架構(gòu)擴展會在哪些地方遭遇瓶頸��?應用從錯誤中自動恢復過來的速度有多快���,以及在某些應用服務失效的情況下�,用戶體驗將受到怎樣的影響��?
覆蓋整個生產(chǎn)過程的測試
回答這些問題需要依靠一種廣泛的生產(chǎn)前測試計劃����,它具備真實的工作負載并對威脅向量和故障切換場景進行建模。這能確保云架構(gòu)促進業(yè)務�,而非限制業(yè)務�����;還能讓安全工程師與分析師更好地了解其工作內(nèi)容���。
而且,測試不能因云環(huán)境上線而終止�����。在生產(chǎn)階段���,連續(xù)測試是服務質(zhì)量監(jiān)測的基本要求�����,而連續(xù)的安全驗證對于提供安全服務保證則是必不可少����。
總而言之���,隨著云成為新常態(tài)�����,在應用部署與交付的所有階段���,云工作負載的連續(xù)測試也須被奉為新常態(tài)。測試是確保企業(yè)機構(gòu)在充分實現(xiàn)云優(yōu)勢的同時避免安全漏洞風險��、用戶體驗下降或不必要成本的唯一途徑��。
【此文章原創(chuàng)來自于158機床網(wǎng)轉(zhuǎn)載請注明出處】
