Anybody involved in data managment could not help but notice that Cloud computing is being widely adopted, or at least heavily promoted as the next service delivery model.
Moving applications and data to the cloud has its economic benefits, but there are potential pitfalls that organizations need to be aware of. Security professionals need to do their part and identify any risks associated with an organization’s desired move to the cloud, and manage those risks through the usual approaches.
Like so many specialties, there is now a certification available, Certified in Cloud Security Knowledge, or CCSK. This certification is offered by the Cloud Security Alliance, the same organization that published its seminal Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (PDF download).
The CCSK is not a substitute for other certifications in information security such as CISSP, which also provides vetting of individuals but serves to augment these programs by encouraging an additional level of competency in cloud computing security best practices
The Certificate of Cloud Security Knowledge (CCSK) provides evidence that an individual has successfully completed an examination covering the key concepts of the CSA guidance and ENISA whitepaper. The are no pre-requisites and candidates who wish to earn the CCSK must take a 50 question, one hour exam as a test of their knowledge and achieve a pass mark of 80%+. More information on earning the certificate is available here.
Let’s face it when Tim Berners-Lee sat down to propose the www he had some vague ideas about linking documents and sharing information but what he really wanted to do is sit at his desk and track aircraft flights paths in ‘real time’.
I had a requirement to check the arrival time of a flight from Heathrow to Pearson International Airport Toronto and by following a few links found myself looking at an updated map of the flight as it passed across Southern England refreshing every few minutes. Now short of taking over the controls yourself (not a serious RFC by the way) for any likeminded ‘geek’ this must be about as good as it gets. The diagram was matched with a table showing current speed, heading, altitude and other information about the distance travelled, elapsed time and estimated arrival.
You can track most flights over North America and Europe (not Lufthansa and British Midland) and although you lose the track as it passes out over the Atlantic you pick it up again about 200 miles out from the coast. Supported by Google Maps you get the full zoom-in functionality, which can be a bit tedious tracking it over the wastes of Newfoundland (it’s going over a lake and some forest !) but it’s impressive as you pan across the urban landscape in the approach. You need the flight number to follow a specific aircraft but the site has a random tracker option for casual browser.
Who needs ‘Angry Birds’ when you have the real thing.
VMware has entered the PAAS market with providers such as Salesforce.com, RackSpace’s OpenStack and pitched itself right up against Microsofts Azure by launching new open Platform-as-a-Service designed especially for cloud computing environments.
Cloud Foundry is being sold by VMware as “a new generation” of application platform, delivered as a service from enterprise data centres and public cloud service providers. Essentially, it will give developers streamlined tools to build applications on public and private clouds, whether or not the underlying server runs VMware, in the simplest way possible.
It already supports Java, Sinatra for Ruby, node.js and Ruby on Rails and other JVM-based frameworks, including Grails. Other programming frameworks will be supported in the future. It also supports MongoDB, MySQL, and Redis databases with planned support for VMware own vFabric services. Cloud Foundary also supports deployment not just on VMware infrastructure but on non-VMware public clouds and demonstrated support for Amazon Web Services by cloud management provider RightScale.
Cloud Foundry will be offered in multiple delivery models including as a VMware-operated developer service, an open source community PaaS project, a micro cloud and a version for enterprise and service providers.
As a diehard VMWare man I feel like I’ve been caught going out with my girlfriend’s best friend, but recently I’ve been evaluating the latest release of Citrix XenServer.
I was expecting to be disappointed especially since my first evaluation only encompassed the free edition, but that wasn’t the case. In many respects it was easier to use and install than the equivalent vSphere offering and although you can never exactly equate ‘like for like’ is does have some advantages especially at the lower end of the market.
While in no way pretending to be a comprehensive review a few things are worth considering.
Ease of Use.
Installing was a breeze both for the Xen hypervisor and for XenCenter management tool. The approach to management is different with Xen as the first server installed acts as the ‘management host’ and therefore XenCenter is nothing more than a client install pointing back to the host. Consequently all the prerequisites required for VSphere are avoided and you can be up and running within minutes. For anybody familiar with Virtual Centre the GUI is spookily familiar, which should be taken a complement to the original design.
Console access for both the server and the VM’s is built into the GUI but only works address the local subnet.
Simple Licensing model.
Compared with complexity of the VMware model the licensing options are pretty straightforward and has the massive advantage of including XenMotion out of the box. Like VMware all distributions contain the full feature pack and are livened up once the licence is installed although some functions require an associated VM appliance install. The free licence requires registration and a refresh every 12 months. Licensing is a simple cost per server model and takes no account of processor slots or cores.
Advanced features with the free addition.
The free addition supports iSCSI and NFS point for shared storage and both were a easy to implement although it’s not that difficult in VMware. XenMotion worked as expected although I found the start to finish time much longer than I have experienced on ESX. On a server without any loading any XenMotion took 2-3 minutes to complete as compared with 10-20 seconds the same spec ESX.
HA, DWB and Distributed Switching.
All of these features require the extra licensing. HA takes you into the Advanced option and Dynamic Workload Balancing (Xen’s version of DRS) one level up again into Enterprise. The HA option seems to have learned something from the VMware experience and incorporates both a network heartbeat and a check on shared storage locks therefore reducing the chance that HA could kick in with a network outage. The implementation of DWB like VMware requires a server to act as a data concentrator and control centre. In the case of Xen this an appliance managed by web front end accessing an appliance or as a software suite that can be installed on a pre-existing server. Distributed switching is managed in a similar way.
Built in Backup.
The Automated VM protection mechanism you get with the Platinum edition is a well featured backup solution that snapshots servers on a predefined schedule and backs off to shared storage. Anybody familiar with PhdVirtual’s esXpress solution in the VMWare space will recognise this process.
One thing that did take some getting used to is the cryptic naming convention for the disc file images and as far as I could see there was no easy way of gaining a explorer level file access from the XenCenter tool. Creating and deleting machines left me with a blizzard of file images that were difficult to match back up to the original VM’s .
Would I bet my business on the free edition?
Citrix XenServer provides some serious functionality which cannot be matched for the price. However as you move through the licence model searching for capabilities such as DWS things even out a great deal. While it might not match up with VMware across the whole range it’s a creditable solution and beats the Hyper-V into a hat for manageability.
Those of you that have been participating in the Microsoft® Office 365 beta program will have noticed that it has now ceased and moved into the production phase. Account holders now have 30 days to make a decision to buy into the many ‘plans’ available or lose the service.
While there can be little doubt that this is a powerful and comprehensive suite it’s not one that many companies are going to adopt without careful planning and consideration and for that read external consultancy.
If you a large size business you are going to be asking questions about how this fits in with your internal procedures particularly relating to security and compliance. I suspect there will a deal of work around configuring Active Directory Federation Services (ADFS) to achieve single sign-on and organising mailbox migrations.
For the SMB’s this may seem a bit daunting especially since there is no equivalent of the ‘free’ 10 user version that Google Apps provides giving an easy entry point onto the platform. This could be missing a trick because the long term success is going to be driven by small companies becoming larger ones and expanding into the service. Outside of some headline projects it going to be a while before large estates running standard MS Office are converted.
However I can see a take up in those users wanting to finally making the move from Exchange 2003 without the cost and overhead of a full deployment of Exchange Server 2010 in-house. Surveys report that only 8% of respondants have made the move to Exchange 2010 with the majority of departments still running Exchange 2003 (55%).
Since Microsoft no longer offers mainstream support for Exchange 2003 that means there are large number of implementions heading for obsolescense.
Maybe that’s the angle MS should be driving.