architecture
There are 210 entries for the tag architecture
#infosec #adcfw #cloud Alternate title: How to take out an entire PaaS cloud with one vulnerability Apache Killer. Post of Doom. What do these two vulnerabilities have in common? Right, they’re platform-based vulnerabilities. Meaning they are vulnerabilities peculiar to the web or application server platform upon which applications are deployed. Mitigations for such vulnerabilities generally point to changes in configuration of the platform – limit post size, header value sizes, turn off some value in the associated configuration. But they also have something else in common – risk. And not just risk...
It’s about operational efficiency and consistency, emulated in the cloud by an API to create the appearance of a converged platform In most cases, the use of the term “consolidation” implies the aggregation (and subsequently elimination) of like devices. Application delivery consolidation, for example, is used to describe a process of scaling up infrastructure that often occurs during upgrade cycles. Many little boxes are exchanged for a few larger ones as a means to simplify the architecture and reduce the overall costs (hard and soft) associated with delivering applications. Consolidation. But cloud has opened (or should...
#mobile #vdi #IPv6 In the case of technology – as with mythology - the whole is often greater (and more challenging) than the sum of its parts. The chimera is a mythological beast of scary proportions. Not only is it fairly large, but it’s also got three, independent heads – traditionally a lion, a goat, and a snake. Some variations on this theme exist, but the basic principle remains: it’s a three-headed, angry beast that should not be taken lightly should one encounter it in the hallway. Individually, one might have a strategy to...
#mobile #fasterapp #ccevent Today, at least. Tomorrow, who knows? Some have tried to distinguish between “mobile cloud” and “cloud” by claiming the former is the use of the web browser on a mobile device to access services while the latter uses device-native applications. Like all things cloud, the marketing fluff is purposefully obfuscating and sweeping under the rug the technology required to make things work for consumers, whether those consumers be your kids or IT professionals. Infrastructure is not eliminated when organizations take to the cloud nor do the constraints of web-based protocols and methodologies become...
#mobileThe expansive options consumers revel in creates an identity crisis for IT that is best resolved via context-aware mobile mediation. Back in the days of the browser wars, when standards were still largely ignored and the battle for the desktop was highly competitive, developers had to make choices and compromises. They could either write extensive client-side scripts to detect the user’s browser and address the peculiarities of that environment or they could simply ignore them with a disclaimer that “this site (works best when viewed in | was written for) browser X.” As time...
#infosec #DNS #v11 DNS is like your mom, remember? Sometimes she knows better. Generally speaking, blackhole routing is a problem, not a solution. A route to nowhere is not exactly a good thing, after all. But in some cases it’s an approved and even recommended solution, usually implemented as a means to filter out bad packets at the routing level that might be malformed or are otherwise dangerous to pass around inside the data center. This technique is also used at the DNS layer as a means to prevent responding to queries with known infected or...
#fasterapp If you know these three axioms, then you’ll know application delivery when you see it. Like most technology jargon, there are certain terms and phrases that end up mangled, conflated, and generally misapplied as they gain traction in the wider market. Cloud is merely the latest incarnation of this phenomenon, and there will be others in the future. Guaranteed. Of late the term “application delivery” has been creeping up into the vernacular. That could be because cloud has pushed it to the fore, necessarily. Cloud purports to eliminate the “concern” of...
It’s like unicorns…and rainbows! #mobile Mark my words, the term “mobile” is the noun (or is it a verb? Depends on the context, doesn’t it?) that will replace “cloud” as the most used and abused and misapplied term in technology in the coming year. If I was to find a pitch in my inbox that did not someway invoke the term “mobile” I’d be surprised. The latest one to catch my eye was pitching a survey on the “mobile cloud”. The idea, apparently, around this pitch involving “mobile cloud” is the miraculous capability bestowed upon cloud...
#adcfw The reason bars place bouncers at the door is because it’s easier and less riskier to prevent entry than to root out later No one ever said choosing a career in IT was going to be easy, but no one said it had to be so hard you’d be banging your head on the desk, either. One of the reasons IT practitioners end up with large, red welts on their foreheads is because data centers tend to become more, not less, complex and along with complexity comes operational risk. Security, performance, availability. These three inseparable issues often...
The shift of focus from north-south to east-west networking isn’t just inside the data center, it’s a global phenomenon It’s called “east-west” networking, which when compared to its predecessor, “north-south” networking, evinces images of maelstroms and hurricane winds and tsunamis for some reason. It could be the subtle correlation between the transformative shift this change in networking patterns has on the data center with that of El Niño’s transformative power upon the weather patterns across the globe. Traditionally, data center networks have focused on North-South network traffic. The assumption is that clients on...
Scaling MySQL just got a whole lot easier load balancing MySQL – any database, really – is not a trivial task. Generally speaking one does not simply round robin your way through a cluster of MySQL databases as a means to achieve scalability. It is databases, in fact, that have driven a wide variety of scalability patterns such as sharding and partitioning to achieve the ultimate goal of high-performance and scalability simultaneously. Unfortunately, most folks don’t architect their applications with scalability in mind. A single database is all that’s necessary at first, and because of the...
Stateless infrastructure and highly dynamic networks may eliminate this issue. There is great awareness in both consumer and corporate culture with respect to data and second-hand markets. We know that data stored on devices of all shapes and sizes can be a potential source of sensitive information loss if not carefully eliminated before sale or disposal. But consider, too, the potential value of picking up a second-hand switch or router from e-Bay that has not been carefully wiped of all configuration data. ACLs, routing tables, VLANs, comments. These configuration details are often left on infrastructure even...
#devops An ecosystem-based data center approach means accepting the constancy of change… It is an interesting fact of life for aquarists that the term “stable” does not actually mean a lack of change. On the contrary, it means that the core system is maintaining equilibrium at a constant rate. That is, the change is controlled and managed automatically either by the system itself or through the use of mechanical and chemical assistance. Sometimes, those systems need modifications or break (usually when you’re away from home and don’t know it and couldn’t do anything about it if you...
#devops It’s a simple equation, but one that is easily overlooked. Most folks recall, I’m sure, the Pythagorean Theorem. If you don’t, what’s really important about the theorem is that any side of a right triangle can be computed if you know the other sides by using the simple formula a2 + b2 = c2. The really important thing about the theorem is that it clearly illustrates the relationship between three different pieces of a single entity. The lengths of the legs and hypotenuse of a triangle are intimately related; variations in one impact...
Why a full-proxy architecture is important to both infrastructure and data centers.
In the early days of load balancing and application delivery there was a lot of confusion about proxy-based architectures and in particular the definition of a full-proxy architecture. Understanding what a full-proxy is will be increasingly important as we continue to re-architect the data center to support a more mobile, virtualized infrastructure in the quest to realize IT as a Service.
THE FULL-PROXY PLATFORM
The reason there is a distinction made between “proxy” and “full-proxy” stems from the handling of connections as they flow through the device. All proxies...
There’s a significant difference between a platform and a product, especially when it comes to architecting a dynamic data center In the course of nearly a thousand blogs it’s quite likely you’ve seen BIG-IP referenced as a platform, and almost never as a product. There’s a reason for that, and it’s one that is increasingly becoming important as organizations begin to look at some major transformations to their data center architecture. It’s not that BIG-IP isn’t a product. Ultimately, of course, it is in the traditional sense of the word. But it’s also a...
Arises the fourth data center architecture tier – application delivery. The battle of efficiency versus economy continues in the division of the cloud market between public and private environments. Public cloud proponents argue, correctly, that private cloud simply does not offer the same economy of scale as that of public cloud. But that only matters if economy of scale is more important than the efficiency gains realized through any kind of cloud computing implementation. Cloud for most organizations has been recognized as transformational not necessarily in where the data center lives, but rather...
#HTML5 Web Sockets are poised to completely change scalability models … again. Using Web Sockets instead of XMLHTTPRequest and AJAX polling methods will dramatically reduce the number of connections required by servers and thus has a positive impact on performance. But that reliance on a single connection also changes the scalability game, at least in terms of architecture. Here comes the (computer) science… If you aren’t familiar with what is sure to be a disruptive web technology you should be. Web Sockets, while not broadly in use (it is only a specification, and a...
Being too quick to shout “cloud” when the solution may be found elsewhere can lead to unintended consequences. As with all technology caught up in the hype cycle, cloud computing is often attributed with being “the solution” to problems irrespective of reality. Cloud is suddenly endowed with supernatural powers, able to solve every business and operational challenge merely by being what it is. Take, for example, the attribution of cloud as being “the solution” to the very real issue of severe snow in the UK. Cloud solutions can...
#infosec #apt Advanced persistent threats are the new black in security. A more context-aware architecture may help avoid compromise and the ensuing ambush. Meet the new attack, same as the old attack. That’s because it is an old attack. Really. It’s an attack that’s already been executed, the results of which have lain dormant waiting for the highest bidder to lease it out. Advanced persistent threats or APT are not new, but because of their longevity are only beginning to receive the attention they deserve. An APT is so named because the exploit mechanism is deposited long before...
Cloud needs to become a platform, and that means its comprising infrastructure must also embrace the platform paradigm. There’s been a spate of articles, blogs, and mentions of OpenFlow in the past few months. IBM was the latest entry into the OpenFlow game, releasing an enabling RackSwitch G8264, an update of a 64-port, 10 Gigabit Ethernet switch IBM put out a year ago. Interest in the specification appears to be growing and not just because it’s got the prefix-du-jour as part of its name, implying everything to everyone – free, extensible, interoperable, etc… While all those modifiers are...
Infrastructure architecture is often the answer to many of IT’s most challenging issues. It is a fact of IT that different businesses have different technical requirements in terms of security, processing, performance, and even storage. In many organizations, particularly those that transport sensitive personal or financial information, end-to-end encryption is a must. At first glance this seems to be a fairly simple thing – enable a secure transport from client to server and vice-versa and voila! But further exploration reveals that this isn’t the case, primarily because it’s never a straight shot between the client and the server...
Examining architectures on which hybrid clouds are based… IT professionals, in general, appear to consider themselves well along the path toward IT as a Service with a significant plurality of them engaged in implementing many of the building blocks necessary to support the effort. IaaS, PaaS, and hybrid cloud computing models are essential for IT to realize an environment in which (manageable) IT as a Service can become reality. That IT professionals –65% of them to be exact – note their organization is in-progress or already completed with a hybrid cloud implementation is telling, as it indicates a...
Examining architectures on which hybrid clouds are based… IT professionals, in general, appear to consider themselves well along the path toward IT as a Service with a significant plurality of them engaged in implementing many of the building blocks necessary to support the effort. IaaS, PaaS, and hybrid cloud computing models are essential for IT to realize an environment in which (manageable) IT as a Service can become reality. That IT professionals –65% of them to be exact – note their organization is in-progress or already completed with a hybrid cloud implementation is telling, as...
Application delivery infrastructure can be a valuable partner in architecting solutions …. AJAX and JSON have changed the way in which we architect applications, especially with respect to their ascendancy to rule the realm of integration, i.e. the API. Policies are generally focused on the URI, which has effectively become the exposed interface to any given application function. It’s REST-ful, it’s service-oriented, and it works well. Because we’ve taken to leveraging the URI as a basic building block, as the entry-point into an application, it affords the opportunity to optimize architectures and make more efficient the...
When nearly half of folks experienced a stateful firewall failure under attack last year[1], maybe more of the same isn’t the right strategy. [1] Arbor Networks, Network Infrastructure Security Report Connect with Lori: Connect with F5: ...
When abstraction becomes a distraction, cloud computing becomes a realm of architectural limbo… Cloud. It sounds so grand in NIST’s description; full of promises with respect to the ability to provision and manage resources without having to muck around in the trenches. Compute! Network! Storage! Cheap, efficiently provisioned resources in minutes, not months! The siren call of cloud continues to lure many a curious folk, only to trap it in what is rapidly becoming architectural limbo. Differing slightly from the original meaning, in colloquial speech, "limbo" is any status where a person...
The secret to live migration isn’t just a fat, fast pipe – it’s a dynamic infrastructure Very early on in the cloud computing hype cycle we posited about different use cases for the “cloud”. One that remains intriguing and increasingly possible thanks to a better understanding of the challenges associated with the process is cloud bursting. The first time I wrote about cloud bursting and detailed the high-level process the inevitable question that remained was, “Well, sure, but how did the application get into the cloud in the first place?” Back then there was no...
#devops #cloud If your goal is IT as a Service, then at some point you have to actually service-enable the policies that govern IT infrastructure.
My eldest shared the story of “The Turk” recently and it was a fine example of how appearances can be deceiving – and of the power of abstraction. If you aren’t familiar with the story, let me briefly share before we dive in to how this relates to infrastructure and, specifically, IT as a Service.
The Turk, the Mechanical Turk or Automaton Chess Player was a fake chess-playing machine constructed in the late 18th century.
The...
It’s how much load that really generates and how it scales to meet the challenge. There’s some amount of debate whether Facebook really crossed over the one trillion page view per month threshold. While one report says it did, another respected firm says it did not; that its monthly page views are a mere 467 billion per month. In the big scheme of things, the discrepancy is somewhat irrelevant, as neither show the true load on Facebook’s infrastructure – which is far more impressive a set of numbers than its externally measured “page view”...
Examining responsibility for auto-scalability in cloud computing environments.
[ If you’re coming in late, you may want to also read previous entries on the network and the application ]
Today, the argument regarding responsibility for auto-scaling in cloud computing as well as highly virtualized environments remains mostly constrained to e-mail conversations and gatherings at espresso machines. It’s an argument that needs more industry and “technology consumer” awareness, because it’s ultimately one of the underpinnings of a dynamic data center architecture; it’s the piece of the puzzle that makes or breaks one of the highest value propositions of cloud computing...
Examining responsibility for auto-scalability in cloud computing environments.
[ If you’re coming in late, you may want to also read the previous entry on application-driven scalability ]
Today, the argument regarding responsibility for auto-scaling in cloud computing as well as highly virtualized environments remains mostly constrained to e-mail conversations and gatherings at espresso machines. It’s an argument that needs more industry and “technology consumer” awareness, because it’s ultimately one of the underpinnings of a dynamic data center architecture; it’s the piece of the puzzle that makes or breaks one of the highest value propositions of cloud computing and virtualization:...
Examining responsibility for auto-scalability in cloud computing environments.
Today, the argument regarding responsibility for auto-scaling in cloud computing as well as highly virtualized environments remains mostly constrained to e-mail conversations and gatherings at espresso machines. It’s an argument that needs more industry and “technology consumer” awareness, because it’s ultimately one of the underpinnings of a dynamic data center architecture; it’s the piece of the puzzle that makes or breaks one of the highest value propositions of cloud computing and virtualization: scalability.
The question appears to be a simple one: what component is responsible not only for recognizing the need...
When you get down to the architectures involving cloud – whether on or off-premise or hybrid – it’s really all about integrating infrastructure. It remains to be seen if network and operations are better off never using the word “integration” given the nearly violent negative reasons one sees in the development and architecture sides of IT to the word. Integration, even after the introduction of SOA and the nearly messianic view of the role of the enterprise service bus (ESB) in saving us from the horrors of traditional enterprise application integration (EAI), remains problematic for IT. Standards weren’t,...
#infosec #infra2 If you take one thing away from the ability to programmatically control infrastructure components take this: it’s imperative to maintaining a positive security posture You’ve heard it before, I’m sure. The biggest threat to organizational security is your own employees. Most of the time we associate that with end-users who may with purposeful intent to do harm carry corporate information offsite but just as frequently we cite employees who intended no harm – they simply wanted to work from home and then Murphy’s Law took over, resulting in the inadvertent loss of that sensitive...
#v11 #HTML5 will certainly have an impact on web applications, but not nearly as much as hoped on the #mobile application market There’s a war on the horizon. But despite appearances, it’s a war for interactive web application dominance, and not one that’s likely to impact very heavily the war between mobile and web applications. First we have a report by ABI Research indicating a surge in the support of HTML5 on mobile devices indicating substantially impressive growth over the next five years. More than 2.1 billion mobile...
Making the case for a stateless infrastructure model. cloud computing appears to have hit a plateau with respect to infrastructure services. We simply aren’t seeing even a slow and steady offering by providers of the infrastructure services needed to deploy mature enterprise-class applications. An easy answer as to why this is the case can be found in the fact that many infrastructure services while themselves commoditized are not standardized. That is, while the services are common to just about every data center infrastructure the configuration, policies and APIs are not. But this is somewhat analogous to applications,...
Pondering the impact of cloud and Web 2.0 on traditional middleware messaging-based architectures and PaaS.
It started out innocently enough with a simple question, “What exactly *is* the model for PaaS services scalability? If based on HTTP/REST API integration, fairly easy. If native middleware… input?” You’ll forgive the odd phrasing – Twitter’s limitations sometimes make conversations of this nature … interesting.
The discussion culminated in what appeared to be the sentiment that middleware was mostly obsolete with respect to PaaS.
THE OLD WAY
Very briefly for those of you who are more infrastructure / network minded than application architecture fluent,...
#v11 #vcmp #scaleN #iApp It’s time to bring the benefits of server virtualization, rapid provisioning and efficient, flexible scalability models to the network. Many of you know I’m a developer by trade and gained my networking stripes after joining Network Computing Magazine around the turn of the century. I focused heavily on application-centric solutions (sometimes much to my chagrin; consider evaluating ERP solutions for a moment and I’m sure you’ll understand why) but I was also tasked with reviewing networking solutions. In particular, the realm of load balancing and application delivery fell squarely to me for...
We need to start focusing on improving the application deployment processes that all too often are the bulk of time spent trying to get an application out the door. The application deployment process is broken. Oh, I know it looks like it’s actually improving, but it’s not. Virtualization came along and took the low hanging fruit off the application deployment tree and paid no never mind to those still waiting in the upper branches. While applications are easy to provision today thanks to the wonders of virtualization, the rest of the infrastructure still is...
JSON Activity Streams offers some interesting new scalability pattern possibilities via layer 7 (application) switching. One of the most interesting aspects of deploying applications is figuring out how to scale them. There’s many options, from simple scale out and scale up to more advanced architectural designs that take advantage of external, application switching services. The flexibility in the latter has become more obvious with the advent of not just cloud computing , but its underlying virtualized auto-scaling technologies. Combined with more targeted scalability strategies, infrastructure services provide a more operationally and financially efficient means of scaling...
The former is easy. The latter? Not so much. In the many, many – really, many – posts I’ve penned regarding cloud computing , and in particular the notion of Intercloud, I’ve struggled to come up with a way to simply articulate the problem inherent in current migratory and, for that matter, interoperability models. Recently I found the word I had long been groping for: architecture. Efforts from various working groups, standards bodies and even individual vendors still remain focused on an application; a packaged up application with a sprinkling of meta-data designed to make a...
The dynamic data center of the future, enabled by IT as a Service, is stateless. One of the core concepts associated with SOA – and one that failed to really take hold, unfortunately – was the ability to bind, i.e. invoke, a service at run-time. WSDL was designed to loosely couple services to clients, whether they were systems, applications or users, in a way that was dynamic. The information contained in the WSDL provided everything necessary to interface with a service on-demand without requiring hard-coded integration techniques used in the past. The theory was you’d find an appropriate...
The choice of load balancing algorithms can directly impact – for good or ill – the performance, behavior and capacity of applications. Beware making incompatible choices in architecture and algorithms. One of the most persistent issues encountered when deploying applications in scalable architectures involves sessions and the need for persistence-based (a.k.a. sticky) load balancing services to maintain state for the duration of an end-user’s session. It is common enough that even the rudimentary load balancing services offered by cloud computing providers such as Amazon include the option to enable persistence-based load balancing. While...
If Amazon’s Availability Zone strategy had worked as advertised its outage would have been non-news. But then again, no one really knows what was advertised… There’s been a lot said about the Amazon outage and most of it had to do with cloud and, as details came to light, about EBS (Elastic Block Storage). But very little mention was made of what should be obvious: most customers didn’t – and still don’t - know how Availability Zones really work and, more importantly, what triggers a fail over. What’s worse, what triggers a fail back? Amazon’s documentation...
It’s not enough to have a strategic point of control; you’ve got to use it, too. One of the primary threats to the positive operational posture of an organization is that of extremely heavy load. Whether it’s from a concerted effort to take down the site (DDoS) or simply an unanticipated flood of legitimate users is really not as important to today’s discussion as understanding the impact both can have not just on your applications, but on their supporting infrastructure. You know, the network “stuff” that sits between the client and your applications, defending...
But rather it is the ability to compensate for it. Redundancy. It’s standard operating procedure for everyone who deals with technology – even consumers. Within IT we’re a bit more stringent about how much redundancy we build into the data center. Before commoditization and the advent of cheap computing (a.k.a. cloud computing ) we worried about redundant power supplies and network connections. We leveraged fail-over as a means to ensure that when the inevitable happened, a second, minty-fresh server/application/switch was ready to take over without dropping so much as a single packet on the data...
Desktops aren’t GPS-enabled but don’t let that stop you from providing hyperlocal information to all your fans. IMAGE from macmillan buzzword dictionary Two people are sitting in an Internet-enabled café. Let’s call the café Starbucks. One of them is using an iPhone or iPad while having a Hoffachino to find out what’s going on in the area. One of them is using a laptop to do the same. One of these two people is likely to get more accurate responses with less work. Which one is it? ...
You’re still asking the wrong questions about cloud computing .
The city of Santa Clara is covered by a cloud this week, but not the kind of clouds most folks associate with California. CloudConnect 2011 is gearing up for a week of sessions and workshops, thought-provoking panels and general conversation on a topic that continues to be top of mind for everyone from press to analysts to IT professionals.
“Everyone” is going to be there. Well, everyone but me.
Now you might think that’s odd, that a co-chair of a track at a conference wouldn’t attend the show. My cohort...
A reference architecture is a solution with the “some assembly required” instructions missing.
As a developer and later an enterprise architect, I evaluated and leveraged untold number of “reference architectures.” Reference architectures, in and of themselves, are a valuable resource for organizations as they provide a foundational framework around which a concrete architecture can be derived and ultimately deployed.
As data center architecture becomes more complex, employing emerging technologies like cloud computing and virtualization, this process becomes fraught with difficulty. The sheer number of moving parts and building blocks upon which such a framework must be laid is...
We need to remember that operations isn’t just about deploying applications, it’s about deploying applications within a much larger, interdependent ecosystem.
One of the key focuses of devops – that hardy movement that seeks to bridge the gap between development and operations – is on deployment. Repeatable deployment of applications, in particular, as a means to reduce the time and effort that goes into the deployment of applications into a production environment.
But the focus is primarily on the automation of application deployment; on repeatable configuration of application infrastructure such that it reduces time, effort, and human error. Consider a...
The claim a company is not a “true security company” because they don’t focus solely on security products is a red herring.
If I ask you to define a true security company, you might tend to fall back on the most obvious answer, “Well, it’s a company that focuses on security.”
And then I would ask, “Security of what?”
And then you might answer, “Well, of whatever it is the product secures, of course.”
Of course. What it boils down to is that the most common definition of a “security company” is one that focuses solely on providing solutions designed...
A: They’re both more what you’d call “guidelines” than actual rules. An almost irrefutable fact of application design today is the need for a database, or at a minimum a data store – i.e. a place to store the data generated and manipulated by the application. A second reality is that despite the existence of database access “standards”, no two database solutions support exactly the same syntax and protocols. Connectivity standards like JDBC and ODBC exist, yes, but like SQL they are variable, resulting in just slightly different enough implementations to effectively cause...
Do you really need a firewall to secure web and application services? Some organizations would say no based on their experiences while others are sure to quail at the very thought of such an unnatural suggestion.
Firewalls are, in most organizations, the first line of defense for web and application services. This is true whether those services are offered to the public or only to off-site employees via secure remote access. The firewall is, and has been, the primary foundation around which most network security architectures are built.
We’ve spent years designing highly-available, redundant architectures that include the firewall....
The definition of “broken” in IT is a lot more variable than in the real world. Sometimes you should follow the strategy not taken.
Don and I maintain a number of servers on which we run various web sites for fun.
Early on we determined we really did need a firewall both because we wanted to better control our young children’s access to the Internet and to prevent unwanted visitors. We happened to have one land in our laps. For the past – well, many years now - it’s been running with nary a glitch to trip us up. In other...
Database as a service is part of an emerging model that should be evaluated as an architecture, not based on where it might be deployed These days everything is being delivered “as a Service”. Compute, storage, platforms, IT, databases. The concept, of course, is sound and it is generally speaking a good one. If you’re going to offer an environment in which applications can be deployed, you’d best offer the services appropriate to the deployment and delivery of that application. And that includes data services; some kind of database. ...
Cloud is about achieving a steady state where dynamism is the norm but actions and reactions are in perfect balance. It’s called “dynamic equilibrium” and you’ll need to pass Cloud Chemistry 101 to get there. When you were a kid you might have had a goldfish. It lived in a bowl of water and you fed it and if you were lucky it lived for quite a while. You certainly didn’t concern yourself with things like water quality (unless the water started turning green, of course) or pH or alkalinity or gas exchange rates. Circulation...
Claiming SSL is not computationally expensive is like saying gas is not expensive when you don’t have to drive to work every day.
My car is eight years old this year. It has less than 30,000 miles on it.
Yes, you heard that right, less than 30,000 miles. I don’t drive my car very often because, well, my commute is a short trip down two flights of stairs. I don’t need to go very far when I do drive it’s only ten miles or so round trip to the grocery store. So from my perspective, gas isn’t really very...
Network and applications. Operations and developers. IT and the business. These relationships are technical, personal, and organizational and all require each other to flourish. If you ask someone to describe the kinds of animals that are in the ocean they probably think of odd invertebrates like jellyfish and octopuses and of course the colorful, strange looking fish. They might also mention the corals or in particular the coral reefs – those long stretches of undersea “gardens” in which an exotic array of animals (or are they plants?) make their homes....
The debate between private and public cloud is ridiculous and we shouldn’t even be having it in the first place. There’s a growing sector of the “cloud” market that is mobilizing to “discredit” private cloud. That ulterior motives exist behind this effort is certain (as followers of the movement would similarly claim regarding those who continue to support the private cloud) and these will certainly vary based on whom may be leading the charge at any given moment. Reality is, however, that enterprises are going to build “cloud-like” architectural models whether the movement...
It is the database tier and its unique characteristics that ultimate determine where an application will be deployed. cloud computing is mostly about “elasticity.” The extraction and contraction of resources based on demand. It is the contraction of resources which is oft times forgotten but without it, cloud computing and highly dynamic, virtualized infrastructures are little more than seamless capacity growth engines. For web and application architectural tiers, the contraction of resources is as much a requirement to realize the benefits of shared, dynamic capacity as the ability to rapidly expand. But in the database...
Like candy bars, it’s just a lot less messier than the alternative. Caramel. Chocolate nougat. Coconut. No matter what liquid, flowing, tasty goodness is hidden inside a chocolate bar, without the chocolate shell to hold it we’d be in whole a lot of trouble because your mom would so be on you for that mess, let me tell you. Every food-stuff that is liquid or gooey or both is encased in some sort of shell; even the tasty Swiss cheese and prosciutto hidden inside chicken cordon bleu is wrapped...
There are many logical fallacies, some more recognizable than others. Today’s lesson is brought to you by the logical fallacy “equivocation” and the term “multi-tenant”. Definition: Equivocation is sliding between two or more different meanings of a single word or phrase that is important to the argument. LOGIC DICTATES YOU SHOULD BACK UP and TRY AGAIN Say “cloud” and ask for a definition today and you’ll still get about 1.2 different answers for every three people in the room. It’s just a rather nebulous technology that’s hard to nail down and because it’s...
A deeper dive on how to apply scalability best practices using infrastructure services. So it’s all well and good to say that you can apply scalability patterns to infrastructure and provide a high-level overview of the theory but it’s always much nicer to provide more detail so someone can actually execute on such a strategy. Thus, today we’re going to dig a bit deeper into applying a scalability pattern – horizontal partitioning, to be exact – to an application infrastructure as a means to scale out an application in a way that’s efficient and supports growth...
Authentication is not enough. Authorization is a must for all integrated services – whether infrastructure components, applications, or management frameworks. If you’ve gone through the process of allowing an application access to Twitter or Facebook then you’ve probably seen OAuth in action. Last week a mini-storm was a brewing over such implementations, primarily regarding the “overly-broad permission structure” implemented by Twitter. Currently Twitter application developers are given 2 choices when registering their apps – they can either request “read-only access” or “read & write” access. For Twitter “read & write”...
Need it you do, even if know it you do not. But you will…heh. You will.
With all the attention being paid these days to VDI (virtual desktop infrastructure) and application virtualization and server virtualization and <insert type> virtualization it’s easy to forget about network-based application virtualization. But it’s the one virtualization technique you shouldn’t forget because it is a foundational technology upon which myriad other solutions will be enabled.
WHAT IS NETWORK-BASED APPLICATION VIRTUALIZATION?
This term may not be familiar to you but that’s because since its inception oh, more than a...
Rackspace steps up to the plate with a new hybrid architectural solution. Earlier this year we talked about the “other” hybrid architecture; the one that lives out there, in the cloud, but that combines two different deployment models: applications deployed on co-located servers that are imbued with elasticity by taking advantage of the same provider’s cloud computing offering. Throughout the year I’ve posited (nearly harped upon) the reality that because most organizations are not greenfields, hybrid architectures will be the norm. This is especially true with applications that have consistent...
Devops and infrastructure 2.0 is really trying to scale the last bottleneck in operations: people. But the corollary is also true: don’t think you can depend solely on machines. One of the reasons it’s so easy for folks to fall into the “Trough of Disillusionment” regarding virtualization and cloud computing is because it sounds like it’s going to magically transform operations. Get rid of all those physical servers by turning them into virtual ones and voila! All your operational bottlenecks go away, right? Nope. What the removal of physical devices...
A deeper dive on how to apply scalability patterns at the infrastructure layer. So it’s all well and good to say that you can apply scalability patterns to infrastructure and provide a high-level overview of the theory but it’s always much nicer to provide more detail so someone can actually execute on such a strategy. Thus, today we’re going to dig a bit deeper into applying a scalability pattern – vertical partitioning, to be exact – to an application infrastructure as a means to scale out an application in a way that’s efficient and supports growth...
If you’re replicating session state across application servers you probably need to rethink your strategy. There’s other options – more efficient options – than wasting RAM and, ultimately, money. Although the discussion of Oracle’s “cloud in a box” announcement at OpenWorld dominated much of the tweet-stream this week there were other discussions going on that proved to not only interesting but a good reminder of how cloud computing has brought to the fore the importance of architecture. Foremost in my mind was what started as a lamentation on the fact that Amazon EC2...
Managing a datacenters is often like managing a multi-generational family – you’ve got applications across a variety of life stages that need to be managed individually, and keeping costs down while doing so is a concern.
Those who know Don and I know we have a multi-generational family. Our oldest son is twenty-three and “The Toddler” is, well, almost three. There’s still “The Teenager” at home, and there’s also a granddaughter in there who is, well, almost three, so we’ve got a wide variety of children across which we have to share our limited resources.
Each one, of course,...
Infrastructure 2.0 ≠ cloud computing ≠ IT as a Service. There is a difference between Infrastructure 2.0 and cloud. There is also a difference between cloud and IT as a Service. But they do go together, like a parfait. And everybody likes a parfait… The introduction of the newest member of the cloud computing buzzword family is “IT as a Service.” It is understandably causing some confusion because, after all, isn’t that just another way to describe “private cloud”? No, actually it isn’t. There’s a lot more to it than that, and it’s very applicable...
Too often software design patterns are overlooked by network and application delivery network architects but these patterns are often equally applicable to addressing a broad range of architectural challenges in the application delivery tier of the data center.
The “High Scalability” blog is fast becoming one of my favorite reads. Last week did not disappoint with a post highlighting a set of scalability design patterns that was, apparently, inspired by yet another High Scalability post on “6 Ways to Kill Your Servers: Learning to Scale the Hard Way.”
...
Knowing the algorithms is only half the battle, you’ve got to understand a whole lot more to design a scalable architecture.
Citrix’s Craig Ellrod has a series of blog posts on the basic (industry standard) load balancing algorithms. These are great little posts for understanding the basics of load balancing algorithms like round robin, least connections, and least (fastest) response time. Craig’s posts are accurate in their description of the theoretical (designed) behavior of the algorithms. The thing that’s missing from these posts (and maybe Craig will get to this eventually) is context. Not the context...
Normalizing deployment environments from dev through production can eliminate issues earlier in the application lifecycle, speed time to market, and gives devops the means by which their emerging discipline can mature with less risk.
One of the big “trends” in cloud computing is to use a public cloud as an alternative environment for development and test. On the surface, this makes sense and is certainly a cost effective means of managing the highly variable environment that is development. But unless you can actually duplicate the production environment in a public cloud, the benefits might be offset by the...
Multi-tenancy encompasses the management of heterogeneous business, technical, delivery, and security models.
Last week, during what was certainly an invigorating if not agonizingly redundant debate regarding the value of public versus private cloud computing , it was suggested that perhaps if we’d just refer to “private cloud” computing as “single-tenant cloud” all would be well.
I could point out that we’ve been over this before, and that the value proposition of shared infrastructure internal to an “organization” is the sharing of resources across projects, departments, and lines of business all of which are endowed with their very own budgets. There...
An impassioned plea from a devops blogger and a reality check from a large enterprise highlight a growing problem with devops evolutions – not enough dev with the ops.
John E. Vincent offered a lengthy blog on a subject near and dear to his heart recently: devops. His plea was not to be left behind as devops gains momentum and continues to barrel forward toward becoming a recognized IT discipline. The problem is that John, like many folks, works in an enterprise. An enterprise in which not only the existence of legacy and traditional solutions require a bit more...
When strategies are formed it quickly becomes obvious that cloud computing is more about balance than anything else. At a time when you’d think cloud computing would be the primary “go to” strategy for managing scale and rapid growth multiple well-known and demanding organizations are building their own data centers instead. With all the hype around cloud being faster, cheaper, and more efficient these folks must be crazy, right? Not at all. In fact, these moves illustrate the growing friction between the economy of scale offered by cloud computing and the control and flexibility...
Web applications that count on the advantage of not having a bloated desktop footprint need to keep one eye on the scale… A recent article on CloudAve that brought back the “browser versus native app” debate caught my eye last week. After reading it, the author is really focusing on that piece of the debate which dismisses SaaS and browser-based applications in general based on the disparity in functionality between them and their “bloated desktop” cousins. Why do I have to spend money on powerful devices when I can get an experience almost...
As the majority of an application’s presentation layer logic moves to the client it induces changes that impact the entire application delivery ecosystem
The increase in mobile clients, in demand for rich, interactive web applications, and the introduction of the API as one of the primary means by which information and content is shared across applications on the web is slowly but surely forcing a change back toward a traditional three-tiered architecture, if not in practice then in theory. This change will have a profound impact on the security, delivery, and scalability of the application but it also forces changes in...
Google finally catches on and begins to develop what application delivery vendors have been doing for years. It’s a primary axiom of web operations and networking: speed matters. One has only to look at the number of niche products that focus on speed: WAN optimization, application acceleration, caching, content delivery networks, and continuing increases in the core speeds and feeds of our networks. So it shouldn’t be a surprise when “cloud” providers start talking about performance as a differentiator, which is exactly what Google recently noted at the Velocity conference. The average...
Like most architectural decisions the choice between hardware and virtual server are not mutually exclusive.
The argument goes a little something like this: The increases in raw compute power available in general purpose hardware eliminates the need for purpose-built hardware. After all, if general purpose hardware can sustain the same performance for SSL as purpose-built (specialized) hardware, why pay for the purpose-built hardware? Therefore, ergo, and thusly it doesn’t make sense to purchase a hardware solution when all you really need is the software, so you should just acquire and deploy a virtual network appliance.
The argument, which at...
Service virtualization is the opposite of – and complementary implementation to – server virtualization. One of the biggest challenges with any implementation of elastic scalability as it relates to virtualization and cloud computing is managing that scalability at run-time and at design (configuration) time. The goal is to transparently scale out some service – network or application – in such a way as to eliminate the operational disruption often associated with scaling up (and down) efforts. Service virtualization allows virtually any service to be transparently scaled out with no negative impact to the service and,...
Like most architectural decisions the two goals do not require mutually exclusive decisions. The difference between fault isolation and fault tolerance is not necessarily intuitive. The differences, though subtle, are profound and have a substantial impact on data center architecture. Fault tolerance is an attribute of systems and architecture that allow it to continue performing its tasks in the event of a component failure. Fault tolerance of servers, for example, is achieved through the use of redundancy in power-supplies, in hard-drives, and in network cards. In an architecture, fault tolerance is also achieved through...
End-to-end is a popular term in marketing circles to describe some feature that acts across an entire “something.” In the case of networking solutions this generally means the feature acts from client to server. For example, end-to-end protocol optimization means the solution optimizes the protocol from the client all the way to the server, using whatever industry standard and proprietary, if applicable, techniques are available. But end-to-end is not necessarily an optimal solution – not from a performance perspective, not from a CAPEX or OPEX perspective, and certainly not from a dynamism perspective. The better option, the more...
Minimizing the impact of code changes on multi-tenant applications requires a little devops “magic” and a broader architectural strategy
Ignoring the unavoidable “cloud outage” hysteria that accompanies any Web 2.0 application outage today, there’s been some very interesting analysis of how WordPress – and other multi-tenant Web 2.0 applications – can avoid a similar mistake. One such suggestion is the use of a “feathered release schedule”, which is really just a controlled roll-out of a new codebase as a means to minimize the impact of an error. We’d call this “fault isolation” in data center architecture 101. It turns out...
If we look at cloud in terms of what it does offer instead of what it doesn’t, we may discover more useful architectures than were previously thought to exist.
I have a fairly large, extended family. While I was growing up we gathered at our grandparent’s home during the holidays for, of course, a meal. Grandma would put extra chairs around the table but because she had five children (and spouses) there really wasn’t any room for us grandchildren. So we got to sit … at the little kid’s table. Eventually we weren’t “little kids” any more and we all...
Hidden deep within an article on scalability was a fascinating insight. Once you read it, it makes sense, but because cloud computing forces our attention to the logical (compute resources) rather than the physical (hardware) it’s easy to overlook. “Cloud computing is actually making this problem a little bit worse,” states Leach [CTO of domain registrar Name.com], “because it is so easy just to throw hardware at the problem. But at the end of the day, you’ve still got to figure, ‘I shouldn’t have to have all this hardware when my site doesn’t...
Just when you thought the misconceptions regarding cloud computing couldn’t get any worse…they do. We have, in general, moved past the question “what is cloud” and onto “what do I need to do to move an application to the cloud?” But the question “what is cloud” appears not to have reached consensus and thus advice on how to move an application into the cloud might be based on an understanding of cloud that is less than (or not at all) accurate. The problem is exacerbated by the reality that there are several types or models...
Three simple action items can help ensure your next infrastructure refresh cycle leaves your data center prepared and smelling minty fresh*. Most rational folks agree: public cloud computing will be an integral piece of data center application deployment strategy in the future, but it will not replace IT. Just as Web 2.0 did not make extinct the client-server model (which did not completely eradicate the mainframe model) neither will public cloud computing marginalize the corporate data center. But it will be a part of that data center; integrated and controlled and leveraged via the new...
Almost every definition of cloud, amongst the myriad definitions that exist, include the notion of multi-tenancy, a.k.a. the ability to isolate customer-specific traffic, data, and configuration of resources using the same software and interfaces. In the case of SaaS (Software as a Service) multi-tenancy is almost always achieved via a database and configuration, with isolation provided at the application layer. This form of multi-tenancy is the easiest to implement and is a well-understood model of isolation. In the case of IaaS (Infrastructure as a Service) this level of isolation is primarily achieved through server virtualization and configuration, but...
Extending identity management into the cloud
The focus of several questions I was asked at Interop involved identity management and application access in a cloud computing environment. This makes sense; not all applications that will be deployed in a public cloud environment are going to be “customer” or “market” focused. Some will certainly be departmental or business unit applications designed to be used by employees and thus require a certain amount of access control and integration with existing identity management stores, like Active Directory.
Interestingly F5 isn’t the only one...
Everyone has likely seen the optical illusion of the vase in which, depending on your focus, you either see a vase or two faces. This particular optical illusion is probably the best allegorical image for IT and in particular cloud computing I can imagine. Depending on your focus within IT you’re either focused on – to borrow some terminology from SOA – design-time or run-time management of the virtualized systems and infrastructure that make up your data center. That focus determines what particular aspect of management you view as most critical, and unfortunately makes it...
My mother’s latest project is projected to be over-budget. Thanks to a change in the way projects are allocated she now has X dollars instead of Y hours. Her project needed 50,000 “IT” hours (yes, she actually did the quote thing with her fingers when she said that), but now it can only have 45,000 “IT” hours because the “cost” (yes, she actually did the quote thing with her fingers when she said that, too, because enterprise dollars are more like Monopoly money than real money) of IT has increased by a few dollars per hour and she was...
The biggest disadvantage organizations have when embarking on a “we’re going cloud” initiative is that they’re already saddled with an existing infrastructure and legacy applications. That’s no surprise as it’s almost always true that longer-lived enterprises are bound to have some “legacy” applications and infrastructure sitting around that’s still running just fine (and is a source of pride for many administrators – it’s no small feat to still have a Novell file server running, after all). Applications themselves are almost certainly bound to rely on some of that “legacy” infrastructure and integration and let’s not even discuss the complex...
When you combine virtualization with auto-scaling without implementing proper controls you run the risk of scaling yourself silly or worse – broke.
You virtualized your applications. You set up an architecture that supports auto-scaling (on-demand) to free up your operators. All is going well, until the end of the month.
Applications are failing. Not just one, but all of them. After hours of digging into operational dashboards and logs and monitoring consoles you find the problem: one of the applications, which experiences extremely heavy processing demands at the end of the month, has scaled itself out too far and...
When co-location meets cloud computing the result is control, consistency, agility, and operational cost savings. Generally speaking when the term “hybrid” as an adjective to describe a cloud computing model it’s referring to the combining of a local data center with a distinct set of off-premise cloud computing resources. But there’s another way to look at “hybrid” cloud computing models that is certainly as relevant and perhaps makes more sense for adoptees of cloud computing for whom there simply is not enough choice and control over infrastructure solutions today. Cloud computing providers have generally arisen from...
Invariably when new technology is introduced it causes an upheaval. When that technology has the power to change the way in which we architect networks and application infrastructure, it can be disruptive but beneficial. When that technology simultaneously requires that you abandon advances and best practices in architecture in order to realize those benefits, that’s not acceptable. Virtualization at the server level is disruptive, but in a good way. It forces organizations to reconsider the applications deployed in their data center, turn a critical eye toward the resources available and how they’re partitioned across applications, projects, and...
Oh, load balancers are networks and applications are development, and never the twain shall meet. We have a brittle system underpinning the data center: the network. It’s brittle, yes. But it works. Thanks to years of tweaking and tuning and troubleshooting, it works. We know where everything is, and how everything interacts, and it works. It works well, in fact, now that we’ve got it all figured out. Is it any surprise then that we might be resistant to change that might (probably will) upset that delicate balance? One of the most difficult challenges...
What makes a cloud a cloud? The ancient Greek philosopher Plato might tell you“cloudness”, but what exactly does that mean? Long before human scientists figured out that DNA was the basic building block of everything living, philosophers spent long eons being satisfied with Plato’s (and his equally famous student Aristotle’s) explanation that there is some inherent “ness” in everything that makes it what it is. One of Aristotle’s dialogues deals with the answers to questions like, “What makes a cat a cat? And why does a kitten never have a duck?” as he explains the concept. Retroactively...
In the short term, hybrid cloud is going to be the cloud computing model of choice. Amidst all the disconnect at CloudConnect regarding standards and where “cloud” is going was an undercurrent of adoption of what most have come to refer to as a “hybrid cloud computing” model. This model essentially “extends” the data center into “the cloud” and takes advantage of less expensive compute resources on-demand. What’s interesting is that the use of this cheaper compute is the granularity of on-demand. The time interval for which resources are utilized is measured more in project timelines than...
Thought those math rules you learned in 6thgrade were useless? Think again…some are more applicable to the architecture of your data center than you might think.
Remember back when you were in the 6th grade, learning about the order of operations in math class? You might recall that you learned that the order in which mathematical operators were applied can have a significant impact on the result. That’s why we learned there’s an order of operations – a set of rules – that we need to follow in order to ensure that we always get the correct answer when performing...
The current threat level is … the same as it was yesterday, and the day before, and will be tomorrow. We’ve all been in the airport before and heard the announcement. “The current threat level is orange. Blah blah blah blah yada yada whatever.” At least that’s what I hear today because I’ve become immune to the fact that “orange” means there’s a threat. There’s always a threat, it seems, and the announcement simply conveys what appears to many of us to be the “status quo.” We have effectively been desensitized to a “higher” threat level as...
Ultimately a highly-scalable, high-performance architecture will rely on choosing the right form factor in the right places at the right time.
Scale is not just about servers, and for corporate data centers and cloud computing providers looking to realize the benefits of rapid elasticity and on-demand provisioning scale simply must be one of the foundational premises upon which a dynamic data center is built. And that includes the infrastructure.
This isn’t the first time I’ve touched upon this subject, but it’s a concept that needs to be reiterated – especially with so many pundits and analysts looking for the...
Managing a virtual machine is not the same thing as managing the stuff inside it. I’ve been noticing a disturbing, though not unexpected, trend in the world of virtualization and cloud computing around management of infrastructure, particularly around virtual network appliances (VNAs). Specifically this trend is claiming the ability to manage virtualized infrastructure. You’d think I’d be happy about that. I probably would - if the solutions were actually capable of managing the infrastructure. Digging into these management solutions shows that for the most part the definition of the term “manage”...
More interesting, what if you had the means to actually try to meet them? On the surface, Infrastructure 2.0 seems to have very little value to the end-user. It is, after all, about collaboration at the infrastructure layer. It is under the covers, as it were, of the application blanket with which end-users actually interact. But it may end up that Infrastructure 2.0 will have a direct impact on the control the user has over the way in which applications are delivered. Which is to say they might one day have some. What this means is something...
Or more apropos, it’s in the complex and intimate relationship between applications and their infrastructure. What’s the difference between a highly virtualized corporate data center and a cloud computing environment? There are probably many, but the most important distinction – and the one that earns the latter a “cloud computing” tag – is certainly that the former lacks a comprehensive orchestration system and was likely not architected using a rapid, infrastructure inclusive, scalability strategy. Mitch Garnaat, “The Elastician”, recently managed to sum up what should be every modern data center’s motto in a...
Preparing for the upcoming Cloud Connect conference several speakers and presenters have put forth the proposal that no one should attempt to define cloud yet again. After all, if you’re attending the conference (and you are attending, of course, aren’t you?) then you certainly have a firm understanding of what cloud computing is and what it can do. But most end-users and business stakeholders won’t be attending and don’t have a firm understanding of cloud computing. Even the technology pundits to whom these constituents turn to learn about the technology often fail to really “get” cloud computing, as evinced...
If developers will not write “virtualization aware” applications, who will? The future of application development platforms may be at stake… Right now developers are packaging up applications in virtual machines and deploying them. That’s according to, well, every survey you find related to virtualization and cloud computing. Joe McKendrick, citing the latest Evans Data Cloud Development Survey, noted that “sixty-one percent of 400 developers in Evans Data Corp’s recent Cloud Development Survey report that at least some of their IT resources will move to the public cloud within the next year.” But even given the number...
Agreed that cloud vendors need to differentiate on services. Disagreed that cloud standards will not forward that cause and that virtualization platform makes a difference. The battle for virtualization platform dominance rages on, but it will not be virtualization that makes or breaks a cloud computing offering; it will be the diversity – or lack thereof - of the services it offers. We need to stop focusing on virtualization as the be-all and end-all of cloud computing and start bending our efforts toward what really matters: the ability of providers to efficiently offer a broad set of...
Scaling applications that include AJAX and non-AJAX components may require more than just tuning your web server A common problem after deploying a Web 2.0 AJAX-based application shows itself through poor performance or lower capacity on the server, often both. Web serving tuning is almost always the first step in improving performance and capacity, but the inherently competing behavior of AJAX-requests and “normal” HTTP requests quickly becomes problematic as well. Tune for the AJAX requests and performance of regular old HTTP requests suffers. Tune for regular old HTTP requests, and performance of AJAX-requests suffer. This is...
We seem on the verge of repeating the mistakes associated with failed SOA implementations: ignoring the larger issue of architecture. Everyone – from pundit to public – is asking the same question: “Where are the network virtual appliances?” But fewer people seem to be asking a question that needs to go hand-in-hand with that one: “Where are the architectural guidelines to support deployment of network virtual appliances?” SOA has been deemed by many to be a failure in part because it lacked true architectural guidance. Architects were simply unable – whether by lack of skills or training or...
One of the concerns with cloud bursting specifically for the use of addressing seasonal scaling needs is that cloud computing environments are not necessarily PCI-friendly. But there may be a solution that allows the application to maintain its PCI-compliance and still make use of cloud computing environments for seasonal scaling efficiency. Cloud bursting, a.k.a. overdraft protection, is a great concept but in some situations, such as those involving PCI-compliance, it can be difficult if not impossible to actually implement. The financial advantages to cloud bursting for organizations requiring additional capacity on only a seasonal basis are well understood,...
If it is, you might want to reconsider how you’re handling security, acceleration, and delivery of your applications before users “go postal” because of poor application performance. Sometimes wisdom comes from the most unexpected places. Take Jason Rahm’s status update on Facebook over the holidays. He’s got what is likely a common complaint regarding the delivery model of the US postal service: the inefficiency of where postage due is determined. Everyone has certainly had the experience of sending out a letter (you know, those paper things) and having it returned a week or more later...
Beware the danger of building out isolated network and application network infrastructures in the cloud lest we end up with silos from which it is difficult to escape. While writing a separate post on the business value of public versus private cloud computing investments I specifically called out the fact that infrastructure – virtual or physical – provisioned in a cloud environment is applicable only to that cloud environment; it really can’t be shared within the enterprise architecture or other public cloud computing environments, for that matter. That led to considering the impact...
Certainly no one would seriously argue that web applications are fast enough for everyone. SPDY is one suggested solution, but what if we combine MapReduce and SPDY? Could we develop an architectural solution that leverages the best of SPDY without requiring entire infrastructure changes to support a new protocol? More than a couple of people have mentioned Map/Reduce as a means to achieve workload-level distribution of applications in a cloud computing environment. I hadn’t looked into Map/Reduce but finally decided that if that many very smart people were thinking it was a solution, I should look into it....
Google’s desire to speed up the web via a new protocol is laudable, but the SPDY protocol would require massive changes across networks to support ArsTechnica had an interesting article on one of Google’s latest projects, a new web protocol designed to replace HTTP called SPDY. SPDY uses a single SSL-encrypted session between a browser and a client, and then compresses all the request/response overhead. The requests, responses, and data are all put into frames that are multiplexed over the one connection. This makes it possible to send a higher-priority small file without...
The question is whether that impact is positive (a reduction) or negative (an increase). One of the biggest threats to data integrity is the introduction of malicious content via SQLi (SQL Injection) attacks. Traditional database access methods don’t provide a lot in the way of validating requests and like HTML the vagaries of SQL allow for myriad ways in which a statement can be constructed – and thus exploited. These vagaries, of course, are one factor in the reason why SQLi continues to plague applications and sites driven by user generated content. Another factor is certainly...
Microsoft has made some fairly substantial changes to the core architecture of Exchange 2010. Given that messaging can only be described as business critical today, it’s no surprise that many new aspects of Exchange 2010 and in particular its new architecture are designed to improve availability and management of its messaging systems. Exchange 2010 includes many changes to its core architecture. In Exchange 2010, new features such as incremental deployment, mailbox database copies, and database availability groups work with other features such as shadow redundancy and transport dumpster to provide a new, unified...
Cloud computing management functionality and standards are right now laser-focused on virtual machines, and most APIs include the ability to stop,start,launch,etc…at that level of the infrastructure. This is because the application is still insulated by its virtualized environment. The “depth” of management and standards efforts today stops at the hard shell of the virtualization layer and leaves the soft, chewy application center alone. This means nothing is really all that different for developers. But it could, and some might argue should, be different. The development of a web-application for a cloud computing environment today is really...
IMAGE CREDIT: DANIEL PENNEY Everyone has surely experienced the frustration of an overloaded desktop/laptop. You’ve just got too many apps open at one time and the performance of your machine has been slowly degrading to the point where you can select an application from the toolbar, run down to the local Starbucks, stop and chat with a friend, and return to find the application still not ready for use. The same thing happens on servers. Even though a web/application server is likely only running a few critical applications,...
“Where are you storing your data these days,” he asked casually after trying to come up with a better opening line but failing. “Ah, dahhling,” she drawled while gesturing in no particular direction with an almost deprecating wave of her hand. “The Cloud, where else?” Thanks to the nearly constant misapplication of the phrase “The Cloud” and the lack of agreement on a clear definition from technical quarters I must announce that “The Cloud” is no longer a synonym for “Cloud Computing”. It can’t be. Do not be misled into trying, it will only cause you...
Cloud offers an appealing “pay only for what you use” that makes it hard to resist. Paying on a per-usage hour basis sounds like a good deal, until you realize that your site is pretty much “always on” because of bots, miscreants, and users. In other words, you’re paying for 24x7x365 usage, baby, and that’s going to add up. Ironically, the answer to this problem is … cloud. Don and I occasionally discuss how much longer we should actually run applications on our own hardware. After all, the applications we’re running are generally pretty light-weight, and only see...
The problem of AJAX, interstitial request patterns, and the effect on the performance and availability of your applications. There are several reasons why applications need to be scaled out but they all come down to essentially addressing the same core problem: resource consumption. In the case of networked applications this often means specifically TCP connection resources. Now most people don’t think of TCP connections as a resource, per se, but every web and application server has an upper limit to the number of TCP connections it can hold open at any given time. In some cases this...
A question I often hear is “Why don’t you just move load balancing/application delivery into a virtual appliance model?” My answer is almost always “That’s the wrong question.” The question that should be asked is “What are the potential impacts to the infrastructure and application?” Because the whole point of deploying an application delivery solution – virtual appliance or hardware – is about improving some facet of the infrastructure in order to better deliver your applications. So in order to determine whether using a virtual appliance is a good idea or not you have to ask what the impacts might...
Steve (apparently yes, we are on a first name basis) offers up his thoughts on developing APIs for the Cloud in “A Cloud Tools Manifesto.” While the inclusion of the word “manifesto” in the title raised quite the stir (“Manifestogate” is still fresh on the minds of many cloud-oriented people), what really caught my eye is his inclusion of a “mock endpoint” primarily for testing of API based integration and development. This is something that’s increasingly important not just to cloud but to Web 2.0 and social networking sites that provide APIs via which other sites and client applications can...
Operational efficiency in the cloud comes in part from automation and orchestration as well as from the outsourcing of management and maintenance of the hardware. While you can’t achieve the latter without cloud or hosting externally, you can realize a lot of the same efficiencies in a traditional architecture just by leveraging existing collaborative capabilities of infrastructure 2.0. Glenn Gruber of Software Industry Insights in “Who’ll Be the First to Offer Cash for Infrastructure” (which is a great read in general) says: And for those who are thinking about evaluating a private cloud...
If one of the drivers for moving to cloud-based applications is reducing costs, you should think twice about the placement of application security solutions. There’s almost no way to avoid an argument on this subject so I won’t tiptoe around it: web application security in the cloud is better accomplished at the edge, with a web application firewall or similar solution, than it is inside the cloud in the application. This is true regardless of whether the cloud model is public or private; basically if you’re being charged on a per-usage basis then placement of web application security...
There’s more than one way to address the rapid rate of change in infrastructure supporting a dynamic environment. We spend a lot of time talking about how software and systems and standards are the ultimate solution to addressing the rapid rate of change in the association between applications and IP addresses in a dynamic infrastructure. But sometimes you have look down the stack to find a simpler, more economical and honestly, elegant, answer to the challenge of managing the problem associated with virtualized and cloud computing architectures. We need to take another look at the link layer...
AJAX enables the use of network-side scripting enabled application delivery solutions to offload client-side functionality and improve capacity and performance of dynamic (Web 2.0/AJAX) applications. In the last couple of weeks I’ve embarked on a home project to rewrite – from scratch – a couple of web applications that Don and I and friends use on a regular basis. Consider it a very restricted (in terms of users) social networking application, because that’s basically what it is. I made heavy use of AJAX for one component in the past version but have been really leveraging it a lot more...
A load balancing algorithm can make or break your application’s performance and availability It is a (wrong) belief that “users” of cloud computing and before that “users” of corporate data center infrastructure didn’t need to understand any of that infrastructure. Caution: proceed with infrastructure ignorance at the (very real) risk of your application’s performance and availability. Think I’m kidding? Stefan’s SOA & Enterprise Architecture Blog has a detailed and very explanatory post on Load Balancing Strategies for SOA Infrastructures that may change your mind. This post grew, apparently, out of some (perceived) bad behavior on...
Leveraging Java EE and dynamic infrastructure to enable a shared resource, on-demand scalable infrastructure – without server virtualization Many pundits and experts allude to architectures that are cloud-like in their ability to provide on-demand scalability but do not – I repeat do not – rely on virtualization, i.e. virtual machines. But rarely – if ever – is this possibility described. So everyone says it can be done, but no one wants to tell you how. Maybe that’s because it appears, on the surface, to not be cloud. And perhaps there’s truth to that appearance. It is more...
How to leverage a “private virtual cloud” such as Amazon VPC with your own dynamic infrastructure A couple of blog posts on Amazon’s recent announcement of its VPC (Virtual Private Cloud) have made much of the fact that the resources available within Amazon’s cloud via VPC aren’t public. These same commentaries seem to believe that this makes the resources not very valuable. One author called it a “terrible” implementation because “users can’t expose clients to the internet and can’t assign them IP addresses.” I understand how some might reach that conclusion if they...
Cloud changes how we deliver applications but we’re still delivering applications With all the hype around cloud it’s easy to get caught up in deployment models and architectures and how much money it is/is not going to save us and, of course, with the cool factor that always surrounds such innovation. But when we get our heads too far up in the clouds we forget what we’re really doing: delivering applications. Whether it’s thin-client, fat-client, browser-based, client/server, three-tier, n-tier, traditional, .NET, Java EE, or cloud we are still all focused on the same goal: deliver an application. ...
Cloud providers know the secret to a successful cloud computing implementation is integration between the infrastructure and virtualization Ever notice that cloud providers are v e r y reluctant to reveal on what foundation their cloud computing architectures are laid? Most providers don’t want to share their “secret sauce” because, well, then everyone else could get into the game as well. While it is certainly true that the infrastructure – and specifically the application delivery infrastructure – you choose to lay the foundation for a cloud computing architecture can affect your ability to succeed and innovate...
You’re going to need a dynamic infrastructure lest you effectively negate the gains achieved by higher VM densities In the continuing saga of “do more with less” comes a new phrase that’s being tossed around: VM density. For example, VMware puts forth the notion that the Total Cost of Ownership (TCO) of virtualization technology must consider VM density, saying, “Density matters in a many-to-one relationship.” VMware illustrates this concept in the context of TCO, but in general an increasing number of solutions are beginning to tout not only the benefits of higher VM density, but of their solutions ability...
I was recording a podcast last week on the subject of cloud with an emphasis on security and of course we talked in general about cloud and definitions. During the discussion the subject of “private cloud” computing was raised and one of the participants asked a very good question: Some of the core benefits of cloud computing come from shared resources. In a private cloud, where does the sharing of resources come from? I had to stop and think about that one for a second, because it’s not something I’ve really thought about before. But it was...
When it comes to availability, coding a solution is just delaying the inevitable Jonathan Howell, in Five Things That Will Kill Your Site – an excellent read, by the way, for all web application developers – asserts that there are several ways to avoid web application death that do not require the implementation of “expensive redundant hardware with top of the line load balancers and an enterprise class SAN.” In general he’s got some good advice to which application developers should pay attention, but I had to disagree with his assertion that a solution to provide graceful degradation...
Why Carr’s analogy doesn’t describe today’s cloud environments and how SOA can get us closer to what he describes Back when cloud first starting drifting in to obscure the computing landscape there were a lot of parallels drawn between it and grid, and a lot of analogies used to explain the concept behind it. Cloud computing is most often analogized using Nicolas Carr’s analogy of the cloud as an electrical grid; that’s always bothered me at almost a visceral level. But I could never articulate why well enough and a lot of smart people told me that if I...
The “replace” in “rip and replace” essentially means getting rid of old security problems and replacing them with new ones. Twittergate is (thankfully) behind us but it’s almost assuredly going to be the case that we’ll be rehashing this one for a while. This certainly isn’t the first time Twitter and security issues have clashed, and as in the past Twitter (and really any very public application in a similar situation) is the clear loser. And of course there comes the unsolicited advice offered regarding what Twitter needs to do to address its security issues. I am, of...
Without availability scalability is irrelevant I really enjoyed Jeff Atwood’s recent blog on Scaling Up vs Scaling Out, which includes a fairly detailed comparison of the costs associated with each approach to scalability. I enjoyed it because not only did it take into consideration the cost of hardware, but also remembered to include the cost of software licensing. And of course there’s the fact that Jeff’s site is focused on development and coding, and this discussion broadened the discussion into the realm of application networking – a demesne with which I am of course particularly fond. ...
Can the inherent abstraction of virtualization succeed where SOA did not? My first read through a post on the Cloud Front Office led me to scoff disdainfully at the re-emergence of a concept central to a successful SOA implementation: the service catalog. Oh, we called it "registry" and then "registry/repository (reg/rep)" and finally "governance" but the concept behind it was exactly the same. Take a gander at the description of a cloud service catalog apparently growing out of discussions that began at Structure 09: Last week I attended Structure 09, one of the...
Somebody has to be first Recently Microsoft came up with a solution, supported natively in IE8, to protect against clickjacking attempts. Apparently some folks have decided that because Microsoft has a history of implementing proprietary solutions that this one, too, must be proprietary. These same folks must also have very little understanding of today’s web application architectures, as they declared the solution pretty much useless based on some pretty poor assumptions regarding the implementation of said solution. As noted in the Register, “some critics have contended the protection [X-FRAME-OPTIONS custom HTTP header] will be ineffective because...
I was chatting with my mother a couple weeks ago about cloud (she’s a used-to-be programmer turned project manager for a Fortune 500. Don’t look at me like that, I keep telling you it runs in the family) and one of the problems she lamented about was that folks don’t seem to understand how entrenched COBOL and the mainframe is in the organization. It’s so entrenched that given the choice between a client-server application and a COBOL application that did the same thing they chose the COBOL program because it was less expensive and they had the knowledge on staff...
I am not a number, I am a free man! – "The Prisoner", sampled by Iron Maiden (edited because geeks are picky and well, they're right even though I always think of Maiden and Eddie first before getting to the actual origins)
We, meaning everyone who deals with technology for a living, know that the move to IPv6 is inevitable. We simply must migrate in order to maintain the scalability of the Internet and its infrastructure. Well, we could continue to use technologies like NAT and SNAT in order to conserve IPv4 addresses, but really that’s just not practical...
One of the tasks of an enterprise architect is to design a framework atop which developers can implement and deploy applications consistently and easily. The consistency is important for internal business continuity and reuse; common objects, operations, and processes can be reused across applications to make development and integration with other applications and systems easier. Architects also often decide where functionality resides and design the base application infrastructure framework. Application server, identity management, messaging, and integration are all often a part of such architecture designs. Rarely does the architect concern him/herself with the network infrastructure, as that is...
I’m heading out today for a little time off and so you’ll have to make due the rest of the week without any (new) words of wisdom from me. I know, try to pull yourself together. You’ll live, really, and I’ll be back Monday with something interesting, promise. While I’m out, you might consider checking out some of the blogs I follow myself on a regular basis. They’re always full of interesting tidbits and stories and wisdom on a variety of subjects, and if you don’t follow them yourself you might find something interesting in them. ...
An interesting thing happened on the way to testing that application from the cloud. We broke the innertubes!
Pros and Cons of Application Testing in the Cloud
A firm wanted to test their application and need 100 browser instances. In the old days it would have required 100 machines -- that would be a massive undertaking. Even with hardware virtualization, you would need 5 to 10 machines, and there would be some complex configuration issues. However, by putting it all in the cloud, they were able to sync up 100 virtual instances of the browsers and take them down over...
When SOA was declared dead there was a spate of articles and blogs on why the architecture “died.” Most pundits came to the conclusion that like many innovations it wasn’t the technology to blame but rather people. Architects lacked the skills to properly leverage SOA; business stakeholders failed to look at SOA as a strategic architecture, choosing instead to use it as a tactical integration-solving solution; network and systems’ administrators did not understand the unique characteristics and issues a well-designed SOA raised within the network and on systems; and developers were loathe to “reuse” and “share” services despite alternate...
Attackers say, we can go where we want to; we can leave our code behind… There’s probably a raid going on right now in Naxxramas and the attackers are almost certainly doing the Safety Dance. They probably learned the Safety Dance the same way I learned about it; from someone well-versed in its intricate steps. See, if you don’t know the Safety Dance and you come up against Heigan the Unclean, well… he’s not called Heigan the Unclean for nothing. You will not survive. Not even if you happen to have a Holocaust Cloak at...
There is a tendency to describe every device on a network as simply “the network” regardless of whether that device is dedicated to security, or application delivery (layer 4-7), or actual network (layer 2-3) functionality. It’s an artifact of aging data center architecture models that there exists an artificial line of demarcation between web and application servers and everything else. We used to depict “everything else” as a cloud, but with the emergence of The Cloud doing so simply complicates discussions even further because the “network” necessary to support a dynamic, on-demand operational model of computing like “cloud” is more...
It certainly sounds reasonable: networks are moving toward a perimeter-less model so the line between internal and external network is blurring. The introduction of cloud computing as overdraft protection (cloud-bursting) further blurs that perimeter such that it’s more a suggestion than a rule. That makes the idea of encrypting everything whether it’s on the internal or external network seem to be a reasonable one. Or does it? THE IMPACT ON OPERATIONS A recent post posits that PCI Standard or Not, Encrypting Internal Network Traffic is a Good Thing....
There’s apparently been a bit of confusion over what, exactly, F5 thinks of cloud computing as an organization based on a recent blog post. I thought I’ve been fairly clear on where F5 stands in terms of cloud computing but I may be suffering what’s known as the “curse of knowledge”, which means I am so deeply entrenched in F5’s view of cloud that I forget that other people don’t have the luxury of that knowledge. So I’d like to take this opportunity to clear up any misconceptions that may be floating around and just set the record...
As a telecommuter – and one that lives in that technological mecca of the midwest, Green Bay – I don’t often get the chance to talk face to face with, well, anyone. Being conscripted into booth duty at Interop this week means I get to talk to people with real problems and with ones that can quickly bring anyone with their head in the clouds back down to earth. Imagine if you will an application. A real, honest to goodness client-server application. Not web-based, but client-server; like the kind we wrote in Delphi and Visual Basic back in...
If they aren’t now then Infrastructure 2.0 may force them in that direction - and vice versa. My brother (yes, it does run in the family) has a degree in computer science which, by most definitions, makes him a developer. That’s the focus of most computer science focused degree programs, much to the chagrin of the myriad other IT-focused specialties like networking, security, and operations. Interestingly enough, he worked his way through college as a sysadmin and his first job out of college was as a sysadmin. And now he’s doing a little of...
Why architecture matters not only to security but to the future of cloud computing It seems the phrase “in the cloud”, sadly, has become a marketing-hyped euphemism for “the Internet.” I say sadly because the use of cloud to refer to every and any service delivered over the Internet dirties up the cloud. It obscures the intent of cloud computing and makes it difficult for technologists in the trenches to get a handle on how cloud – both external and internal – can provide benefits and solutions to problems they have right now. The very loose use of the...
Brother, can you give a developer a hand? As the topology of networks delivering applications becomes increasingly complex it becomes more and more difficult to troubleshoot problems, especially for developers tasked with figuring out why their “application broke” in production when it was working just fine thank you very much in “DEV” and “QA.” It is rare, after all, that the production environment – including all the moving parts – is duplicated in development and testing environments. It is already difficult enough for developers to track down problems due to the complex nature of application infrastructure...
Finding new life for SOA in the cloud We’ve been having quite a few discussions with analysts over the past few months on the subject of “cloud”. The interesting thing about these discussions is the vast array of points of view from which those analysts are viewing “cloud”. Some are focused on the network aspects, others on pricing/differentiation, and some are even very focused on what “cloud” means to applications – and the organizations that will, allegedly, take advantage of the cloud as a means of application deployment. One such analyst is Daryl Plummer of Gartner. Daryl...
Better performance, reduced costs and data center footprint are not niche-market interests. The fast-paced world of finance is taking a hard look at the benefits of hardware acceleration for performance and finding additional benefits such as a reduction in rack-space via consolidation of server hardware. Rich Miller over at Data Center Knowledge writes: Hardware acceleration addresses computationally-intensive software processes that task the CPU, incorporating special-purpose hardware such as a graphics processing unit (GPUs) or field programmable gate array (FPGA) to shift parallel software functions to the hardware level. ...
Ah, those were the days, weren’t they? When improving the security, reliability, and performance of applications over the LAN, over the WAN, and over the Internet meant you had to deploy many different solutions, each one standing on their own in the data center. When you had to learn how to configure and manage as many devices as you have fingers just to deliver a single business-critical application to users and customers across a wide variety of environments. When there really wasn’t an option because solutions weren’t unified, weren’t contextually aware, and were basically just a bunch of point solutions...
One of the oft cited reasons in surveys that enterprises aren’t flocking to the cloud like lemmings off a cliff is “lack of control”. Problem is that articles and pundits quoting this reason never really define what that means. After all, cloud providers appear to be cognizant of the need for users (IT) to be able to define thresholds, reserve instances, deploy a variety of “infrastructure”, and manage their cloud deployment themselves. The lack of control, however, is at least partially about control over the infrastructure itself and, perhaps, complicated by the shallow definition of “infrastructure” by cloud...
What’s driving your organizational interest in cloud? Is it apathy or is it architecture? The whole debate surrounding the existence, or non-existence as it were, of “private” clouds seems to revolve around the definition of cloud. Yes, we’re right back at the beginning, Vizzini. The problem is that lots of folks want to focus in on the “apathy” inherent in cloud rather than the “architecture”. Yes, apathy. After all, that’s what we’re saying when we include as a key component of the definition of cloud “you don’t have to care about the infrastructure.” For example, Andrew...
Ah, those were the days, weren’t they? When you needed a way to add security at several layers to your network and application network infrastructure but knew that implementing a solution capable of securing those pesky applications was more than likely going to end up with poor performance and angry users. When you needed to add something to secure applications and the network against the growing wave of attacks but knew that doing so would negatively impact performance. It was a tough choice, and most people ended up going the route of maintaining application performance at the expense...
There is no evidence, no research, no surveys that indicate the cloud is, or ever will be, ready to completely outsource an organization’s data center. There’s no reason to even believe that’s the goal of cloud providers, though it might seem a logical conclusion. So making outrageous claims about the capabilities of the cloud, and the relevance of the data center, does no one any good. What’s got me so riled up? This particular statement from a prediction for 2009 from Appirio: But all this talk about “private clouds” is a distraction from...
Ah, those were the days, weren’t they? When you needed a way to inspect data at the edge for application-specific issues but knew that implementing a solution capable of that kind of agility was more than likely going to end up with poor performance and angry users. When you needed to add something to secure applications and the network against the growing wave of attacks but knew that doing so would negatively impact performance. It was a tough choice, and most people ended up going the route of maintaining application performance at the expense of security and optimization...
During my reading of the Internet I happened across an ad on Network World that stopped me in my tracks. And not because it was one of those “pre-ads” that you can’t avoid, nor because it was cool or flashy or said something particularly witty. No, it stopped me in disbelief because it implied that someone else (a vendor) was in charge of your data center architecture; that you had nothing to do but sit back and wait for them to let you know when it – and you – were ready to take the next step. Look,...
If you’re looking at standardization and interoperability efforts only as they relate to providers or end-users then you’re not thinking long term nor are you really considering the potential of cloud computing and virtualization to revolutionize data center architectures. In a nutshell, if you equate “cloud” with “providers like Amazon and Google” then you don’t really get the big picture. While the ultimate goal of cloud specifications and standards is to enable interoperability and ease of migration for the end-user, approaching the creation of such standards from the point of view of the end-user will result in a...
When folks are asked to define the cloud they invariably, somewhere in the definition, bring up the point that “users shouldn’t care” about the actual implementation. When asked to diagram a cloud environment we end up with two clouds: one representing the “big cloud” and one inside the cloud, representing the infrastructure we aren’t supposed to care about, usually with some pretty graphics representing applications being delivered out of the cloud over the Internet. But yet some of us need to care what’s obscured; the folks tasked with building out a cloud environment need to know what’s...
The issue of application state and connection management is one often discussed in the context of cloud computing and virtualized architectures. That's because the stress placed on existing static infrastructure due to the potentially rapid rate of change associated with dynamic application provisioning is enormous and, as is often pointed out, existing "infrastructure 1.0" systems are generally incapable of reacting in a timely fashion to such changes occurring in real-time. The most basic of concerns continues to revolve around IP address management. This is a favorite topic of Greg Ness at Infrastructure 2.0 and has been subsequently addressed...
Rich Miller, in response to some questions I maintain on meta-data ownership and interoperability with regards to the CCIF's efforts in defining a cloud interoperability specification, had some questions of his own: The part I'm itching to ask her about ... or start a more open conversation: the possibility of "a specification regarding application network delivery metadata" which, if properly (??) abstracted and generic, could "allow the meta-data policies to be transported and applied across different cloud implementations while preserving the specific details of implementation within the cloud computing infrastructure." Whoa!! Tall order, isn't it? ...
The webification of applications over the years has led to the belief that client-server as an architecture is dying. But very few beliefs about architecture have been further from the truth. The belief that client-server was dying - or at least falling out of favor - was primarily due to fact that early browser technology was used only as a presentation mechanism. The browser did not execute application logic, did not participate in application logic, and acted more or less like a television: smart enough to know how to display data but not smart enough to do anything...
We've been talking a lot about the benefits of Infrastructure 2.0, or Dynamic Infrastructure, a lot about why it's necessary, and what's required to make it all work. But we've never really laid out what it is, and that's beginning to lead to some misconceptions. As Daryl Plummer of Gartner pointed out recently, the definition of cloud computing is still, well, cloudy. Multiple experts can't agree on the definition, and the same is quickly becoming true of dynamic infrastructure. That's no surprise; we're at the beginning of what Gartner would call the hype cycle for both concepts, so...
Much of the dialogue today surrounding cloud computing and virtualization is still taking the 50,000 foot view. It's all conceptual; it's all about business value, justification, interoperability, and use cases. These are all good conversations that need to happen in order for cloud computing and virtualization-based architectures to mature, but as is often the case that leaves the folks tasked with building something right now a bit on their own. So let's ignore the high-level view for just a bit and talk reality. Many folks are being tasked, now, with designing or even implementing some form of a cloud...
If you've taken the time to read over the "Top 25 Most Dangerous Programming Errors" published by SANS recently, you may (or may not) have noticed that CWE-319 is an anomaly, and should be easily picked out by developers and security professionals in a game called "which one of these is not like the other". CWE-319 If your software sends sensitive information across a network, such as private data or authentication credentials, that information crosses many different nodes in transit to its final destination. Attackers can sniff this...
You may recall a recent overview on network-side scripting that described a few uses of this technology integrated with application delivery controllers. With thousands of examples of the uses of network-side scripting it's hard to choose just one to adequately represent its potential. Luckily, we don't have to stick to just one. Viva la Internet! Based on the technical session the great network-side scripting guru Colin and I ran at SD Best Practices in October, I've pulled nine ways to use network-side scripting that can enhance the scalability, security, and performance of web applications into a presentation for...
SOA is, at its core, a design and development methodology. It embraces reuse through decomposition of business processes and functions into core services. It enables agility by wrapping services in an accessible interface that is decoupled from its implementation. It provides a standard mechanism for application integration that can be used internally or externally. It is, as they say, what it is. SOA is not necessarily SOAP, though until the recent rise of social networking and Web 2.0 there was little real competition against the rising standard. But of late the adoption of REST...
Thanks to a tweet from @Archimedius, I found an insightful blog post from cloud computing provider startup Kaavo that essentially makes the case for a move to application-centric management rather than the traditional infrastructure-centric systems on which we've always relied. We need to have an application centric approach for deploying, managing, and monitoring applications. A software which can provisions optimal virtual servers, network, storage (storage, CPU, bandwidth, Memory, alt.) resources on-demand and provide automation and ease of use to application owners to easily and securely run and maintain their applications will be critical for the...
Horizontal scalability achieved through the implementation of a load balancing solution is easy. It's vertical scalability that's always been and remains difficult to achieve, and it's even more important in a cloud computing or virtualized environment because now it can hurt you where it counts: the bottom line. Horizontal scalability is the ability of an application to be scaled up to meet demand through replication and the distribution of requests across a pool or farm of servers. It's the traditional load balanced model, and it's an integral component of cloud computing environments. Vertical scalability is the ability of...
The diseconomy of scale so adversely affecting the IP address management space isn't limited to network infrastructure; it's crawling up the stack steadily and infecting all layers of the data center like some kind of unstoppable infrastructure management virus. That is why, even with the simple act of managing an enterprise network’s IP addresses, which is critical to the availability and proper functioning of the network, actually goes up as IP addresses are added. As TCP/IP continues to spread and take productivity to new heights, management costs are already escalating. -- Greg Ness, "What Are the Barriers to...
Amidst the hype of cloud computing and virtualization have been the publication of several research notes regarding SOA. Adoption, they say, is slowing. Oh noes! Break out the generators, stock up on water and canned food! An article from JavaWorld quotes research firm Gartner as saying: The number of organizations planning to adopt SOA for the first time decreased to 25 percent; it had been 53 percent in last year's survey. Also, the number of organizations with no plans to adopt SOA doubled from 7 percent in 2007 to...
Load balancing an application should, by now, be a fairly routine scaling exercise. But too often when an application is moved into a load balanced architecture it breaks. The reason? Application sessions are often specific to an application server instance. The solution? Persistence, also known as sticky connections. The use of sessions on application servers to add state to web (HTTP) applications is a common practice. In fact, it's one of the greatest "hacks" in the history of the web. It's an excellent solution to the problem of using a stateless application protocol to build applications for which...
While I was at SD Best Practices in Boston last month I got to talk to a lot of engineers, developers, and architects about their environments and about what F5 does for application delivery. One of the developers glibly told me he wasn't sure we could help him out because his environment was the international space station. Yeah, how cool is that? Now that's cloud computing. Another architect, who turned out to be a friend of a friend who I've conversed with but never met in person said the same thing, but...
Whenever there is a shift in architectural thinking about technology, such as is happening right now with cloud computing and virtualization, we start thinking forward, past the now, and into the future about how that technology might be leveraged. We start looking at the impact to architecture from the top of the stack to the bottom. For a company that's focused on application delivery, that means taking a good hard look at how that new technology might impact the architecture of applications. It's been suggested that perhaps, just maybe, we'll see service-oriented clouds; that the concepts of SOA...
It is often the case that application server clustering and load-balancing are mistakenly believed to be the same thing. They are not. While server clustering does provide rudimentary load-balancing functionality, it does a better job of providing basic fail-over and availability assurance than it does load-balancing. In fact, load balancing has effectively been overtaken by application delivery, which builds on load balancing but is much, much more than that today. Clustering essentially turns one instance of an application server into a controlling node, a proxy of sorts, through which requests are funneled and then distributed amongst several...
When SOA was the hot topic of the day (not that long ago) everyone was pumped up about the ability finally align IT with the business. Reusability, agility, and risk mitigation were benefits that would enable the business itself to be more agile and react dynamically to the constant maelstrom that is "the market". But only half of IT saw those benefits; the application half. Even though pundits tried to remind folks that the "A" in SOA stood for "architecture", and that it necessarily included more than just applications, still the primary beneficiary of SOA has been applications...
The VirtualDC has asked the same question that's been roaming about in every technophile's head since the beginning of the cloud computing craze: what defines a cloud? We've chatted internally about this very question, which led to Alan's questions in a recent blog post. Lori and others have suggested that the cloud comes down to how a service is delivered rather than what is delivered, and I’m fine with that as a long term definition or categorization. I don’t think it’s narrow enough, though, to answer the question “Is Gmail a cloud service?” because...
How the cloud acts and is used is more important than where it physically resides Cloud computing and SOA suffer from the same lack of prescriptive architectures. They are defined by how they act rather than what they are, or from what they are composed. They are, in a way, existential technology that cannot be confined to a simple architectural diagram but require instead a set of properties or ways of acting in order to be recognized. To over simplify and paraphrase Jean-Paul Sartre's concepts of existentialism, we define ourselves (mankind) through our actions. To apply this to...
We all understand the lines in the sand (or the architectural diagram) that separate client-side scripting from server-side scripting. It's very clear that client-side scripting, e.g. JavaScript, VBScript, ActionScript, executes on the client while server-side scripting, e.g. PHP, ASP, executes on the server. But what about network-side scripting?
"There is no such thing!" might be the first response to this question, but I beg to disagree. Programmable proxies, a la F5's BIG-IP Local Traffic Manager, that provide a scripting language such as iRules, are simultaneously client-side and server-side, with the best definition to describe their placement in architectures being network-side...
I'm off Monday to Boston for SD Best Practices. This is the first time I (and F5) have been at the show, and we're all excited about the opportunity to meet some new folks. Monday is a busy day, with travel and our keynote, "The Best Kept Secret in Building Scalable Applications." Wednesday, fellow blogger Colin and I will be running a technical session on the "9 Things You Can Do to Build Scalable Applications (and 3 You Can't)" that promises to be a lot of fun. In between our speaking engagements, we'll be hanging out...
I'm in a bit of mood after reading a Javaworld article on server load balancing that presents some fairly poor ideas on architectural implementations. It's not the concepts that are necessarily wrong; they will work. It's the architectures offered as a method of load balancing made me do a double-take and say "What?" I started reading this article because it was part 2 of a series on load balancing and this installment focused on application layer load balancing. You know, layer 7 load balancing. Something we at F5 just might know a thing or two about. But you...