|
| DevCentral > Weblogs > - Two Different Socks
|
cloud computing infrastructure
There are 42 entries for the tag cloud computing infrastructure
 |
How to defeat the ancient Jedi mind trick known as HTTP Request Smuggling. HTTP Request Smuggling (HRS) is not a new technique; it's been around since 2005. It takes advantage of architectures where one or more intermediaries (proxies) are deployed between the client and the server. HRS is can be used to poison web-caches and bypass security solutions such as web application firewalls as well as for the delivery of malicious payloads such as worms, viruses, and those used to exploit known vulnerabilities in web and application servers. The good news is that to exploit HRS,...
posted @ Thursday, April 23, 2009 3:39 AM |
|
|
OVF (Open Virtualization Format) apparently just isn’t getting enough mindshare out there in the discussions of cloud computing that focus on portability and interoperability. The goal of OVF is to provide a portable, interoperable non-vendor specific meta-data that describes an application, its virtual container, and the attributes necessary to deploy it in a new environment with minimal human intervention. This will, allegedly, allow it to move seamlessly from cloud to cloud, drifting ever-so-gently and making the entire process appear effortless. Given that lofty goal, it’s no surprise that Jon Oltsik, senior analyst at the Enterprise Strategy Group, wonders...
posted @ Tuesday, April 21, 2009 2:58 AM |
|
|
One of the oft cited reasons in surveys that enterprises aren’t flocking to the cloud like lemmings off a cliff is “lack of control”. Problem is that articles and pundits quoting this reason never really define what that means. After all, cloud providers appear to be cognizant of the need for users (IT) to be able to define thresholds, reserve instances, deploy a variety of “infrastructure”, and manage their cloud deployment themselves. The lack of control, however, is at least partially about control over the infrastructure itself and, perhaps, complicated by the shallow definition of “infrastructure” by cloud...
posted @ Wednesday, March 18, 2009 2:49 AM |
|
|
What’s driving your organizational interest in cloud? Is it apathy or is it architecture? The whole debate surrounding the existence, or non-existence as it were, of “private” clouds seems to revolve around the definition of cloud. Yes, we’re right back at the beginning, Vizzini. The problem is that lots of folks want to focus in on the “apathy” inherent in cloud rather than the “architecture”. Yes, apathy. After all, that’s what we’re saying when we include as a key component of the definition of cloud “you don’t have to care about the infrastructure.” For example, Andrew...
posted @ Monday, March 16, 2009 3:45 AM |
|
|
According to the definition of cloud computing used by Avanade for a recently released and often cited study on the use of cloud computing, I could claim to be a cloud computing provider. And so could you. Basically, so could just about everyone who happens to run web-based applications accessed over the Internet. From the summary of the report: In the midst of widespread economic turmoil, this global survey of C-level executives and IT decision-makers shows a clear, collective mandate: use technology to cut the cost of doing business. ...
posted @ Tuesday, March 03, 2009 2:59 AM |
|
|
When folks are asked to define the cloud they invariably, somewhere in the definition, bring up the point that “users shouldn’t care” about the actual implementation. When asked to diagram a cloud environment we end up with two clouds: one representing the “big cloud” and one inside the cloud, representing the infrastructure we aren’t supposed to care about, usually with some pretty graphics representing applications being delivered out of the cloud over the Internet. But yet some of us need to care what’s obscured; the folks tasked with building out a cloud environment need to know what’s...
posted @ Wednesday, February 18, 2009 4:14 AM |
|
|
The issue of application state and connection management is one often discussed in the context of cloud computing and virtualized architectures. That's because the stress placed on existing static infrastructure due to the potentially rapid rate of change associated with dynamic application provisioning is enormous and, as is often pointed out, existing "infrastructure 1.0" systems are generally incapable of reacting in a timely fashion to such changes occurring in real-time. The most basic of concerns continues to revolve around IP address management. This is a favorite topic of Greg Ness at Infrastructure 2.0 and has been subsequently addressed...
posted @ Tuesday, February 10, 2009 7:59 AM |
|
|
Rich Miller, in response to some questions I maintain on meta-data ownership and interoperability with regards to the CCIF's efforts in defining a cloud interoperability specification, had some questions of his own: The part I'm itching to ask her about ... or start a more open conversation: the possibility of "a specification regarding application network delivery metadata" which, if properly (??) abstracted and generic, could "allow the meta-data policies to be transported and applied across different cloud implementations while preserving the specific details of implementation within the cloud computing infrastructure." Whoa!! Tall order, isn't it? ...
posted @ Monday, February 09, 2009 4:19 AM |
|
|
While the vast majority of folks are still debating what is or is not "cloud computing", there are already groups trying to get ahead of the curve by focusing on broader issues such as interoperability and portability. Indeed, by addressing the potential pitfalls associated with portability across cloud implements now rather than later, it is hoped that there won't be as many problems when it does finally become an issue. There is a very real danger, however, that cloud interoperability and portability specifications will fail to address the very real need to include all the relevant application and...
posted @ Friday, February 06, 2009 4:39 AM |
|
|
We've been talking a lot about the benefits of Infrastructure 2.0, or Dynamic Infrastructure, a lot about why it's necessary, and what's required to make it all work. But we've never really laid out what it is, and that's beginning to lead to some misconceptions. As Daryl Plummer of Gartner pointed out recently, the definition of cloud computing is still, well, cloudy. Multiple experts can't agree on the definition, and the same is quickly becoming true of dynamic infrastructure. That's no surprise; we're at the beginning of what Gartner would call the hype cycle for both concepts, so...
posted @ Wednesday, January 28, 2009 7:19 AM |
|
|
Much of the dialogue today surrounding cloud computing and virtualization is still taking the 50,000 foot view. It's all conceptual; it's all about business value, justification, interoperability, and use cases. These are all good conversations that need to happen in order for cloud computing and virtualization-based architectures to mature, but as is often the case that leaves the folks tasked with building something right now a bit on their own. So let's ignore the high-level view for just a bit and talk reality. Many folks are being tasked, now, with designing or even implementing some form of a cloud...
posted @ Friday, January 23, 2009 4:51 AM |
|
|
Infrastructure 2.0 is, at its core, about evolving to a new level of interconnectedness, one in which the underlying infrastructure becomes as flexible and adaptable as the applications and virtualization infrastructure it is responsible for managing and delivering. In order to be connected, however, you need a way in which disparate infrastructure components can communicate, either directly or via a third party (coordination | management | orchestration) server. That communication is almost certainly going to take (and in many cases has already taken) the form of service-enabled control planes. These "services" are necessary in order to provide the...
posted @ Tuesday, January 20, 2009 5:42 AM |
|
|
Just because you can, doesn't mean you should. I'm going to start this one by quoting Hoff who was quoting Andreas Antonopoulos of Nemertes Research Group who was paraphrasing a concept put forth by Doug Gourlay. From Rational Survivability "How about using netflow information to re-balance servers in a data center" Routing: Controlling the flow of network traffic to an optimal path between two nodes Virtual-Routing or Anti-Routing: VMotioning nodes (servers) to optimize the flow of traffic on the network. Using netflow information, identify those...
posted @ Wednesday, December 17, 2008 4:03 AM |
|
|
Thanks to a tweet from @Archimedius, I found an insightful blog post from cloud computing provider startup Kaavo that essentially makes the case for a move to application-centric management rather than the traditional infrastructure-centric systems on which we've always relied. We need to have an application centric approach for deploying, managing, and monitoring applications. A software which can provisions optimal virtual servers, network, storage (storage, CPU, bandwidth, Memory, alt.) resources on-demand and provide automation and ease of use to application owners to easily and securely run and maintain their applications will be critical for the...
posted @ Monday, December 01, 2008 2:59 AM |
|
|
The saying goes that to forget (or in some cases blatantly ignore) the mistakes of the past is to be doomed to repeat them. ODBC. BPEL. JDBC. All three are extensible standards in the software industry that cause no end of headaches and increased management overhead for folks attempting to deal with them. None of them are interoperable; you can't use the ODBC driver for Oracle to hook up to a SQL Server database, nor you can use the same BPEL produced by one BPM solution as within another. Because they're "extensible" and that extensibility leads,...
posted @ Monday, November 17, 2008 4:45 AM |
|
|
Whenever there is a shift in architectural thinking about technology, such as is happening right now with cloud computing and virtualization, we start thinking forward, past the now, and into the future about how that technology might be leveraged. We start looking at the impact to architecture from the top of the stack to the bottom. For a company that's focused on application delivery, that means taking a good hard look at how that new technology might impact the architecture of applications. It's been suggested that perhaps, just maybe, we'll see service-oriented clouds; that the concepts of SOA...
posted @ Wednesday, November 12, 2008 8:52 AM |
|
|
It is often the case that application server clustering and load-balancing are mistakenly believed to be the same thing. They are not. While server clustering does provide rudimentary load-balancing functionality, it does a better job of providing basic fail-over and availability assurance than it does load-balancing. In fact, load balancing has effectively been overtaken by application delivery, which builds on load balancing but is much, much more than that today. Clustering essentially turns one instance of an application server into a controlling node, a proxy of sorts, through which requests are funneled and then distributed amongst several...
posted @ Tuesday, November 11, 2008 7:05 AM |
|
|
The VirtualDC has asked the same question that's been roaming about in every technophile's head since the beginning of the cloud computing craze: what defines a cloud? We've chatted internally about this very question, which led to Alan's questions in a recent blog post. Lori and others have suggested that the cloud comes down to how a service is delivered rather than what is delivered, and I’m fine with that as a long term definition or categorization. I don’t think it’s narrow enough, though, to answer the question “Is Gmail a cloud service?” because...
posted @ Wednesday, November 05, 2008 6:53 AM |
|
|
How the cloud acts and is used is more important than where it physically resides Cloud computing and SOA suffer from the same lack of prescriptive architectures. They are defined by how they act rather than what they are, or from what they are composed. They are, in a way, existential technology that cannot be confined to a simple architectural diagram but require instead a set of properties or ways of acting in order to be recognized. To over simplify and paraphrase Jean-Paul Sartre's concepts of existentialism, we define ourselves (mankind) through our actions. To apply this to...
posted @ Monday, November 03, 2008 3:29 AM |
|
|
Greg Ness calls it "connectivity intelligence" but it seems that we're really talking about is the ability of network infrastructure to both be agile itself and enable IT agility at the same time. Brittle, inflexible infrastructures - whether they are implemented in hardware or software or both - are not agile enough to deal with an evolving, dynamic application architecture. Greg says in a previous post The static infrastructure was not architected to keep up with these new levels of change and complexity without a new layer...
posted @ Wednesday, October 29, 2008 4:08 AM |
|
|
You have just been promoted to CTO of Widgets, Inc. (Congratulations, by the way!) In your new role, on which of the following will you focus the most attention (and budget): (a) the network (b) the applications (c) the data Trick...
posted @ Thursday, October 23, 2008 4:40 AM |
|
|
Managing a heterogeneous infrastructure is difficult enough, but managing a dynamic, ever changing heterogeneous infrastructure that must be stable enough to deliver dynamic applications makes the former look like a walk in the park. Part of the problem is certainly the inability to manage heterogeneous network infrastructure devices from a single management system. SNMP (Simple Network Management Protocol), the only truly interoperable network management standard used by infrastructure vendors for over a decade, is not robust enough to deal with the management nightmare rapidly emerging for cloud computing vendors. It's called "Simple" for a reason, after all. And...
posted @ Wednesday, October 22, 2008 3:58 AM |
|
|
Paul Maritz' keynote at VMWorld this year featured a demonstration of cloud computing using B-Hive, F5 Global Traffic Manager (GTM), and BlueLock. If you missed it, here's your chance to kick back and explore how these technologies fit together to provide a dynamic, virtualized environment. Related Links ...
posted @ Friday, October 17, 2008 4:14 AM |
|
|
Not every infrastructure vendor needs new capabilities to support cloud computing and infrastructure 2.0. Greg Ness of Infoblox has an excellent article on "The Next Tech Boom: Infrastructure 2.0" that is showing up everywhere. That's because it raises some interesting questions and points out some real problems that will be need to be addressed as we move further into cloud computing and virtualized environments. What is really interesting, however, is the fact that some infrastructure vendors are already there and have been for quite some time. One thing Greg mentions that's not quite accurate (at least...
posted @ Friday, October 17, 2008 3:58 AM |
|
|
Darren Jefford has an excellent (and detailed with code examples) post Related Posts regarding what could easily be categorized as cloudbursting with BizTalk workflows. In a nutshell, Microsoft allows hosting of BizTalk activities in the cloud at BizTalk labs. Developers then integrate those...
posted @ Monday, October 06, 2008 3:29 AM |
|
|
If you're excited about the automation capabilities of cloud computing and virtualization, you are going to love this solution. In a virtualized environment where applications can ostensibly be popping up all over, and applications are no longer tied to specific servers, there is a need to automatically manage these application instances in a high-availability (load balanced) environment. What you need is the ability to automagically add and remove application instances from the application delivery controller (load balancer) so you don't have to worry about tying those applications down, which could reduce the benefits typically associated with virtualization. If...
posted @ Tuesday, September 30, 2008 4:49 AM |
|
|
It seems that every time a new technology breaks through the surface a hundred "experts", vendors, and standards-bodies appear like moths to a flame attempting to define the term such that only "they" have the answer, the solution, the standard, or the product. When my son mentioned a research paper he wrote on cloud computing (which you still haven't sent me, by the way) he did so while disagreeing with a previous post of mine on the subject. He was quite vehement that grid computing did not equal cloud computing, and seemed almost shocked that I would dare...
posted @ Monday, September 29, 2008 11:07 AM |
|
|
Desktop virtualization. Virtual desktops. Application streaming. Whatever you want to call it makes no nevermind to me because the problem driving the entire concept is gone. Eradicated. Made irrelevant by the cloud. Made irrelevant by cloudware, SaaS (Software as a Service), and the ubiquitous browser. I cannot count the number of times I've heard complaints about some form of desktop virtualization/application streaming in the past. It's slow. The server died in the middle of my exam. It's slow. There are no more licenses left. It's slow today (why do you add "today", it's slow every day!). Sensing a...
posted @ Wednesday, September 24, 2008 5:01 AM |
|
|
Reuven Cohen of the Elastic Vapor blog, in this article, puts forth the notion that infrastructure is required to enable cloudbursting and then asks an excellent question: To truly enable a capable cloudbursting infrastructure, I feel there needs to be a common consensus on how this may be archived and by what means. So the question in...
posted @ Thursday, September 18, 2008 8:41 AM |
|
|
No matter where you deploy it, it's still your application Related Reading Everyone's talking about cloud computing and cloudware (applications in the cloud) services and pointing to the hiccups of several major cloud providers already this year. Reliability, availability, and security are still major concerns, and yet some reports indicate these three "itys" aren't impeding adoption of cloud computing models at all. ...
posted @ Wednesday, September 17, 2008 3:20 AM |
|
|
There has been much fervor around the outages of cloud computing providers of late, which seems to be leading to an increased and perhaps unwarranted emphasis on SLAs the likes of which we haven't seen since...well, the last time the IT saw outsourced anything reach the hype-level of cloud computing. Consider this snippet of goodness for a moment, and pay careful attention to the last paragraph. From Five Key Challenges of Enterprise Cloud Computing I won’t beat the dead “Gmail down, EC2 down, etc down” horse here. But the truth of the...
posted @ Wednesday, September 10, 2008 7:03 AM |
|
|
David Linthicum of Real World SOA asks whether SOA governance should be delivered as a service, from the cloud. Core to this proposition is the use of a registry/repository in the cloud: This repository would provide more than just WSDL, but a complete design time and runtime SOA governance system delivered out of the cloud, perhaps linked with a local slave repository within your firewall. One of the problems with this, I see, is that in a SOA where governance is actively used and policies enforced, governance becomes crucial to...
posted @ Tuesday, September 09, 2008 4:17 AM |
|
|
The cloud computing craze is leading to some interesting new terms. Cloudware and cloudbursting are two terms I particularly like for their ability to describe specific computing models based on cloud computing. Today we're going to look at cloudbursting, which is basically a new twist on an old concept. Cloudbursting appears to be to marry the traditional safe enterprise computing model with cloud computing; in essence, bursting into the cloud when necessary or using the cloud when additional compute resources are required temporarily. Jeff at Amazon Web Services Blog talks about the inception of this term as applied...
posted @ Wednesday, September 03, 2008 5:10 AM |
|
|
Elasticity (adj) the ability of a cloud computing environment to expand or contract automatically on-demand according to real-time computing needs One of the promises of an on-demand cloud computing environment (that's redundant, I think) is the ability to burst resources. Much in the same way that ISPs have long offered contracts that include the ability of the organization to exceed its allotted bandwidth for a fee, it is expected that cloud computing providers offer a mechanism for "bursting resources" that allows an organization to exceed its agreed upon resources for a fee, based on any number of factors such...
posted @ Thursday, August 28, 2008 7:04 AM |
|
|
Abhik, in a reply to "Why can't clouds be inside (the data center)?" says that "the whole point (and primary benefit) of cloud computing is that someone else manages the computing resources. That set of resources is drawn as a cloud in a network diagram because you, the developer or the company using cloud resources, neither knows or cares to know the specifics of the computing infrastructure. An in-house cloud would require procurement, management, maintenance and continuous cost even during idle time -- it is just a grid."
Is it? Is that the primary reason enterprises might be considering cloud computing?...
posted @ Wednesday, August 20, 2008 3:46 AM |
|
|
Ken Oestreich of the Fountainhead blog has an interesting take on cloud computing. Ken cites many examples of cloud computing experts who essentially claim that cloud computing cannot be done "inside" the data center. Then he postulates that yes, yes in fact it can. In general, I agree with Ken's assessment. A CRM (Customer Relationship Management) system is still a CRM whether it's hosted inside the data center or remotely by a SaaS (Software as a Service) provider. Similarly, a cloud is still a cloud regardless of whether it's implemented in someone else's data center, such as Amazon,...
posted @ Tuesday, August 19, 2008 9:40 AM |
|
|
SC Magazine reports that (1) cloud computing environments may not be very secure and (2) a VPN can improve the security of cloud computing environments. Countering cloud computing threats via SC Magazine Technology such as two-factor authentication systems, when married to encrypted VPN connections, can secure an internet connection into a cloud computing-based service. That's the verdict from the Information Systems Audit and Control Association (ISACA), which concludes that using such techniques would tend to make interception of files and transmissions almost impossible. Sarb Sembhi, president of the...
posted @ Thursday, August 14, 2008 8:43 AM |
|
|
Who is responsible for security in the cloud? Let's say you just developed a web app through which customers can order widgets. You're pretty sure your widgets are going to be the hit of the year and you want to make sure that you don't suffer outages and performance issues like many retailers have in the past, especially around Black Friday. So you've decided to take advantage of the fact that a cloud computing provider can and will shoulder the responsibility for scaling your application even in the face of hundreds of thousands of customers knocking on your...
posted @ Tuesday, August 05, 2008 4:56 AM |
|
|
Cloud computing promises customers the ability to deliver scalable applications on-demand without the overhead of a massive data center. The visibility - and flexibility as well as control - you have into and over the cloud computing environment depends on whether the provider you select offers an opaque or a transparent cloud computing environment.
OPAQUE CLOUD COMPUTING MODEL
In an opaque cloud computing model all details are hidden from the organization. The hardware and software infrastructure details are not necessarily known or controlled by the organization but are completely managed by the cloud computing provider. This allows for a completely...
posted @ Monday, August 04, 2008 5:04 AM |
|
|
Alistair Croll has a great post on GIGAOM discussing how networking vendors will need to change in order to support a cloud computing infrastructure. He outlines two options for networking vendors that will keep them relevant in a cloud computing environment. In option number one he postulates that virtual appliances are the way to go, that the "pendulum swings back to software". Option number two revolves around sales strategy, and he suggests that networking vendors will need to sell to the providers of the cloud. That makes sense to me. If you want to be a...
posted @ Wednesday, July 30, 2008 5:11 AM |
|
|
With more and more focus on cloud computing one theme seems to be running consistently: the "cloud" is public, and anyone who claims to be building a "private" cloud, a.k.a. mini-cloud or enterprise cloud, is just doing it wrong. John Foley @ InformationWeek has it mostly right when he says that what's important is the technology. The Rise of Enterprise-Class Cloud Computing That's an oxymoron since cloud computing, by definition, happens outside of the corporate data center, but it's the technology that's important here, not the semantics. [emphasis added] ...
posted @ Thursday, July 17, 2008 5:49 AM |
|
|
The increasing webification of applications both for external and internal consumption combined with the concept of outsourced data centers and applications, i.e. cloud computing and Software as a Service (SaaS), may resolve in a perfect storm for proponents of telecommuting.
Consider the scenario: A small to medium organization needs more horsepower but it really doesn't have the budget yet to build out its own enterprise-class data center. Cloud computing offers an off-site, managed data-center that can be used to deploy applications for use by both external and internal constituents. Take advantage of SaaS offerings such as those from Salesforce.com and you've...
posted @ Monday, July 14, 2008 5:15 AM |
|
|
|
|
|
|
