SSD Cloud Storage Latest Tool in Amazon vs. Google

Amid a battle for cloud supremacy involving alternating price cuts and feature introductions, both Amazon and Google introduced solid-state drive (SSD) storage options for their services this week.

Amazon Web Services (AWS) yesterday announced an SSD-backed storage option for its Amazon Elastic Block Store (Amazon EBS), just one day after Google announced a new SSD persistent disk product for its Google Cloud Platform.

The moves are just the latest in a continuing struggle, as illustrated by research released earlier this month by analyst firm Gartner Inc. showing perennial cloud leader Amazon was being chased by Google and Microsoft in the Infrastructure as a Service (IaaS) market.

In fact, this week's alternating SSD announcements mirrored a surprisingly similar scenario in March, when Google lowered its cloud service prices and AWS followed up the very next day with its own price reduction. (Here's a price comparison conducted by RightScale after the moves, if you're interested.)

One difference in this week's sparring is that Google positioned its SSD product as a high-performance option, while the AWS offering targets general-purpose use, as it already had an existing high-performance service.

Google said its persistent disk product was a response to customers asking for a high input/output operations per second (IOPS) solution for specific use cases. The SSD persistent disks are now in a limited preview (you can apply here) with a default 1TB quota. SSD pricing is $0.325 per gigabyte per month, while standard persistent disk storage (the old-fashioned kind with spinning plates) costs $0.04 per gigabyte per month.

"Compared to standard persistent disks, SSD persistent disks are more expensive per GB and per MB/s of throughput, but are far less expensive per IOPS," Google said. "So, it is best to use standard persistent disks where the limiting factor is space or streaming throughput, and it is best to use SSD persistent disks where the limiting factor is random IOPS." Included in the Google announcement was news of another new product: HTTP load balancing, also in limited preview.

In the AWS announcement the next day, the company introduced a General Purpose (SSD) volume type to join its existing higher-performance Provisioned IOPS (SSD) service and the lower-grade Magnetic (formerly called Standard) volumes. The storage volumes can be attached to the company's Elastic Compute Cloud (EC2) instances.

"The General Purpose (SSD) volumes introduced today are designed to support the vast majority of persistent storage workloads and are the new default Amazon EBS volume," AWS said. "Provisioned IOPS (SSD) volumes are designed for I/O-intensive applications such as large relational or NoSQL databases where performance consistency and low latency are critical."

AWS said the new offering was designed for "five nines" availability and can burst up to 3,000 IOPS, targeting a variety of workloads including personal productivity, small or midsize databases, test/development environments, and boot volumes.

The new AWS EBS product costs $0.10 per gigabyte per month at its Virginia and Oregon datacenters, while the higher-performance Provisioned IOPS (SSD) service costs $0.125 per gigabyte per month. Note that the companies' pricing schemes vary in some details, so listed prices here aren't necessarily directly comparable.

I don't know how AWS has been able to counter its challenger's announcements within 24 hours of release, but I can't wait to see what's next.

Posted by David Ramel on 06/18/2014 at 12:19 PM0 comments


HP Piles On Cisco in New SDN Announcements

Amid vendor squabbling among companies such as VMware and Cisco about competing next-generation data center technologies, HP was up for a little Cisco-bashing of its own when it announced new cloud computing and software-defined networking (SDN) products at this week's HP Discover conference in Las Vegas.

Featured in the many new offerings were: the HP Virtual Cloud Networking SDN Application, an open standards-based network virtualization solution; the HP Helion Self-Service HPC, a private cloud product running on HP's OpenStack-based cloud platform; and the HP FlexFabric 7900 switch series, which supports the OpenFlow standard managed by the Open Networking Foundation (ONF) and the Virtual Extensible LAN (VXLAN) specification originally created by VMware, Arista Networks and Cisco.

In describing various new products, HP exec Kash Shaikh led off a blog post with a reference to Gartner analyst Mark Fabbi's recent disparaging remarks about Cisco's datacenter networking strategy, wherein he said "a reactive vendor isn't a leader."

"We couldn't agree more," said Shaikh, senior director of product and technical marketing. "We announced our complete SDN strategy almost two years back and we have been leading and consistently delivering on this strategy to take you on a journey that doesn’t require forklift upgrades."

HP's technology comparison
[Click on image for larger view.] HP's Technology Comparison (source: Hewlett-Packard Co.)

In case there was any doubt about Shaikh's target, he included a product comparison chart that indicates Cisco's solution requires: "fork-lift upgrade, additional hardware cost ACI/Nexus 9000." He also noted HP "doesn't require specific switch hardware for its cloud-based SDN solution."

Networking powerhouse Cisco has been criticized for an inconsistent approach to the advent of SDN technology, eventually developing its own flavor of the same -- Application Centric Infrastructure (ACI) -- with proprietary components such as Nexus 9000 switches.

Of course, Cisco has been a willing participant in the back-and-forth, with CEO John Chambers recently stating the networking industry was in for a "brutal consolidation" that will see competitors such as HP fail and vowing the company was going to win back customers and "crush" competitors such as VMware.

Anyway, for those interested in speeds and feeds more than snarky sniping, HP's announcements are summarized here:

  • The HP Virtual Cloud Networking SDN application integrates with the HP Virtual Application Networks SDN controller and uses OpenFlow for dynamic deployment of policies on virtual networks such as those using the Open vSwitch implementation and physical networks from HP and others, HP said.

    "VCN [Virtual Cloud Networking] provides a multitenant network virtualization service for KVM and VMware ESX multi-hypervisor datacenter applications, offering organizations both open source as well as proprietary solutions," the company said. "Multitenant isolation is provided by centrally orchestrated VLAN or VXLAN-based virtual networks, operating over standard L2 or L3 datacenter fabrics."

    The SDN application will come out in August with the company's HP Helion OpenStack cloud platform release.

  • The HP Helion Self-Service HPC is designed to make high-performance computing (HPC) resources easier to use through an optimized private cloud.

    "This new solution provides a self-service portal that makes using HPC resources as easy as using a familiar application -- thereby making them accessible for more staff," the company said. "The solution also makes HPC accessible and manageable for organizations by allowing them the choice to manage it themselves or have HP HPC experts implement and manage it for them through a pay-for-use model that lets them stay focused on delivering products and innovation."

  • The HP FlexFabric 7900 switch series, available now with a $55,500 price tag, is described as a compact modular switch targeting virtualized datacenters that supports VXLAN, Network Virtualization using Generic Routing Encapsulation (NVGRE) and OpenFlow. HP said the switch supports open, standards-based programmability via its SDN App Store and SDK. The switch federates HP FlexFabric infrastructure via a VMware NSX virtual overlay. It provides 10GbE, 40GbE and 100GbE interfaces.

HP also made a number of other product announcements, including: new HP Apollo HPC systems; enhanced all-flash HP 3PAR StoreServ and HP StoreOnce Backup applications; an enhanced HP ConvergedSystem for Virtualization platform for IT as a Service; an HP Trusted Network Transformation service to help customers with on-the-go network upgrades; and an HP Datacenter Care Flexible Capacity pay-as-you-go model.

The company said the new offerings "enable a software-defined datacenter that is supported by cloud delivery models and built on a converged infrastructure that spans compute, storage and network technologies."

Shaikh was more pointed in his summary of the market, including one more shot at Cisco. "While some niche vendors only address certain aspects of datacenter and cloud, others are taxing customers with a series of disjointed, proprietary and expensive hardware-defined fork-lift upgrades," he said. "Meanwhile, HP has been leading in software-defined networking since its beginning in 2007 and has the most comprehensive SDN offering."

Posted by David Ramel on 06/11/2014 at 11:41 AM0 comments


New Red Hat Enterprise Linux Release Targets the Cloud

Red Hat's brand-new, major Linux OS enterprise release is all about the cloud.

The company is positioning Red Hat Enterprise Linux 7 (RHEL 7) as going beyond an old-fashioned commodity OS to be instead a next-generation "catalyst for enterprise innovation." It's a redefined tool to help companies transition to a converged datacenter encompassing bare-metal servers, X as a Service offerings and virtual machines (VMs) -- with a focus on open hybrid cloud implementations.

In case there's any doubt about the cloud emphasis, Red Hat used the term 23 times in its announcement yesterday.

"Answering the heterogeneous realities of modern enterprise IT, RHEL 7 offers a cohesive, unified foundation that enables customers to balance modern demands while reaping the benefits of computing innovation, like Linux Containers and Big Data, across physical systems, virtual machines and the cloud -- the open hybrid cloud," the company said.

The New OS
[Click on image for larger view.] The New OS (source: Red Hat Inc.)

New features in the OS -- practically a ubiquitous standard in Fortune 500 datacenters -- include "enhanced application development, delivery, portability and isolation through Linux Containers, including Docker, across physical, virtual, and cloud deployments, as well as development, test, and production environments," the company said.

XFS is the new default file system, with the capability to scale volumes to 500TB. Ext4, the previous default -- now an option -- had been limited to 16TB file systems, which in the new release has been increased to 50TB.

Also included are tools for application runtimes and development, delivery and troubleshooting.

The new release is designed to coexist in heterogeneous environments, as exemplified by cross-realm trust that allows secure access from users on Microsoft Active Directory across Windows and Linux domains.

Other features as listed by Red Hat include:

  • A new boot loader and redesigned graphical installer.
  • The kernel patching utility Technology Preview, which allows users to patch the kernel without rebooting.
  • Innovative infrastructure components such as systemd, a standard for modernizing the management of processes, services, security and other resources.
  • The Docker environment, which allows users to deploy an application as a lightweight and portable container.
  • Built-in performance profiles, tuning and instrumentation for optimized performance and scalability.
  • The OpenLMI project, a common infrastructure for the management of Linux systems.
  • Red Hat Software Collections, which provides a set of dynamic programming languages, database servers and related software.
  • Enhanced application isolation and security enacted through containerization to protect against both unintentional interference and malicious attacks.

A new RHEL edition to be released later -- Atomic Host -- was announced during a virtual keynote presentation (registration required to view on-demand) by Red Hat executive Jim Totton. "It's a lightweight version of the same Red Hat Enterprise Linux operating system, tuned to run in container environments," he said. "So this is a lightweight version of RHEL, but it's the same RHEL as we've been talking about."

Totton also announced Red Hat Enterprise virtualization product technology, where a hypervisor is engineered as part of the RHEL kernel. He said it can provide the virtual datacenter fabric for hosting RHEL as a guest. Totten also highlighted the Red Hat Enterprise Linux OpenStack platform "for really deploying the flexible and agile private cloud and public cloud type of environments."

RHEL 7 got a thumbs-up from Forrester Research analyst Richard Fichera, who wrote that it "continues the progress of the Linux community toward an OS that is fully capable of replacing proprietary RISC/Unix for the vast majority of enterprise workloads. It is apparent, both from the details on RHEL 7 and from perusing the documentation on other distribution providers, that Linux has continued to mature nicely as both a foundation for large scale-out clouds, as well as a strong contender for the kind of enterprise workloads that previously were only comfortable on either RISC/Unix systems or large Microsoft Server systems. In effect, Linux has continued its maturation to the point where its feature set and scalability begin to look like and feel like a top-tier Unix."

Oh, it also works in that cloud thing.

Posted by David Ramel on 06/11/2014 at 11:10 AM0 comments


Study: Cloud Increases Potentially Costly Security Risks

A new report shows IT pros believe using cloud services increases the risk of data breaches that -- with an estimated cost of about $201 per compromised record -- can easily cost victimized companies millions of dollars.

Furthermore, IT and security staffers believe they have little knowledge of the scope of cloud services in use at their companies and are unsure of who is responsible for securing these services, according to a study, "Data Breach: The Cloud Multiplier Effect," conducted by Ponemon Institute LLC for Netskope, a cloud application analytics and policy enforcement company.

Netskope yesterday released the reported first-ever research conducted to estimate the cost of a data breach in the cloud, gathering information from a survey of 613 IT and security professionals. They were asked to estimate the probability of a data breach involving 100,000 or more customer records at their organizations under current circumstances and how the increased use of cloud services would affect that probability. The conclusion, Netskope said, is that increased cloud use could triple the risk of such a data breach.

IT and security pros show little trust in their organizations' security practices.
[Click on image for larger view.] IT and security pros show little trust in their organizations' security practices.
(source: Netskope)

And that breach could be quite expensive for a company, according to the study, which extrapolated the potential cost by using data from a previous Ponemon Institute report released last month, "Cost of a Data Breach." It pegged the cost of each lost or stolen customer record at about $201, meaning a 100,000-customer breach could cost more than $20 million.

"Imagine then if the probability of that data breach were to triple simply because you increased your use of the cloud," said Sanjay Beri, CEO and founder of Netskope. "That's what enterprise IT folks are coming to grips with, and they've started to recognize the need to align their security programs to account for it. The report shows that while there are many enterprise-ready apps available today, the uncertainty from risky apps is stealing the show for IT and security professionals. Rewriting this story requires contextual knowledge about how these apps are being used and an effective way of mitigating risk." That, of course, is what Netskope seeks to sell to customers.

Several factors contribute to the general perception that an organization's high-value intellectual property and customer data are at higher risk in today's typical corporate environment when the use of cloud services increases. For example, respondents said their networks are running cloud services unknown to them, they aren't familiar with cloud service provider security practices and they believe their companies don't pay enough attention to the implementation and monitoring of security programs.

"Cloud security is an oxymoron for many companies," the report stated. "Sixty-two percent of respondents do not agree or are unsure that cloud services are thoroughly vetted before deployment. Sixty-nine percent believe there is a failure to be proactive in assessing information that is too sensitive to be stored in the cloud."

Also worrisome is the percentage of business-critical applications entrusted to the cloud. Survey respondents estimated that about 36 percent of such apps are cloud-based, yet nearly half of them are invisible to IT. Respondents also said 45 percent of all applications are based in the cloud, but IT lacks visibility into half of them.

Similar cloud-related security research conducted earlier by Ponemon Institute indicated that 53 percent of organizations were trusting cloud providers with sensitive data. Only 11 percent of respondents in that survey said they didn't plan on using cloud services in the next couple of years.

According to yesterday's report, respondents also don't seem to trust their cloud service providers much. "Almost three-quarters (72 percent) of respondents believe their cloud service provider would not notify them immediately if they had a data breach involving the loss or theft of their intellectual property or business confidential information, and 71 percent believe they would not receive immediate notification following a breach involving the loss or theft of customer data," the report stated.

Netskope listed the following highlights of the study:

  • Respondents estimate that every 1 percent increase in the use of cloud services will result in a 3 percent higher probability of a data breach. This means that an organization using 100 cloud services would only need to add 25 more to increase the likelihood of a data breach by 75 percent.
  • More than two-thirds (69 percent) of respondents believe that their organization is not proactive in assessing information that is too sensitive to be stored in the cloud.
  • 62 percent of respondents believe the cloud services in use by their organization are not thoroughly vetted for security before deployment.

"We've been tracking the cost of a data breach for years but have never had the opportunity to look at the potential risks and economic impact that might come from cloud in particular," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "It's fascinating that the perceived risk and economic impact is so high when it comes to cloud app usage. We'll be interested to see how these perceptions change over time as the challenge becomes more openly discussed and cloud access and security broker solutions like Netskope become more known to enterprises."

The 26-page report is available in a PDF download after free registration.

Posted by David Ramel on 06/05/2014 at 8:58 AM0 comments


Gartner: Cloud Leader Amazon Chased by Microsoft and Google

For the fifth straight year, Amazon Web Services (AWS) was ranked as the top cloud Infrastructure as a Service (IaaS) vendor in the "magic quadrant" report released by research firm Gartner Inc.

However, it's being chased by Microsoft -- new to the party but coming on strong -- and Google, which made the report for the first time this year.

Gartner's magic quadrant report uses exhaustive research to place vendors in a four-square chart with axes based on "ability to execute" and "completeness of vision." The top-right square contains "leaders" based on cumulative scores. The bottom-left vendors are at the opposite end, "niche players." Top-left is "challengers" and bottom-right is "visionaries." Figure 1 shows the results of the May 2014 report.

Gartner 2014 Magic Quadrant IaaS report
[Click on image for larger view.] Figure 1. Gartner 2014 Magic Quadrant IaaS report
(source: Gartner Inc.)

AWS was again at the top in the leaders square, joined by Microsoft. Last year (in an August report), CSC was the only other company in the leaders square. This year, it changed places with Microsoft, which moved up from the visionaries quadrant. Google debuted on the chart in the No. 3 slot on the vision axis, though it was ranked eighth on the execution axis. Although Google has been offering its App Engine service since 2008, Gartner said it didn't enter the IaaS arena until the December 2013 launch of its Google Compute Engine.

Likewise, Microsoft has been in the cloud business for some time with its Azure service, but the company was considered by Gartner to be in the Platform as a Service (PaaS) market until the April 2013 debut of Azure Infrastructure Services.

VMware was the second vendor to make the chart for the first time in the latest report. The only companies dropped were due to acquisitions: SoftLayer (now IBM); and Saavis and Tier 3 (now both CenturyLink).

The continued dominance of AWS was evident in Gartner's assessment of its strengths. Enjoying a diverse customer base and wide range of use cases, Gartner said AWS "is the overwhelming market share leader, with more than five times the cloud IaaS compute capacity in use than the aggregate total of the other 14 providers in this Magic Quadrant. It is a thought leader; it is extraordinarily innovative, exceptionally agile, and very responsive to the market. It has the richest array of IaaS features and PaaS-like capabilities, and continues to rapidly expand its service offerings. It is the provider most commonly chosen for strategic adoption."

However, the research firm cautioned that the market is still maturing and evolving, and things may not stay the same.

"AWS is beginning to face significant competition -- from Microsoft in the traditional business market, and from Google in the cloud-native market," Gartner said. "So far, it has responded aggressively to price drops by competitors on commodity resources. However, although it is continuously reducing its prices, it does not commodity price services where it has superior capabilities. AWS currently has a multiyear competitive advantage, but is no longer the only fast-moving, innovative, global-class provider in the market."

Here are the quadrant charts from previous years (click on the images to see larger versions):
August 2013
August 2013 (source: Gartner Inc.)
October 2012
October 2012 (source: Gartner Inc.)
December 2011
December 2011 (source: Gartner Inc.)
December 2010
December 2010 (source: Gartner Inc.)

Posted by David Ramel on 06/04/2014 at 6:59 PM0 comments


IBM Unveils Cloud-Based Business Solutions

Fresh on the heels of IBM's offering of mobile, cloud-based Big Data analytics in its cloud marketplace, the company today unveiled new, customized, cloud-based business solutions to provide services such as counter fraud, digital commerce and -- of course -- mobile and analytics.

IBM Cloud Business Solutions are industry-specific, subscription-based packages combining components such as consulting, prebuilt assets, software, support and cloud infrastructure from IBM's Softlayer acquisition. The company said customers pay one up-front fee followed by monthly payments on contracts that average about three years.

"This approach recognizes the mandate for speed and time to value, along with the requirement of clients to personalize business solutions to their own processes and culture and deploy them via the cloud," the company said in a statement. "For example, a healthcare provider could start by moving their existing solutions to the cloud and then add prebuilt IBM assets to counter medical fraud or address a range of additional business priorities. The solution would then be customized with consulting services and support aimed at transforming their business."

The company plans on implementing 20 such solutions, with the 12 initial "X as a Service" offerings including:

  • Customer analytics: Designed to enhance customer relations, this involves helping companies make correct decisions at appropriate times, predicting customer behavior through data analysis and strengthening engagement.
  • Predictive asset optimization: This provides visibility into the health of equipment so companies can plan to deal with hardware failures.
  • Counter fraud: Coming from IBM Research, this is designed to prevent various kinds of fraudulent activities, waste, abuse and errors surrounding data. Analytics are used to inspect a customer's data and internal behavior and use the information to compare the customer with peers to help uncover suspicious activity by detecting anomalies.
  • Customer data: This service aims to improve marketing and planning through the use of analytics about internal and external data sources.
  • Mobile: This will improve engagement with mobile employees, customers and partners by providing business designs, strategies, and models for development, along with managed services to help customers implement Agile and iterative development.
  • Digital commerce: This "allows business leaders to deliver exceptional digital experiences and accelerate time to market for a range of customer engagement solutions from order capture to fulfillment."
Other initial services include: smarter buildings; smarter asset management; marketing management; emergency management; digital environment for adaptive learning; and care coordination.

IBM said these managed services, based on proven assets and patterns, will be available in a private or hybrid cloud setup. Customers can choose to eventually transition the services to in-house products, the company said.

"Our clients view cloud as the catalyst for entirely new business models, not just technology models," said CTO Kelly Chambliss in a statement. "The decision to use cloud to support business priorities is being strongly influenced -- if not entirely determined -- by leaders across the C-suite. IBM Cloud Business Solutions represent the next evolution in high-value business services, in line with the expectations and priorities of our clients. We're providing access to the best IBM has to offer -- from cloud to data analytics -- in a single, simple, highly accessible package."

Posted by David Ramel on 05/29/2014 at 9:44 AM0 comments


Server Reboot Crashes Joyent Cloud

More on this Topic:

You can implement all the security precautions you want, but data center and cloud outages are often just accidents from within, as happened yesterday when an operator's "fat finger" brought down a data center operated by cloud provider Joyent Inc.

"Due to an operator error, all compute nodes in us-east-1 were simultaneously rebooted," the company said in a support notification. The problem was apparently cleared up in about an hour, with the company providing a 6:45 p.m. EDT update that all compute nodes and virtual machines were back online.

The "high-performance cloud infrastructure and Big Data analytics company" operates three data centers in the U.S., including the one that went down in northern Virginia. The others are in the Bay Area and Las Vegas. The company lists nearly 30 corporate customers on its Web site, including ModCloth, Voxer, Wanelo, Quizlet and Digital Chocolate.

"It should go without saying that we're mortified by this," said Joyent CTO Bryan Cantrill in a post on Hacker News. "While the immediate cause was operator error, there are broader systemic issues that allowed a fat finger to take down a data center."

Although the exact duration of the outage wasn't specified, the recovery time was apparently extended more than hoped. "Some compute nodes are already back up, but due to very high load on the control plane, this is taking some time," the initial support notification said.

Cantrill apparently wasn't happy with the recovery process.

"As soon as we reasonably can, we will be providing a full postmortem of this: how this was architecturally possible, what exactly happened, how the system recovered, and what improvements we are/will be making to both the software and to operational procedures to assure that this doesn't happen in the future (and that the recovery is smoother for failure modes of similar scope)," he said in his Hacker News post.

Yesterday's outage wasn't the first experienced by the company, as a Hacker News poster complained that Joyent's server where he hosted some Web sites and mail servers was down for two days in February 2011.

Despite all the attention paid since then to high availability, redundancy and failover systems, notable cloud outages continue to occur. The Joyent outage happened less than two weeks after Adobe System Inc.'s Creative Cloud services were down for about a day because of a database maintenance error, leaving designers unable to access their tools (Adobe had announced the previous year it was discontinuing packaged software or downloaded programs in favor of cloud-only services).

And although neither that incident nor the Joyent outage were as serious as well-publicized security breaches, such as one experienced by Adobe last October when 38 million accounts were compromised -- they continue to frustrate users and damage the reputations of individual cloud providers and the cloud-hosting industry in general.

For example, in February of last year, Microsoft's Azure cloud platform suffered a worldwide storage outage attributed to an expired SSL certificate. Some eight months later, another Azure outage of more than 20 hours was attributed to a system subcomponent.

And just last week, Microsoft experienced a less severe issue in which some customers of its compute cloud service apparently experienced access problems, according to information on the company's Azure Service Dashboard. No causal details were given for the incident, described as a "performance degradation" rather than a service interruption, but it indicates problems of all kinds may be going unreported in mainstream media.

We'll wait to get more details on the Joyent outage and steps that can be taken to prevent such problems, but they will certainly continue. As one commenter on Hacker News said about Cantrill's post: "[Stuff] happens. You deal with it, then do what you can to keep it from happening again."

Then some more stuff happens.

Posted by David Ramel on 05/28/2014 at 9:44 AM0 comments


IBM Offers Mobile, Cloud-Based Big Data Analytics

IBM yesterday targeted four of today's hottest transformative technologies -- cloud, Big Data, social and mobility -- with its new IBM Concert software.

The new offering in the IBM Cloud Marketplace is designed to give more enterprise staffers access to data analytics wherever they might be working, from whatever device they might be using.

At its Vision 2014 conference in Orlando, IBM said the new analytics software "can manage the increasing volume and complexity of processes and tasks, support an increasingly mobile workforce, and emphasize social collaboration as an integral part of decision making.

ALT TEXT HERE
[Click on image for larger view.] IBM Concert in action (source: IBM)

"By accessing this technology in the cloud, business users can now easily view, understand and interact with specific performance insights to more easily determine what actions to take and when," the company continued. "Remote employees can also contribute and update data immediately via mobile devices, improving accuracy and providing real-time planning and forecasting."

The new marketplace item features guided business processes, customized, personalized task lists and other services that users access through a GUI. Users can get data such as critical metrics and key performance indicators (KPIs) over the Web and from a range of mobile devices.

For example, personalized task lists let users see highlighted priorities and step through projects, be alerted to important, time-sensitive tasks and see in-context performance metrics and KPIs with accompanying charts, graphs and tables.

IBM also previewed another upcoming analytic solution, Project Catalyst Insight, also designed to give data analysis capabilities to more users. The project -- deemed a "pretty amazing data scientist in a box" by one Twitter user -- seeks a more automated approach.

"Catalyst Insight automatically builds predictive models and presents those results as interactive visuals with plain-language descriptions," the company said. "Using Catalyst Insight, a marketing manager could use advanced analytics to better understand the drivers of marketing campaign effectiveness without having to wait for a data scientist to prepare the information, develop predictive models and interpret the results."

In yet another announcement, IBM said its OpenPages enterprise software family for risk and compliance management is available on its SoftLayer cloud infrastructure as a managed service.

"OpenPages allows businesses to develop a comprehensive compliance and risk management strategy across a variety of domains including operational risk, financial controls management, IT risk, compliance and internal audits," the company said.

Both Catalyst Insight and OpenPages will be featured among more than 100 other Software as a Service products supported by SoftLayer Technologies Inc., the company's cloud foundation.

IBM said interested users can request a price quote for the IBM Concert offering.

Posted by David Ramel on 05/21/2014 at 9:44 AM0 comments


Canonical Unveils Cloud-in-a-Box OpenStack Training Aid

Halloween is a ways off, but the new Orange Box from Canonical Ltd. looks like a tasty treat for users wanting a quick, easy way to get started tinkering with OpenStack cloud infrastructure and Ubuntu.

Encased in a ruggedized black flight-case frame with built-in handles, the bright orange cloud-in-a-box made some waves at the recent OpenStack Summit in Atlanta when introduced by Canonical, the steward of the popular Ubuntu Linux OS distribution.

The Orange Box
The Orange Box (source: Canonical Ltd.)

OpenStack is open source software for building private and public clouds, providing an OS to handle compute, networking and storage in the cloud.

The Orange Box is meant to be a learning aid for users getting instruction on OpenStack and other technologies through the Ubuntu Jumpstart training program.

"We are delighted to introduce a new delivery mechanism for Jumpstarts, leveraging the innovative Orange Box," the company said. "We’'ll deliver an Orange Box to your office, and work with you for two days, learning the ins and outs of Ubuntu, MAAS, Juju, Landscape, and OpenStack, safely within the confines of an Orange Box and without disrupting your production networks.

"You get to keep the box for two weeks and carry out your own testing, experimentation, and exploration of Ubuntu’'s rich ecosystem of cloud tools. We will join you again, a couple of weeks later, to review what you learned and discuss scaling these tools into your own datacenter, onto your own enterprise hardware."

The 37 lb. box -- or "mobile cluster" -- comes with Ubuntu 14.04 LTS, Metal as a Service (MaaS) and Juju, the service orchestration tool. The box comes with 16GB of DDR RAM, 10 four-core nodes and 120GB of SSD storage. It features an Intel i5-3427U CPU, an Intel HD4000 GPU and an Intel Gigabit network interface card (NIC). Four nodes include more SSD storage and one includes Intel Wi-Fi and a 2TB hard drive.

The appliance, built by Tranquil PC, can deploy OpenStack, Cloud Foundry and Hadoop workloads.

Canonical said the unit could be set up in a conference room to let curious systems administrators and engineers get training from experts in a private sandbox without disrupting operations. They can try different storage alternatives, practice scaling and build and destroy environments as needed.

Beyond the initial two-day Jumpstart training, customers can use the Orange Box for two weeks at a cost of $10,000. Interested users were advised to contact Canonical for more details.

Posted by David Ramel on 05/21/2014 at 9:44 AM0 comments


Report: Responsibility for Cloud Security Depends on Type of Service

Who is responsible for protecting sensitive or confidential data transferred to the cloud -- the provider or the consumer?

According to a recent survey of 4,275 business and IT managers around the globe, the answer to that question depends on the type of service, be it Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS).

"In a SaaS environment, more than half view the cloud provider as being primarily responsible for security and less than a quarter view cloud consumers as being primarily responsible," states the third annual Trends in Cloud Encryption Study. "Only 19 percent see this as a shared responsibility.

"In contrast, nearly half of users of IaaS/PaaS environments for sensitive data view security as a shared responsibility between the user and provider of cloud services. Only 22 percent see this as the sole responsibility of the cloud provider."

The report was commissioned by Thales e-Security and conducted independently by Ponemon Institute LLC, which surveyed companies in the United States, United Kingdom, Germany, France, Australia, Japan, Brazil and Russia.

Protecting data at rest
[Click on image for larger view.] Protecting data at rest in the cloud
(source: Thales e-Security)

The research indicated slow growth in the number of organizations transferring sensitive data to cloud providers -- 53 percent in 2013 as opposed to 49 percent in 2011 -- and in those planning to do so in the next couple of years -- 36 percent compared to 33 percent in 2011. Only 11 percent of respondents do not plan on using any cloud services in the next couple of years, down from 19 percent in 2011.

Three-year trend analysis also shows some growth in the percentage of respondents who know the steps taken by cloud service providers to protect their data. Consolidated results show 35 percent of respondents claimed to know this information, compared to 33 percent in 2012 and 29 percent in 2011.

Meanwhile, fewer respondents believe the cloud has decreased their security posture, with 34 percent answering in the affirmative compared with 35 percent in 2012 and 39 percent in 2011.

Other questions answered in the report, free for download with registration, include:

  • Do organizations have the ability to safeguard sensitive or confidential data before or after it is transferred to the cloud?
  • Do respondents believe their cloud providers have the ability to safeguard sensitive or confidential data within the cloud?
  • Where is encryption applied to protect data that is transferred to the cloud?
  • Who manages encryption keys when sensitive and confidential data is transferred to the cloud?

"In our research we consider how encryption is used to ensure sensitive or confidential data is kept safe and secure when transferred to external-based cloud service providers," the report's executive summary stated. "We believe these findings are important because they demonstrate the relationship between encryption and the preservation of a strong security posture in the cloud environment. As shown in this research, organizations with a relatively strong security posture are more likely to transfer sensitive or confidential information to the cloud. In addition, they are more likely to encrypt data at rest in the cloud ecosystem."

Posted by David Ramel on 05/14/2014 at 9:44 AM0 comments


OpenStack Offers One-Stop Shop for Cloud Resources

The OpenStack Foundation this week unveiled a one-stop shop for organizations interested in learning about and getting started with the free, open source software for building clouds.

The OpenStack Marketplace opened Monday during the OpenStack Summit conference in Atlanta, featuring vendor offerings in Public Clouds; Distributions and Appliances; Training; Consulting and Systems Integrators; and Drivers.

OpenStack Marketplace public cloud services
[Click on image for larger view.] OpenStack Marketplace public cloud services
(source: OpenStack Foundation)

Within those categories, users can explore products and services that best suit their business requirements.

For example, under the Public Clouds category, a Google-powered map shows the number of Infrastructure-as-a-Service (IaaS) offerings available in different regions of the world, accompanied by a list of vendors, such as HP, Rackspace, Internap and several more. Each listing contains a capsule description of the cloud service with a link to explore more details, including OpenStack services offered and their respective versions -- such as Havana -- along with pricing options, supported hypervisors and OSes, data center locations, API coverage and more.

Under the Training tab, actually in operation since last September, more than 250 classes have been listed. Summaries of training opportunities are provided, along with upcoming dates of courses, locations, the level of instruction and more. A separate section shows a consolidated list of upcoming classes.

Marketplace users have the option to read and submit reviews of the services.

The OpenStack OS
[Click on image for larger view.] The OpenStack OS
(source: OpenStack Foundation)

The foundation said all featured vendors are vetted to ensure they meet technical requirements and are transparent about information such as the OpenStack versions supported and the capabilities of their services.

A key part of its mission, the foundation said, is to inform users about the growing OpenStack ecosystem and "cut through the noise" to give users facts and help them make decisions about services to use.

"How to get started with OpenStack is one of the most common questions we receive," said Mark Collier, chief operating officer of the OpenStack Foundation, in a statement. "The answer is that there are many ways to consume OpenStack, whether they are building a cloud, looking to use one by the hour or pursuing a hybrid model. The marketplace is intended to help users make sense of the paths to adoption and find the right mix of products, services and community resources to achieve their goals."

The foundation said it's enacting testing requirements to validate OpenStack technical capabilities and later this year will publish test results on the marketplace.

OpenStack, operating under Apache License 2.0, features many related projects for controlling pools of processing, storage and networking resources in a data center, managed through a dashboard, command-line tools or a RESTful API. It seeks to help organizations quickly launch new products, add features and improve systems internally with open products and services, avoiding technology lock-in. The foundation has more than 16,000 individual members and some 350 organizations supporting it in 138 countries.

It operates with a six-month release cycle that includes frequent development milestones. Icehouse, the most recent stable release, was made available April 17.

Vendors interested in being featured in the marketplace were invited to check out the branding programs.

Posted by David Ramel on 05/14/2014 at 9:44 AM0 comments


Report: Exploding Use of Cloud Services Raises Security Risks

A report released today by Skyhigh Networks paints a scary picture of the exploding cloud services space, with rising security risks, huge exposure to malware, too much Windows XP use and no safe haven in Europe for companies concerned about government spying.

The quarterly "Skyhigh Cloud Adoption and Risk Report" from the Cupertino, Calif.-based "cloud visibility and enablement company" collates data from more than 8.3 million users in more than 250 companies. It's the third report since the series started last fall.

The number of cloud services in use since last quarter increased 33 percent, from 2,675 to 3,571. On average, organizations used 759 cloud services, compared with 626 last quarter, a 21 percent increase.

Cloud service enterprise security risk factors
[Click on image for larger view.] Cloud service enterprise security risk factors
(source: Skyhigh Networks)

But while more cloud services are being used, the percentage of those deemed "enterprise ready" from a security perspective decreased from 11 percent to 7 percent. Enterprise-ready companies meet "the most stringent requirements for data protection, identity verification, service security, business practices and legal protection," according to the company. The decrease in enterprise-ready organizations "suggests that a majority of new cloud services used by employees are exposing organizations to risk," the company said.

The risk of each service is rated with the company's CloudTrust Program, which takes into account more than 50 attributes of risk in the categories of users and devices, services, business and legal.

Skyhigh Networks said a notable security risk is the fragmented use of cloud services, with organizations on average subscribing to 24 file sharing services and 91 collaboration services. "This not only impedes collaboration and leads to employee frustration, but also results in greater risk since 60 percent of the file sharing services used are high risk services," the report stated.

Of the top 10 file sharing services, only one, Box, was deemed enterprise ready. Services such as Dropbox and Google Drive were rated at a medium risk, while high-risk services included Yandex.Disk, 4shared and Solidfiles.

In the collaboration category, Skyhigh rated Microsoft's Office 365 and Cisco WebEx as enterprise ready, while AOL was the lone high-risk service. Services such as Google's Gmail, Google Docs and Google Drive were medium risk, along with Microsoft services Skype and Yammer, among others.

Of all the services reported, the top 10 were:

  1. Facebook
  2. Amazon Web Services
  3. Twitter
  4. YouTube
  5. Salesforce
  6. LinkedIn
  7. Gmail
  8. Office 365
  9. Google Docs
  10. Dropbox

The report stated that 18 percent of companies surveyed were using at least 1,000 devices running Windows XP, which lost official support -- and security updates and patches -- from Microsoft last month. Some 90 percent of the cloud services accessed by Windows XP were rated as medium or high risk.

On the positive side of things, a surprising vulnerability to the Heartbleed bug found in the open source OpenSSL cryptography library was reported early in April -- with one-third of cloud services in use being exposed to the bug-- but remediation steps taken by cloud services providers quickly brought that down to less than 1 percent later in the month.

But other security scares remained in full effect. "The malware problem is alive and well, as 29 percent of organizations had anomalous cloud access indicative of malware," the company said. "In addition, 16 percent of organizations had anomalous cloud access to services that store business critical data, introducing an even higher level of risk."

Finally, a last warning highlighted by Skyhigh relates to U.S. companies' concerns about government spying, with the National Security Agency revelations still in the news. "Given the concerns around the U.S. Patriot Act and U.S. government-issued blind subpoenas, there is a growing school of thought advocating the use of cloud services headquartered in privacy-friendly countries (that is, the European Union)," the company said. "However, 9 percent of cloud services headquartered in the EU are high risk, compared to only 5 percent of cloud services headquartered in the U.S. So, while EU-based cloud services provide protection from the U.S. Patriot Act, they do expose organizations to greater security risks."

The Skyhigh report gathered data from 10 vertical industries: education, financial services, health care, high tech, media, oil and gas, manufacturing, retail, services and utilities.

"With this report, we uncovered trends beyond the presence of shadow IT in the enterprise," said CEO Rajiv Gupta. "We provide real data around cloud usage, adoption of enterprise-ready services, the category of services demanded by employees, as well as malware and other vulnerabilities from these cloud services. It’s this type of data and analysis that CIOs use to maximize the value of cloud services and help drive an organized, productive, and safe movement to the cloud."

Posted by David Ramel on 05/07/2014 at 2:18 PM0 comments


Virtualization Review

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.