Calling out the Cloudwashers

<img alt="cloud" class="alignleft size-medium wp-image-4819" title="Cloud-Computing" src="http://www.datacentertalk.com/wp-content/uploads/2012/02/Cloud-Computing-300×208.j

pg” alt=”" width=”300″ height=”208″ />Over the past year, the term “cloud” has become such an overused term to the point that when placed in the description of any type of technological product, it causes the masses to flock for purchasing. This practice has become widespread to the point that the industry has coined the term “cloudwashing” for when a product improperly adopts the cloud label.

Additionally, cloud technology company Apprio held the first ever Washies which is an award focused on calling out the worst cloudwashing offenders. After a public vote during November, the results have been announced and the results are unsurprisingly fitting for the industry.

The Washers

  • The biggest overall washer – Oracle: for their Extralogic box. Essentially a hardware/software device to “provide cloud infrastructure in one stop.” In reality the system is simply a glorified mainframe with all the required software pre-configured.
  • The worst case of cloud advertising – Microsoft: for their “To the cloud!” Television ad series which illustrates consumers and professionals in various dire circumstances, then finding the solution in “the cloud” which as shown in the commercials simply the internet. In particular the main commercial is the one starring two customers stuck in an airport.
    It should be noted that Microsoft still has plenty of valid cloud offerings, such as their Azure platform and this award was issued purely for their horrible ad campaign.
  • The most cloud washed statement - Larry Ellison (CEO of Oracle) and Oracle: for proclaiming that “…we’ve redefined cloud computing to include everything that we already do.” A statement well said considering how the Oracle Extralogic box is essentially a mainframe with the cloud sticker stuck right on it.
  • The biggest personal cloud washer - Larry Ellison: for launching a social media campaign just to win The Washies, and also creating a bot to vote for him in the polls.
  • The most enthusiastic use for the word cloud – Salesforce.com: Unsurprisingly to many in the business world, “overusing” does little justice to describe the use of “cloud” in the SalesForce family. This award however is not meant to bash their products but rather the marketing campaigns from Salesforce which rarely go for more than a few sentences without saying “cloud.”

For more quality articles, visit DataCenterTalk

Share on TwitterSubmit to StumbleUpon

Microsoft Azure Embraces Open Source in the Midst of Promising Challenger

Although Microsoft Azure has long been the dominant Platform as a Service (PaaS) offering for companies, a recent offering from enterprise cloud platform vendor Tier 3 helps fill a few crucial holes left unfilled by Azure. To provide a brief background, Tier 3 is an enterprise cloud platform provider acquired by VM Ware back in April of this year, and their platform is called Iron Foundry.

The Service:

Overall Iron Foundry consists of three key components required for developers to implement solutions based around their needs:

  • Open sourced code which allows for developers to self-host the platform for their own customized implementations
  • A core .Net framework fork of Cloud Foundry  – an open source cloud platform heavily backed by VM Ware – which will be kept in synch with the main development versions
  • A Windows version of Cloud Foundry Explorer and Visual Studio plug-in will allow for direct deployment of code from IDE’s to Cloud Foundry

In addition to the above features, Tier 3 also is making the code available on GitHub under an Apache 2.0 license, allowing the general open source community to help improve the platform.

Azure Steps up its Game:

Despite Microsoft not being synonymous with being open source friendly, a recent set of adjustments on the Azure platform, cause Iron Foundry to have another key vendor to compete against. Some of the recently adjustments to Azure include:

  • Support for numerous open source technologies including Hadoop and Node.js, whereas in the past clients were limited to .Net languages, PHP, and SQL Asure – a specialized version of Microsoft SQL specifically for the Azure platform
  • Implementation of the Node Package Manager (npm) which can be installed via Micosofts Command Line tool Power Shell
  • The release of a complete Microsoft SDK with support for Node.js fully integrated

‘Overall when it comes to choosing between Azure or Iron Foundry, it is likely best to give both platforms a shot as the ability to use both services without a contract eliminates the barrier which typically comes into play with traditional devices.

UPDATE:  The original version of this article mentioned that Tier3 was acquired by VM Ware in early 2011 however a representative from the company has pointed out that the company is septate from VMware.

 

Share on TwitterSubmit to StumbleUpon

A Modern Twist on Malware Production

Malware has always been a threat to companies and computer users since the early days of the internet, however while prior malware was often created by individuals and small groups for leisure and fame, today malware makers are operating at an organizational capacity similar to legitimate corporations. This industry has been coined Crime as a Service and as the name implies, encompasses a whole new class of malware creators who do not just create the malware, but provide:  toll free support lines, ongoing updates to take advantage of zero day attacks, integrated product activation to protect against piracy, easy to use control panels complete with statistics about infection rates, and much more.

To get a better idea of the malware landscape, I interviewed Ziv Mador, the director of malware security labs for M86 Security.

Origin and Demographics of Attacks

According to Ziv, the majority of malware development originates in:  Russia, Romania, and a few Eastern European countries mainly because of weak and corrupt governments which are not able to keep organized crime in check. Additionally, many of the support, sales, and logistics of:  malware kits, stolen data, and more also are handled within these regions due to the lax government climate.

As far as attack targets go, while malware typically knows no bounds, Ziv mentioned that in most of his findings Western countries are the most targeted heavily for their wealth. In particular, bank fraud tends to have the highest reward for attackers by allowing them to access large sums of money in the shortest amounts of time. Because of the easy access to funds and limited fraud protection, on the black markets, bank account information tends to sell at prices significantly higher than credit/debit card numbers.

Additionally, as many malware makers prefer to have ongoing revenue, fake antivirus products and pay per install spyware often are integral to many malware makers by providing a fairly simple but effective way of monetizing their victims.

Attack Vectors

Although web browsers have been and remain the largest vulnerability point for end users, recent malware attacks have been shifting towards third party plug-ins such as Flash, Java, and Adobe Acrobat because the plugins tend to be less hardened and therefore provide better closer access to critical system files. Additionally, deploying updates for third-party programs on enterprise networks is significantly harder due to compatibility issues, making them a perfect target for attackers who are aiming for a high infection rate.

Even if you stay away from questionable sites normally associated with malware, today there is a new attack angle which allows infections to spread throughout legitimate websites without the owner or end user knowing. According to Ziv, this new form of attack is known as an iFrame injection and consists of a website being hacked and having a small code injection. Unlike the common depiction of hackers trashing websites and replacing them with obscene pages, today many infections occur in the background without notice. By using malicious code to inject hidden iFrames into a compromised website, malicious parties are able to have scripts download files to visitors in the background without warning.

This type of attack is so prevalent that according to Ziv, before launching an infection campaign, many groups will collect statistics from a few compromised servers and use that data to better target their attacks. While in the past malware used to be most prevalent on pornography and piracy websites, today even visiting a site as respectable as Facebook or Twitter could lead to an infection if a breach were to occur. Currently however, this form of attack is more prevalent on smaller independent websites where the owners fail to update and apply patches in a timely fashion.

Commercialization of Malware

As mentioned earlier in this article, the malware industry has gone from small groups of “hackers” to an industry with estimated transaction values of well over $1 billion USD. In particular the biggest sources of revenue have come from brokering stolen data and also selling malware kits. While in the past creating a virus used to require extensive technical knowledge – today, for around $1,000 USD, you can purchase a “malware kit” complete with:  a GUI for changing settings, ongoing updates for continuing effectiveness,  internal statistics to better target attacks,  and even product activation integrated by the creators to protect their creations from piracy.

This commercialization is not limited to malware.  Today brokers handling stolen data provide toll free support lines to handle reissuing data if it is flagged for fraud (common with credit and debit cards), and call centers exist to  provide criminals access to phone operators with any accent desired.  A crucial service for helping to expedite fraudulent transactions over the phone.

Closing Words

Overall, the details mentioned above are just a small sampling of today’s chaotic environment in computer security. As malware continues to be commercialized and commoditized information technology professionals of virtually every breed will have to learn to place security in the fore front of all projects. Although this article is more of an overview piece, at the least this article should alert you to the fact that today malware is not just being produced by lone wolf hackers. Rather syndicates now control the sphere, and as such, security must be given top priority to combat the increased threat.

Please leave your views and comments on the article in the Data Center Talk Forum

Share on TwitterSubmit to StumbleUpon

Bringing Fanatical Support to your Premises

In the past, having a private cloud typically meant you had offsite hardware managed by a host, or a full-time IT team on hand to handle on premise hardware, however thanks to Rackspace companies are now able to have the security of an on-premise private cloud while receiving the industry leading support and guidance of Rackspace Cloud Builders.  By providing customers with the option of utilizing:  Rackspace datacenters, partner datacenters, or most commonly a customer chosen data center, Racksapce is now moving from being a traditional web host to an on-call IT support firm.

While the change from a controlled environment to “real world” setups might sound daunting, an interview with Scott Sanchez, Director of Business Development for Rackspace Cloud Builders, greatly helped to clarify the many questions enterprises and information technology professionals have had about the major initiative from the vendor.

Bringing the Cloud to You

  • Although Open Stack can technically run on a wide array of hardware, to qualify for Rackspace support, your servers  must conform to the specifications at ReferenceArchitecture.org
    • The requirements at Reference Architecture are intended to ensure a reasonably standard environment for Rackspace clients regardless of server location
    • The main objective of Rackspaces’ Open Stack is to provide the same level of support to Rackspace clients regardless of where their servers are located.
      • Rackspace Cloud Builders allows Rackspace to help assemble the necessary hardware on your premises, while also handling management tasks remotely
      • When asked about the transition to supporting both controlled and outside environments rather than just their own data centers, Sanchez said it has not been an issue due to the  publication of standardized required specifications
      • According to Sanchez, although Open Stack can be used by smaller companies looking to test their own private environments, the ideal demographic is larger companies with significant infrastructure investment

Proven Track Record

  • Despite Open Stack only being sixteen months old, it has been adopted by computing giants such as:  Sony and their PS3 Network, PayPals’ X Commerce Platform, and The European Organization for Nuclear Research (CERN)
  • Additionally, Open Stack boasts a development network of over 130 participating companies and over 150 developers
  • Interestingly, Sanchez mentioned that many of the major corporate users of Open Stack devote some of their development efforts towards contributing back to the  open stack community as new features are added and improvements are made
  • This model does not just benefit the community at large, but enterprises also benefit since their contributions help shape the project. Additionally it prevents them from being at the mercy of a single company for development direction.

Development Cycle

  • Open Stack operates on a six month development cycle which is based on clearly marked milestones, helping to simplify the logistics of knowing how an update will affect the existing systems
  • Although having a six month deployment cycle has been of concern to many, Sanchez mentioned that with the Diablo release (latest version) of the software, the foundation has become much more solid than the earlier phases
    • Analogous to building a house. It takes awhile for the foundation to solidify before you can begin branching out and adding additional features.
    • In addition to starting with a full deployment, Sanchez mentioned that some companies who are concerned about the early stages of Open Stack simply start with the latest version, but don’t go to production until later versions come out
    • Unlike many Linux distros which have bleeding edge, stable, and legacy version support, Open Stack only maintains their latest editions allowing them to focus on the present rather than having to support various variants of the platform
      • When asked if Rackspace has any plans to adopt a deployment cycle similar to Linux distro’s, Sanchez said there are no plans to change the model as it is already sufficient.

      For more quality articles visit DataCenterTalk

Share on TwitterSubmit to StumbleUpon

Cloud Hosting Leaders – Strengths and Weaknesses

Cloud computing has been one of the biggest buzzwords in virtually every application of technology during 2011. No longer just IT jargon, cloud computing has evolved to become a staple in virtually every vertical of business. From test development sandboxes, web hosting, and fully managed:  email, contact management, invoicing, document collaboration, and more; cloud technology is has become a staple in every aspect of business.

When it comes to picking a cloud host for your company there is one key point to keep in mind before picking a provider. That point being cloud hosting differs from traditional hosting heavily due to maturity. Cloud hosting is still a rapidly developing field and therefore is an environment filled with vendor lock-in due to proprietary environments. While this is not a reason to avoid cloud technologies overall, it illustrates the importance of realizing the strengths and weaknesses of a host before placing your entire budget into one provider. Depending on your needs, a combination of vendors might prove best.

To help simplify picking a cloud vendor, below is a short piece of providing an overview of five cloud computing leaders outlining their key aspects and strengths along with weaknesses. ]

Amazon.com

Amazon.com has always been known for their innovations in ecommerce but recently Amazon’s Elastic Computing Cloud (EC2) has allowed them to deeply penetrate the high-performance computing vertical. Despite their notable data center fiascos during 2011, Amazon holds the position as the most innovative company in cloud computing.

Strengths:

  • Has the largest pool of computing capacity
  • Cost effective offerings
  • Strong partner ecosystem
  • Flexible API which is supported by many 3rd parties

Weaknesses:

  • No managed plans means that clients must have their own expertise on hand to handle the servers

Conclusion:

  • Overall, Amazon.com is ideal for projects with highly variable scaling and self-managed cloud hosting for testing and development

Softlayer

Softlayer is another industry leader which focuses on highly standardized infrastructure which can be provisioned very rapidly to meet the needs of even the most complex project. Unlike many other providers which commonly share hardware between cloud clients, Softlayer provides clients with dedicated hardware for their projects.

Strengths:

  • Standardized infrastructure which can be provisioned very rapidly
  • Emphasis on cloud flexibility and agility
  • Provide dedicated cloud hardware to clients

Weaknesses:

  • Rigid support policies mean customers are limited to standard configurations if they need managed hosting

Rackspace

For clients needing excellent customer service and a diverse set of solutions to meet their project needs, Rackspace is the vendor most likely to be a solid fit. Long known for their excellent traditional hosting services, Rackspace has been making the transition to the cloud without missing a beat in overall quality.

Strengths:

  • Industry leading customer service and support
  • Excellent managed plans
  • Below market pricing for complex managed packages
  • Helped greatly with unifying the cloud by open sourcing their cloud software stack (Open Stack)
  • Ability to use their software to roll a cloud system on your own hardware, and still receive expert support

Weaknesses:

  • Managed cloud packages are below enterprise level
  • As Open Stack has recently been released it does not yet have as much of a proven track record as other systems

Media Temple

A boutique web hosting company which specifically focuses much of its advertising on websites for content creators and creative professionals Media Temple provides an excellent array of affordable performance cloud solutions that won’t break the bank.

Strengths:

  • By focusing heavily on creative professionals and companies, Media Temple’s packages are commonly a good fit for A/B website testing where the costs of a full performance solution are not justified
  • A great provider for testing micro sites and landing pages and other short term projects due to the plans rarely requiring contracts
  • Media Temple’s pricing is much lower than the packages offered by the other industry leaders making them an ideal fit for companies just breaking into cloud hosting, or want a reputable budget friendly host

Weaknesses:

  • As Media Temple uses Parallels for virtualization, it is not an ideal platform for enterprise projects
  • Media Temple’s hosting is analogous to “a shared host on steroids” meaning that while you do have cloud hosting, support and performance are significantly lacking when compared to the industry leaders

SunGard

SunGard is best known as being one of the largest enterprise IT solutions providers in the industry. In particular SunGard focuses only on enterprise systems. This focus has made them a leader in the space for clients who have very complex custom systems.

Strengths:

  • By focusing heavily on enterprises, SunGard is able to handle complex projects much more easily than most other vendors which have a more general focus
  • By having a conservative approach to their infrastructure SunGard is able to handle long term and legacy projects easily
  • Pricing for their services is at market averages

Weaknesses:

  • Customer service at SunGard is below market average levels
  • By having a conservative approach to their infrastructure, SunGard does not offer as many features as other vendors
  • Additionally the conservative hardware approach limits agility which can be crucial for projects operating under a rapid development cycle

We are keep updating cloud computing technologies

Share on TwitterSubmit to StumbleUpon

Web Security Predictions for 2012

As the year comes to a close it is important for many companies to look back at which security measures have worked and which need improvement. In addition, it is important for IT and Security professionals to gear up for  the ever-changing breeds of digital threats which will be plaguing companies in 2012.

Recently, digital security vendor WebSense published a set of predictions of key security threats for 2012 which is heavily centered on social networks as the major attack vector for traditional malware and social engineering.

Although the Websense report cited a few major security trends, the most disturbing breed for IT Professionals and Administrators is the increase of attacks through social networks. During 2011 a round of social engineering attacks went mainstream in the form of scammers using Facebook Chat to beg friends for money. Usually under the premise that they were overseas and had their wallet stolen so they needed a large sum of money wired to them. In addition, viruses and malware have spread rapidly across real-time web securitynews and sharing sites such as Twitter, as a way to bypass traditional search providers blacklisting malicious sites.

WebSense predicts that these types of attacks will become more prevalent and with companies constantly placing a focus on social media for collaboration, people will come to trust online profiles even more. This surge in online communication means that IT Professionals across the board will have to start familiarizing themselves with social engineering attacks and developing training materials and policies to educate employees about the new threats which can come from inside and outside the workplace.

Aside from social networks, the threat predictions also cited mobile malware becoming more common due to increasing smartphone adoption, and many companies now allowing personal devices to be used for business. Unlike traditional malware, WebSense predicts that many mobile exploits will not only allow malicious parties to view data, but also to use geolocation (via the phone’s GPS) to add a new form of targeted social networking based on the victims location.

The complete report in PDF form can be found here.

 

You can also keep up to date with current trends and technology by visiting Data Centre Talk where we keep you informed on important changes as they occur.

Share on TwitterSubmit to StumbleUpon

First Class Security Without a Platinum Price Tag

When it comes to managing websites, most companies have more than enough on their plate trying to handle their website. Between customer service, security, training, optimization, and more, most companies already overloaded with tasks related to the administration of their websites.

Features Of CloudFlare

Fortunately, a service called CloudFlare provides reasonably priced packages to help website owners secure and optimize their websites. A few of the key features include:  CDN/Caching capabilities, code & script optimization, threat recognition via community intelligence (which helps protect against zero day exploits), streamlined and easy to understand analytics, and an easy to use app system to add additional functionality as needed.

CloudFlare comes in free and professional editions, with an enterprise edition currently in development. For this article, I did my testing using the free edition of CloudFlare, and despite not having the professional capabilities, the service performed very well and compared to many other vendors which nickel and dime clients, I did not feel constrained while using the free plan. Overall the service has an excellent interface which is powerful enough for an IT professional like myself, but it also has helpful tooltips next to virtually every setting so less technical users can have guidance while using the software.

In addition, CloudFlare receives extra praise from me for not plastering the user with ads and banners to upgrade to the professional edition. Unlike the Zynga model of freemium which involves constantly bombarding the user with ads for paid upgrades (I only mention Zynga here as they are known for their in-game ads. I do not mean to compare the services of each), in CloudFlare professional features simply have a “pro” icon next to them, with a upgrade page shown if the user clicks for more information.

Going back to my review, overall, CloudFlare passed my tests with flying colors despite my initial hesitance to use the service on my primary sites owing to my skepticism. The initial configuration simply involved updating my nameservers to the CloudFlare servers. From there, the service automatically recognized my domain settings and asked for confirmation. After that, I simply continued on with my work and checked the control panel 24 hours to see how the service worked.

While there are many features to mention, this review only covers the key features which are applicable to most users.

CloudFlare Analytics

Overall the analytics platform is as easy to use as Google Analytics. Listing key statistics such as threats, bandwidth saved, page requests, search engine crawl stats, and more all on one page, and it allows you to see which areas require the most attention when you first review the data. In addition, CloudFlare classifies the types of threats which were blocked, for example:  spammers, brute force attacks, injections, harvesters, and more all have their own categories so the user can easily differentiate between the severities of the threats.

CloudFlare Security

Moving on to the security capabilities,  CloudFlare acts as a firewall between general traffic and your server via a crowd sourced threat database to help detect traditional threats and zero-day exploits which have not been addressed by traditional security patches. The service also provides website owners an option to inform visitors that their computers are infected, by displaying an error page with a CAPTCHA to access the website as usual and also general information about the situation. In my initial testing on my sites, CloudFlare effectively replaced my usual spam filters with 99.9% accuracy and it also blocked a few suspicious crawlers from indexing parts of my site.

In addition to the added security, CloudFlare also improves site performance through caching and script/code optimization. Essentially “the poor man’s Akami,” CloudFlare markets itself as an alternative to traditional CDNs by caching your publicly available websites across their 13 data centers serving your content from the data center closest to your visitors. In addition, when using the service, your HTML and scripts are compressed using aggressive GZIP compression to improve load times.

As far as scalability goes, while I was skeptical of a free or $20/month service handling high amounts of traffic, a recent case study from CloudFlare discusses how website 2011BlackFridayAds successfully used CloudFlare since September 2011 through the November Black Friday rush by cutting the number of server requests by half a billion, and  saving about 29.3TB of bandwidth. While the study is worth a read, one key point to note is that as CloudFlare currently handles five times the amounts of traffic as Amazon.com, you can be fairly sure that scalability is likely not an issue with CloudFlare.

 

We at DCT would love to hear from you. Do let us know what you think.

Share on TwitterSubmit to StumbleUpon

Cloud Computing Simplified – Picking the Right Plan for Your Needs

Over the past couple of years many web hosts and server professionals have been toting “The Cloud” as a cure all for majority of the IT problems, but for the end user is this all hype or is it real?

How old is “The Cloud”?

Contrary to popular belief, cloud computing has been around since the 1970′s via mainframes which had the ability to scale resources as needed by pooling the resources of multiple systems. Virtual Private Servers which have been offered by webhosts for years are another example of “cloud technology” as they allow customers to scale storage and RAM as needed.

Despite” cloud” being a marketing term without any concrete definition, the technologies has become vital for virtually every IT professional to understand. In particular the two tiers of cloud computing are public and private clouds. At its foundation, the comparison between public and Cloud Computing Simplified, Picking the Right Plan, Data Center, power calculation, cooling system, fewer generator, Green Data Center, datacenter, data center services, data center management, about data centers, internet data centers, datacenter services, datacenter solutions Business continuityprivate clouds is analogous to shared/virtual hosting and plans on dedicated servers. With a public cloud, you are given a segment of resources on hardware which is shared with other clients. In a private cloud, just like a traditional dedicated hosting plan, the service gives the client full access to their own sets of hardware.

Although traditional dedicated plans provide superior levels of security and control when compared to shared hosting, when it comes to cloud plans, public clouds are typically sufficient for majority of the routine hosting needs. The reason for this is because in a public cloud the use of “virtualization” sandboxes each customer from the other users providing them with a much higher level of security compared to traditional shared hosting which is simply a server allowing hundreds (if not thousands) of websites to access the same set of resources.

Cloud Plans

Pricing for cloud services depends heavily on the provider you choose. However, to provide an idea of the pricing gap between public and private clouds,given below is a small pricing sample pulled from Softlayer, which is one of the leading web hosts in the industry.

Base public cloud package:

1 core, 1GB of RAM, and 25GB of local storage – $50/month or $0.10/hour

Base private cloud package:

1 core,  1 GB of RAM, and 100 GB of local storage – $159/month or $0.30/hour

In addition to Soft layer, industry leader Rackspace, has recently released Open Stack which is an open sourced stack for businesses to create their own private clouds using their own hardware. Open Stack has been receiving praise for the fact it does not lock clients into a single vendor, however as the code has not yet been proven for long term use, the decision to adopt the platform has been debatable by many Information Technology professionals primarily in enterprise environments.

Regardless, as Open Stack is free software and since the ecosystem for the platform is very active, the platform will likely be one of the top emerging technologies of 2012 and is therefore a must for any IT pro’s watch list.

Hosting needs handling with Traditional and Cloud Hosting

Going back to the types of hosting plans available to businesses, although cloud plans are newer, many companies utilize both traditional and cloud servers to handle their hosting needs. For example, cloud servers can be used for load balancing, code testing, and usability testing, and so on. By using VPS or Dedicated servers to handle the routine loads and cloud servers to handle specialty and as needed tasks, companies are able to create a better server package specifically geared towards their needs.

Public or Private Cloud

As far as using a public or private cloud, the answer to that depends heavily on your needs. Do you need full control of the hardware? If so, then a private cloud is a must. Regarding security, through virtualization, public clouds are typically much more secure than a traditional shared plan, but a private cloud provides a complete barrier from other clients should something go wrong. In most cases a simple call to your web host will provide you with access to staff devoted to the hosting products, which can therefore provide guidance based on your needs.

 

Our writers strive to keep you informed about the latest trends in the Data Center Industry. Browse through other reviews and articles at Data Center Talk.

Share on TwitterSubmit to StumbleUpon