MacVittie
There are 910 entries for the tag MacVittie
We tend to assume characteristics upon hearing the term #mobile. We probably shouldn’t… There are – according to about a bazillion studies - 4 billion mobile devices in use around the globe. It is interesting to note that nearly everyone who notes this statistic and then attempts to break it down into useful data (usually for marketing) that they almost always do so based on OS or device type – but never, ever, ever based on connectivity. Consider the breakdown offered by W3C for October 2011. Device type is the chosen...
Is it Linux? Is it third-party? Is it proprietary? Isn’t #vcmp just a #virtualization platform? Just what is inside an F5 BIG-IP that makes it go vroom? Over the years I’ve seen some pretty wild claims about what, exactly, is “inside” a BIG-IP that makes it go. I’ve read articles that claim it’s Linux, that it’s based on Linux, that it’s voodoo magic. I’ve heard competitors make up information about just about every F5 technology – TMOS, vCMP, iRules – that enables a BIG-IP to do what it does. There are two sources of...
#infosec #adcfw #cloud Alternate title: How to take out an entire PaaS cloud with one vulnerability Apache Killer. Post of Doom. What do these two vulnerabilities have in common? Right, they’re platform-based vulnerabilities. Meaning they are vulnerabilities peculiar to the web or application server platform upon which applications are deployed. Mitigations for such vulnerabilities generally point to changes in configuration of the platform – limit post size, header value sizes, turn off some value in the associated configuration. But they also have something else in common – risk. And not just risk...
The reaction in IT when there’s something wrong with a core router is to avoid disruption and its associated costs to the business. The reaction in IT when a user has problems is to embrace disruption and its associated costs to the business. ...
#VDI #quasar #mobile The proliferation of mobile devices is pushing VDI closer to being “the solution” of the year to resolve the increasing complexity – and costs – associated with consumerization. Considering the innate differences between just the two most popular mobile operating systems – Android and iOS – gives rise to understanding how costly and complex an infrastructure might need to be to support both. It’s not at all unlike the issues with server virtualization. Management and delivery architectures require different solutions depending on the platform, so despite potentially costly investments to scale, organizations are often staying...
I get by with a little help from my friends… While cloud and virtualization primarily focus on improving the provisioning process, there is a lot more to managing a data center and its critical components than just deployment. There’s upgrades – both software and hardware – and migration to new solutions as well as tweaking knobs and buttons to optimize and troubleshoot issues. While public cloud computing may alleviate much of the pain associated with forward movement, private and hybrid environments as well as traditional data center models must face the reality of dealing with these...
It’s about operational efficiency and consistency, emulated in the cloud by an API to create the appearance of a converged platform In most cases, the use of the term “consolidation” implies the aggregation (and subsequently elimination) of like devices. Application delivery consolidation, for example, is used to describe a process of scaling up infrastructure that often occurs during upgrade cycles. Many little boxes are exchanged for a few larger ones as a means to simplify the architecture and reduce the overall costs (hard and soft) associated with delivering applications. Consolidation. But cloud has opened (or should...
#fasterapp #ccevent While web applications aren’t sensitive to jitter, business processes are. One of the benefits of web applications is that they are generally transported via TCP, which is a connection-oriented protocol designed to assure delivery. TCP has a variety of native mechanisms through which delivery issues can be addressed – from window sizes to selective acks to idle time specification to ramp up parameters. All these technical knobs and buttons serve as a way for operators and administrators to tweak the protocol, often at run time, to ensure the exchange of requests and responses upon...
#adcfw #infosec F5 is changing the game on security by unifying it at the application and service delivery layer. Over the past few years we’ve seen firewalls fail repeatedly. We’ve seen business disrupted, security thwarted, and reputations damaged by the failure of the very devices meant to prevent such catastrophes from happening. These failures have been caused by a change in tactics from invaders who seek no longer to find away through or over the walls, but who simply batter it down instead. A combination of traditional attacks – network-layer – and modern attacks – application-layer – have...
#mobile #vdi #IPv6 In the case of technology – as with mythology - the whole is often greater (and more challenging) than the sum of its parts. The chimera is a mythological beast of scary proportions. Not only is it fairly large, but it’s also got three, independent heads – traditionally a lion, a goat, and a snake. Some variations on this theme exist, but the basic principle remains: it’s a three-headed, angry beast that should not be taken lightly should one encounter it in the hallway. Individually, one might have a strategy to...
#mobile #fasterapp #ccevent Today, at least. Tomorrow, who knows? Some have tried to distinguish between “mobile cloud” and “cloud” by claiming the former is the use of the web browser on a mobile device to access services while the latter uses device-native applications. Like all things cloud, the marketing fluff is purposefully obfuscating and sweeping under the rug the technology required to make things work for consumers, whether those consumers be your kids or IT professionals. Infrastructure is not eliminated when organizations take to the cloud nor do the constraints of web-based protocols and methodologies become...
#adcfw #RSAC #infosec The focus on bandwidth and traffic continue to distract from the real problems with traditional inbound protections … The past year brought us many stories focusing on successful attacks on organizations for a wide variety of reasons. Why an organization was targeted was not nearly as important as the result: failure to prevent an outage. While the volume of traffic often seen by these organizations was in itself impressive, it was not the always the volume of traffic that led to the outage, but rather what that traffic was designed to do: consume resources. ...
#adcfw
Normal
0
false
false
false
EN-US
X-NONE
X-NONE
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
#RSAC Attackers have outflanked your security infrastructure
Many are familiar with the name of the legendary Alexander the Great, if not the specific battles in which he fought. And even those familiar with his many victorious conquests are not so familiar with his contributions to his father’s battles in which he certainly honed the tactical and strategic expertise that led to his conquest of the “known” world.
In 339 BC, for example, then Macedonian King Phillip II – the father of Alexander the Great – became engaged in a battle...
#mobileThe expansive options consumers revel in creates an identity crisis for IT that is best resolved via context-aware mobile mediation. Back in the days of the browser wars, when standards were still largely ignored and the battle for the desktop was highly competitive, developers had to make choices and compromises. They could either write extensive client-side scripts to detect the user’s browser and address the peculiarities of that environment or they could simply ignore them with a disclaimer that “this site (works best when viewed in | was written for) browser X.” As time...
#mobile #vdi #infosec Scale and flexibility make SSL VPN an important part of any corporate remote access strategy You might have noticed a couple of news items from F5 this week that appeared related. If you noticed you were right, they are. First, we were very excited to announce recognition of our hard work on our SSL VPN solutions: F5 Positioned in Leaders Quadrant of SSL VPN Magic Quadrant. Second, we were even more excited to announce adding industry-leading support for Android’s 4.x OS, enhancing its SSL VPN capabilities. Why would be...
#adcfw
Normal
0
false
false
false
EN-US
X-NONE
X-NONE
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
#RSAC Traditional strategy segregates delivery from security. Traditional strategy is doing it wrong…
Everyone, I’m sure, has had the experience of calling customer service. First you get the automated system, which often asks for your account number. You know, to direct you to the right place and “serve you better.” Everyone has also likely been exasperated when the first question asked by a customer service representative upon being connected to a real live person is … “May I have your account number, please?”
It’s frustrating and, for everyone involved, it’s...
#fasterapp #cceventThey’re written for readability, for integration, for business function, and for long-term maintenance… When I was first entering IT I had the good (or bad, depending on how you look at it) fortune to be involved in some of the first Internet-facing projects at a global transportation organization. We made mistakes and learned lessons and eventually got down to the business of architecting a framework that would span the entire IT portfolio. One of the lessons I learned early on was that maintainability always won over performance, especially at the code level. Oh, some basic...
#fasterapp #ccevent WAN optimization is not and cannot be separated from application delivery Yes, yes I did say that. There's a reason for that, and after more than a decade of watching the markets that tangentially revolve around making applications faster I'm here to tell you it's a failure of monumental proportions. The very term WAN Optimization has always stuck in my craw (whatever and wherever that may be). That's because optimizing the WAN implies that you're making the WAN faster. The problem is that a WAN is either a dedicated link between two locations (old...
#infosec #DNS #v11 DNS is like your mom, remember? Sometimes she knows better. Generally speaking, blackhole routing is a problem, not a solution. A route to nowhere is not exactly a good thing, after all. But in some cases it’s an approved and even recommended solution, usually implemented as a means to filter out bad packets at the routing level that might be malformed or are otherwise dangerous to pass around inside the data center. This technique is also used at the DNS layer as a means to prevent responding to queries with known infected or...
#fasterapp If you know these three axioms, then you’ll know application delivery when you see it. Like most technology jargon, there are certain terms and phrases that end up mangled, conflated, and generally misapplied as they gain traction in the wider market. Cloud is merely the latest incarnation of this phenomenon, and there will be others in the future. Guaranteed. Of late the term “application delivery” has been creeping up into the vernacular. That could be because cloud has pushed it to the fore, necessarily. Cloud purports to eliminate the “concern” of...
It’s like unicorns…and rainbows! #mobile Mark my words, the term “mobile” is the noun (or is it a verb? Depends on the context, doesn’t it?) that will replace “cloud” as the most used and abused and misapplied term in technology in the coming year. If I was to find a pitch in my inbox that did not someway invoke the term “mobile” I’d be surprised. The latest one to catch my eye was pitching a survey on the “mobile cloud”. The idea, apparently, around this pitch involving “mobile cloud” is the miraculous capability bestowed upon cloud...
#bigdata #infosec Storing sensitive data in the cloud is made more palatable by applying a little security before the data leaves the building… When corporate hardware, usually laptops, are stolen, one of the first questions asked by information security professionals is whether or not the data on the drive was encrypted. While encryption of data is certainly not a panacea, it’s a major deterrent to those who would engage in the practice of stealing data for dollars. Many organizations are aware of this and use encryption judiciously when data is at rest in the data center...
#adcfw The reason bars place bouncers at the door is because it’s easier and less riskier to prevent entry than to root out later No one ever said choosing a career in IT was going to be easy, but no one said it had to be so hard you’d be banging your head on the desk, either. One of the reasons IT practitioners end up with large, red welts on their foreheads is because data centers tend to become more, not less, complex and along with complexity comes operational risk. Security, performance, availability. These three inseparable issues often...
The shift of focus from north-south to east-west networking isn’t just inside the data center, it’s a global phenomenon It’s called “east-west” networking, which when compared to its predecessor, “north-south” networking, evinces images of maelstroms and hurricane winds and tsunamis for some reason. It could be the subtle correlation between the transformative shift this change in networking patterns has on the data center with that of El Niño’s transformative power upon the weather patterns across the globe. Traditionally, data center networks have focused on North-South network traffic. The assumption is that clients on...
Scaling MySQL just got a whole lot easier load balancing MySQL – any database, really – is not a trivial task. Generally speaking one does not simply round robin your way through a cluster of MySQL databases as a means to achieve scalability. It is databases, in fact, that have driven a wide variety of scalability patterns such as sharding and partitioning to achieve the ultimate goal of high-performance and scalability simultaneously. Unfortunately, most folks don’t architect their applications with scalability in mind. A single database is all that’s necessary at first, and because of the...
Stateless infrastructure and highly dynamic networks may eliminate this issue. There is great awareness in both consumer and corporate culture with respect to data and second-hand markets. We know that data stored on devices of all shapes and sizes can be a potential source of sensitive information loss if not carefully eliminated before sale or disposal. But consider, too, the potential value of picking up a second-hand switch or router from e-Bay that has not been carefully wiped of all configuration data. ACLs, routing tables, VLANs, comments. These configuration details are often left on infrastructure even...
Understanding web #acceleration techniques and when to apply them We’ve already discussed the difference between acceleration and optimization, so now it’s time to quickly dig into the difference between the two major types of acceleration: WPO (Web Performance Optimization) and FEO (Front End Optimization). The difference is important because each technique is effective at addressing different performance bottlenecks, and obviously applying the wrong solution to the problem will not provide the desired results, i.e. fast, fast, fast web applications. WPO focuses on content delivery, which means it applies different optimization techniques to counter poorly...
Domain sharding is a well-known practice to improve application performance – and you can implement automatically without modifying your applications today. If you’re a web developer, especially one that deals with AJAX or is responsible for page optimization (aka “Make It Faster or Else”), then you’re likely familiar with the technique of domain sharding, if not the specific terminology. For those who aren’t familiar with the technique (or the term), domain sharding is a well-known practice used to trick browsers into opening many more connections with a server than is allowed by default. This...
In a service-focused, platform-based infrastructure offering, the form factor is irrelevant. One of the most difficult aspects of cloud, virtualization, and the rise of platform-oriented data centers is the separation of services from their implementation. This is SOA applied to infrastructure, and it is for some reason a foreign concept to most operational IT folks – with the sometimes exception of developers. But sometimes even developers are challenged by the notion, especially when it begins to include network hardware. ARE YOU SERIOUSLY? The headline read: WAN Optimization Hardware versus WAN Optimization Services. I read...
#devops An ecosystem-based data center approach means accepting the constancy of change… It is an interesting fact of life for aquarists that the term “stable” does not actually mean a lack of change. On the contrary, it means that the core system is maintaining equilibrium at a constant rate. That is, the change is controlled and managed automatically either by the system itself or through the use of mechanical and chemical assistance. Sometimes, those systems need modifications or break (usually when you’re away from home and don’t know it and couldn’t do anything about it if you...
#devops It’s a simple equation, but one that is easily overlooked. Most folks recall, I’m sure, the Pythagorean Theorem. If you don’t, what’s really important about the theorem is that any side of a right triangle can be computed if you know the other sides by using the simple formula a2 + b2 = c2. The really important thing about the theorem is that it clearly illustrates the relationship between three different pieces of a single entity. The lengths of the legs and hypotenuse of a triangle are intimately related; variations in one impact...
Why a full-proxy architecture is important to both infrastructure and data centers.
In the early days of load balancing and application delivery there was a lot of confusion about proxy-based architectures and in particular the definition of a full-proxy architecture. Understanding what a full-proxy is will be increasingly important as we continue to re-architect the data center to support a more mobile, virtualized infrastructure in the quest to realize IT as a Service.
THE FULL-PROXY PLATFORM
The reason there is a distinction made between “proxy” and “full-proxy” stems from the handling of connections as they flow through the device. All proxies...
There’s a significant difference between a platform and a product, especially when it comes to architecting a dynamic data center In the course of nearly a thousand blogs it’s quite likely you’ve seen BIG-IP referenced as a platform, and almost never as a product. There’s a reason for that, and it’s one that is increasingly becoming important as organizations begin to look at some major transformations to their data center architecture. It’s not that BIG-IP isn’t a product. Ultimately, of course, it is in the traditional sense of the word. But it’s also a...
Arises the fourth data center architecture tier – application delivery. The battle of efficiency versus economy continues in the division of the cloud market between public and private environments. Public cloud proponents argue, correctly, that private cloud simply does not offer the same economy of scale as that of public cloud. But that only matters if economy of scale is more important than the efficiency gains realized through any kind of cloud computing implementation. Cloud for most organizations has been recognized as transformational not necessarily in where the data center lives, but rather...
Who is most responsible for determining the adequacy of security in the cloud in your organization?
Dome9, whom you may recall is a security management-as-a-service solution that aims to take the complexity out of managing administrative access to cloud-deployed servers, recently commissioned research on the subject of cloud computing and security from the Ponemon Institute and came up with some interesting results that indicate cloud chaos isn’t confined to just its definition.
The research, conducted this fall and focusing on the perceptions and practices of IT security practitioners, indicated that 54% of respondents felt IT operations and infrastructure personnel...
New survey shows firewalls falling to application and network DDoS with alarming frequency…
With the increasing frequency of successful DDoS attacks there has come a few studies focusing on organizational security posture – readiness, awareness, and incident rate as well as costs of successful attacks.
When Applied Research conducted a study this fall on the topic, it came with some expected results but also uncovered some disturbing news – firewalls fail. Often. More often, in fact, than we might like to acknowledge. That’s troubling because it necessarily corresponds to the success rate of attacks and, interestingly, the...
Hint: The answer lies in being aware of the entire application context and a little pre-planning Thanks to the maturity of load balancing services and technology, dynamically scaling applications in pre-cloud and cloud computing environments is a fairly simple task. But doing it right – in a way that maintains performance while maximizing resources and minimizing costs well, that is not so trivial a task unless you have the right tools. SCALABILITY RECAP Before we can explain how to do it right, we have to dig into the basics of how scalability (and...
#HTML5 Web Sockets are poised to completely change scalability models … again. Using Web Sockets instead of XMLHTTPRequest and AJAX polling methods will dramatically reduce the number of connections required by servers and thus has a positive impact on performance. But that reliance on a single connection also changes the scalability game, at least in terms of architecture. Here comes the (computer) science… If you aren’t familiar with what is sure to be a disruptive web technology you should be. Web Sockets, while not broadly in use (it is only a specification, and a...
Being too quick to shout “cloud” when the solution may be found elsewhere can lead to unintended consequences. As with all technology caught up in the hype cycle, cloud computing is often attributed with being “the solution” to problems irrespective of reality. Cloud is suddenly endowed with supernatural powers, able to solve every business and operational challenge merely by being what it is. Take, for example, the attribution of cloud as being “the solution” to the very real issue of severe snow in the UK. Cloud solutions can...
#infosec #apt Advanced persistent threats are the new black in security. A more context-aware architecture may help avoid compromise and the ensuing ambush. Meet the new attack, same as the old attack. That’s because it is an old attack. Really. It’s an attack that’s already been executed, the results of which have lain dormant waiting for the highest bidder to lease it out. Advanced persistent threats or APT are not new, but because of their longevity are only beginning to receive the attention they deserve. An APT is so named because the exploit mechanism is deposited long before...
Cloud needs to become a platform, and that means its comprising infrastructure must also embrace the platform paradigm. There’s been a spate of articles, blogs, and mentions of OpenFlow in the past few months. IBM was the latest entry into the OpenFlow game, releasing an enabling RackSwitch G8264, an update of a 64-port, 10 Gigabit Ethernet switch IBM put out a year ago. Interest in the specification appears to be growing and not just because it’s got the prefix-du-jour as part of its name, implying everything to everyone – free, extensible, interoperable, etc… While all those modifiers are...
The THC #SSL #DoS tool exploits the rapid resource consumption nature of the handshake required to establish a secure session using SSL.
A new attack tool was announced this week and continues to follow in the footsteps of resource exhaustion as a means to achieve a DoS against target sites.
Recent trends in attacks show an increasing interest in maximizing effect while minimizing effort. This means a move away from traditional denial of service attacks that focus on overwhelming sites with traffic and toward attacks that focus on rapidly consuming resources, instead. Both have the same ultimate goal: overwhelming infrastructure,...
Infrastructure architecture is often the answer to many of IT’s most challenging issues. It is a fact of IT that different businesses have different technical requirements in terms of security, processing, performance, and even storage. In many organizations, particularly those that transport sensitive personal or financial information, end-to-end encryption is a must. At first glance this seems to be a fairly simple thing – enable a secure transport from client to server and vice-versa and voila! But further exploration reveals that this isn’t the case, primarily because it’s never a straight shot between the client and the server...
Let’s ignore the business for a moment. Why should IT be excited about IT as a Service? The focus of IT as a Service (ITaaS) is generally on the value it would provide with respect to self-service provisioning for both business and IT customers alike. But let’s ignore the business for a moment, shall we? Let’s get downright selfish and consider what benefits there are to IT in implementing IT as a Service. The big exciting thing about IT as a Service for IT folks is how it enables less-disruptive change. Less-disruptive means less work, less...
An architectural solution to the challenge of IP-address dependency. A rarely mentioned obstacle when attempting to duplicate or migrate enterprise-class applications is IP-dependency. Not just topological dependencies that are easily addressed with dynamic routing and switching protocols in conjunction with a boot script, but internal dependencies – the ones so deeply embedded in the application’s “identity” that to change the IP address is to break the installation and render it useless. These are the applications that, upon asking for an exported image for testing purposes, virtualization experts will tell you is far more efficient...
Examining architectures on which hybrid clouds are based… IT professionals, in general, appear to consider themselves well along the path toward IT as a Service with a significant plurality of them engaged in implementing many of the building blocks necessary to support the effort. IaaS, PaaS, and hybrid cloud computing models are essential for IT to realize an environment in which (manageable) IT as a Service can become reality. That IT professionals –65% of them to be exact – note their organization is in-progress or already completed with a hybrid cloud implementation is telling, as it indicates a...
Examining architectures on which hybrid clouds are based… IT professionals, in general, appear to consider themselves well along the path toward IT as a Service with a significant plurality of them engaged in implementing many of the building blocks necessary to support the effort. IaaS, PaaS, and hybrid cloud computing models are essential for IT to realize an environment in which (manageable) IT as a Service can become reality. That IT professionals –65% of them to be exact – note their organization is in-progress or already completed with a hybrid cloud implementation is telling, as...
Application delivery infrastructure can be a valuable partner in architecting solutions …. AJAX and JSON have changed the way in which we architect applications, especially with respect to their ascendancy to rule the realm of integration, i.e. the API. Policies are generally focused on the URI, which has effectively become the exposed interface to any given application function. It’s REST-ful, it’s service-oriented, and it works well. Because we’ve taken to leveraging the URI as a basic building block, as the entry-point into an application, it affords the opportunity to optimize architectures and make more efficient the...
When nearly half of folks experienced a stateful firewall failure under attack last year[1], maybe more of the same isn’t the right strategy. [1] Arbor Networks, Network Infrastructure Security Report Connect with Lori: Connect with F5: ...
The impact of SPDY on infrastructure architecture The Internets were abuzz with the revelation that the custom browser Silk, distributed on Amazon’s latest endeavor Fire, leverages competitor Google’s own technological innovation, SPDY, against it. SPDY, short for "speedy" was developed by Google as a way of augmenting the regular HTTP protocol. It uses compression and several methods of optimizing and even predicting requests so resources are sent faster from the server to the browser. Amazon Silk uses SPDY for its connection to the EC2 cloud. Google...
#iApp #v11 If you were wondering what these three things have to do with F5, read on … What has a strange sense of humor, an unhealthy love of bacon and donuts, and has held a wide variety IT roles and responsibilities for a whole lot of years? If you were said “the F5 Product Management Engineering team” give yourself a cookie (or better yet some bacon). The question is, why should you care? To understand that, you first have to understand the role that “PME” has within F5. Many of...
When abstraction becomes a distraction, cloud computing becomes a realm of architectural limbo… Cloud. It sounds so grand in NIST’s description; full of promises with respect to the ability to provision and manage resources without having to muck around in the trenches. Compute! Network! Storage! Cheap, efficiently provisioned resources in minutes, not months! The siren call of cloud continues to lure many a curious folk, only to trap it in what is rapidly becoming architectural limbo. Differing slightly from the original meaning, in colloquial speech, "limbo" is any status where a person...
The secret to live migration isn’t just a fat, fast pipe – it’s a dynamic infrastructure Very early on in the cloud computing hype cycle we posited about different use cases for the “cloud”. One that remains intriguing and increasingly possible thanks to a better understanding of the challenges associated with the process is cloud bursting. The first time I wrote about cloud bursting and detailed the high-level process the inevitable question that remained was, “Well, sure, but how did the application get into the cloud in the first place?” Back then there was no...
#devops #cloud If your goal is IT as a Service, then at some point you have to actually service-enable the policies that govern IT infrastructure.
My eldest shared the story of “The Turk” recently and it was a fine example of how appearances can be deceiving – and of the power of abstraction. If you aren’t familiar with the story, let me briefly share before we dive in to how this relates to infrastructure and, specifically, IT as a Service.
The Turk, the Mechanical Turk or Automaton Chess Player was a fake chess-playing machine constructed in the late 18th century.
The...
Friends, foes, Internet-denizens … lend me your browser. Were you involved in any of the DDoS attacks that occurred over the past twelve months? Was your mom? Sister? Brother? Grandfather? Can you even answer that question with any degree of certainty? Reality is that the reason for attack on the web is subtly shifting to theft not necessarily of data, but of resources. While the goal may still be to obtain personal credentials for monetary gain, it is far more profitable to rip hundreds or thousands of credentials from a single source...
#v11 ScaleN breaks out of the traditional infrastructure scalability mold We previously introduced ScaleN but we didn’t really dig into how it’s enabled, other than to mention it’s been made possible in part by leveraging F5’s vCMP (virtual Clustered Multi-Processing) technology, which puts the “virtual” in “virtual networking.” The basic premise of infrastructure scalability is that if the component providing the scalability fails, well, the service for which it provides HA fails. That’s not good. So it was that HA architectures employing a variety of models came about to ensure that such a scenario...
It’s how much load that really generates and how it scales to meet the challenge. There’s some amount of debate whether Facebook really crossed over the one trillion page view per month threshold. While one report says it did, another respected firm says it did not; that its monthly page views are a mere 467 billion per month. In the big scheme of things, the discrepancy is somewhat irrelevant, as neither show the true load on Facebook’s infrastructure – which is far more impressive a set of numbers than its externally measured “page view”...
People vote their resentment, not their appreciation. The average man does not vote for anything, but against something. --William Bennet Munro I was thinking Monday morning about doing some development of features I wanted to add to the web application Don and I use to manage our gaming groups. Thinking about that got me thinking about how Facebook implements the “auto-search and link” feature for tagging in its interface. I wondered, briefly, whether anyone but a developer could really appreciate the intricacies of what’s going on under the covers to make that work. There’s a number of functions...
#v11 A robust and diverse set of management tools enabling a variety of infrastructure integration options is essential to architecting a dynamic data center In the continuing quest for a more dynamic data center, infrastructure integration must necessarily take center stage. While virtualization has enabled fluidity of server infrastructure, it has not done so for the network and may never be wholly suitable for the task for a variety of reasons. But the agility resulting from virtualization, the ability to manage resources on-demand, must be incorporated into the network infrastructure in order to scale...
Cookies as a service enabled via infrastructure services provide an opportunity to improve your operational posture. Fellow DevCentral blogger Robert Haynes posted a great look at a UK law regarding cookies. Back in May a new law went info effect regarding “how cookies and other “cookie-like” objects are stored on users’ devices.” If you haven’t heard about it, don’t panic – there’s a one-year grace period before enforcement begins and those £500 000 fines are being handed out. The clock is ticking, however. What do the new regulations say? Well essentially whereas cookies...
Ever hear the saying, “Closing the barn door after the horse has already left?” It’s not a good thing, and Dome9 aims to make sure you close the (cloud) barn door before the horse bolts – not after. An interesting* side-effect of deploying applications in public cloud computing environments is the fact that access to management functions is often accessible, necessarily, to any one. We rely instead on credentials and API keys to prevent unauthorized access and, given that we really can’t do much more than that based on the external constraints placed upon us...
Examining responsibility for auto-scalability in cloud computing environments. [ If you’re coming in late, you may want to also read previous entries on the network, application, and management framework ] Today, the argument regarding responsibility for auto-scaling in cloud computing as well as highly virtualized environments remains mostly constrained to e-mail conversations and gatherings at espresso machines. It’s an argument that needs more industry and “technology consumer” awareness, because it’s ultimately one of the underpinnings of a dynamic data center architecture; it’s the piece of the puzzle that makes or breaks one of...
#v11 Logging, necessary for a variety of reasons in the data center, can consume resources and introduce undesirable latency. Avoiding that latency improves application performance and in some cases, the quality of logs. Logging. It’s mandatory and, in some industries, critical. Logs are used not only for auditing and tracking but for debugging, for data mining and analysis, and in some tiers of the architecture, replication and synchronization of data. Logs are a critical component across the data center, of that there is no doubt. That’s why it’s particularly frustrating to know that the...
Examining responsibility for auto-scalability in cloud computing environments.
[ If you’re coming in late, you may want to also read previous entries on the network and the application ]
Today, the argument regarding responsibility for auto-scaling in cloud computing as well as highly virtualized environments remains mostly constrained to e-mail conversations and gatherings at espresso machines. It’s an argument that needs more industry and “technology consumer” awareness, because it’s ultimately one of the underpinnings of a dynamic data center architecture; it’s the piece of the puzzle that makes or breaks one of the highest value propositions of cloud computing...
Examining responsibility for auto-scalability in cloud computing environments.
[ If you’re coming in late, you may want to also read the previous entry on application-driven scalability ]
Today, the argument regarding responsibility for auto-scaling in cloud computing as well as highly virtualized environments remains mostly constrained to e-mail conversations and gatherings at espresso machines. It’s an argument that needs more industry and “technology consumer” awareness, because it’s ultimately one of the underpinnings of a dynamic data center architecture; it’s the piece of the puzzle that makes or breaks one of the highest value propositions of cloud computing and virtualization:...
#v11 DNS remains one of the most critical – and necessarily public – services within the data center. Neglect its security at your own peril…. DNS is still like your mom. Too often underappreciated and taken for granted, DNS – like many network and infrastructure services – is largely ignored until there’s a problem. Unfortunately for critical services like DNS, firewall, and load balancing, by the time there’s a problem there’s a PROBLEM. It’s important to not only actively manage DNS today, but actively protect it, too. After all, it is the primary means by...
Examining responsibility for auto-scalability in cloud computing environments.
Today, the argument regarding responsibility for auto-scaling in cloud computing as well as highly virtualized environments remains mostly constrained to e-mail conversations and gatherings at espresso machines. It’s an argument that needs more industry and “technology consumer” awareness, because it’s ultimately one of the underpinnings of a dynamic data center architecture; it’s the piece of the puzzle that makes or breaks one of the highest value propositions of cloud computing and virtualization: scalability.
The question appears to be a simple one: what component is responsible not only for recognizing the need...
When you get down to the architectures involving cloud – whether on or off-premise or hybrid – it’s really all about integrating infrastructure. It remains to be seen if network and operations are better off never using the word “integration” given the nearly violent negative reasons one sees in the development and architecture sides of IT to the word. Integration, even after the introduction of SOA and the nearly messianic view of the role of the enterprise service bus (ESB) in saving us from the horrors of traditional enterprise application integration (EAI), remains problematic for IT. Standards weren’t,...
#infosec A recently discovered 0-day Apache exploit is no problem for BIG-IP. Here’s a couple of different options using F5 solutions to secure your site against it.
It’s called “Apache Killer” and it’s yet another example of exploiting not a vulnerability, but a protocol’s behavior.
UPDATE (8/26/2011) We're hearing that other Range-* HTTP headers are also vulnerable. Take care to secure against these potential attack vectors as well!
In this case, the target is Apache and the “vulnerability” is in the way multiple ranges are handled by the Apache HTTPD server. The RANGE HTTP header is used to request one...
Cloud-based services for all things digital will either drive – or die by – bandwidth
Consumers, by definition, consume. In the realm of the Internet, they consume far more than they produce. Or so it’s been in the past. Broadband connectivity across all providers have long offered asymmetric network feeds because it mirrored reality: an HTTP request is significantly smaller than its corresponding response, and in general web-based activity is heavily biased toward fat download and thin upload speeds. The term “broadband” is really a misnomer, as it focuses only on the download speed and ignores the very narrowband of...
That’s Cloud “Network of Women” and it’s a new opportunity to collaborate on cloud and emerging technologies Many, many years Fritz Nelson (then Vice President, Group Publisher for the Network Computing Enterprise Architecture) answered a question during an interview on the intersection of women and technology – particularly the lack of the former in the latter – essentially saying it was incumbent upon those women who were active and had a voice to use it in ways that encouraged other women to join, participate, and take up the reins of leadership when possible within the world of technology. ...
#infosec #infra2 If you take one thing away from the ability to programmatically control infrastructure components take this: it’s imperative to maintaining a positive security posture You’ve heard it before, I’m sure. The biggest threat to organizational security is your own employees. Most of the time we associate that with end-users who may with purposeful intent to do harm carry corporate information offsite but just as frequently we cite employees who intended no harm – they simply wanted to work from home and then Murphy’s Law took over, resulting in the inadvertent loss of that sensitive...
#v11 AJAX, JSON and an ever increasing web application spread increase the odds of succumbing to a breach. BIG-IP ASM v11 reduces those odds, making it more likely you’ll win at the security table
When we use analogy often enough it becomes pervasive, to the point of becoming an idiom. One such idiom is the expression of unlikelihood of an event by comparing it to being hit by lightning. The irony is that the odds of being hit by lightning are actually fairly significant – about 1:576,000. Too many organizations view their risk of a breach as bring akin to...
VM interoperability promotes inter-environment portability about as well as a wig would fool anyone into believing these two girls are identical twins. That level of interoperability is like beauty – it’s only skin deep. Image by Darren Kelly via Flickr. Connect with Lori: Connect with F5: ...
The quest for truly stateful failover continues… Lightning was the latest cause of an outage at Amazon, this time in its European zones. Lightning, like tornadoes, volcanoes, and hurricanes are often categorized as “Acts of God” and therefore beyond the sphere of control of, well, anyone other than God. Outages or damages caused by such are rarely reimbursable and it’s very hard to blame an organization for not having a “plan” to react to the loss of both primary and secondary power supplies due to intense lightning strikes. The odds of a lightning strike are pretty high in the...
#v11 #HTML5 will certainly have an impact on web applications, but not nearly as much as hoped on the #mobile application market There’s a war on the horizon. But despite appearances, it’s a war for interactive web application dominance, and not one that’s likely to impact very heavily the war between mobile and web applications. First we have a report by ABI Research indicating a surge in the support of HTML5 on mobile devices indicating substantially impressive growth over the next five years. More than 2.1 billion mobile...
#v11 Application-centric analytics provide better visibility into performance, capacity and infrastructure utilization Maintaining performance and capacity of web sites and critical applications – especially those of the revenue-generating ilk – can be particularly difficult in complex environments. The mix of infrastructure and integration can pose problems when trying to determine exactly where capacity may be constrained or from where performance troubles are originating. Visibility into the application delivery chain is critical if we are to determine where and at what points in the chain performance is being impaired or constraints on capacity imposed, perhaps...
The University of Washington adds a cloud computing certificate program to its curriculum It’s not unusual to find cloud computing in a college environment. My oldest son was writing papers on cloud computing years ago in college, before “cloud” was a marketing term thrown about by any and everyone pushing solutions and products hosted on the Internet. But what isn’t often seen is a focus on cloud computing on its own; as its own “area of study” within the larger context of computer science. That could be because when you get down to it, cloud...
#mobile A single, contextual point of control for access management can ease the pain of managing the explosion of client devices in enterprise environments. Regardless of the approach to access management, ultimately any solution must include the concept of control. Control over data, over access to corporate resources, over processes and over actions b y users themselves. The latter requires a non-technological solution – education and clear communication of policies that promote a collaborative approach to security. As Michael Santarcangelo , a.k.a. The Security Catalyst, explains: “Our success depends on our ability to get closer to people, to...
#v11 Say hello to DNS Express You may recall we recently expounded upon the need for the next generation of infrastructure to provide more protection of critical DNS services. This is particularly important given recent research on behalf of Versign that found “60% of respondents rely on their websites for at least 25% of their annual revenue.” Combined with findings that DDoS attacks, DNS failures and attackers comprised 65% of unplanned downtime in the past year, the financial impact on organizations is staggering. We also described the most popular solution today, DNS caching, and...
Making the case for a stateless infrastructure model. cloud computing appears to have hit a plateau with respect to infrastructure services. We simply aren’t seeing even a slow and steady offering by providers of the infrastructure services needed to deploy mature enterprise-class applications. An easy answer as to why this is the case can be found in the fact that many infrastructure services while themselves commoditized are not standardized. That is, while the services are common to just about every data center infrastructure the configuration, policies and APIs are not. But this is somewhat analogous to applications,...
When there’s a problem with a virtual network appliance installed in “the cloud”, who do you call first? An interesting thing happened on the way to troubleshoot a problem with a cloud-deployed application – no one wanted to take up the mantle of front line support. With all the moving parts involved, it’s easy to see why. The problem could be with any number of layers in the deployment: operating system, web server, hypervisor or the nebulous “cloud” itself. With no way to know where it is – the cloud has limited visibility, after all – where do...
#v11 #iApp #devops Bring dev and ops closer together to enable IT as a Service and repeatable, consistent application deployments. The overriding theme of BIG-IP v11 is its focus on applications. From security to availability to management to resiliency, this release is focused on applications. Its revolutionary approach to application services offer immediate and future operational benefits by taking another step toward a dynamic data center. iApp is a feature name for what are fundamentally programmable application templates. These templates make simple user interfaces for complex system configurations. The minimal UI requirements are defined from the...
Pondering the impact of cloud and Web 2.0 on traditional middleware messaging-based architectures and PaaS.
It started out innocently enough with a simple question, “What exactly *is* the model for PaaS services scalability? If based on HTTP/REST API integration, fairly easy. If native middleware… input?” You’ll forgive the odd phrasing – Twitter’s limitations sometimes make conversations of this nature … interesting.
The discussion culminated in what appeared to be the sentiment that middleware was mostly obsolete with respect to PaaS.
THE OLD WAY
Very briefly for those of you who are more infrastructure / network minded than application architecture fluent,...
#v11 #vcmp #scaleN #iApp It’s time to bring the benefits of server virtualization, rapid provisioning and efficient, flexible scalability models to the network. Many of you know I’m a developer by trade and gained my networking stripes after joining Network Computing Magazine around the turn of the century. I focused heavily on application-centric solutions (sometimes much to my chagrin; consider evaluating ERP solutions for a moment and I’m sure you’ll understand why) but I was also tasked with reviewing networking solutions. In particular, the realm of load balancing and application delivery fell squarely to me for...
#v11 #F5agility Differences in terminology, technology foundations and management have widened the “gap” between dev and ops to nearly a chasm. There has always been a disconnect between “infrastructure” and “applications” and it is echoed through organizational hierarchies in every enterprise the world over. Operations and network teams speak one language, developers another. For a long time we’ve just focused on the language differences, without considering the deeper, underlying knowledge differences they expose. Application Delivery Controllers, a.k.a Load balancers, are network-deployed solutions that, because of their role in delivering applications, are a part of...
We need to be careful that we do not repeat the era of “HTML programmers” with “cloud programmers”.
If you’re old enough you might remember a time when your dad or brother worked on the family car themselves. They changed the oil, bled the brakes, changed the fluids and even replaced head gaskets when necessary. They’d tear apart the engine if need be to repair it; no mechanic necessary. But cars have become highly dependent on technology and today it’s hard to find anyone who hasn’t been specifically trained that works on their own car. Sure, an oil change or...
#mobile Managing access to resources instead of from devices is the key to a sustainable access management strategy. CSO Online recently reported on the results of a study conducted by Unisys with respect to mobile devices and IT readiness. The article – and report – are full to the brim with interesting statistics regarding not just usage of mobile devices within the enterprise but attitudes of employees toward the necessity of those devices to perform their daily tasks. It also focuses on IT and its awareness –and readiness - to handle the steady influx of mobile...
The storage virtualization layer is another strategic point of control in the data center where costs can be minimized and resource utilization maximized. In olden times of lore, the king may have been top dog but it was the castellan through which one had to go to gain an audience or access to any one of his holdings. The castellan was a position of immense power and influence in the medieval hierarchy, responsible for managing the king’s castles and lands wherever they might be. In modern times, if data is king then storage virtualization must be...
#IPv6 Integration with partners, suppliers and cloud providers will make migration to IPv6 even more challenging than we might think… My father was in the construction business most of the time I was growing up. He used to joke with us when we were small that there was a single nail in every house that – if removed – would bring down the entire building. Now that’s not true in construction, of course, but when the analogy is applied to IPv6 it may be more true than we’d like to think, especially when that nail is named...
We need to start focusing on improving the application deployment processes that all too often are the bulk of time spent trying to get an application out the door. The application deployment process is broken. Oh, I know it looks like it’s actually improving, but it’s not. Virtualization came along and took the low hanging fruit off the application deployment tree and paid no never mind to those still waiting in the upper branches. While applications are easy to provision today thanks to the wonders of virtualization, the rest of the infrastructure still is...
JSON Activity Streams offers some interesting new scalability pattern possibilities via layer 7 (application) switching. One of the most interesting aspects of deploying applications is figuring out how to scale them. There’s many options, from simple scale out and scale up to more advanced architectural designs that take advantage of external, application switching services. The flexibility in the latter has become more obvious with the advent of not just cloud computing , but its underlying virtualized auto-scaling technologies. Combined with more targeted scalability strategies, infrastructure services provide a more operationally and financially efficient means of scaling...
It’s kind of like thinking globally but acting locally… While I rail against the use of the too vague and cringe-inducing descriptor “workload” with respect to scalability and cloud computing , it is perhaps at least bringing to the fore an important distinction that needs to be made: that of the impact of different compute resource utilization patterns on scalability. What categorizing workloads has done is to separate “types” of processing and resource needs: some applications require more I/O, some less. Others are CPU hogs while others chew up memory at an alarming rate....
Pop Quiz: In recent weeks, which of the following attack vectors have been successfully used to breach major corporation security? (choose all that apply) Phishing Parameter tampering SQL Injection DDoS SlowLoris Data leakage If you selected them all, give yourself a cookie because you’re absolutely right. All six of these attacks have successfully been used recently, resulting in breaches across the globe: International Monetary Fund US Government – Senate CIA Citibank ...
Five years ago the OpenAjax Alliance was founded with the intention of providing interoperability between what was quickly becoming a morass of AJAX-based libraries and APIs. Where is it today, and why has it failed to achieve more prominence? I stumbled recently over a nearly five year old article I wrote in 2006 for Network Computing on the OpenAjax initiative. Remember, AJAX and Web 2.0 were just coming of age then, and mentions of Web 2.0 or AJAX were much like that of “cloud” today. You couldn’t turn around without hearing someone promoting their solution by associating with...
The former is easy. The latter? Not so much. In the many, many – really, many – posts I’ve penned regarding cloud computing , and in particular the notion of Intercloud, I’ve struggled to come up with a way to simply articulate the problem inherent in current migratory and, for that matter, interoperability models. Recently I found the word I had long been groping for: architecture. Efforts from various working groups, standards bodies and even individual vendors still remain focused on an application; a packaged up application with a sprinkling of meta-data designed to make a...
No, not World of Warcraft “Damage per Second” - infrastructure “Decisions per second”. Metrics are tricky. Period. Comparing metrics is even trickier. The purpose of performance metrics is, of course, to measure performance. But like most tests, before you can administer such a test you really need to know what it is you’re testing. Saying “performance” isn’t enough and never has been, as the term has a wide variety of meanings that are highly dependent on a number of factors. The problem with measuring infrastructure performance today – and this will continue to be a major...
Don’t get so focused on the trebuchets, mangonels and siege towers that you forget about the sappers. We often compare data center security to castles and medieval defenses. If we’re going to do that, we ought to also consider the nature of attacks in light of the military tactics used to perpetrate such attacks, namely siege warfare. It’s likely more apropos today than it was when the analogy was first made because today organizations are definitely under siege from a variety of attack methods. Most of them are obvious if you have someone on the walls...
We focus a lot on encouraging developers to get more “ops” oriented, but seem to have forgotten networking pros also need to get more “apps” oriented. Most networking professionals know their relevant protocols, the ones they work with day in and day out, that many of them are able to read a live packet capture without requiring a protocol translation to “plain English”. These folks can narrow down a packet as having come from a specific component from its ARP address because they’ve spent a lot of time analyzing and troubleshooting network issues. And...
Mobile users feel the need …. the need for spe- please wait. Loading… We spent the week, like many other folks, at O’Reilly’s Velocity Conference 2011 – a conference dedicated to speed, of web sites, that is. This year the conference organizers added a new track called Mobile Performance. With the consumerization of IT ongoing and the explosion of managed and unmanaged devices allowing ever-increasing amounts of time “connected” to enterprise applications and services, mobile performance – if it isn’t already – will surely become an issue in the next few years. The adoption...
The JSON Activity Stream specification could allow the (other and oh so soon forgotten side of) consumerization of IT to make its way into the data center. Remember when I posited that the Next-Generation Management of Data Centers Should be Modeled on Social Networking and introduced the concept of “Infrabook” – a somewhat silly-but-serious-at-the-time idea that infrastructure should get “social”? The recent publication of JSON Activity Streams – in addition to being very exciting from an infrastructure architecture perspective – may be exactly what is needed to bring this concept to life. ...
The dynamic data center of the future, enabled by IT as a Service, is stateless. One of the core concepts associated with SOA – and one that failed to really take hold, unfortunately – was the ability to bind, i.e. invoke, a service at run-time. WSDL was designed to loosely couple services to clients, whether they were systems, applications or users, in a way that was dynamic. The information contained in the WSDL provided everything necessary to interface with a service on-demand without requiring hard-coded integration techniques used in the past. The theory was you’d find an appropriate...
We had a successful #IPv6 day – but not everyone was so fortunate. But that’s why you test, isn’t it? Application delivery controllers, i.e. load balancers, were an integral component in getting ready for World IPv6 Day. As we, as in the Internets, continue to plan a path toward full IPv6 support, they will continue to be a key piece of the migration puzzle regardless of the strategy (dual-stack, translation, tunnels) ultimately chosen. At F5 we chose to eat our own dogfood and implement what is essentially a “dual-stack” strategy as a means to...
Driving a car in a circle, even at high speed, may sound easy but it’s not a one-man job: it takes a team with visibility to avoid accidents and enable a successful race. Optimization and visibility, on the surface, don’t seem to have much in common. One is about making something more efficient – usually faster – and the other is about, well, being able to see something. It’s the difference between driving in a race and watching a race. But if you’ve ever looked into racing – high speed, dangerous racing like NASCAR ...
The choice of load balancing algorithms can directly impact – for good or ill – the performance, behavior and capacity of applications. Beware making incompatible choices in architecture and algorithms. One of the most persistent issues encountered when deploying applications in scalable architectures involves sessions and the need for persistence-based (a.k.a. sticky) load balancing services to maintain state for the duration of an end-user’s session. It is common enough that even the rudimentary load balancing services offered by cloud computing providers such as Amazon include the option to enable persistence-based load balancing. While...
World IPv6 Day is June 8. We’re ready, how about you?
World IPv6 day, scheduled for 8 June 2011, is a global-scale test flight of IPv6 sponsored by the Internet Society. On World IPv6 Day, major web companies and other industry players will come together to enable IPv6 on their main websites for 24 hours. The goal is to motivate organizations across the industry — Internet service providers, hardware makers, operating system vendors and web companies — to prepare their services for IPv6 to ensure a successful transition as IPv4 address space runs out.
This is more than a marketing...
If Amazon’s Availability Zone strategy had worked as advertised its outage would have been non-news. But then again, no one really knows what was advertised… There’s been a lot said about the Amazon outage and most of it had to do with cloud and, as details came to light, about EBS (Elastic Block Storage). But very little mention was made of what should be obvious: most customers didn’t – and still don’t - know how Availability Zones really work and, more importantly, what triggers a fail over. What’s worse, what triggers a fail back? Amazon’s documentation...
Organizations interested in greening their data centers (both green as in cash as well as in grass) will benefit from the ability to reduce, reuse and recycle in just 4Us of rack space with a leaner, greener F5 VIPRION According to the latest data from the U.S. Energy Information Administration, the average cost of electricity for commercial use rose from 9.63 (Jan 2010) to 9.88 (Jan 2011) cents per kWh. If you think that’s not significant, consider that the average cost of powering one device in the data center has increased by 3% from 2010 to...
Turns out that ‘unassailable’ economic argument for public cloud computing is very assailable The economic arguments are unassailable. Economies of scale make cloud computing more cost effective than running their own servers for all but the largest organisations. Cloud computing is also a perfect fit for the smart mobile devices that are eating into PC and laptop market. -- Tim Anderson, “Let the Cloud Developer Wars Begin” Ah, Tim. The arguments are not unassailable and, in fact, it appears you might be guilty of having tunnel vision – seeing only the list price and forgetting...
Mobile and tablet platforms are hyping HTML5, but many applications are bound to a traditional client-server model, making API performance a top concern for organizations. I recently received an e-mail from Strangeloop Networks with a subject of: “The quest for the holy grail of Web speed: 2-second page load times". Being focused on optimizing the user-interface, they appropriately quoted usability expert Jakob Nielsen, but also included some interesting statistics: 57% of site visitors will bounce after waiting 3 seconds or less for a page to load. Aberdeen Group surveyed...
Heterogeneous storage systems remain one of the more difficult data center components to virtualize. F5 ARX and ARX Cloud Extender continue to broaden support for more systems, making it easier to normalize data storage – even if the data and provider interfaces aren’t. This week Don joins us to share the latest news from the F5 Data Solutions Group. The advent of directory virtualization opened up the ability to intelligently tier storage without a lot of manual intervention. The use of the strategic point of control between consumers of file services and the providers...
Tablets, smart phones and emerging mobile devices with instant access to applications are impacting the way in which IT provides services and developers architect applications.
When pundits talk about the consumerization of IT they’re mostly referring to the ability of IT consumers, i.e. application developers and business stakeholders, to provision and manage, on demand, certain IT resources, most usually that of applications. There’s no doubt that the task of provisioning the hardware and software resources for an application is not only tedious but time-consuming and that it can easily – using virtualization and cloud computing technologies – be enabled...
#devops #infosec Shared resources do benefit organizations, there’s no arguing about that. But when resources forming the basis of identity are trusted and then inadvertently shared, you may find your (IP) identity misappropriated. In the past two years there have been interesting stories floating around about what happens when IP addresses are “shared” in public cloud computing environments. You’ve no doubt heard how someone spun up an instance and was immediately blacklisted by some other website because the last application assigned that IP address was naughty on the Internets. Organizations have struggled with such issues...
#vcmp It’s great to be fast and furious, but if your infrastructure handles like a boat you won’t be able to take advantage of its performance We recently joined the land of modernity when I had a wild urge to acquire a Wii. Any game system is pretty useless without games, so we got some of those too. One of them, of course, had to be Transfomers: The Game because, well, our three-year old thinks he is a Transformer and I was curious as to how well the game recreated the transformation process. ...
A recent power outage in the middle of the night reveals automation without context can be expensive for aquariums – and data centers. You may recall from several posts (Cloud Chemistry 101, The Zero-Product Property of IT and The Number of the Counting Shall be Three (Rules of Thumb for Application Availability) that one of my hobbies is “reefing.” No, it’s not that kind of reefer madness, it’s the other kind – the kind associated with aquariums and corals and all manner of strange looking ocean-living fish. I only recently re-engaged after years of avoiding the...
Though responsibility for taking precautions may be shared, the risk of an incident is always yours and yours alone, no matter who is driving the car. Cloud and security still take top billing in many discussions today, perhaps because of the nebulous nature of the topic. If we break down security concerns in a public cloud computing environment we can separate them into three distinct categories of risk – the infrastructure, the application, and the management framework. Regardless of the model – IaaS, PaaS, SaaS – these categories exist as discrete entities, the differences being only in...
The economy of scale realized in enterprise cloud computing deployments is as much (if not more) about process as it is products. HP Cloud Maps simplify the former by automating the latter. When the notion of “private” or “enterprise” cloud computing first appeared, it was dismissed as being a non-viable model due to the fact that the economy of scale necessary to realize the true benefits were simply not present in the data center. What was ignored in those arguments was that the economy of scale desired by enterprises large and small was not necessarily...
#vcmp #interop Whether it’s a need to support cloud computing or manage the myriad requirements from internal customers, the new network must go beyond multi-tenancy There has been a plethora of content lately discussing the need for virtual network appliances. It’s only natural, after all, that once we managed to work out all the quirks and flaws of server and storage virtualization that we’d move on to the next layer of the data center, the network. What’s being discovered as enterprises build out their own cloud computing or IT as a Service environments is that multi-tenancy...
An interesting look at how automation combined with cloud computing resource brokering could go very, very wrong Automation is not a new concept. People – regular old people – have been using it for years for tasks that require specific timing or reaction to other actions, like bidding on eBay or other auction-focused sites. The general concept is pretty simple as it’s just an event-driven system that automatically performs an action when the specified trigger occurs. Usually, at least when money is concerned, there’s an upper limit. The action can’t be completed if the resulting...
It’s not just cloud computing and virtualization that introduce volatility into the data center. The natural state of cloud computing is one of constant change. Applications and services and users interacting in ways that constantly change the landscape of the data center. But it isn’t just the volatility of cloud computing and virtualization that makes traditional data center architectures brittle and more apt to fail. It’s the constant barrage of users, devices, and locations against a static data center configuration that makes a traditional architecture fragile and inefficient. Pressures are mounting...
The recent Amazon EC2 outage has been awarded far more importance than is likely due when compared to its impact on the Internet*. * Based on data from ec2disabled and Netcraft. Technorati Tags: MacVittie,F5,cloud computing,EC2,Amazon,availability,reliabilty,1024 Words
While everyone was focused on cloud, JSON has slowly but surely been taking over the application development world
It looks like the debate between XML and JSON may be coming to a close with JSON poised to take the title of preferred format for web applications.
If you don’t consider these statistics to be impressive, consider that ProgrammableWeb indicated that its “own statistics on ProgrammableWeb show a significant increase in the number of JSON APIs over 2009/2010. During 2009 there were only 191 JSON APIs registered. So far in 2010 [August] there are already 223!”
Today there are 1262 JSON APIs registered,...
IT as a Service requires commoditization. Commoditization implies standardization. The network needs standardization, and that’s only going to happen via a common API and semantic model. Randy Bias of Cloudscaling apparently set off a firestorm at Cloud Connect 2011, stating with typical Randy forthrightness: “API's don't matter.” It’s not something we haven’t heard before. In fact, it’s not something I haven’t said myself, in a way. Randy wasn’t really questioning the need for APIs, that’s a given. What he was getting at was to question the need for standardization of APIs. Within IT,...
Managing the other kind of performance in a data center requires the ability to analyze a whole lotta data. Big operational data. “Big data” right now is nearly as hyped as cloud computing . The vast amounts of data collected that need to be shared, integrated, replicated, backed up, and managed is growing at a phenomenal rate. But when folks talk about “big data” they’re focused primarily on application data, on user-generated data, on business data. They are not generally concerned with the other “big data” that threatens to overwhelm data center operations on a daily...
Active Endpoints introduces Cloud Extend for Salesforce.com and reminds us that commoditization most benefits providers, customization most benefits customers. In the context of cloud computing we often mention the driving force behind many of its financial benefits is commoditization. Commoditization drives standardization which reduces costs of the product itself as well as the management systems needed to interact with them. Commoditization drives the cost of manufacturing, of creating and/or providing a good or service down for the provider. It is usually the case, expected in fact, that those savings are passed on to the consumer in the...
Two words: be prepared.
Way back when,Don was the Scoutmaster for our local Boy Scout Troop. He’d been a Scout and earned his Eagle and, as we had a son entering scouting age, it was a great opportunity for Don to give back and for me to get involved. I helped out in many ways, not the least of which was to help the boys memorize the Scout promise and be able to repeat on-demand its Motto (Be Prepared) and its Slogan (Do a good turn daily).
Back then there was no Robotics Merit Badge (it was eerily introduced while I...
Accelerating protocols via optimization is actually very different from accelerating the transfer of data. It is often the case that we, as an industry, use the terms “optimization” and “acceleration” interchangeably. Consider that solutions designed to improve the transfer of data across a WAN can be called WAN Optimization as easily as it is known as WAN Acceleration. Interestingly enough, solutions that make web applications specifically go “faster” were always termed Web Acceleration and never Web Optimization. The difference lies underneath, in what each focuses upon: optimization is almost always related to protocol efficiency and...
Variable latency is a Very Bad Thing™ – that’s why we build core networks based on hardware, not software. One of the key components to a successful scaling strategy is recognizing when more (or less) capacity is required and then acting upon that information. We call cloud and auto-scaling “on-demand” but in reality it’s more the case that we’re taking action based on historical data; on the past five or ten minutes of performance and load on a given resource. Ultimately this requires some predictive capabilities, either of systems or people. Based on data regarding the...
Like beauty, sometimes it is all about the view from the eye of the beholder. Technorati Tags: MacVittie,F5,cloud computing,1024 Words
And it all begins with the business. Last week was one of those weeks where my to-do list was growing twice as fast as I was checking things off. And when that happens you know some things end up deprioritized and just don’t get the attention you know they deserve. Such was the case with a question from eBizQ regarding the relationship between strategy and technology: Does strategy always trump technology? As Joe Shepley wonders in this interesting post, Strategy Trumps Technology Every Time, could you...
If by “caffeine and sugar” you mean one way operations can optimize application and application delivery network performance. The benefits of a successfully executed centralized infrastructure management strategy are well-understood. We all know that being able to monitor and subsequently manage the various configurations, options and dependencies in a data center is critical to an agile operational posture capable of reacting and adjusting policies and processes on-demand. But as cloud computing and virtualization continue to emerge as the preferred architectures of choice, unified management has become problematic. As organizations deploy a mixture of virtual and...
It’s called a feedback loop, not a feedback black hole. One of the key components of a successful architecture designed to mitigate operational risk is the ability to measure, monitor and make decisions based on collected “management” data. Whether it’s simple load balancing decisions based on availability of an application or more complex global application delivery traffic steering that factors in location, performance, availability and business requirements, neither can be successful unless the components making decisions have the right information upon which to take action. Monitoring and management is likely one of the least sought after...
If integrated web applications and services were cars… Technorati Tags: MacVittie,performance,application,1024 Words,application delivery
Application performance is more and more about dependencies in the delivery chain, not the application itself.
When an article regarding cloud performance and an associated average $1M in loss as a result appeared it caused an uproar in the Twittersphere, at least amongst the Clouderati.There was much gnashing of teeth and pounding of fists that ultimately led to questioning the methodology and ultimately the veracity of the report.
If you were worried about the performance of cloud-based applications, here's fair warning: You'll probably be even more so when you consider findings from a recent survey conducted by Vanson Bourne...
It’s not enough to have a strategic point of control; you’ve got to use it, too. One of the primary threats to the positive operational posture of an organization is that of extremely heavy load. Whether it’s from a concerted effort to take down the site (DDoS) or simply an unanticipated flood of legitimate users is really not as important to today’s discussion as understanding the impact both can have not just on your applications, but on their supporting infrastructure. You know, the network “stuff” that sits between the client and your applications, defending...
What distinguishes these three models of cloud computing are the business and operational goals for which they were implemented and the benefits derived. A brief Twitter conversation recently asked the question how one would distinguish between the three emerging dominant cloud computing models: public, private and enterprise. Interestingly, if you were to take a "public cloud" implementation and transplant it into the enterprise, it is unlikely to deliver the value IT was expecting. Conversely, transplanting a private cloud implementation to a public provider would also similarly fail to achieve the desired goals. When you dig...
When your data center is constantly under pressure to address operational risks, try leveraging some ancient wisdom from King Leonidas and William Wallace
The Battle of Thermopylae is most often remembered for the valiant stand of the "300". In case you aren't familiar, three hundred Spartans (and a supporting cast of city-state nations) held off the much more impressively numbered armies of Prince Xerces for a total of seven days before being annihilated.
A Greek force of approximately 7,000 men marched north to block the pass in the summer of 480 BC. The Persian army, alleged by the ancient...
What’s worse than the big bad SSL wolf? Bad certificates certifying badder content… Connect with Lori: Connect with F5: ...
Of course not, because sometimes it is about the hardware. If the rise of Massively multiplayer online role-playing game (MMORPG) like WoW (World of Warcraft) taught us anything it's the lag kills. What we technically know as latency is known to the PC gaming community as "lag". It's the time between hitting a key to take an action and that action actually being taken. Network latency is a Very Bad Thing™ for real-time online games in which other people are counting on you to blast your opponents. Failure to do so in a timely fashion can...
Let me ‘splain. No, there is too much, let me sum up. I occasionally get in a snit about, well, just about anything related to technology. Sometimes I take my #snark as we call it on Twitter and put into a graphic form because it’s so much easier to represent sarcasm and #snark with a picture than it is to blow out a couple of thousand words on a topic. But these #snark laden inspirations often end up lost or not shared at all. Thus, I plan on sharing these "1024 Words” whenever the feeling strikes me. This...
But rather it is the ability to compensate for it. Redundancy. It’s standard operating procedure for everyone who deals with technology – even consumers. Within IT we’re a bit more stringent about how much redundancy we build into the data center. Before commoditization and the advent of cheap computing (a.k.a. cloud computing ) we worried about redundant power supplies and network connections. We leveraged fail-over as a means to ensure that when the inevitable happened, a second, minty-fresh server/application/switch was ready to take over without dropping so much as a single packet on the data...
Like urban legends, every few years this one rears its head and makes its rounds.
It is certainly true that everyone who has an e-mail address has received some message claiming that something bad is going on, or someone said something they didn’t, or that someone influential wrote a letter that turns out to be wishful thinking. I often point the propagators of such urban legends to Snopes because the folks who run Snopes are dedicated to hunting down the truth regarding these tidbits that make their way to the status of urban legend.
It would nice, wouldn’t it, if...
Desktops aren’t GPS-enabled but don’t let that stop you from providing hyperlocal information to all your fans. IMAGE from macmillan buzzword dictionary Two people are sitting in an Internet-enabled café. Let’s call the café Starbucks. One of them is using an iPhone or iPad while having a Hoffachino to find out what’s going on in the area. One of them is using a laptop to do the same. One of these two people is likely to get more accurate responses with less work. Which one is it? ...
Aristotle’s famous four questions can be applied to infrastructure integration as a means to determine whether an API or SDK is the right tool for the job. While bouncing back and forth last week with Patrick Debois on the role of devops , vendors and infrastructure integration he left a comment on the blog post that started the discussion that included the following assertion: On a side note: vendors should treat their API's as first class citizens. Too often (and i personally feel iControl too) API's expose a thinking model based upon the...
Internal processes may be the best answer to mitigating risks associated with third-party virtual appliances The enterprise data center is, in most cases, what aquarists would call a “closed system.” This is to say that from a systems and application perspective, the enterprise has control over what goes in. The problem is, of course, those pesky parasites (viruses, trojans, worms) that find their way in. This is the result of allowing external data or systems to enter the data center without proper security measures. For web applications we talk about things like data scrubbing and web...
Sometimes vulnerabilities are simply the result of a protocol design decision, but that doesn’t make it any less a vulnerability
An article discussing a new attack on social networking applications that effectively provides an opening through which personal data can be leaked was passed around the Internets recently.
If you haven’t read “Abusing HTTP Status Codes to Expose Private Information” yet please do, it’s a good read and exposes, if you’ll pardon the pun, yet another “vulnerability by design” flaw that exists in many of the protocols that make the web go today.
We, as an industry, spend a lot...
The “what” is a dynamic data center infrastructure. Cloud is “how” to get there. Admist the chatter and sound bites on Twitter coming from Cloud Connect this week are some interesting side conversations revolving around architecture and how cloud may or may not change the premises upon which those architectures are based. Architecture is, in the technology demesne, the “fundamental underlying design of computer hardware, software, or both.” A data center architecture is the design of a data center, the underlying fundamental way in which compute, network and storage resources are provisioned and ultimately delivered to support...
You’re still asking the wrong questions about cloud computing .
The city of Santa Clara is covered by a cloud this week, but not the kind of clouds most folks associate with California. CloudConnect 2011 is gearing up for a week of sessions and workshops, thought-provoking panels and general conversation on a topic that continues to be top of mind for everyone from press to analysts to IT professionals.
“Everyone” is going to be there. Well, everyone but me.
Now you might think that’s odd, that a co-chair of a track at a conference wouldn’t attend the show. My cohort...
A reference architecture is a solution with the “some assembly required” instructions missing.
As a developer and later an enterprise architect, I evaluated and leveraged untold number of “reference architectures.” Reference architectures, in and of themselves, are a valuable resource for organizations as they provide a foundational framework around which a concrete architecture can be derived and ultimately deployed.
As data center architecture becomes more complex, employing emerging technologies like cloud computing and virtualization, this process becomes fraught with difficulty. The sheer number of moving parts and building blocks upon which such a framework must be laid is...
We need to remember that operations isn’t just about deploying applications, it’s about deploying applications within a much larger, interdependent ecosystem.
One of the key focuses of devops – that hardy movement that seeks to bridge the gap between development and operations – is on deployment. Repeatable deployment of applications, in particular, as a means to reduce the time and effort that goes into the deployment of applications into a production environment.
But the focus is primarily on the automation of application deployment; on repeatable configuration of application infrastructure such that it reduces time, effort, and human error. Consider a...
The claim a company is not a “true security company” because they don’t focus solely on security products is a red herring.
If I ask you to define a true security company, you might tend to fall back on the most obvious answer, “Well, it’s a company that focuses on security.”
And then I would ask, “Security of what?”
And then you might answer, “Well, of whatever it is the product secures, of course.”
Of course. What it boils down to is that the most common definition of a “security company” is one that focuses solely on providing solutions designed...
Because ‘big data’ isn’t just a problem for data at rest, it’s a problem for data being transferred.
Remember when we talked about operational risk comprising more than security? One of the three core components of operational risk is availability which is defined differently based not only the vertical industry you serve but also on the business goals of the application. This includes disaster recovery goals, among which off-site backups are often used as a means to address the availability of data for critical applications in the event of a disaster.
Data grows, it rarely shrinks, and operational tasks...
A: They’re both more what you’d call “guidelines” than actual rules. An almost irrefutable fact of application design today is the need for a database, or at a minimum a data store – i.e. a place to store the data generated and manipulated by the application. A second reality is that despite the existence of database access “standards”, no two database solutions support exactly the same syntax and protocols. Connectivity standards like JDBC and ODBC exist, yes, but like SQL they are variable, resulting in just slightly different enough implementations to effectively cause...
Recognizing the relationship between and subsequently addressing the three core operational risks in the data center will result in a stronger operational posture.
Risk is not a synonym for lack of security. Neither is managing risk a euphemism for information security. Risk – especially operational risk – compromises a lot more than just security.
In operational terms, the chance of loss is not just about data/information, but of availability. Of performance. Of customer perception. Of critical business functions. Of productivity. Operational risk is not just about security, it’s about the potential damage incurred by a loss of availability or performance...
Detecting attacks is good, being able to do something about it is better. F5 and Oracle take their collaborative relationship even further into the data center, integrating web application and database firewall solutions to improve protection against web and database-focused attacks.
It is often the case that organizations heavily invested in security solutions designed to protect critical application infrastructure, such as the database, are unwilling to replace those solutions in favor of yet another solution. This is not necessarily a matter of functionality or trust, but a decision based on reliance on existing auditing and management solutions that are...
Do you really need a firewall to secure web and application services? Some organizations would say no based on their experiences while others are sure to quail at the very thought of such an unnatural suggestion.
Firewalls are, in most organizations, the first line of defense for web and application services. This is true whether those services are offered to the public or only to off-site employees via secure remote access. The firewall is, and has been, the primary foundation around which most network security architectures are built.
We’ve spent years designing highly-available, redundant architectures that include the firewall....
The definition of “broken” in IT is a lot more variable than in the real world. Sometimes you should follow the strategy not taken.
Don and I maintain a number of servers on which we run various web sites for fun.
Early on we determined we really did need a firewall both because we wanted to better control our young children’s access to the Internet and to prevent unwanted visitors. We happened to have one land in our laps. For the past – well, many years now - it’s been running with nary a glitch to trip us up. In other...
Nokia’s brutally honest assessment of its situation identifies what is not always obvious in the data center - it’s about an ecosystem.
In what was certainly a wake-up call for many, Nokia’s CEO Stephen Elop tells his organization its “platform is burning.”
In a leaked memo reprinted by Engadget and picked up by many others, Elop explained the analogy as well as why he believes Nokia is in trouble. Through careful analysis of its competitors and their successes, he finds the answer in the ecosystem its competitors have built -comprising developers, applications and more.
The battle of devices...
Database as a service is part of an emerging model that should be evaluated as an architecture, not based on where it might be deployed These days everything is being delivered “as a Service”. Compute, storage, platforms, IT, databases. The concept, of course, is sound and it is generally speaking a good one. If you’re going to offer an environment in which applications can be deployed, you’d best offer the services appropriate to the deployment and delivery of that application. And that includes data services; some kind of database. ...
Public cloud computing is about capacity and scale on-demand, private cloud computing however, is not. Legos. Nearly every child has them, and nearly every parent knows that giving a child a Lego “set” is going to end the same way: the set will be put together according to instructions exactly once (usually by the parent) and then the blocks will be incorporated into the large collection of other Lego sets to become part of something completely different. This is a process we actually encourage as...
Migration is not going to happen overnight and it’s going to require simultaneous support for both IPv4 and IPv6 until both sides of the equation are ready.
Making the switch from IPv4 to IPv6 is not a task anyone with any significant investment in infrastructure wants to undertake. The reliance on IP addresses of infrastructure to control, secure, route, and track everything from simple network housekeeping to complying with complex governmental regulations makes it difficult to simply “flick a switch” and move from the old form of addressing (IPv4) to the new (IPv6). This reliance is spread up and...
Cloud is about achieving a steady state where dynamism is the norm but actions and reactions are in perfect balance. It’s called “dynamic equilibrium” and you’ll need to pass Cloud Chemistry 101 to get there. When you were a kid you might have had a goldfish. It lived in a bowl of water and you fed it and if you were lucky it lived for quite a while. You certainly didn’t concern yourself with things like water quality (unless the water started turning green, of course) or pH or alkalinity or gas exchange rates. Circulation...
Claiming SSL is not computationally expensive is like saying gas is not expensive when you don’t have to drive to work every day.
My car is eight years old this year. It has less than 30,000 miles on it.
Yes, you heard that right, less than 30,000 miles. I don’t drive my car very often because, well, my commute is a short trip down two flights of stairs. I don’t need to go very far when I do drive it’s only ten miles or so round trip to the grocery store. So from my perspective, gas isn’t really very...
Mobile users. cloud computing . End-runs around IT security by developers. The trend has always existed, it’s just speeding up now. IT needs to take back control – and fast. But first IT needs the tools with which to do that…
Let’s ignore the horrible acting by Kevin Costner in “Robin Hood: Prince of Thieves” (I personally prefer Russell Crowe in the 2010 version but that’s me and unfortunately they cover two different periods of Robin Hood’s legendary life so we’re stuck with the lesser version) and let’s just focus on a couple key lines/concepts that are relevant to the...
Cloning. Boomeranging. Trojan clouds. Start up CloudPassage takes aim at emerging attack surfaces but it’s still more about process than it is product.
Before we go one paragraph further let’s start out by setting something straight: this is not a “cloud is insecure” or “cloud security – oh noes!” post.
Cloud is involved, yes, but it’s not necessarily the source of the problem - that would be virtualization and processes (or a lack thereof). Emerging attack methods and botnet propagation techniques can just as easily be problematic for a virtualization-based private cloud as they are for public cloud. That’s because the...
It used to be that “mobile” access implied “remote” access. That’s no longer true. As the variety of clients continue to expand along with the venues from which we users can access corporate resources the ability to intelligently enforce access-control policies also increases in strategic importance.
Every time we add a new access method in the enterprise we go through a period in which we expend a lot of time and energy trying to figure out how to control that access.
The consumerization of IT, for example, in which consumer-grade devices (gadgets) have been slowly but surely permeating every facet...
Both are taken for granted but provide vital services without which you and your digital presence would be lost. In the case of DNS, that should be taken literally. Mom. She’s always there, isn’t she? She kissed away your bumps and bruises. You treated her like Google before you had access to the web and, like Google, she came through every time you needed to write a report on butterflies or beetles or the pyramids at Giza. You asked her questions, she always had an answer. You didn’t spend as much...
Virtualization has many benefits in the data center – some that aren’t necessarily about provisioning and deployment.
There are some things on your shopping list that you’d never purchase sight unseen or untested. Houses, cars, even furniture. So-called “big ticket” items that are generally expensive enough to be viewed as “investments” rather than purchases are rarely acquired without the customer physically checking them out.
Except in IT. When it comes to hardware-based solutions there’s often been the opportunity for what vendors call “evaluation units” but these are guarded by field and sales engineers as if they’re gold from Fort Knox....
Like Subway, too often we fail to recognize that ingredients is only half a successful recipe. Process is the other half. The response from sufferer’s of Celiac Disease (and similar conditions) to Subway’s announcement it was trying out a new, gluten-free version of some of its sandwiches was heavily weighted toward excitement. One of the most frustrating effects of suffering from Celiac’s is, of course, a lack of fast and tasty options for mealtime. We simply can’t run out to Subway or any other traditional “fast food” restaurant for a bite because, well, most of...
It only takes one click ….
Alan Shimel posted a question as a blog post last week regarding the usefulness of anti-virus products on desktops.
I am pretty savvy, try to stay away from sites and links that I am not familiar with and don’t remember the last time I saw a warning from my AV product. I run scan regularly and patch when I am supposed to as well. So do I really need AV? If so is there any value to actually paying for one?
...
The consumerization of IT is well underway. Supporting secure remote access via what are traditionally “consumer” gadgets is a must. In the days when Web 2.0 was forcing its way into IT along with the Millennials the warning went out to IT: either you adopt the technology or you’ll lose control because youngins’ are going to bring it with them whether you like it or not. Since that time the “adopt or else” mantra has been one that IT has had to deal with regarding technology in general. cloud computing , consumer...
Network and applications. Operations and developers. IT and the business. These relationships are technical, personal, and organizational and all require each other to flourish. If you ask someone to describe the kinds of animals that are in the ocean they probably think of odd invertebrates like jellyfish and octopuses and of course the colorful, strange looking fish. They might also mention the corals or in particular the coral reefs – those long stretches of undersea “gardens” in which an exotic array of animals (or are they plants?) make their homes....
Focusing on form factor over function is as shallow and misguided as focusing on beauty over brains.
The saying goes that if all you have is a hammer, everything looks like a nail. I suppose then that it only makes sense that if the only tool you have for dealing with the rapid dynamism of today’s architectural models is virtualization that everything looks like a virtual image. Virtualization is but one way of implementing a dynamic infrastructure capable of the rapid provisioning and configuration gyrations needed to address the fluidity of the “perimeter” of the network today.
Dynamic is not...
It’s not just having partnerships, it’s what you do with them that makes a difference When you’re an application delivery focused organization it kind of behooves you to focus on, well, applications. But since you don’t actually develop the applications yourself, how do you ensure that the policies and solutions you do develop are going to actually work and provide value for those applications? You could adopt an “on the job training” style policy, where you figure out the best configuration and options as you encounter applications, but that may not...
You can put into place technology to mitigate and defend against the effects, but you can’t stop the attack from happening
In the wake of attacks that disrupted service to many popular sites in December the question on many folks’ minds was: how do you prevent such an attack?
My answer to that question was – and continues to be – you can’t. You also can’t prevent an SQLi attack, or an XSS-based attack, or a DDoS directed at your DNS infrastructure. You cannot prevent an attack any more than you can prevent a burglar from targeting your house. You can make...
Sometimes it’s not about how many resources you have but how you use them The premise upon which scalability through cloud computing and highly virtualized architectures is built is the rapid provisioning of additional resources as a means to scale out to meet demand. That premise is a sound one and one that is a successful tactic in implementing a scalability strategy. But it’s not the only tactic that can be employed as a means to achieve scalability and it’s certainly not the most efficient means by which demand can be met. ...
Use network-side scripting, of course!
While just about every developer and information security professional knows that a buffer-overflow exploit can result in the execution of malicious code not many truly grok the “why”. Fortunately, it’s not really necessary for either one to be able to walk through the execution stack and trace the byte-code as it overwrites registers and then jumps to execute it. They know it’s A Very Bad Thing™ and perhaps more importantly they know how to stop it.
SECONDARY and TERTIARY DEFENSE REQUIRED
The best place to prevent a buffer-overflow vulnerability is in the application code. Never...
The right infrastructure will eventually enable providers to suggest the right services for each customer based on real needs. When I was in high school I had a job at a fast food restaurant, as many teenagers often do. One of the first things I was taught was “suggestive selling”. That’s the annoying habit of asking every customer if they’d like an additional item with their meal. Like fries, or a hot apple pie. The reason behind the requirement that employees “suggest” additional items is that studies showed a significant number of customers...
Modern DoS attacks are distributed, diverse and cross the chasm that divides network components from application infrastructure. A unified application delivery platform with multi-layer visibility is the best way to detect and mitigate multi-layer attacks.
The WikiLeaks attacks have taught us that information security strategies must evolve to keep up with the ever-changing attack vectors leveraged against web applications and web sites across the Internet. It’s no longer enough to protect against attack X or Y; it’s now necessary to protect against both – simultaneously.
Because of the role F5 BIG-IP solutions play in application delivery...
Many denial of service attacks boil down to the exploitation of how protocols work and are, in fact, very similar under the hood. Recognizing these themes is paramount to choosing the right solution to mitigate the attack.
When you look across the “class” of attacks used to perpetrate a denial of service attack you start seeing patterns. These patterns are important in determining what resources are being targeted because it provides the means to implement solutions that mitigate the consumption of those resources while under an attack. Once you recognize the underlying cause of a service outage due to an...
It’s not just that attacks are distributed, but that attacks are also diverse in nature – up and down the stack, at the same time.
If Anonymous has taught us anything it’s that the future of information security is in fending off attacks across the breadth and depth of the network stack – and the data center architecture – at the same time. Traditionally DDoS attacks are so-named because the clients are distributed; that is they take advantage of appearing to come from a variety of locations as a means to prevent detection and easy prevention. It’s about the...
Options begin to emerge to address a real management issue with virtualized workloads in public cloud computing .
Anyone familiar with enterprise-class infrastructure and servers knows that lights-out management is a must-have; not just in the event of a failure but also in the face of any event that compromises the ability of an admin or operator from accessing the machine. Lights-out management was early on a “nice to have” that evolved steadily into a “must have” feature not just for servers but for network and infrastructure devices, as well. This was particularly important as we saw the impact...
Convergence, consolidation, and common-sense. When WAN optimization was getting its legs under it as a niche in the broader networking industry it got a little boost from the fact that remote/branch office connectivity was the big focus of data centers and C-level execs in the enterprise. Latency and congested WAN links between corporate data centers and remote offices around the globe were the source of lost productivity. The obvious solution – get thee a fatter pipe – was at the time far too expensive a proposition and, in some cases, not a feasible option. We’d had...
Bridging the gap between data access and cloud storage to enable a critical storage strategy: tiering.
There’s a disconnect between the way in which we access files and the way in which cloud storage providers are offering us access to files stored “in the cloud”. We use well-established file system access methods – CIFS, SMB, NFS – while they provide access via web-based standards, a la HTTP, SOAP, etc…
That means it is difficult to actually leverage cloud storage services directly. There’s a gap between implementations that needs to be addressed if we’re going to leverage cloud storage in...
It’s time to stop talking about imaginary trolls under the cloud bridge and start talking about the real security challenges that exist in cloud computing . I’ve been watching with interest a Twitter stream of information coming out of the Gartner Data Center conference this week related to security. There have been many interesting tidbits that, as expected, are primarily focused on cloud computing and virtualization. That’s no surprise as both are top of mind for IT practitioners, C-level execs, and the market in general. Another unsurprise would...
The debate between private and public cloud is ridiculous and we shouldn’t even be having it in the first place. There’s a growing sector of the “cloud” market that is mobilizing to “discredit” private cloud. That ulterior motives exist behind this effort is certain (as followers of the movement would similarly claim regarding those who continue to support the private cloud) and these will certainly vary based on whom may be leading the charge at any given moment. Reality is, however, that enterprises are going to build “cloud-like” architectural models whether the movement...
That’s “Improvise. Adapt. Overcome.” and it should be if it isn’t. The right tools can help you live up to that motto.
If you Google “Zeus Trojan” you’ll find a wealth of information. Unfortunately all that wealth appears to be draining into the bank accounts of miscreants leveraging the tenacious trojan to steal funds from organizations. Despite attempts by just about everyone to detect and prevent this nasty piece of software from infecting data centers around the world, it continues to mutate and wreak havoc across the globe.
September 28, 2010: Fake...
It is the database tier and its unique characteristics that ultimate determine where an application will be deployed. cloud computing is mostly about “elasticity.” The extraction and contraction of resources based on demand. It is the contraction of resources which is oft times forgotten but without it, cloud computing and highly dynamic, virtualized infrastructures are little more than seamless capacity growth engines. For web and application architectural tiers, the contraction of resources is as much a requirement to realize the benefits of shared, dynamic capacity as the ability to rapidly expand. But in the database...
Why these two are very different but complementary technologies Have you ever wondered why one network product is called a “controller” while another seemingly similar in function solution is called a “gateway”? There’s actually a very good reason for the naming and despite appearing to act similarly they do fill different roles in an architecture and are often called upon to work together. GATEWAYS If you loosely defined a gateway as a “converter” or “translator” you’d be very close to nailing down a simple definition. Gateways act as mediators between...
Balancing security, speed, and scalability is easy if you have the right infrastructure. A dynamic infrastructure. All the talk about “reusing” and “sharing” resources in highly virtualized and cloud computing environments makes it sound as if IT has never before understood how to leverage dynamic, on-demand services before. After all, while Infrastructure 2.0 (dynamic infrastructure) may only have been given its moniker since the advent of cloud computing, it’s not as if it didn’t exist before then and organizations weren’t taking advantage of its flexibility. It’s a lot like devops: we’ve been...