The last thing IT thinks they would ever outsource to the cloud is identity management. It didn't make sense to me either. But three years ago I didn't think the cloud was secure and I had to give this a bit of a rethink.
Here's how that one went. In the early days of the cloud, the providers were just getting their feet wet and their networks weren't that secure. But cloud providers are dedicated to the business of providing clouds. That means they have people and technology dedicated to securing those clouds. That is their business. A big provider like Amazon might have hundreds of security experts on staff.
Your business, I would argue, is more complicated. You do just as much as, say, Amazon does, but how many dedicated security experts do you have? How many layers of defense do you have?
Identity management follows much the same logic. These providers are dedicated to this mission far more than you are. Think just any schmuck can crack their encryption? Doubt it.
Is IDaaS a no brainer? Certainly not. But it may be worth a look and a lot of tough questions.
Posted by Doug Barney on 09/11/2012 at 12:47 PM1 comments
People have long been afraid to virtualize Exchange. I guess it's something about losing the entire corporate mail system or taking that phone call from an irate CEO (well, he can't e-mail you now, can he?) when he can't get his mail.
The cloud is a different story. If you lose the entire corporate mail system in the cloud, it's someone else's fault. And even Microsoft, through Office 360, now offers cloud e-mail.
There are some decent recent reasons to look at clouding Exchange, my reporting shows, not the least of which is the fact that no fewer than two readers, Dennis Barr and Bob Collins, had good experiences.
Dennis six years ago was looking at upgrading a physical Exchange install and looked at a cloud switch. He avoided the costs of all that hardware, let the service provider handle the hassles of ongoing mailbox growth, and used his free time to focus on things more strategic than e-mailbox administration. You know, frequent readers like Dennis have always struck me as pretty bright guys. Now, we have proof!
Collins, who's lucky enough to work at a country club, has a pretty similar story. For him, it just didn't make sense to install an Exchange server for eight users. With the cloud, he barely has to think about it.
What is your cloud app experience? Share your story by writing [email protected].
Posted by Doug Barney on 08/29/2012 at 12:47 PM6 comments
Google has been in the cloud business for so long I could have sworn they already had an IaaS offering -- you know, pure raw computers with a simple version of some kind of Linux or something you can rent and process to your heart's content.
Google may be late to the game that Amazon and Rackspace basically own, but according to one Infoworld reviewer, Google done good.
The Google service comes with Ubuntu, but they'll give you CentOS upon request. Many of the features are in lockstep with Rackspace and Amazon and here Google touts lower price, which may or may not be true depending on where all your users are and how much ingress and egress you need.
Now for the differences. The pricing is interesting where ingress is free and egress pricing is weighed in favor of teams sharing racks in the same local zones, perhaps encouraging the creation of cloud-based supercomputers used by local teams, the review surmises.
The compute engine has no storage, so if you don't want your data to go "poof!", you'll have to look at Google Cloud SQL or some other storage plan. Another option is to get an SLA and simply trust the 99.95 uptime. Do you feel lucky?
The most unique feature is being able to tap into Google services such as Maps, Places, or Books.
Posted by Doug Barney on 08/29/2012 at 12:47 PM2 comments
File-based storage has been the norm since there were files and there was storage. I tried to find the exact history but came up short. Better historians can fill in the details for us at [email protected].
In any event, when it comes to the cloud, that era may be coming to a close, at least if Caringo has anything to do with it. This cloud storage company thinks an object-based system is the way to go, and that file-based storage is simply not elastic and flexible enough for the cloud.
Caringo builds what it calls software appliances, which should mean they are easy to use and hopefully easy to install. But remember: This is storage. And remember these appliances are built to handle up to petabytes, which is huge.
When you are talking about this kind of volume, and changing the very way you store data, please, whatever you do, don't take my word for it, and don't take this kind of move lightly. Such a switch takes careful research and, if you take the plunge, a good backup plan.
Posted by Doug Barney on 08/21/2012 at 12:47 PM2 comments
The cloud is getting more and more worthy of your applications every day. But that doesn't mean it's perfect and that doesn't mean you should necessarily trust it. I guess the question is, which network is less perfect, the cloud provider's or yours? These are issues Margaret Dawson tackled in Cloud Computing: Panacea or Power Monger on Enterprise Systems Journal. Dawson is a vice president with cloud provider Symform.
You should already understand your network's weaknesses. Now let's look at your provider's presumed shortcomings.
First, many cloud provider networks are highly centralized. They may seem safe and secure with data centers behind locked doors with security guards, but thieves and terrorists are not the threat. Natural disasters may be. If your data is in one big data center, that is a single point of failure. A massive power outage, hurricane, flood could all put your business off line. And it's not just the data center, but the network connections coming to and from the data center that are points of failure.
Cloud providers love to get their calculators out and show you how much you save by getting rid of capital expenses. But operational expenses are real money too, and these add up, especially when hidden costs are involved.
Before we get to vendor hidden costs, there are IT hidden costs. Cloud apps are network intensive. Getting your WAN ready for the cloud can cost serious bucks.
Now let's get to vendor hidden costs. A lot of providers advertise some pretty sweet deals, even offering free services. But like smart phone plans, exceed the limits and you could pay dearly. Before signing on the dotted line, find out what you will realistically use -- that's what you will realistically pay for! Build this and a little buffer into your budget. If the number looks too big, shop around and stick with what you've got.
The cloud is a big change, and once you move it is hard to go back. Ask a lot of questions and make sure of the answers. What does it take to integrate your existing data sets and apps? If you don't like your provider, how do you move to another and what are the penalties?
Learn more from Margaret Dawson's fine piece here.
Posted by Doug Barney on 08/21/2012 at 12:47 PM0 comments
AppFog, a platform as a service offering (PaaS) offering formerly called PHP Fog, now works with Rackspace. New apps can be deployed on Rackspace and if you are not happy with your provider, they can be migrated over as well -- with no change to the code.
AppFog developers now have a host of targets, including Microsoft Windows Azure, HP and Amazon AWS.
Posted by Doug Barney on 08/14/2012 at 12:47 PM6 comments
Only the most optimistic and misguided cloud salesperson would argue that the cloud is ready for every single app today. But let's face it, cloud vendors generally think and argue that their clouds can do more than they really can, reliably, securely and cheaply.
Instead of listening to cloud sales people, trust your instincts, research and years of experience.
Before stepping out on a cloud limb, take a close look at your environment. Pay particular attention to your network. If it's too slow, your cloud apps will be way too slow.
Factor in the costs of boosting the WAN into the overall cost of your cloud apps before deciding if that cloud is worth it.
Now here's the tough talk. Just as every app shouldn't be virtualized (do you think a Wall Street trading floor is running on a bunch of VMs?), not all software should run in the cloud. Print servers handle a lot of documents. Does it make sense for these to traverse a bunch of network hops? Nah.
More and more vendors are promoting identity management over the cloud, arguing that because it is their sole business they can do it more safely than you can. And maybe so. But at least on Windows, authentication can be pretty processor- and network-intensive. And doesn't it already take long enough for Windows to boot and users to get to work?
And lastly there is file access. File systems were built for LANs, not the cloud where the server may be a thousand miles away and be just one of many VMs on a single physical server. Want to wait an eternity every time you need a Word doc or spreadsheet? Neither do I. For now, local may be best.
Posted by Doug Barney on 08/14/2012 at 12:47 PM7 comments
Dedicated SaaS vendors used to say moving to their model was a no-brainer. You'd save on all those infrastructure costs and free IT staffers to do other things (and sometimes wink as those other things were often collecting unemployment). On-premises vendors used to say their model was a no-brainer. You control your infrastructure, it is more secure, and SaaS simply can't perform. And why would you want to pay every month for software you could simply own outright?
That has all changed. On-premises vendors by and large also have SaaS offerings. The choice is no longer a no-brainer.
Given that, it is up to IT to decide in a fair and balanced way. Chris Brenton from Cloud Passages goes through the options, the pluses and minuses. However, since Brenton is from a cloud company, he does err more on the side of SaaS, promoting the fact that SaaS doesn't involve upfront capital expense and remote access isn't limited by a VPN.
On the security front, Brenton gives the nod to on-premises for large shops with talented dedicated security staffs, while smaller shops may find more safety in the cloud.
Posted by Doug Barney on 07/31/2012 at 12:47 PM2 comments
One thing IT always says when objecting to the cloud is lack of control. IT can control the data center, it can't control the cloud. Usually this concerns security -- you can't protect what you can't control. Sometimes it concerns the data itself -- can you trust that it will always be there if you can't trust that the cloud provider will always be there? And there is performance. IT can control performance if it can control the network and define fast channels everywhere.
In each of these cases, cloud providers are great progress. For security, one could argue that a cloud company that's 100 percent dedicated to securing its site would do a better job than your data center that is trying to do twenty things at once.
Most of us, when we move to the cloud, go with large vendors and have backups of all our data somewhere, so there is no fear of it simply going away. And performance, while still an issue, can be dealt with through good WAN planning and by choosing what apps do and do not go on the cloud.
I thought I had all the big stuff settled until Elias Khnaser threw me for a loop. According to Elias we may have one more things to worry about: solar flares. What if one of these puppies takes out the Internet? One of Elias' clients brought up the possibility, so Elias scurried to his PC in search of an answer. Turns out that a flare strong enough to mess up the Internet would mess up everything, including your data center.
Posted by Doug Barney on 07/31/2012 at 12:47 PM0 comments
Microsoft Azure keeps growing into a fuller and fuller cloud platform. The latest addition is what sounds actually like a narrow piece of function, Windows Azure Active Directory with the unfortunate acronym WAAD.
This WAAD, first shown last month in a developer preview, supports directory services such as identity management and will eventually be WAADed up into Azure itself.
New features include the ability to create cloud apps offering single log-on, and a new API that lets apps tap into WAAD data.
Posted by Doug Barney on 07/24/2012 at 12:47 PM5 comments
As CEO of VMware, Paul Maritz led the company into the world of private clouds, transforming a largely hypervisor-driven concern into a true platform player. And for this Maritz was replaced by one of its own, Pat Gelsinger, who served as COO at VMware parent EMC. My guess? EMC wants to exert more control over the largely independent VMware.
Others believe Maritz was replaced because he failed to keep Hyper-V at bay. The Microsoft hypervisor is absolutely on the move.
If anyone tells you that Maritz did a poor job, read them this: First, VMware is making gobs of money, and the latest quarter, announced alongside Maritz's departure, was a stunner, with a record-breaking $1.1 billion in revenue. That's a run rate of moer than $4 billion a year.
More than that, Maritz led a technical charge any geek would be proud of. Under his leadership, the company moved from a company with a hypervisor surrounded by some good management tools to a true platform, one that is arguably the leader not just in virtualized datacenters but in true private cloud creation.
Martitz isn't leaving entirely. He'll be on the board of the directors and serve as chief strategist. Often positions like the latter are just to soothe investors or the feathers of the exec himself. Give it six months and we'll see which is the case with Maritz.
Posted by Doug Barney on 07/24/2012 at 12:47 PM2 comments
I may be naïve, but I find it hard to believe that malware (especially automated malware) in these days of layered protection, can steal millions and millions of dollars from highly successful financial institutions.
But that is precisely the claim of McAfee and Guardian Analytics, who just published a report on the subject that printed loss figures (but didn't name the names of those companies who got hacked).
The malware is based in part on Zeus, and is cleverly (I guess) named High Roller since the companies it steals from have lots of dough.
The hacks are a combination of hands-on hacking and automated pilfering of ongoing financial transactions.
McAfee believes as little as $75 million and as much as $2.5 billion may have been lifted, but with a range this wide, does McAfee really have any clue?
The question 1105 Web Editor Chris Paoli asks is, does the cloud make this kind of hacking that much easier? My hope is it doesn't while my fear is it does.
What is your take on all of this? Is it really still this easy to steal this much money and not get caught? You tell me at [email protected].
Posted by Doug Barney on 07/17/2012 at 12:47 PM6 comments