|
| DevCentral > Weblogs > - Two Different Socks
|
internet
There are 295 entries for the tag internet
 |
There’s a difference between automation and orchestration, and knowing which one you’re really doing is half the battle in achieving a truly dynamic data center. Randy Heffner on CIO.Com wrote an excellent article on SOA and its value, “SOA: Think Business Transformation, Not Code Reuse.” The problem I had with the article was not in any way related to its advice, conclusions, or suggestions. The problem I had was that I kept thinking about how perfectly much of his article could be applied to data center orchestration, operational transformation, and automation. Simply replace “SOA” with “orchestration”, “software reuse”...
posted @ Monday, February 22, 2010 3:43 AM |
|
|
We worry about VM sprawl but what about device sprawl? Management of a multitude of network-deployed solutions can be as operationally inefficient as managing hundreds of virtual machines, and far more detrimental to the health and performance of your applications. Turning them all into virtual network appliances that might need scaling themselves? That’s even badder. But all you hardware fanbois best not smirk too much because the proliferation of hardware network devices is only slightly less badder than the potential problems arising from virtual network appliance sprawl. WAIT, WHY IS DEVICE SPRAWL BAD AGAIN?...
posted @ Friday, February 05, 2010 4:02 AM |
|
|
Whenever keys, certificates, and PKI enter into a security solution’s architecture the solution almost always becomes overly complex. DNSSEC is no exception, but it doesn’t have to be. DNS plays a role in every application on the Internet. It is the 411 of the Internet, essentially, without which the millions of users that don’t memorize the IP addresses associated with domain names would be utterly lost. But DNS is vulnerable to exploitation and has, in fact, been exploited in the past. Like any core infrastructure upon which we depend to conduct business, communicate, and generally entertain ourselves, it...
posted @ Wednesday, November 18, 2009 3:44 AM |
|
|
Google’s desire to speed up the web via a new protocol is laudable, but the SPDY protocol would require massive changes across networks to support ArsTechnica had an interesting article on one of Google’s latest projects, a new web protocol designed to replace HTTP called SPDY. SPDY uses a single SSL-encrypted session between a browser and a client, and then compresses all the request/response overhead. The requests, responses, and data are all put into frames that are multiplexed over the one connection. This makes it possible to send a higher-priority small file without...
posted @ Tuesday, November 17, 2009 4:20 AM |
|
|
There is a common myth that the reason legacy code continues to run in businesses around the world is that no one understands it; that IT and businesses are afraid to replace it because they don’t know what it does. Once again, living in the mainframe capital of the world (the insurance industry heavy midwest), I get to talk to IT folks who deal with legacy software and hardware all the time. Do not doubt that they know exactly what that legacy software does and how it works, and perhaps frightening to proponents of change and the...
posted @ Monday, October 26, 2009 4:09 AM |
|
|
Paul Miller, who pens Cloud of Data, had an interesting perspective during a chat this week on what effect infrastructure upgrade cycles might have on cloud computing adoption. Paul postulated that as these servers fail and organizations have to make the decision to replace or not replace them that cloud computing becomes a more viable option. That seems a reasonable assumption, especially if the primary reason organizations are evaluating cloud computing is driven by a desire to reduce costs. But in a recent post Paul posits this might not be the case, citing a recent ongoing study from Avanade in...
posted @ Friday, October 23, 2009 5:39 AM |
|
|
IMAGE CREDIT: DANIEL PENNEY Everyone has surely experienced the frustration of an overloaded desktop/laptop. You’ve just got too many apps open at one time and the performance of your machine has been slowly degrading to the point where you can select an application from the toolbar, run down to the local Starbucks, stop and chat with a friend, and return to find the application still not ready for use. The same thing happens on servers. Even though a web/application server is likely only running a few critical applications,...
posted @ Thursday, October 22, 2009 4:13 AM |
|
|
All the applause over Google’s Data Liberation Front announcement and blogs is making my head hurt. Or maybe that’s the lack of sleep. Either way, it’s disconcerting to me that so many bright people are choosing to make much of what is just a baby step – if that - toward a much larger, much more difficult goal. After all, data without an application to interpret and make use of it is about as useful as a Netbook without a network connection. There seems to suddenly be a lot of focus on “data” and the ability for...
posted @ Tuesday, October 20, 2009 3:14 AM |
|
|
Mobile devices may still be somewhat awkward in terms of supporting rich, web-based applications but they are leaps and bounds ahead of most infrastructure in their ability to figure out where you are. GeoLocation technologies used to be used by load balancing solutions to address poor application performance across high-latency connections such as intercontinental and satellite links. While this is still an important variable in assuring application performance, especially for very large sites, GeoLocation is increasingly used to comply with legal restrictions on broadcasting, export of data and applications, and to provide more relevant information to users than...
posted @ Monday, October 19, 2009 4:15 AM |
|
|
Amazon’s ELB is an exciting mix of well-executed infrastructure 2.0 and the proper application of SOA, but it takes a lot of work to make anything infrastructure look that easy. The notion of Elastic Load Balancing, as recently brought to public attention by Amazon’s offering of the capability, is nothing new. The basic concept is pure Infrastructure 2.0 and the functionality offered via the API has long been available on several application delivery controllers for many years. In fact, looking through the options for Amazon’s offering leaves me feeling a bit, oh, 1999. As if load balancing hasn’t...
posted @ Thursday, October 15, 2009 3:50 AM |
|
|
One of the benefits of Infrastructure 2.0 is connectedness: the ability to collect and share pertinent data regarding the health and performance of applications and infrastructure services. Based on that data a dynamic infrastructure can adapt on-demand and make decisions that respect real capacity limits, not artificial ones. Randy Hayes writes “The CapCal Blog”, and describes CapCal as being about “measuring the performance and scalability of web apps using real, production level workloads.” In A Very Delicate Load Balancing Act he discusses the impact of load balancing configurations on the capacity and performance of applications. ...
posted @ Wednesday, October 14, 2009 4:20 AM |
|
|
Cloud offers an appealing “pay only for what you use” that makes it hard to resist. Paying on a per-usage hour basis sounds like a good deal, until you realize that your site is pretty much “always on” because of bots, miscreants, and users. In other words, you’re paying for 24x7x365 usage, baby, and that’s going to add up. Ironically, the answer to this problem is … cloud. Don and I occasionally discuss how much longer we should actually run applications on our own hardware. After all, the applications we’re running are generally pretty light-weight, and only see...
posted @ Tuesday, October 13, 2009 4:30 AM |
|
|
Spectacular “cloud” failures over the past few weeks have raised the hue and cry for portability and interoperability across clouds for data.The problem is that the cry is based on the false assumption that a “cloud service” is the same as an “application service.” Apparently Microsoft felt Google and Amazon were getting too much attention with their recent outages and decided to join the game. The absolute loss of data for thousands lots and lots of T-Mobile Sidekick users is regrettable and yes someone needs to address such issues but that someone is not a standards group or...
posted @ Monday, October 12, 2009 9:06 AM |
|
|
When an admin brags they can do some task with their eyes closed there may be hidden process inefficiencies that orchestration can uncover. But the orchestration in a public cloud is effectively done for you, with little opportunity to design based on your organization’s operational processes. Orchestration in a private cloud, however, is all up to you. I was doing the laundry a few weeks ago, folding the clothes before I took them upstairs and hung them up when I realized just what I was doing. What I had been doing for, well, a very long time...
posted @ Friday, October 09, 2009 3:11 AM |
|
|
The term “Infrastructure 2.0” seems to be as well understood as the term “cloud computing.” It means different things to different people, apparently, and depends heavily on the context and roles of those involved in the conversation. This shouldn’t be surprising; the term “Web 2.0” is also variable and often depends on the context of the conversation. The use of the versioning moniker is meant, in both cases however, to represent a fundamental shift in the way the technologies are leveraged by people. In the case of Web 2.0 it’s about the shift toward interactive, integrated web applications used to...
posted @ Thursday, October 08, 2009 4:36 AM |
|
|
Are you monitoring the network, servers, stack, or the application? The answer may mean the difference between your application being available or not. One of the biggest problems with moving away from simple load balancing to application delivery is that network teams don’t often get the memo and the application teams don’t have a good understanding of what load balancers can do so they can’t even offer suggestions regarding how to architect a better solution to availability. That means neither team really understands the role of health monitoring in maintaining availability for applications. What should happen...
posted @ Wednesday, September 30, 2009 3:25 AM |
|
|
Operational efficiency in the cloud comes in part from automation and orchestration as well as from the outsourcing of management and maintenance of the hardware. While you can’t achieve the latter without cloud or hosting externally, you can realize a lot of the same efficiencies in a traditional architecture just by leveraging existing collaborative capabilities of infrastructure 2.0. Glenn Gruber of Software Industry Insights in “Who’ll Be the First to Offer Cash for Infrastructure” (which is a great read in general) says: And for those who are thinking about evaluating a private cloud...
posted @ Tuesday, September 29, 2009 4:12 AM |
|
|
If one of the drivers for moving to cloud-based applications is reducing costs, you should think twice about the placement of application security solutions. There’s almost no way to avoid an argument on this subject so I won’t tiptoe around it: web application security in the cloud is better accomplished at the edge, with a web application firewall or similar solution, than it is inside the cloud in the application. This is true regardless of whether the cloud model is public or private; basically if you’re being charged on a per-usage basis then placement of web application security...
posted @ Monday, September 28, 2009 3:50 AM |
|
|
Back in the day when I was actually allowed to write code for customers the pat answer to any code being returned from QA because of problems was a flat “but it works on my machine.” Alright, alright, I’ll be honest; it wasn’t flat at all, it usually a plaintive whine. This isn’t an uncommon scenario as differences in environments and interactions with other applications may be enough to cause problems on one machine and not another. Troubleshooting such subtle issues were painful, to say the least, and not something anyone wanted to do. Now comes the time...
posted @ Thursday, September 24, 2009 3:37 AM |
|
|
Business critical internal processing systems often require high-availability and fault tolerance, too. Load balancing and application delivery is almost always associated with scaling out interactive, web-based applications. Rarely does anyone think about load balancing and application delivery in batch processing systems even when those systems might be critical to the business they are supporting. But scaling out non-interactive processing systems and providing high-availability to such critical systems is just as easily accomplished for an application delivery controller (ADC) as it is to scale out an interactive web-based application. Maybe easier. When that system also requires a...
posted @ Tuesday, September 22, 2009 4:06 AM |
|
|
Isolation of resources in “the cloud” is moving providers toward hosted data centers and away from shared resource computing. Do we need to go back to the future and re-examine mainframe computing as a better model for isolated applications capable of sharing resources? James Urquhart in “Enterprise cloud computing coming of age” gives a nice summary of several “private” cloud offerings; that is, isolated and dedicated resources contracted out to enterprises for a fee. James ends his somewhat prosaic discussion of these offerings with a note that this “evolution” is just the beginning of a long process. ...
posted @ Monday, September 21, 2009 3:21 AM |
|
|
AJAX enables the use of network-side scripting enabled application delivery solutions to offload client-side functionality and improve capacity and performance of dynamic (Web 2.0/AJAX) applications. In the last couple of weeks I’ve embarked on a home project to rewrite – from scratch – a couple of web applications that Don and I and friends use on a regular basis. Consider it a very restricted (in terms of users) social networking application, because that’s basically what it is. I made heavy use of AJAX for one component in the past version but have been really leveraging it a lot more...
posted @ Wednesday, September 16, 2009 5:02 AM |
|
|
Are you load balancing servers or applications? Network traffic or application requests? If your strategy to application availability is network-based you might need a change in direction (up the stack). Can you see the application now? Network load balancing is the distribution of traffic...
posted @ Tuesday, September 15, 2009 4:16 AM |
|
|
Sharing is core to a successful cloud implementation but not something every organization does well. How do you encourage business stakeholders to play well with others? In most definitions of “cloud computing” there lies a central, key component: shared resources. It is the sharing of resources, in fact, through which many of the benefits of reduced operating expenses are supposed to be achieved. It is the sharing of resources – or perceived inability to share resources – that confounds some folks when discussing private cloud, although there are several ways in which sharing of resources can...
posted @ Friday, September 11, 2009 4:01 AM |
|
|
Infrastructure 2.0 is not just about automation, but rather is about the orchestration of processes, which are actually two different things: the former is little more than advanced scripting, the latter requires participation and decision making on the part of the infrastructure involved. Automation is the process of codifying – usually through a scripting language but not always – a specific task. This task usually has one goal, though it may have several steps that have to be performed to accomplish it. An example would be “bring this server down for maintenance.” This may require quiescing connections...
posted @ Thursday, September 10, 2009 9:45 AM |
|
|
A load balancing algorithm can make or break your application’s performance and availability It is a (wrong) belief that “users” of cloud computing and before that “users” of corporate data center infrastructure didn’t need to understand any of that infrastructure. Caution: proceed with infrastructure ignorance at the (very real) risk of your application’s performance and availability. Think I’m kidding? Stefan’s SOA & Enterprise Architecture Blog has a detailed and very explanatory post on Load Balancing Strategies for SOA Infrastructures that may change your mind. This post grew, apparently, out of some (perceived) bad behavior on...
posted @ Tuesday, September 08, 2009 4:11 AM |
|
|
There is no reason in a modern web application for users to see a white error page Sightings of the Twitter “fail whale” are, these days, fewer and far between. That’s a good thing. What’s interesting is that when it does show up, users are almost amused – as if they’re glad to see an old friend. I mean, come on; Twitter’s users named the whale, for crying out loud. How many of your users have a fan club for your error pages? Exactly. That’s the kind of reaction you want from HTTP errors but what you...
posted @ Thursday, September 03, 2009 2:52 AM |
|
|
Leveraging Java EE and dynamic infrastructure to enable a shared resource, on-demand scalable infrastructure – without server virtualization Many pundits and experts allude to architectures that are cloud-like in their ability to provide on-demand scalability but do not – I repeat do not – rely on virtualization, i.e. virtual machines. But rarely – if ever – is this possibility described. So everyone says it can be done, but no one wants to tell you how. Maybe that’s because it appears, on the surface, to not be cloud. And perhaps there’s truth to that appearance. It is more...
posted @ Wednesday, September 02, 2009 4:03 AM |
|
|
Why would miscreants bother with other routes when they can go straight to the source? People concerned with security of the cloud are generally worried about illegitimate access of the applications and data they may deploy in the cloud. That’s a valid concern given the needs of certain vertical industries to comply with privacy-focused regulations like HIPAA and PCI DSS. It’s an extremely valid concern given research and studies showing just how vulnerable most web sites and applications are. Hint: it’s more than you probably think it is, and it’s likely your application is vulnerable...
posted @ Tuesday, September 01, 2009 3:32 AM |
|
|
F5 and VMware demonstrate live migration of a virtualized application across clouds without downtime or user disruption Cloud is reaching the peak of possibilities and that (often) means just more paper solutions. You know the ones; the ones that exist only on paper (or in blogs as the case may be). Those paper solutions need to exist because the ideas need to come first either out of necessity, i.e. to solve a specific problem, or out of a desire to find new ways to leverage emerging technology, like virtualization. But still, you’d like to see some of these...
posted @ Monday, August 31, 2009 4:33 AM |
|
|
How to leverage a “private virtual cloud” such as Amazon VPC with your own dynamic infrastructure A couple of blog posts on Amazon’s recent announcement of its VPC (Virtual Private Cloud) have made much of the fact that the resources available within Amazon’s cloud via VPC aren’t public. These same commentaries seem to believe that this makes the resources not very valuable. One author called it a “terrible” implementation because “users can’t expose clients to the internet and can’t assign them IP addresses.” I understand how some might reach that conclusion if they...
posted @ Monday, August 31, 2009 3:48 AM |
|
|
DNS wasn’t meant to handle hybrid cloud architectures and on-demand routing When you start distributing services (workloads, applications) across multiple locations, a la cloud balancing, and those locations may change on a frequent basis you begin to run into problems with finding those services and scaling the rate of change effectively. DNS was designed to resolve host names, but never expected that the same host name might resolve to one of two, three, or four IP addresses all within the span of five minutes. If we want to support a rapid rate of change, we’d...
posted @ Friday, August 28, 2009 4:29 AM |
|
|
Cloud changes how we deliver applications but we’re still delivering applications With all the hype around cloud it’s easy to get caught up in deployment models and architectures and how much money it is/is not going to save us and, of course, with the cool factor that always surrounds such innovation. But when we get our heads too far up in the clouds we forget what we’re really doing: delivering applications. Whether it’s thin-client, fat-client, browser-based, client/server, three-tier, n-tier, traditional, .NET, Java EE, or cloud we are still all focused on the same goal: deliver an application. ...
posted @ Thursday, August 27, 2009 3:57 AM |
|
|
Secure, optimized tunnels to a remote site, e.g. the cloud. Haven’t we been here before? In the continuing discussion around Business Intelligence in the cloud comes a more better (yes I did, in fact, say that) discussion of the reasons why you’d want to put BI in the cloud and, appropriately, some of the challenges. As previously mentioned, BI data sets are, as a rule, huge. Big. Bigger than big. Ginormous, even. One of the considerations, then, if you’re going to leverage a cloud-based business intelligence offering – or any offering in which very, very large data sets/files...
posted @ Wednesday, August 26, 2009 3:47 AM |
|
|
Cloud providers know the secret to a successful cloud computing implementation is integration between the infrastructure and virtualization Ever notice that cloud providers are v e r y reluctant to reveal on what foundation their cloud computing architectures are laid? Most providers don’t want to share their “secret sauce” because, well, then everyone else could get into the game as well. While it is certainly true that the infrastructure – and specifically the application delivery infrastructure – you choose to lay the foundation for a cloud computing architecture can affect your ability to succeed and innovate...
posted @ Tuesday, August 25, 2009 10:17 AM |
|
|
The real power behind cloud is processes, and those don’t come out of a box VMworld, in case you’ve been out of touch, is approaching fairly quickly. As with any trade show/conference there’s likely to be a lot of announcements about this and that and oh, of course, that too. What is interesting about cloud computing and virtualization is that most of the really exciting announcements are not going to be about new products or new features. You heard me, they aren’t going to be about new products or features. The foundations for cloud...
posted @ Tuesday, August 25, 2009 3:41 AM |
|
|
Survey says IT still doesn’t agree on the definition of cloud – private or public – but everybody is doing it Every organization with a stake in cloud computing’s predicted billions of dollar market is interested in understanding what it is IT wants – and needs – for cloud. The only way to find out, in most cases, is to ask. So ask we did. We asked 250 IT managers, network architects and cloud service providers not only about how they define cloud computing, but how widespread adoption of the disparate models of cloud really...
posted @ Monday, August 24, 2009 7:32 AM |
|
|
You’re going to need a dynamic infrastructure lest you effectively negate the gains achieved by higher VM densities In the continuing saga of “do more with less” comes a new phrase that’s being tossed around: VM density. For example, VMware puts forth the notion that the Total Cost of Ownership (TCO) of virtualization technology must consider VM density, saying, “Density matters in a many-to-one relationship.” VMware illustrates this concept in the context of TCO, but in general an increasing number of solutions are beginning to tout not only the benefits of higher VM density, but of their solutions ability...
posted @ Monday, August 24, 2009 4:07 AM |
|
|
Just what is the bandwidth of a van full of hard drives traveling 300 miles at a speed of 65 mph? After a short Twitter discussion based on this post which suggested Ye Olde Sneakernet is the best way to transfer large data sets from the enterprise to the cloud (which is, unfortunately, not as uncommon a suggestion from cloud providers as you might think) I was dared to compute the actual bandwidth of said sneakernet (probably because I said I had the urge to do just that, but is that really important? I didn’t think so.) ...
posted @ Friday, August 21, 2009 4:00 AM |
|
|
Why do application delivery vendors talk about both? Aren’t they the same thing? In general, acceleration implies that something will be done to the application: caching, compression, etc… The actual behavior of the application is changed such that the client may need to participate in the acceleration. Acceleration is technically speaking disruptive in the sense that it requires participation of client, intermediary, and often the server. This generally takes a form that leverages existing standards, a la caching, such that no changes need be made to clients or servers, but the behavior of the application and its...
posted @ Thursday, August 20, 2009 6:00 AM |
|
|
Idle resources will always need to exist, especially in a cloud architecture With IT focused on efficiency – for reduction in operating expenses and in the interests of creating a greener computing center – there’s a danger that we’ll attempt to achieve 100% efficiency. You know, the data center in which no compute resources are wasted; all are applied toward performing some task – whether administrative, revenue generating, development cycles, or business-related – and no machine is allowed to sit around idle. Because, after all, idleness is the devil’s playground, isn’t it? But before...
posted @ Wednesday, August 19, 2009 3:17 AM |
|
|
Amazon EC2 and S3 are no more or less safe than they were last week despite hype around PCI compliance admission The recent admission/announcement that “Amazon EC2 is not PCI compliant” (this is not exactly true, but we’ll get to that later) has set off a rush of blogs, articles, and tweets that say, in effect, EC2 is no longer “safe”. But a lack of compliance does not make Amazon any more less safe than achieving PCI compliance makes a site more safe. Ladies and gentlemen of the Internet, I submit as proof the...
posted @ Tuesday, August 18, 2009 3:29 AM |
|
|
I was recording a podcast last week on the subject of cloud with an emphasis on security and of course we talked in general about cloud and definitions. During the discussion the subject of “private cloud” computing was raised and one of the participants asked a very good question: Some of the core benefits of cloud computing come from shared resources. In a private cloud, where does the sharing of resources come from? I had to stop and think about that one for a second, because it’s not something I’ve really thought about before. But it was...
posted @ Monday, August 17, 2009 3:34 AM |
|
|
Without processes the cloud is not a cloud So you’ve virtualized your application infrastructure using VMware or Microsoft or the “virtualization solution de jour.” You probably also virtualized the application access via an application delivery solution so you can provide scalability on-demand. You might have even virtualized your storage to make it more efficient. Basically, you’re all ready to go and operators are standing by … And therein lies the problem: operators are standing by. The on-demand piece of your little private cloud is almost entirely managed by human beings, which means...
posted @ Friday, August 14, 2009 3:17 AM |
|
|
Simultaneously one of the best use-cases for cloud as well as the worst. What’s IT to do? David Linthicum, SOA and cloud pundit and all-around interesting technology guy, recently pointed out a short post on business intelligence (BI) vendors joining forces with the cloud to offer cloud-based BI services. Four open-source and proprietary vendors on Wednesday announced a new partnership resulting in a cloud-based BI (business intelligence) stack. Jaspersoft and Talend will respectively lend their open-source BI and data-integration technologies to the integrated offering, which also employs Vertica's analytic database...
posted @ Thursday, August 13, 2009 4:58 AM |
|
|
Back when I was developing GIS data translation software I had to fight security all the time. My desktop was so locked down I couldn’t compile the code because I didn’t even have appropriate permission to access the file system. Why? The guy in charge of security was so paranoid about someone doing something they shouldn’t that he completely missed the other half of his responsibility: ensuring people had access to data and information and systems to which they legitimately had a need to access. The potential impact of a data/security breach is so high these days that...
posted @ Wednesday, August 12, 2009 3:45 AM |
|
|
When it comes to availability, coding a solution is just delaying the inevitable Jonathan Howell, in Five Things That Will Kill Your Site – an excellent read, by the way, for all web application developers – asserts that there are several ways to avoid web application death that do not require the implementation of “expensive redundant hardware with top of the line load balancers and an enterprise class SAN.” In general he’s got some good advice to which application developers should pay attention, but I had to disagree with his assertion that a solution to provide graceful degradation...
posted @ Tuesday, August 11, 2009 3:56 AM |
|
|
Why Carr’s analogy doesn’t describe today’s cloud environments and how SOA can get us closer to what he describes Back when cloud first starting drifting in to obscure the computing landscape there were a lot of parallels drawn between it and grid, and a lot of analogies used to explain the concept behind it. Cloud computing is most often analogized using Nicolas Carr’s analogy of the cloud as an electrical grid; that’s always bothered me at almost a visceral level. But I could never articulate why well enough and a lot of smart people told me that if I...
posted @ Monday, August 10, 2009 3:57 AM |
|
|
If they can take down Twitter via DNS, they can take your site, too.
Everyone is talking about the DoS (Denial of Service) attack on Twitter but most of them are missing what really happened. We’re so used to defending against HTTP-based DoS attacks that we’ve missed that it’s much easier to DoS a site based on the most critical piece of infrastructure on the Internet: DNS.
If you really wanted to take out a site like Twitter or Facebook using an HTTP-based DoS it would take a whole lot of serious traffic because those sites are designed and architected...
posted @ Thursday, August 06, 2009 2:40 PM |
|
|
This isn’t all or nothing – focus on the right cloud model for each application and not the entire data center There’s a lot of discussion about why you should choose one cloud computing model over another and all of them miss the point entirely. This isn’t a mutually exclusive deal; it doesn’t have to be just one model chosen. In fact it shouldn’t be. Data centers aren’t comprised of single types of applications. There’s custom applications, deployed sometimes on well-known packaged platforms and in other cases on open source or lesser known platforms. There’s packaged...
posted @ Thursday, August 06, 2009 4:31 AM |
|
|
For some companies there’s never been a quantifiable financial impact from attacks. Cloud may change that. One of the frustrations with information security is that it’s always difficult – if not impossible – to quantify risk. Without the ability to quantify risk, it’s often the case that solutions that would mitigate the risk are left unimplemented because there’s no way to prove that the risk would turn into a breach, downtime, or other revenue impacting incident. Take the recent PayPal outage. Estimates are that the hour of downtime for the payment processing king might have...
posted @ Wednesday, August 05, 2009 3:37 AM |
|
|
Ever wanted to prove or understand how the network impacts productivity? There is a formula for that… We often talk in abstract terms about the affects of application performance on productivity. It seems to make sense that if an application is performing poorly – or unavailable – that it will certainly affect the productivity of those who rely upon that application. But it’s hard enough to justify the investment in application acceleration or optimization without being able to demonstrate a real impact on the organization. And right now justification is more of an issue than it’s ever been. ...
posted @ Tuesday, August 04, 2009 4:15 AM |
|
|
If you happened to read my post this morning (WILS: Applications Should Be Like Sith Lords) you might be wondering if the cat got my tongue this morning or if perhaps I’ve lost the ability to ramble on write passionately about application delivery. When you’ve spent as many years as I have writing for a living you learn how to expand on a subject. Sometimes you have to, especially when you really only have about 500 words worth of insight to share but need to fill 1500 words of space on a page. I can be long...
posted @ Monday, August 03, 2009 4:52 AM |
|
|
When you’re thinking about deploying an application it would be good to remember Yoda’s words regarding the Sith: Always two there are, a master and an apprentice. ALWAYS TWO THERE ARE Like Sith Lords, there should always be two instances of any given application available. Just in case. And that doesn’t mean two virtual servers – unless each one is on a different piece of hardware. If you want to ensure availability then you absolutely must not confine your application to one piece of hardware. ...
posted @ Monday, August 03, 2009 4:26 AM |
|
|
The concept of a server needs to go the way of the dodo One of the reasons I enjoy Twitter is that quite frequently – if you’re following the right people – you’ll see a tweet that is absolutely profound despite its simplicity and the constraints placed upon the author. Recently we were having a mini-discussion on Twitter regarding the definition of availability that elicited just such a golden nugget from botchagalupe: “Apps designed for a cloud should remove the ‘server’ concept.” First, I really like the use of the article “a” in...
posted @ Friday, July 31, 2009 3:41 AM |
|
|
The importance of a full-proxy architecture to application delivery, security, cloud computing, and virtualization People often describe the act of changing focus from one related but distinct task to another as “wearing two different hats.” Like moving from “developer” to “administrator” when you’re trying to deploy an application in a testing environment. You’re the developer, but then you have to “switch gears” and become a server administrator in order to ensure that the application server and its environment is configured properly before you can actually test the application you just wrote. But the metaphor...
posted @ Thursday, July 30, 2009 4:07 AM |
|
|
Context, it’s always about context (or the lack thereof) I received a call recently that most people have probably received: our banking institution just wanted to verify that yes, that was Don or I making purchases at midnight in Wisconsin and then later in Indiana and yet again that afternoon in Ohio. That’s a good thing, I’m sure, as they’re just trying to watch our back. But later in the day I tried to make a purchase and was, horror of horrors, denied. The bank, when called, seemed matter-of-fact about the situation. The security flag hadn’t been...
posted @ Wednesday, July 29, 2009 4:34 AM |
|
|
Availability means more than the dread “d” word The focus on making servers unhackable to prevent service disruption (that’s such a politic way of saying the dread “d” word – downtime) is admirable but exposes the tendency of technical folks to go down rat holes when discussing application delivery challenges and specifically the challenge of assuring availability of applications and services. What generally seems to happen when we start talking about availability in the cloud is that we go down the rat hole of talking specifically about the cloud and not applications deployed...
posted @ Wednesday, July 22, 2009 2:57 AM |
|
|
Notice that isn’t a question, it’s a statement of fact Twitter is having a bad month. After it was blamed, albeit incorrectly, for a breach leading to the disclosure of both personal and corporate information via Google’s GMail and Apps, its apparent willingness to allow anyone and everyone access to a .htaccess file ostensibly protecting search.twitter.com made the rounds via, ironically, Twitter. This vulnerability at first glance appears fairly innocuous, until you realize just how much information can be placed in an .htaccess file that could have been exposed by this technical configuration faux...
posted @ Tuesday, July 21, 2009 3:28 AM |
|
|
The “replace” in “rip and replace” essentially means getting rid of old security problems and replacing them with new ones. Twittergate is (thankfully) behind us but it’s almost assuredly going to be the case that we’ll be rehashing this one for a while. This certainly isn’t the first time Twitter and security issues have clashed, and as in the past Twitter (and really any very public application in a similar situation) is the clear loser. And of course there comes the unsolicited advice offered regarding what Twitter needs to do to address its security issues. I am, of...
posted @ Monday, July 20, 2009 3:43 AM |
|
|
Is ESB just an expensive integration hub or is there more to the story than we heard… In the beginning, the ESB (Enterprise Service Bus), was marketed as much more than an integration technology. While the core of an ESB is certainly about connectivity between services, there was – and still is – so much more to an ESB than just integrating disparate protocols and technologies. Transformation, parallel processing, content based routing, and service orchestration are among the more useful and beneficial capabilities of an ESB. That’s why it was somewhat surprising to see the CTO of...
posted @ Friday, July 17, 2009 3:26 AM |
|
|
First, everyone needs to calm down. Twitter.com itself was not breached. According to Evan Williams as quoted in a TechCrunch article, the attack did not breach Twitter.com or its administrative functions, nor were user accounts affected in any way. So everyone can just stop with the “Twitter needs to revamp its security!” and “Twitter isn’t secure” headlines and articles because it’s not only blatantly wrong, it’s diverting attention that should be devoted to the real problem: e-mail and account self-service. THE E-MAIL FACTOR What was compromised remains somewhat of a mystery. Following through the...
posted @ Thursday, July 16, 2009 2:58 AM |
|
|
One of the interesting points that discussions around intercloud brings up is the need for infrastructure to, if you’ll pardon the use of marketing jargon, align with the business. What that really means is that applications and their supporting infrastructure need to be more business-aware. Thing is you don’t really need intercloud or even cloud or even virtualization for many of these business-aware capabilities. They are certainly a boon, but solutions that include application delivery functionality don’t need to wait for a fully-baked cloud or intercloud implementation. Consider, for example, the potential of business-layer load...
posted @ Wednesday, July 15, 2009 3:55 AM |
|
|
Apparently if you’re attending the USENIX Security conference (August 12-14, 2009, in Montreal, Canada) you can participate in the Security Grand Challenge. What is that, you ask? Here’s how the organizers describe it: The concept is very simple. The participant teams will have to use their science and technical skill to create an environment where a server can function with integrity and minimum required service levels even when under attack. On the day of the competition, each participant team will receive a virtualized server, with a number of services. The services might...
posted @ Tuesday, July 14, 2009 2:59 AM |
|
|
No, that isn’t a homophonic mistake. Dan directed my attention to an interesting article recently, “Are 3-tier web architecture models too rigid?” in which the author postulates that “maybe it is time to finally break out of the old 3-tier web architecture box and retire the concept…” In addition to a great mention of F5 and an “application delivery tier” in web architecture models (the concept of which deserves its very own blog post), the author inadvertently, I think, brings to the fore one of the reasons SOA might have failed to dominate the world: service...
posted @ Monday, July 13, 2009 3:22 AM |
|
|
Without availability scalability is irrelevant I really enjoyed Jeff Atwood’s recent blog on Scaling Up vs Scaling Out, which includes a fairly detailed comparison of the costs associated with each approach to scalability. I enjoyed it because not only did it take into consideration the cost of hardware, but also remembered to include the cost of software licensing. And of course there’s the fact that Jeff’s site is focused on development and coding, and this discussion broadened the discussion into the realm of application networking – a demesne with which I am of course particularly fond. ...
posted @ Friday, July 10, 2009 3:38 AM |
|
|
So once we have the intercloud, what are we going to do with it? Some debate is heating up, at least on Twitter, about a variety of cloud-related topics. As James Urquhart pointed out in his “Three debates that will benefit cloud computing” debate is good, because it fuels innovation and drives markets forward. One of the things that’s frustrating about new technology and concepts is that terminology often confuses the discussion. We periodically still see discussions – and debates – around the definition of cloud computing, after all, so that shouldn’t be surprising at all....
posted @ Thursday, July 09, 2009 3:15 AM |
|
|
Smashing Magazine has a cool “cheat sheet” for those interested in the ongoing development of HTML 5. Of interest is what’s being excluded and what’s new, as well as the length of time it’s going to take before HTML 5 is completely supported: XHTML is dead, long live HTML 5! According to W3C News Archive, XHTML 2 working group is expected to stop work end of 2009 and W3C is planning to increase resources on HTML 5 instead. And even although HTML 5 won’t be completely supported until 2022, it doesn’t mean that it won’t...
posted @ Tuesday, July 07, 2009 4:06 AM |
|
|
Can intercloud intelligence eliminate the impact of intercontinental latency? Ken has always posited that it would be not only kewl but highly efficient if your data center could “follow the sun.” We all know that application performance is affected – positively and negatively – by distance. So if you’re a global organization with one primary data center that means some folks are going to have to settle for poorer application performance. That pesky speed of light law absolutely must be obeyed, for now at least, and intercontinental traffic has high latency, period. So let’s introduce the...
posted @ Monday, July 06, 2009 3:10 AM |
|
|
Can the inherent abstraction of virtualization succeed where SOA did not? My first read through a post on the Cloud Front Office led me to scoff disdainfully at the re-emergence of a concept central to a successful SOA implementation: the service catalog. Oh, we called it "registry" and then "registry/repository (reg/rep)" and finally "governance" but the concept behind it was exactly the same. Take a gander at the description of a cloud service catalog apparently growing out of discussions that began at Structure 09: Last week I attended Structure 09, one of the...
posted @ Thursday, July 02, 2009 3:39 AM |
|
|
The importance of stress-testing in production Everyone is still a-twitter over the problems the web experienced last week right after the news of Michael Jackson’s death. There have been numerous stories on the fact that the Internet nearly fell over itself and died under the strain of trying to support the rush of millions of users as they queried, clicked, watched video, read blogs and news reports on the subject. The Internet itself, of course, was just fine. The infrastructure comprising our electronic highway was humming along, routing packets happily here and...
posted @ Wednesday, July 01, 2009 4:14 AM |
|
|
The concept of an “intercloud” is floating around the tubes and starting to gather some attention. According to Greg Ness you can “Think of the intercloud as an elastic mesh of on demand processing power deployed across multiple data centers. The payoff is massive scale, efficiency and flexibility.” Basically, the intercloud is the natural evolution of global application delivery. The intercloud is about delivering applications (services) from one of many locations based on a variety of parameters that will be, one assumes, user/organization defined. Some of those parameters could be traditional ones: application availability, performance, or user-location. Others...
posted @ Tuesday, June 30, 2009 3:25 AM |
|
|
Somebody has to be first Recently Microsoft came up with a solution, supported natively in IE8, to protect against clickjacking attempts. Apparently some folks have decided that because Microsoft has a history of implementing proprietary solutions that this one, too, must be proprietary. These same folks must also have very little understanding of today’s web application architectures, as they declared the solution pretty much useless based on some pretty poor assumptions regarding the implementation of said solution. As noted in the Register, “some critics have contended the protection [X-FRAME-OPTIONS custom HTTP header] will be ineffective because...
posted @ Monday, June 29, 2009 3:15 AM |
|
|
I was chatting with my mother a couple weeks ago about cloud (she’s a used-to-be programmer turned project manager for a Fortune 500. Don’t look at me like that, I keep telling you it runs in the family) and one of the problems she lamented about was that folks don’t seem to understand how entrenched COBOL and the mainframe is in the organization. It’s so entrenched that given the choice between a client-server application and a COBOL application that did the same thing they chose the COBOL program because it was less expensive and they had the knowledge on staff...
posted @ Friday, June 26, 2009 2:50 AM |
|
|
Whether you are aware of it or not, if you’re deploying applications in the cloud or building out your own “enterprise class” cloud, you’re going to be using load balancing. Horizontal scaling of applications is a fairly well understood process that involves (old skool) server virtualization of the network kind: making many servers (instances) look like one to the outside world. When you start adding instances to increase capacity for your application, load balancing necessarily gets involved as it’s the way in which horizontal scalability is implemented today. The fact that you may have already...
posted @ Thursday, June 25, 2009 3:14 AM |
|
|
But browser support is only half the solution, don’t forget to implement the server-side, too. Clickjacking, unlike more well-known (and understood) web application vulnerabilities, has been given scant amount of attention despite its risks and its usage. Earlier this year, for example, it was used as an attack on Twitter, but never really discussed as being a clickjacking attack. Maybe because aside from rewriting applications to prevent CSRF (adding nonces and validation of the same to every page) or adding framekillers there just haven’t been many other options to prevent the attack technique from being utilized against...
posted @ Tuesday, June 23, 2009 3:27 AM |
|
|
I am not a number, I am a free man! – "The Prisoner", sampled by Iron Maiden (edited because geeks are picky and well, they're right even though I always think of Maiden and Eddie first before getting to the actual origins)
We, meaning everyone who deals with technology for a living, know that the move to IPv6 is inevitable. We simply must migrate in order to maintain the scalability of the Internet and its infrastructure. Well, we could continue to use technologies like NAT and SNAT in order to conserve IPv4 addresses, but really that’s just not practical...
posted @ Monday, June 22, 2009 3:54 AM |
|
|
The inclusion of a web server gives attackers clear line-of-sight to their targets There’s been a few articles on Opera Unite that have called into question the security of the decision to include a web server with the browser. Most of those discussions have centered around the ability to muck with files not intended by the host to be shared, but given current infection techniques there’s a far greater danger to Opera: mass injection attacks. As is often pointed out, current attack techniques are not necessarily targeting web sites per se, but are intended to infect...
posted @ Friday, June 19, 2009 3:56 AM |
|
|
One of the tasks of an enterprise architect is to design a framework atop which developers can implement and deploy applications consistently and easily. The consistency is important for internal business continuity and reuse; common objects, operations, and processes can be reused across applications to make development and integration with other applications and systems easier. Architects also often decide where functionality resides and design the base application infrastructure framework. Application server, identity management, messaging, and integration are all often a part of such architecture designs. Rarely does the architect concern him/herself with the network infrastructure, as that is...
posted @ Wednesday, June 17, 2009 4:07 AM |
|
|
Two steps forward, three steps back Every time there is a major shift in technology thought about architecture the question of how it will and should impact infrastructure arises. When SOA was the “next great thing” there was a spate of announcements regarding how infrastructure would not only support it but integrate into its ecosystem. This time it’s virtualization, and its impact on infrastructure both from a support standpoint and usage is getting a lot of mindshare. In a recent announcement around virtual network infrastructure Om Malik of GigaOm has some interesting commentary: As...
posted @ Tuesday, June 16, 2009 3:27 AM |
|
|
How to optimize compute resources in a heterogeneous environment using weight/ratio-based load balancing Unless you’re starting from scratch your data center is full of physical servers of various and sundry sizes, colors, shapes, and compute resources. And even if you’re starting from scratch and you have beautiful racks of everything the same, it’s not likely to stay that way if for no other reason than, well, hardware moves on at an astonishing rate these days. So you’ve almost certainly got (or will have) a physically heterogeneous environment in terms of hardware compute resources. When you’re scaling...
posted @ Monday, June 15, 2009 4:25 AM |
|
|
I’m heading out today for a little time off and so you’ll have to make due the rest of the week without any (new) words of wisdom from me. I know, try to pull yourself together. You’ll live, really, and I’ll be back Monday with something interesting, promise. While I’m out, you might consider checking out some of the blogs I follow myself on a regular basis. They’re always full of interesting tidbits and stories and wisdom on a variety of subjects, and if you don’t follow them yourself you might find something interesting in them. ...
posted @ Wednesday, June 10, 2009 4:25 AM |
|
|
An interesting thing happened on the way to testing that application from the cloud. We broke the innertubes!
Pros and Cons of Application Testing in the Cloud
A firm wanted to test their application and need 100 browser instances. In the old days it would have required 100 machines -- that would be a massive undertaking. Even with hardware virtualization, you would need 5 to 10 machines, and there would be some complex configuration issues. However, by putting it all in the cloud, they were able to sync up 100 virtual instances of the browsers and take them down over...
posted @ Wednesday, June 10, 2009 3:24 AM |
|
|
Balancing Cost, Performance, and Capacity in the Cloud There is a huge difference between provisioning applications to support capacity and provisioning them to support performance requirements. That as capacity increases performance decreases is one of the truisms of scalability that is likely to be one of the first axioms of cloud computing that will bite us in the proverbial rear-end while simultaneously reaching for our wallets. Alistair Croll of BitCurrent has a couple of great charts that illustrate this point perfectly. He then goes on to discuss how that affects cloud computing in “The cloud’s...
posted @ Tuesday, June 09, 2009 3:20 AM |
|
|
Automating components is easy. It’s automating processes that’s hard. The premise that if you don’t have an infrastructure comprised solely of Infrastructure 2.0 components then you cannot realize an automated, on-demand data center is, in fact, wrong. While the capabilities of modern hardware that come with Infrastructure 2.0 such as a standards-based API able to be leveraged by automation systems certainly makes the task all the more simple, it is not the only way that components can be automated. In fact, “legacy” infrastructure has been automated for years using other mechanisms that can certainly be incorporated into the...
posted @ Monday, June 08, 2009 3:14 AM |
|
|
If you haven’t got your (applications’) health, then you haven’t got anything If you happen to be unlucky enough to suffer from Celiac disease - gluten intolerance (wheat, barley, oats, rye) - then you know how important it is to keep gluten out of your diet. If you don’t know let’s just say that you have to keep even trace amounts of gluten out of your diet lest you suffer the consequences, which can be different from person to person, but none are pleasant. You feed off food; applications feed off requests and responses. Like those who...
posted @ Friday, June 05, 2009 4:08 AM |
|
|
When SOA was declared dead there was a spate of articles and blogs on why the architecture “died.” Most pundits came to the conclusion that like many innovations it wasn’t the technology to blame but rather people. Architects lacked the skills to properly leverage SOA; business stakeholders failed to look at SOA as a strategic architecture, choosing instead to use it as a tactical integration-solving solution; network and systems’ administrators did not understand the unique characteristics and issues a well-designed SOA raised within the network and on systems; and developers were loathe to “reuse” and “share” services despite alternate...
posted @ Thursday, June 04, 2009 4:07 AM |
|
|
Attackers say, we can go where we want to; we can leave our code behind… There’s probably a raid going on right now in Naxxramas and the attackers are almost certainly doing the Safety Dance. They probably learned the Safety Dance the same way I learned about it; from someone well-versed in its intricate steps. See, if you don’t know the Safety Dance and you come up against Heigan the Unclean, well… he’s not called Heigan the Unclean for nothing. You will not survive. Not even if you happen to have a Holocaust Cloak at...
posted @ Wednesday, June 03, 2009 3:58 AM |
|
|
Google didn’t kill HTTP. Neither did Colonel Mustard or Professor Plum. In fact, HTTP is still very much alive. Okay, folks, it’s time to stop declaring the death of protocols/technologies prematurely. Please? Especially when such proclamations are clearly not representative of reality. From ElasticVapor :: Life in the Cloud In Google's announcement what I found most fascinating was the protocol they choose for the basis of their new realtime vision. It wasn't HTTP but instead XMPP was selected as the foundation for this decentralized and interoperable vision. What this means in...
posted @ Tuesday, June 02, 2009 3:47 AM |
|
|
Cloud may change the definition of “business critical” applications
Google outages are rapidly becoming as passé as earthquakes to native Californians; unless it’s a really big one, no one really pays much attention. So it shouldn’t be surprising that Google’s latest “crash” (caused by some interesting routing problems, apparently) evinced an attitude of nonchalance from Stanley.
Who is Stanley? I don’t know, except that he was quite vocal about the outage and his opinion that he was “not really bothered by it.”
Google Crashes Again on Friday
Stanley Was wrote: Wednesday May 27 from around 8pm till shortly after midnight, I...
posted @ Monday, June 01, 2009 5:32 AM |
|
|
There is a tendency to describe every device on a network as simply “the network” regardless of whether that device is dedicated to security, or application delivery (layer 4-7), or actual network (layer 2-3) functionality. It’s an artifact of aging data center architecture models that there exists an artificial line of demarcation between web and application servers and everything else. We used to depict “everything else” as a cloud, but with the emergence of The Cloud doing so simply complicates discussions even further because the “network” necessary to support a dynamic, on-demand operational model of computing like “cloud” is more...
posted @ Friday, May 29, 2009 3:49 AM |
|
|
It certainly sounds reasonable: networks are moving toward a perimeter-less model so the line between internal and external network is blurring. The introduction of cloud computing as overdraft protection (cloud-bursting) further blurs that perimeter such that it’s more a suggestion than a rule. That makes the idea of encrypting everything whether it’s on the internal or external network seem to be a reasonable one. Or does it? THE IMPACT ON OPERATIONS A recent post posits that PCI Standard or Not, Encrypting Internal Network Traffic is a Good Thing....
posted @ Thursday, May 28, 2009 4:02 AM |
|
|
Understanding the impact of compression on server resources and application performance While doing some research on a related topic, I ran across this question and thought “that deserves an answer” because it certainly seems like a no-brainer. If you want to decrease bandwidth – which subsequently decreases response time and improves application performance – turn on compression. After all, a large portion of web site traffic is text-based: CSS, JavaScript, HTML, RSS feeds, which means it will greatly benefit from compression. Typical GZIP compression affords at least a 3:1 reduction in size, with hardware-assisted compression yielding an average...
posted @ Wednesday, May 27, 2009 3:50 AM |
|
|
There’s apparently been a bit of confusion over what, exactly, F5 thinks of cloud computing as an organization based on a recent blog post. I thought I’ve been fairly clear on where F5 stands in terms of cloud computing but I may be suffering what’s known as the “curse of knowledge”, which means I am so deeply entrenched in F5’s view of cloud that I forget that other people don’t have the luxury of that knowledge. So I’d like to take this opportunity to clear up any misconceptions that may be floating around and just set the record...
posted @ Tuesday, May 26, 2009 4:09 AM |
|
|
Let me ‘splain. No, there is too much. Let me sum up… This week has been full of interesting announcements: Microsoft warns of new server vulnerability McAfee blasted for having holes in its Web sites ‘Gumblar’ attacks spreading quickly There just aren’t enough words. But as they say, a picture is worth at least a thousand words, so I give you a pictoral response to this week’s interesting security happenings. ...
posted @ Thursday, May 21, 2009 4:22 PM |
|
|
As a telecommuter – and one that lives in that technological mecca of the midwest, Green Bay – I don’t often get the chance to talk face to face with, well, anyone. Being conscripted into booth duty at Interop this week means I get to talk to people with real problems and with ones that can quickly bring anyone with their head in the clouds back down to earth. Imagine if you will an application. A real, honest to goodness client-server application. Not web-based, but client-server; like the kind we wrote in Delphi and Visual Basic back in...
posted @ Thursday, May 21, 2009 6:30 AM |
|
|
Greedy algorithms can result in the right solution in the end, but rarely do Don and I were having a discussion with our oldest son the other night about writing a chess program. There are myriad options for implementing the learning aspects of a chess program, but this is not a task for the timid. He ended up proposing a much simpler solution (this was just an exercise in ‘can I write it’, after all) that would have essentially used a very greedy algorithm; one that made a decision regarding the computer’s next move based on current state of...
posted @ Monday, May 18, 2009 3:16 AM |
|
|
The consensus seems to be, at least from the myriad surveys, studies, and research, that cloud as a model is the right answer, it’s just the location that’s problematic for most organizations. Organizations aren’t ignoring reality; they know there are real benefits associated with cloud computing. But they aren’t yet – and may never be – willing to give up control. And there are good reasons to maintain that control, from security to accountability to agility. But the “people” still want the benefits of cloud, so the question is: how do we put...
posted @ Thursday, May 14, 2009 3:27 AM |
|
|
Part of the role of a Technical Marketing Manager at F5 is to get involved in communities and stay on top of what’s happening out there, “in the cloud”. Now obviously DevCentral, F5’s community, absolutely rocks. But admittedly our forums and blogs are pretty focused on technology that’s relevant to F5 (that’s everything about applications – from security and performance to availability and storage, in case you weren’t sure) and you aren’t really going to find a lot of information about databases or coding in C#/Java/Ruby or how to properly configure Active Directory forests. So when I’m out...
posted @ Thursday, May 14, 2009 3:22 AM |
|
|
If they aren’t now then Infrastructure 2.0 may force them in that direction - and vice versa. My brother (yes, it does run in the family) has a degree in computer science which, by most definitions, makes him a developer. That’s the focus of most computer science focused degree programs, much to the chagrin of the myriad other IT-focused specialties like networking, security, and operations. Interestingly enough, he worked his way through college as a sysadmin and his first job out of college was as a sysadmin. And now he’s doing a little of...
posted @ Wednesday, May 13, 2009 3:51 AM |
|
|
Risks with virtualization is same as it ever was but different Hoff makes a good point about cloud security last month in his “The Cloud is a Fickle Mistress: DDoS&M” which was, if I may quote, “it’s the oldies and goodies that will come back to haunt us.” In other words, it’s the well-known, well-understood protocol-based attacks of uncloud computing that will be problematic for cloud computing. Security in virtualized environments and “the cloud” is indeed the “same as it ever was.” And yet it’s different, too. COLLATERAL DAMAGE While it’s...
posted @ Tuesday, May 12, 2009 3:45 AM |
|
|
Why architecture matters not only to security but to the future of cloud computing It seems the phrase “in the cloud”, sadly, has become a marketing-hyped euphemism for “the Internet.” I say sadly because the use of cloud to refer to every and any service delivered over the Internet dirties up the cloud. It obscures the intent of cloud computing and makes it difficult for technologists in the trenches to get a handle on how cloud – both external and internal – can provide benefits and solutions to problems they have right now. The very loose use of the...
posted @ Monday, May 11, 2009 3:38 AM |
|
|
Everyone who is involved in networking, application networking, cloud computing, and virtualization knows about and is probably planning some kind of presence at Interop. It is “the” event for a variety of inter-related industries, all revolving around network-something. For six years I attended Interop, but as a member of the press. This time, I’m on the “other side” with a vendor, and the view is very different. At a minimum, there’s a lot more planning that goes into exhibiting at such an event. There’s booth layouts to review and decisions on what kind of information...
posted @ Friday, May 08, 2009 3:42 AM |
|
|
Don’t confuse computing services with infrastructure services. We aren’t there yet. The subtext to the cloud computing discussion is subtle, as is the wont of subtext. But it is clear that underlying all the concerns about cloud computing is a common theme: control. Whether we’re talking about reliability or security, it should be obvious if you’re reading between and beneath the lines that the biggest stumbling block to massive cloud adoption is the issue of control. There is a very real difference between on-demand computing and on-demand infrastructure. What the cloud provides now, and is described...
posted @ Thursday, May 07, 2009 3:11 AM |
|
|
Brother, can you give a developer a hand? As the topology of networks delivering applications becomes increasingly complex it becomes more and more difficult to troubleshoot problems, especially for developers tasked with figuring out why their “application broke” in production when it was working just fine thank you very much in “DEV” and “QA.” It is rare, after all, that the production environment – including all the moving parts – is duplicated in development and testing environments. It is already difficult enough for developers to track down problems due to the complex nature of application infrastructure...
posted @ Wednesday, May 06, 2009 4:17 AM |
|
|
If you’ve ever played Dungeons & Dragons for an extended period of time (a campaign, in the vernacular) you know that of all the classes available the cleric is the least likely to be chosen willingly. The cleric class is much like the kid picked last in kickball, chosen only because you have to, not because you want to. Okay, bard may actually be less likely but cleric is really, really close and you need a cleric, you don’t necessarily need a bard. The problem is that clerics can be somewhat dull to play but...
posted @ Tuesday, May 05, 2009 3:38 AM |
|
|
Hint: It doesn’t actually have much to do with technology or products In case you hadn’t heard, a startup called Panda Security has introduced a cloud-based anti-virus offering. This set off a rift of articles and blogs discussing the solution itself and what it means and some who questioned whether ‘anti-virus’ even meant ‘security’ in the first place. But I’m not interested in that discussion except to say that folks need to be more careful about distinguish “cloud security” from “cloud-based security”. The former is about securing the cloud and its infrastructure, the latter about services hosted...
posted @ Monday, May 04, 2009 3:37 AM |
|
|
Toni Bowers, Head Blogs Editor at TechRepublic, had quite an interesting blog on the subject of women tech bloggers, “Sure she’s a good tech blogger, but what does she look like?” The comments are as interesting as the content, to be sure, as the responses come from a mostly male community.
MOST MEN AREN'T JERKS AFTER ALL
Now, Toni asks why men care about – and comment on – women’s looks as part of their feedback (and in some cases, as their only feedback). After all, you rarely see commentary about a man’s appearance in blog comments.
I...
posted @ Friday, May 01, 2009 6:20 AM |
|
|
The importance of context in solving the problems created by tying web applications to deeply rooted local metaphors (IP addresses). The relationship between IP addresses and web applications to most end-users is much like the metaphorical language of the Tamarians in Star Trek: The Next Generation “Darmok”. It is incomprehensible without the proper foundational concepts; to anyone who lacks the proper context. In the case of IP addresses and web applications that foundation is technological rather than the historical basis of the Tamarian’s metaphorical language. The diseconomy of scale inherent in our reliance on IP addresses...
posted @ Thursday, April 30, 2009 2:45 AM |
|
|
The blurring of professional and personal lives in social media and the rush of organizations to “join in” may create just that. Almost every modern organization has behavioral policies known as “zero-tolerance” these days. These policies are designed to provide a healthy, productive environment in which anyone can work without fear of being insulted, offended, harassed, or otherwise made uncomfortable on a day to day basis. Basically, “zero-tolerance” policies are - in part - the codification of the common-sense rule that says you don’t talk about religion, politics, or sex in the work environment. Controversial topics,...
posted @ Wednesday, April 29, 2009 3:05 AM |
|
|
You can’t afford not to invest in technologies that leverage virtualization to improve data center efficiency There’s an old adage that says you have to spend money to make money. In the data center these days this is more true than ever. You have to invest in technology capable of making your data center more efficient in order to make (save) money. A recent Robert Half Technology survey of 1400 CIOs indicates that data center efficiency and virtualization are top priorities. *CIOs were asked, "Which areas, if any, will your IT department be investing...
posted @ Tuesday, April 28, 2009 3:00 AM |
|
|
We know what the problem is. We know what the solution is. So why aren’t we doing something about it? Every year, around April Fools’ day, someone pulls out the old “Internet Spring Cleaning” gag. For those of us who are not technical neophytes or have been “online” long enough, the joke is amusing but not nearly as much as when it originally appeared many, many, many years ago. Is it possible, though, that one day the old “the Internet needs to be rebooted” gag might be real? That in order to get from here...
posted @ Monday, April 27, 2009 3:23 AM |
|
|
How to defeat the ancient Jedi mind trick known as HTTP Request Smuggling. HTTP Request Smuggling (HRS) is not a new technique; it's been around since 2005. It takes advantage of architectures where one or more intermediaries (proxies) are deployed between the client and the server. HRS is can be used to poison web-caches and bypass security solutions such as web application firewalls as well as for the delivery of malicious payloads such as worms, viruses, and those used to exploit known vulnerabilities in web and application servers. The good news is that to exploit HRS,...
posted @ Thursday, April 23, 2009 3:39 AM |
|
|
Automation isn’t some special brand of soup and there’s no “automation nazi” who can deny access to its benefits. The recent McKinsey report on cloud computing has pundits everywhere choking on their donuts and scrambling to dispute the report’s findings, which essentially end up saying “cloud ain’t cheaper.” I’m not going to rehash the arguments. I’m not going to analyze the report. But I am going to dig into a few comments on the report by Thorsten at RightScale who started off by saying: “Its claim that cloud computing (in the...
posted @ Wednesday, April 22, 2009 3:18 AM |
|
|
OVF (Open Virtualization Format) apparently just isn’t getting enough mindshare out there in the discussions of cloud computing that focus on portability and interoperability. The goal of OVF is to provide a portable, interoperable non-vendor specific meta-data that describes an application, its virtual container, and the attributes necessary to deploy it in a new environment with minimal human intervention. This will, allegedly, allow it to move seamlessly from cloud to cloud, drifting ever-so-gently and making the entire process appear effortless. Given that lofty goal, it’s no surprise that Jon Oltsik, senior analyst at the Enterprise Strategy Group, wonders...
posted @ Tuesday, April 21, 2009 2:58 AM |
|
|
What is this application delivery thing that everyone keeps telling me I need? Isn’t that just the latest marketing term for load balancing? A recently released Forrester report concludes that “firms must develop and integrated strategy for application delivery.” We don’t disagree with that, or with the Gartner report claiming that “Load Balancing is Dead, Time to Focus on Application Delivery.” Application delivery is the next step in the logical evolutionary path from the tactical solution of load balancing to a comprehensive application infrastructure strategy. Forrester’s research indicates that despite the fact that application...
posted @ Monday, April 20, 2009 3:40 AM |
|
|
Open Source SSL Accelerator solution not as cost effective or well-performing as you think o3 Magazine has a write up on building an SSL accelerator out of Open Source components. It’s a compelling piece, to be sure, that was picked up by Slashdot and discussed extensively. If o3 had stuck to its original goal – building an SSL accelerator on the cheap – it might have had better luck making its arguments. But it wanted to compare an Open Source solution to a commercial solution. That makes sense, the author was trying to show value in...
posted @ Friday, April 17, 2009 4:56 AM |
|
|
This whole Web 2.0-sucking-the-life-out-of-servers problem? Yeah, it’s nothing new if you’ve been paying attention. I am not one prone to fits of smug arrogance. I don’t generally ever say “I told you so” (even if I did) or tsk-tsk when you failed to listen to some nugget of wisdom and it bites you some place…unpleasant. Don often tells me I should, and he will if I won’t, but most of the time I simply bite my tongue and let it pass on by. It’s my job to offer up the information, not force it down your throat....
posted @ Thursday, April 16, 2009 3:46 AM |
|
|
The acceleration technique known as pre-fetching went the way of the do-do bird sometime around 2002. But perhaps it should be resurrected, just in a different place and with a slightly different focus. A SHORT HISTORY OF ACCELERATION TECHNIQUES Most modern acceleration techniques revolve around two things: decreasing the amount of data to be transferred (compression, optimization of the client-side cache) or twiddling with protocols (TCP, HTTP) and their associated behaviors to improve the overall speed at which a client and server communicate. Back in the early days of application acceleration most technologies were...
posted @ Tuesday, April 14, 2009 3:01 AM |
|
|
Collaborating automatically via Web 2.0 APIs is a beautiful thing. I can update status on Twitter and it will automagically propagate to any number of social networking sites: Facebook. FriendFeed. MySpace. LinkedIn. If I had to do it all manually, I wouldn’t. But the automation of sharing, i.e. collaboration, between Web 2.0 social networking sites made possible by open APIs is just too easy to pass up.
The danger is, of course, that a single malicious message can just as quickly propagate through that same social network. The power of the API can quickly be turned against us.
A...
posted @ Monday, April 13, 2009 4:05 AM |
|
|
Leveraging virtualization as a means to create a specialized architecture can realize significant gains in performance and IT efficiency With all the talk about “packaging up applications” in a virtual machine and shipping them off to the cloud, it almost sounds as if virtualization might lead us to a return to architecting monolithic applications. The idea of packaging up everything you need to run an application in a virtual container and relieving the worries about connectors and adapters and integration is certainly appealing. But let’s take a step back from the virtualization craze as it relates to...
posted @ Thursday, April 09, 2009 3:34 AM |
|
|
You’ve declared your Data Center Independence. You’ve agreed on a basic set of rights. The problem now is ensuring that those rights are upheld and that you can achieve that independence. We’re not innocent bystanders in the data center revolution; we wholly support your rights to choose the architecture and solutions that best fit your environment. You can’t do it alone. You need tools with which to fight the data center revolution. So we’re arming you with at least some of those tools (hey, we can’t do it all alone) with the introduction of BIG-IP v10...
posted @ Wednesday, April 08, 2009 4:47 AM |
|
|
Those who cannot remember the past are condemned to repeat it. George Santayana, The Life of Reason, Volume 1, 1905 US (Spanish-born) philosopher (1863 - 1952) This oft repeated quote needs to be tweaked just a bit to be more applicable to web application security: Those who choose to ignore the past in favor of convenience are condemned to repeat it. Just how many times do developers have to “hack” a protocol that eventually becomes a wide-open hole through which even a blind miscreant...
posted @ Tuesday, April 07, 2009 9:25 AM |
|
|
Finding new life for SOA in the cloud We’ve been having quite a few discussions with analysts over the past few months on the subject of “cloud”. The interesting thing about these discussions is the vast array of points of view from which those analysts are viewing “cloud”. Some are focused on the network aspects, others on pricing/differentiation, and some are even very focused on what “cloud” means to applications – and the organizations that will, allegedly, take advantage of the cloud as a means of application deployment. One such analyst is Daryl Plummer of Gartner. Daryl...
posted @ Tuesday, April 07, 2009 3:37 AM |
|
|
Making the case for a Hungarian Notation variation for URL hierarchies One of the top discussions out in the ether these days revolves around URL shortening. One of the reasons folks flock to URL shortening services like bit.ly and TinyURL is because web sites and applications use exceedingly long URLs. Many times this is because of exposed file system hierarchies (a potential security risk, by the way) and a desire to take advantage of descriptive file names for SEO and informational reasons. Recently Delicious founder Joshua Schachter expressed his opinion that URL Shorteners are bad for the web, while...
posted @ Monday, April 06, 2009 3:15 AM |
|
|
Everyone wants web sites and applications to load faster, and there’s no shortage of folks out there looking for ways to do just that. But all that glitters is not gold, and not all acceleration techniques actually do all that much to accelerate the delivery of web sites and applications. Worse, some actual incur risk in the form of leaving servers open to exploitation. A BRIEF HISTORY Back in the day when HTTP was still evolving, someone came up with the concept of persistent connections. See, in ancient times – when administrators still wore togas in...
posted @ Thursday, April 02, 2009 3:30 AM |
|
|
Are you protecting your Web 2.0 APIs? As Web 2.0 applications continue to expand from connected to collaborative via the extensive use of APIs it behooves developers and security professionals alike to consider the ramifications of providing this necessary yet dangerous avenue of entry into their application infrastructure. Too many discussions around web application security are focused on the user-facing web interfaces and ignore the potentially more dangerous collaboration-focused interfaces that make up the API. What makes them more dangerous is that they almost always offer an XML exchange format, but it is rare that...
posted @ Wednesday, April 01, 2009 3:46 AM |
|
|
Long URLs and variable names increase transfer size which wastes bandwidth and money
o3 magazine has a great article on the impact of long URLs on bandwidth; specifically on how much bandwidth is wasted by excessively long URLs and variable names within HTML, JavaScript, and CSS selectors.
What the author does not mention, and he really should, is that wasting bandwidth can translate into wasted dollars, as well. This is particularly true of applications that might be hosted in a cloud environment, as well as those delivered across WAN links provisioned with bursting capabilities above limits for which organizations are...
posted @ Tuesday, March 31, 2009 4:13 AM |
|
|
Keep in mind that the time it takes a human being to blink is an average of 300 – 400 milliseconds. I just got back from Houston where I helped present on F5’s integration with web application security vendor White Hat, a.k.a. virtual patching. As almost always happens whenever anyone mentions the term web application firewall the question of performance degradation was raised. To be precise: How much will a web application firewall degrade performance? Not will it, but how much will it, degrade performance. My question back to those of you with the same...
posted @ Monday, March 30, 2009 3:21 AM |
|
|
First Amendment Vendors shall make no law respecting an establishment of architecture, or prohibiting the free design thereof; or constraining the flow of data, or of packets; or the right of the administrators easily to configure, and to ensure the fast, secure, and available delivery of applications. Second Amendment A well-performing network being necessary to the delivery of applications, the right of IT to optimization of any network environment, shall not be infringed. Third Amendment Budgetary constraints, though required for an efficient business, shall not force IT to compromise on security or...
posted @ Friday, March 27, 2009 2:10 AM |
|
|
If you do, you may find you’ll come out with a more effective security strategy Michael Santarcangelo shows why he’s known as a “human catalyst” with his strategy-focused effort to change the way we deal with security, Into the Breach. Michae'l’s basic premise is that a breach is a symptom of a larger problem and not the actual problem itself. Unlike most security-focused discussions today he tackles not the issue of electronic data and disclosure but the larger, more often ignored problem of low-tech breaches caused (often unintentionally) by people. Soylent security. It’s people,...
posted @ Thursday, March 26, 2009 3:58 PM |
|
|
One of the greatest strengths of the Cloud is that, like the Internet, it knows no boundaries. It crosses industry and international boundaries as if they do not exist. But as is often the case, your greatest strength can also be your greatest weakness. Take Google, for example, and it’s myriad Cloud-based application offerings. A new complaint made by Epic (Electronic Privacy Information Center) to the US Federal Trade Commission urges the regulatory agency to “consider shutting down Google’s services until it establishes safeguards for protecting confidential information.” From a recent FT.com article: ...
posted @ Thursday, March 26, 2009 5:47 AM |
|
|
When in the course of deploying applications, it becomes necessary for administrators to dissolve the technical shackles which have connected them to products, and to assume among the powers of IT, the separate and equal station to which management entitles them, a decent respect for their valuable time requires that vendors should provide them with the means by which they may enact this separation. We hold these truths to be self-evident, that not all applications are created equal, that they are endowed by their developers with certain quirky behaviors, that among these are chattiness, vulnerabilities, and very large...
posted @ Wednesday, March 25, 2009 4:03 AM |
|
|
Better performance, reduced costs and data center footprint are not niche-market interests. The fast-paced world of finance is taking a hard look at the benefits of hardware acceleration for performance and finding additional benefits such as a reduction in rack-space via consolidation of server hardware. Rich Miller over at Data Center Knowledge writes: Hardware acceleration addresses computationally-intensive software processes that task the CPU, incorporating special-purpose hardware such as a graphics processing unit (GPUs) or field programmable gate array (FPGA) to shift parallel software functions to the hardware level. ...
posted @ Tuesday, March 24, 2009 3:27 AM |
|
|
Remember when…it was sprawl or nothing? Remember when…you had to choose between security and speed? Remember when…you had to choose between agility and performance? It’s time for a change; a change that brings freedom and choice to the data center and puts IT back in control of its own architectural destiny. Technorati Tags: F5,revolution,data center,choice,change,freedom,agility,infrastructure,infrastructure 2.0,dynamic infrastructure,web,internet,video,blog Related articles by Zemanta Unified Ontology of Cloud Computing (johnmwillis.com) ...
posted @ Monday, March 23, 2009 3:27 AM |
|
|
Ah, those were the days, weren’t they? When improving the security, reliability, and performance of applications over the LAN, over the WAN, and over the Internet meant you had to deploy many different solutions, each one standing on their own in the data center. When you had to learn how to configure and manage as many devices as you have fingers just to deliver a single business-critical application to users and customers across a wide variety of environments. When there really wasn’t an option because solutions weren’t unified, weren’t contextually aware, and were basically just a bunch of point solutions...
posted @ Monday, March 23, 2009 3:21 AM |
|
|
I admit it. I’m a load / performance testing junkie. During my years with Network Computing I burned through any number of solutions designed to throw more traffic at products than money Congress is throwing at failed banks these days. And I do mean burned, as the last time I was in the lab there were no less than three non-functioning Spirent Avalanche systems that had given up the ghost after being forced to their absolute limits over years of use and abuse.
When I received a note telling me about LoadImpact.com, a load testing as a service site, naturally...
posted @ Friday, March 20, 2009 3:21 AM |
|
|
The reasons behind an increasing enrollment rate in computer science programs say it isn’t coolness driving interest, it’s cash. But the reality of computer science is such that opportunistic degree chasers aren’t likely to make it through the program. Recently, infrastructure was declared “cool again”. And this week computer science majors got the “cool” nod as well. My immediate reaction to both “news” announcements was: When were they not cool? My second was, how in the world does a rise in enrollment equate to coolness? The fact that infrastructure is getting more attention and more college...
posted @ Thursday, March 19, 2009 3:21 AM |
|
|
One of the oft cited reasons in surveys that enterprises aren’t flocking to the cloud like lemmings off a cliff is “lack of control”. Problem is that articles and pundits quoting this reason never really define what that means. After all, cloud providers appear to be cognizant of the need for users (IT) to be able to define thresholds, reserve instances, deploy a variety of “infrastructure”, and manage their cloud deployment themselves. The lack of control, however, is at least partially about control over the infrastructure itself and, perhaps, complicated by the shallow definition of “infrastructure” by cloud...
posted @ Wednesday, March 18, 2009 2:49 AM |
|
|
ArsTechnica has an interesting little article on what Windows Azure is and is not. During the course of discussion with Steven Martin, Microsoft's senior director of Developer Platform Product Management, a fascinating – or disturbing in my opinion – statement was made: There is a distinction between the hosting world and the cloud world that Martin wanted to underline. Whereas hosting means simply the purchase of space under certain conditions (as opposed to buying the actual hardware), the cloud completely hides all issues of clustering and/or load balancing, and it offers an entirely virtualized...
posted @ Tuesday, March 17, 2009 4:34 AM |
|
|
What’s driving your organizational interest in cloud? Is it apathy or is it architecture? The whole debate surrounding the existence, or non-existence as it were, of “private” clouds seems to revolve around the definition of cloud. Yes, we’re right back at the beginning, Vizzini. The problem is that lots of folks want to focus in on the “apathy” inherent in cloud rather than the “architecture”. Yes, apathy. After all, that’s what we’re saying when we include as a key component of the definition of cloud “you don’t have to care about the infrastructure.” For example, Andrew...
posted @ Monday, March 16, 2009 3:45 AM |
|
|
Ah, those were the days, weren’t they? When you needed a way to add security at several layers to your network and application network infrastructure but knew that implementing a solution capable of securing those pesky applications was more than likely going to end up with poor performance and angry users. When you needed to add something to secure applications and the network against the growing wave of attacks but knew that doing so would negatively impact performance. It was a tough choice, and most people ended up going the route of maintaining application performance at the expense...
posted @ Monday, March 16, 2009 3:39 AM |
|
|
Decisions about routing at every layer require context A friend forwarded a blog post to me last week mainly because it contained a reference to F5, but upon reading it (a couple of times) I realized that this particular post contained some very interesting information that needed to be examined further. The details of the problems being experienced by the poster (which revolve around a globally load-balanced site that was for some reason not being distributed very equally) point to an interesting conundrum: just how much control over site decisions should a client have? Given the...
posted @ Thursday, March 12, 2009 4:11 AM |
|
|
Mike Fratto loves to tweak my nose about web application security. He’s been doing it for years, so it’s (d)evolved to a pretty standard set of arguments. But after he tweaked the debate again in a tweet, I got to thinking that part of the problem is the definition of web application security itself. Web application security is almost always about the application (I know, duh! but bear with me) and therefore about the developer and secure coding. Most of the programmatic errors that lead to vulnerabilities and subsequently exploitation can be traced to a lack of secure...
posted @ Wednesday, March 11, 2009 3:21 AM |
|
|
There is no evidence, no research, no surveys that indicate the cloud is, or ever will be, ready to completely outsource an organization’s data center. There’s no reason to even believe that’s the goal of cloud providers, though it might seem a logical conclusion. So making outrageous claims about the capabilities of the cloud, and the relevance of the data center, does no one any good. What’s got me so riled up? This particular statement from a prediction for 2009 from Appirio: But all this talk about “private clouds” is a distraction from...
posted @ Tuesday, March 10, 2009 4:30 AM |
|
|
Ah, those were the days, weren’t they? When you needed a way to inspect data at the edge for application-specific issues but knew that implementing a solution capable of that kind of agility was more than likely going to end up with poor performance and angry users. When you needed to add something to secure applications and the network against the growing wave of attacks but knew that doing so would negatively impact performance. It was a tough choice, and most people ended up going the route of maintaining application performance at the expense of security and optimization...
posted @ Monday, March 09, 2009 4:30 AM |
|
|
One of the ways miscreants locate targets for mass SQL injection attacks that can leave your applications and data tainted with malware and malicious scripts is to simply seek out sites based on file extensions. Attackers know that .ASP and .PHP files are more often than not vulnerable to SQL injection attacks, and thus use Google and other search engines to seek out these target-rich environments by extension. Using a non-standard extension will not eliminate the risk of being targeted by a mass SQL injection attack, but it can significantly reduce the possibility because your site will automatically turn...
posted @ Thursday, March 05, 2009 3:46 AM |
|
|
Increasingly WAN optimization solutions are adopting the application acceleration moniker, implying a focus that just does not exist. WAN optimization solutions are designed to improve the performance of the network, not applications, and while the former does beget improvements of the latter, true application acceleration solutions offer greater opportunity for improving efficiency and end-user experience as well as aiding in consolidation efforts that result in a reduction in operating and capital expenditure costs. WAN Optimization solutions are, as their title implies, focused on the WAN; on the network. It is their task to improve the utilization of bandwidth,...
posted @ Wednesday, March 04, 2009 3:29 AM |
|
|
According to the definition of cloud computing used by Avanade for a recently released and often cited study on the use of cloud computing, I could claim to be a cloud computing provider. And so could you. Basically, so could just about everyone who happens to run web-based applications accessed over the Internet. From the summary of the report: In the midst of widespread economic turmoil, this global survey of C-level executives and IT decision-makers shows a clear, collective mandate: use technology to cut the cost of doing business. ...
posted @ Tuesday, March 03, 2009 2:59 AM |
|
|
During my reading of the Internet I happened across an ad on Network World that stopped me in my tracks. And not because it was one of those “pre-ads” that you can’t avoid, nor because it was cool or flashy or said something particularly witty. No, it stopped me in disbelief because it implied that someone else (a vendor) was in charge of your data center architecture; that you had nothing to do but sit back and wait for them to let you know when it – and you – were ready to take the next step. Look,...
posted @ Monday, March 02, 2009 4:32 AM |
|
|
It’s been a long time since I had the (mis)fortune to sit in a math class, so bear with me while I figure this out. In order to determine my daily budget for the application I am hosting with Google’s App Engine, I need to sum the results of the standard deviation of the derivative of yesterday’s CPU utilization, multiplied by the bandwidth used divided by pi and then multiple the whole thing by the number of e-mail messages sent by the application. Got that? Go. 5…4…3…2…1 Pencils down. What? Not finished yet? Okay, I’m being...
posted @ Thursday, February 26, 2009 4:07 AM |
|
|
Owning the stack is important to security, but it’s also integral to a lot of other application delivery functions. And in some cases, it’s downright necessary. Hoff rants with his usual finesse in a recent posting with which I could not agree more. Not only does he point out the wrongness of equating SaaS with “The Cloud”, but points out the importance of “owning the stack” to security. Those that have control/ownership over the entire stack naturally have the opportunity for much tighter control over the "security" of their offerings. Why? because they...
posted @ Wednesday, February 25, 2009 3:13 AM |
|
|
Cloud computing and virtualization promises to revolutionize the architectural principles of the data center. Shared resources enable efficiency, but ultimately the dynamism required to achieve such gains in efficiency will cause chaos in a variety of other functions throughout IT. The CIO is in for a rocky road unless a broader set of IT management vendors pave the way for a smooth ride. The (In)accuracy of Forecasting in a Dynamic Environment Organizations rely on the ability to forecast project costs and anticipated ROI in order to prioritize and set budgets for coming years. Many IT project management...
posted @ Tuesday, February 24, 2009 3:36 AM |
|
|
If you’re looking at standardization and interoperability efforts only as they relate to providers or end-users then you’re not thinking long term nor are you really considering the potential of cloud computing and virtualization to revolutionize data center architectures. In a nutshell, if you equate “cloud” with “providers like Amazon and Google” then you don’t really get the big picture. While the ultimate goal of cloud specifications and standards is to enable interoperability and ease of migration for the end-user, approaching the creation of such standards from the point of view of the end-user will result in a...
posted @ Monday, February 23, 2009 4:06 AM |
|
|
The case of Laura Dean has been treated as a “wake up call” to the millions of users of social networking sites. At first glance it appears there is nothing that Facebook (or any other social media site) could have done to prevent the theft and subsequent abuse of her identity. I was briefly on the “you can’t blame technology for this one” bandwagon until I stopped and thought about the ways in which fraud detection systems work and applied that process to the very simple login process used by every social media site in existence. ...
posted @ Friday, February 20, 2009 3:51 AM |
|
|
The focus of cloud and virtualization discussions today revolve primarily around hypervisors, virtual machines, automation, network and application network infrastructure; on the dynamic infrastructure necessary to enable a truly dynamic data center. In all the hype we’ve lost sight of the impact these changes will have on other critical IT systems such as network systems management (NSM) and application performance management (APM). You know their names: IBM, CA, Compuware, BMC, HP. There are likely one or more of their systems monitoring and managing applications and systems in your data center right now. They provide alerts, notifications,...
posted @ Thursday, February 19, 2009 4:55 AM |
|
|
When folks are asked to define the cloud they invariably, somewhere in the definition, bring up the point that “users shouldn’t care” about the actual implementation. When asked to diagram a cloud environment we end up with two clouds: one representing the “big cloud” and one inside the cloud, representing the infrastructure we aren’t supposed to care about, usually with some pretty graphics representing applications being delivered out of the cloud over the Internet. But yet some of us need to care what’s obscured; the folks tasked with building out a cloud environment need to know what’s...
posted @ Wednesday, February 18, 2009 4:14 AM |
|
|
It has been suggested that the use of application acceleration solutions as a means to improve application performance would result in programmers writing less efficient code. In a comment on “The House that Load Balancing Built” a reader replies: Not only will it cause the application to grow in cost and complexity, it's teaching new and old programmers to not write efficient code and rely on other products and services on [sic] thier behalf. I.E. Why write security into the app, when the ADC can do that for me. Why write code that...
posted @ Tuesday, February 17, 2009 3:41 AM |
|
|
The year 2009 may be remembered as the year technologies died. First Anne Thomas Maynes of Burton Group declared SOA dead, and more recently Mark Fabbi of Gartner announced the death of load balancers. The difference in the obituaries is striking: Maynes declare an entire architectural model dead while Fabbi merely declares the death of a product, not the technological concepts behind it. Load balancers may be dead, the concept of load balancing lives on as a critical foundation for more advanced and valuable features available in the load balancer’s evolutionary replacement: the application delivery controller. Where Maynes gives...
posted @ Monday, February 16, 2009 5:10 AM |
|
|
One of the negatives of providing a solution is that it necessarily assumes there is a problem. That’s actually a fair assumption in the technology world, as problems seem to abound with no end in sight. What it also does, unfortunately, is lead to a culture within IT that is more tactical than strategic. Because IT is almost always trying to put out one fire or another, they rarely have time to think – and plan – ahead. Honestly, that’s the responsibility of directors and C-level executives, anyway. It’s their responsibility to look ahead not just months...
posted @ Thursday, February 12, 2009 3:41 AM |
|
|
The issue of application state and connection management is one often discussed in the context of cloud computing and virtualized architectures. That's because the stress placed on existing static infrastructure due to the potentially rapid rate of change associated with dynamic application provisioning is enormous and, as is often pointed out, existing "infrastructure 1.0" systems are generally incapable of reacting in a timely fashion to such changes occurring in real-time. The most basic of concerns continues to revolve around IP address management. This is a favorite topic of Greg Ness at Infrastructure 2.0 and has been subsequently addressed...
posted @ Tuesday, February 10, 2009 7:59 AM |
|
|
Rich Miller, in response to some questions I maintain on meta-data ownership and interoperability with regards to the CCIF's efforts in defining a cloud interoperability specification, had some questions of his own: The part I'm itching to ask her about ... or start a more open conversation: the possibility of "a specification regarding application network delivery metadata" which, if properly (??) abstracted and generic, could "allow the meta-data policies to be transported and applied across different cloud implementations while preserving the specific details of implementation within the cloud computing infrastructure." Whoa!! Tall order, isn't it? ...
posted @ Monday, February 09, 2009 4:19 AM |
|
|
While the vast majority of folks are still debating what is or is not "cloud computing", there are already groups trying to get ahead of the curve by focusing on broader issues such as interoperability and portability. Indeed, by addressing the potential pitfalls associated with portability across cloud implements now rather than later, it is hoped that there won't be as many problems when it does finally become an issue. There is a very real danger, however, that cloud interoperability and portability specifications will fail to address the very real need to include all the relevant application and...
posted @ Friday, February 06, 2009 4:39 AM |
|
|
The February issue of Dr. Dobb's has a lot of articles about cloud computing. That's not surprising, cloud computing is very much on the minds of many folks these days and it does affect developers as much as (if not more than) most IT folks. One developer had a very interesting perspective on the topic, and very clearly spells out what he does and does not want: I don't want to write HTTP and SOAP and REST and SimpleDB queries. I don't want to be squeezed into a browser and I most certainly...
posted @ Wednesday, February 04, 2009 6:23 AM |
|
|
You're standing in line at the bank when someone walks in. You instinctively look around and notice the newcomer is wearing sunglasses, and a hooded sweatshirt. His hands are both inside the pockets of his sweatshirt, even though it's warm inside. He chooses a line, and dances nervously from foot to foot, craning his neck to see to the front of the line. After a few minutes he leaves the line and chooses a new one, growing increasingly agitated at the wait. He keeps looking from the clock to the line to the tellers, and appears to be wringing his...
posted @ Tuesday, February 03, 2009 4:01 AM |
|
|
The webification of applications over the years has led to the belief that client-server as an architecture is dying. But very few beliefs about architecture have been further from the truth. The belief that client-server was dying - or at least falling out of favor - was primarily due to fact that early browser technology was used only as a presentation mechanism. The browser did not execute application logic, did not participate in application logic, and acted more or less like a television: smart enough to know how to display data but not smart enough to do anything...
posted @ Monday, February 02, 2009 4:38 AM |
|
|
Yesterday I was privileged to co-host a webinar with WhiteHat Security's Jeremiah Grossman on preventing SQL injection and Cross-Site scripting using a technique called "virtual patching". While I was familiar with F5's partnership with WhiteHat and our integrated solution, I wasn't familiar with the term. Virtual patching should put an end to the endless religious warring that goes on between the secure coding and web application firewall camps whenever the topic of web application security is raised. The premise of virtual patching is that a web application firewall is not, I repeat is not a replacement for secure...
posted @ Thursday, January 29, 2009 11:00 AM |
|
|
We've been talking a lot about the benefits of Infrastructure 2.0, or Dynamic Infrastructure, a lot about why it's necessary, and what's required to make it all work. But we've never really laid out what it is, and that's beginning to lead to some misconceptions. As Daryl Plummer of Gartner pointed out recently, the definition of cloud computing is still, well, cloudy. Multiple experts can't agree on the definition, and the same is quickly becoming true of dynamic infrastructure. That's no surprise; we're at the beginning of what Gartner would call the hype cycle for both concepts, so...
posted @ Wednesday, January 28, 2009 7:19 AM |
|
|
For as many deployment models for packaged software as exist there are an equal or higher number of software licensing models. I used to think integration of software packages was the biggest challenge when evaluating them for Network Computing but the truth is that calculating the cost of licensing for that software was even more of a challenge. And realistic comparisons? Nearly impossible. The old models of software licensing are wholly incompatible with cloud computing and on-demand environments. Enterprise software is in a category unto itself when it comes to licensing. It isn't like drive-by...
posted @ Tuesday, January 27, 2009 4:24 AM |
|
|
Open APIs are a matter of much discussion these days in the realm of cloud computing. Just take a peek at the discussion that occurred via Twitter during Cloud Connect. Many folks were not shy in putting forth the notion that cloud portability and interoperability can only be achieved through accepted "cloud" standards. Integration standards, for the cloud, if you will. The fear is that any emerging standards will focus only the portability of the application or virtual container environment. They are likely to ignore the fact that no application is an island, and that the application delivery...
posted @ Monday, January 26, 2009 3:40 AM |
|
|
Much of the dialogue today surrounding cloud computing and virtualization is still taking the 50,000 foot view. It's all conceptual; it's all about business value, justification, interoperability, and use cases. These are all good conversations that need to happen in order for cloud computing and virtualization-based architectures to mature, but as is often the case that leaves the folks tasked with building something right now a bit on their own. So let's ignore the high-level view for just a bit and talk reality. Many folks are being tasked, now, with designing or even implementing some form of a cloud...
posted @ Friday, January 23, 2009 4:51 AM |
|
|
Twitter is, once again, feeling growing pains. This time the microblogging darling of the social networking world is proactively addressing the problem - by further rate limiting its APIs. Alex Payne, API Lead for Twitter, explained on the Twitter Developers mailing list: “Starting later this week we’ll be limiting those on the whitelist to 20,000 requests per hour. Yes, you read that right: twenty THOUSAND requests per hour. According to our logs, this accounts for all but the very largest consumers of our API. This is essentially a ...
posted @ Thursday, January 22, 2009 6:14 AM |
|
|
The debate this week is on location, specifically we're back arguing over whether there exist such things as "private" clouds. Data Center Knowledge has a good recap of some of the opinions out there on the subject, and of course I have my own opinion. Location is, in fact, important to cloud computing, but probably not in the way most people are thinking right now. While everyone is concentrating on defining cloud computing based on whether it's local or remote, folks have lost sight that location is important for other reasons. It is the location...
posted @ Wednesday, January 21, 2009 7:13 AM |
|
|
Infrastructure 2.0 is, at its core, about evolving to a new level of interconnectedness, one in which the underlying infrastructure becomes as flexible and adaptable as the applications and virtualization infrastructure it is responsible for managing and delivering. In order to be connected, however, you need a way in which disparate infrastructure components can communicate, either directly or via a third party (coordination | management | orchestration) server. That communication is almost certainly going to take (and in many cases has already taken) the form of service-enabled control planes. These "services" are necessary in order to provide the...
posted @ Tuesday, January 20, 2009 5:42 AM |
|
|
If you've taken the time to read over the "Top 25 Most Dangerous Programming Errors" published by SANS recently, you may (or may not) have noticed that CWE-319 is an anomaly, and should be easily picked out by developers and security professionals in a game called "which one of these is not like the other". CWE-319 If your software sends sensitive information across a network, such as private data or authentication credentials, that information crosses many different nodes in transit to its final destination. Attackers can sniff this...
posted @ Monday, January 19, 2009 3:57 AM |
|
|
While doing some research on a related topic I dug into the technical aspects of Obama's Blueprint For Change. The plans around technology are fairly nebulous, with a few exceptions, such as those related specifically to broadband access: Deploy Next-Generation Broadband: Barack Obama believes we can get broadband to every community in America through a combination of reform of the Universal Service Fund, better use of the nation’s wireless spectrum, promotion of next-generation facilities, technologies and applications, and new tax and loan incentives. On this front, a U.S. House committee recommended yesterday...
posted @ Friday, January 16, 2009 4:08 AM |
|
|
Zero-day IE exploits and general mass SQL injection attacks often overshadow potentially more dangerous exploits targeting lesser known applications and attack vectors. These exploits are potentially more dangerous because once proven through a successful attack on these lesser known applications they can rapidly be adapted to exploit more common web applications, and no one is specifically concentrating on preventing them because they're, well, not so obvious.
Recently, SANS Internet Storm Center featured a write up on attempts to exploit Roundcube Webmail via the HTTP Accept header. Such an attack is generally focused on exploitation of operating system, language, or environmental...
posted @ Thursday, January 15, 2009 9:12 AM |
|
|
Everyone is buzzing and tweeting about the SANS Institute CWE/SANS Top 25 Most Dangerous Programming Errors, many heralding its release as the dawning of a new age in secure software. Indeed, it's already changing purchasing requirements. Byron Acohido reports that the Department of Defense is leading the way by "accepting only software tested and certified against the Top 25 flaws." Some have begun speculating that this list obviates the need for web application firewalls (WAF). After all, if applications are secured against these vulnerabilities, there's no need for an additional layer of security. Or is there? ...
posted @ Wednesday, January 14, 2009 4:22 AM |
|
|
One of the reasons behind some folks pushing for infrastructure as virtual appliances is the on-demand nature of a virtualized environment. When network and application delivery infrastructure hits capacity in terms of throughput - regardless of the layer of the application stack at which it happens - it's frustrating to think you might need to upgrade the hardware rather than just add more compute power via a virtual image. The truth is that this makes sense. The infrastructure supporting a virtualized environment should be elastic. It should be able to dynamically expand without requiring a new network architecture,...
posted @ Tuesday, January 13, 2009 4:15 AM |
|
|
It has been suggested more than once, by folks normally considered rational, that in a cloud computing implementation everything - and I mean everything - should be virtualized. Even the infrastructure. The hype surrounding virtualization has spread not just to applications and their virtual image deployment as a means to achieve dynamic horizontal scale but also to infrastructure, to routers and switches and security devices. Indeed, there are a good number of infrastructure vendors currently offering and others feverishly working on virtual appliance versions of hardware devices for deployment in cloud and virtual computing environments. Part...
posted @ Monday, January 12, 2009 4:29 AM |
|
|
After talking about data integration being the Achilles heel of cloud computing I had a chat with Informatica, who is not only providing a solution for data integration for the cloud, but is leveraging the cloud to do it. While we at F5 are focused on tearing down the silos that exist in IT to support the delivery and management of applications both internal and external (SaaS, cloud), Informatica is looking to tear down the silos in the cloud that currently exist as Software as a Service (SaaS) offerings. Integration, always a painful subject, has become...
posted @ Friday, January 09, 2009 7:11 AM |
|
|
Over the holidays I did, as most folks I suspect, things I enjoy doing. For me, one of those things was playing around with Adobe's Flex using Flex Builder 3. Yes, I am that much of a geek. I was a bit concerned it would take some time to figure it all out, but after quickly realizing that MXML, Adobe's interface markup language, was close enough to XAML, Microsoft's interface markup language, it was pretty much smooth going. ActionScript is close enough to JavaScript and C and most other languages I'm familiar with so that...
posted @ Thursday, January 08, 2009 8:12 AM |
|
|
The spirit of SOA and its core principles are still very much alive, but we can't call it SOA any more because, well, SOA is (pretty much) officially dead, at least according to folks on the tubes and we all know that if you hear it on the tubes it must be true. Anne Thomas Manes of the Burton Group declared SOA officially dead on January 1, 2009, but maintains that "although the word “SOA” is dead, the requirement for service-oriented architecture is stronger than ever." Ms. Manes blames the death of SOA on the failure to...
posted @ Wednesday, January 07, 2009 9:07 AM |
|
|
dy·nam·ic (adj) Characterized by continuous change, activity, or progress flex·i·ble (adj) Responsive to change; adaptable. Able to bend without breaking Infrastructure 2.0 is, at its core, about not just the network but the entire infrastructure evolving to a new level of interconnectedness, one in which the underlying infrastructure devices become flexible and adaptable; capable of responding to the continuous change in the next generation data center without breaking. The demands placed upon infrastructure by virtualization, consolidation, and the cloud require that networks grow out of their static configuration models and adopt a more...
posted @ Tuesday, January 06, 2009 6:56 AM |
|
|
Over the holidays Marcin @ tssci security offered up a python script for brute forcing the HTTP OPTIONS on directories. One of the reasons someone would want this information is because if you're (accidentally, of course) allowing PUT methods on any directories, someone can upload something nasty and potentially execute an attack. The availability of PUT makes XSS attacks simple even for script kiddies, for example. There may be legitimate reasons for enabling PUT on your servers, but you don't necessarily want the whole world to know that - just the applications that need the functionality....
posted @ Monday, January 05, 2009 5:58 AM |
|
|
It's been a very long year, hasn't it? At least it has if you've been diligently trying to post every day for the past, oh, eight months or so. I've blogged through maternity leave, through days off, through travel and trade shows, and even sometimes on the weekends. Hard to believe I have anything left to say, isn't it? Those of you who know me can stop laughing now. Really. No, I'm serious, it wasn't that funny a question. It's probably more difficult for me not to blog than to blog. So for the...
posted @ Friday, December 19, 2008 8:06 AM |
|
|
VM sprawl is predicted to be one of the outcomes of early adoption and excitement over virtualization. Just as IT struggled to manage the explosion of PCs and servers across the enterprise, it is predicted that now it will need to find a way to manage the explosion of virtual machines as they pop up all over the enterprise with surprising alacrity. Part of the difficulty in managing new technology is the rogue deployment of X. Whether that's physical or virtual servers is irrelevant, the challenges associated with managing what are essentially unmanaged applications and servers deployed outside...
posted @ Friday, December 19, 2008 7:10 AM |
|
|
The INTERNET, December 18, 2008 - In what is certainly a blinding epiphany for some it was suddenly realized today that some applications are not well suited for deployment in a public cloud computing environment. With all the hype surrounding cloud computing these days it is easy to forget that there's more to enterprise applications than just some code and a database. It is a rare application that is an island in the data center, and the more integrated with other systems a given application is the less likely it is that the application will be well suited...
posted @ Thursday, December 18, 2008 4:14 AM |
|
|
Just because you can, doesn't mean you should. I'm going to start this one by quoting Hoff who was quoting Andreas Antonopoulos of Nemertes Research Group who was paraphrasing a concept put forth by Doug Gourlay. From Rational Survivability "How about using netflow information to re-balance servers in a data center" Routing: Controlling the flow of network traffic to an optimal path between two nodes Virtual-Routing or Anti-Routing: VMotioning nodes (servers) to optimize the flow of traffic on the network. Using netflow information, identify those...
posted @ Wednesday, December 17, 2008 4:03 AM |
|
|
When an application is deployed into a high-availability production environment there are a number of interesting infrastructure related things need to happen. The application delivery controller (ADC) needs to be configured, DNS entries updated, storage allocated, and all the other associated network infrastructure must be prepared to handle the delivery of the new application. We have a BIG-IP. Do I have to talk to the network guys?? ...
posted @ Tuesday, December 16, 2008 5:55 AM |
|
|
A while back Joe blogged about some Twitter integration he'd done around monitoring of BIG-IP. He's got a PERL proxy that monitors the BIG-IP and sends out notifications and alerts to a specified Twitter account. But I wanted something more interactive, something more social. I wanted to be able to send a tweet to my BIG-IP and have it respond; a BIG-IP Twitter bot, if you will. So Friday I finally decided it was time to do it. I set up a Twitter account for my BIG-IP and started coding. Luckily, the Twitter API is pretty straight-forward and...
posted @ Monday, December 15, 2008 6:03 AM |
|
|
One of the most affordable options for small and medium businesses in terms of Internet connectivity is business-class service from cable and telco providers like Time Warner Cable, Cox, Verizon, and AT&T. Unfortunately, the definition of "business-class" is ill-suited to businesses that host their own web applications or mail servers. If you've ever looked into business class service, you'll notice that like residential services, they are only truly cost effective if you don't really care about upload speed. For example, Verizon has a promotional offer that promises download speeds up to 7.1Mbps, but limits upload speeds to 768Kbps....
posted @ Friday, December 12, 2008 3:46 AM |
|
|
You may recall a recent overview on network-side scripting that described a few uses of this technology integrated with application delivery controllers. With thousands of examples of the uses of network-side scripting it's hard to choose just one to adequately represent its potential. Luckily, we don't have to stick to just one. Viva la Internet! Based on the technical session the great network-side scripting guru Colin and I ran at SD Best Practices in October, I've pulled nine ways to use network-side scripting that can enhance the scalability, security, and performance of web applications into a presentation for...
posted @ Thursday, December 11, 2008 4:04 AM |
|
|
As an application delivery solution provider focused on securing, accelerating, and optimizing web applications, we pay a lot of attention to web application development trends. Languages, environments, and technologies are all of significant interest because in many cases the decisions regarding development affect the security and performance of applications deployed in production. AJAX-based applications, for example, can have a significant impact on performance of the application and on the network (and vice-versa), so we pay attention to its adoption and use and are always looking for new ways to secure and accelerate applications using the technology. ...
posted @ Wednesday, December 10, 2008 4:35 AM |
|
|
Wesley: Now, there may be problems once our app is in the cloud.
Inigo: I'll say. How do I find the data? Once I do, how do I integrate it with the other apps? Once I integrate it, how do I replicate it?
If you remember this somewhat altered scene from the Princess Bride, you also remember that no one had any answers for Inigo. That's apropos of this discussion, because no one has any good answers for this version of Inigo either. And no, a holocaust cloak is not going to save the day this...
posted @ Tuesday, December 09, 2008 4:12 AM |
|
|
In the face of a recession everyone, individuals and organizations alike, begin scaling back spending. The first thing to go is luxury items; after all, you probably didn't need that big screen TV for Christmas, and the kids will likely be just as happy with used video games as they would with new ones. IT departments quickly scale back as well, putting off larger, more costly projects that aren't critical to the core business and re-evaluating much of their infrastructure in an attempt to cut costs and reduce the impact of the hardware and software costs of running...
posted @ Monday, December 08, 2008 3:52 AM |
|
|
SOA is, at its core, a design and development methodology. It embraces reuse through decomposition of business processes and functions into core services. It enables agility by wrapping services in an accessible interface that is decoupled from its implementation. It provides a standard mechanism for application integration that can be used internally or externally. It is, as they say, what it is. SOA is not necessarily SOAP, though until the recent rise of social networking and Web 2.0 there was little real competition against the rising standard. But of late the adoption of REST...
posted @ Friday, December 05, 2008 3:33 AM |
|
|
Deploying applications in a cloud computing environment, whether private or public, requires a bit of proactive thinking on the ramifications of a dynamic, on-demand environment, particularly when considering the impact on application session management. Consider that today, application sessions are often relied upon to remain in memory, on the application server, for hours. Persistence is achieved by storing the session in a file if necessary on the local server rather than in a database. This is particularly true of web applications developed in scripting languages like PHP that do not require a separate application server. But users who...
posted @ Thursday, December 04, 2008 7:15 AM |
|
|
The prediction of the death of online shopping this holiday season were, apparently, greatly exaggerated. As it's been reported, Sears, along with several other well known retailers, were victims of heavy traffic on Black Friday. One wonders if the reports of a dismal shopping season this year due to economic concerns led retailers to believe that there would be no seasonal rush to online sites and therefore preparation to deal with sudden spikes in traffic were unnecessary. Most of the 63 objects (375 KB of total data) comprising sears.com home page are served from sears.com...
posted @ Wednesday, December 03, 2008 3:10 AM |
|
|
Christofer Hoff, better known as @Beaker to the Twitterverse, put on his devil's advocacy hat (yes, it really is a good color for him) yesterday and questioned whether there was a need for hardware application delivery solutions in the cloud. He postulated via Twitter that application delivery functions would become part of the cloud fabric and thus whether they were implemented in hardware or software was largely irrelevant. Generally speaking we're in agreement on that one. But then he really used that devil's advocacy hat and suggested that the application delivery control layer might be virtualized and...
posted @ Tuesday, December 02, 2008 7:15 AM |
|
|
Thanks to a tweet from @Archimedius, I found an insightful blog post from cloud computing provider startup Kaavo that essentially makes the case for a move to application-centric management rather than the traditional infrastructure-centric systems on which we've always relied. We need to have an application centric approach for deploying, managing, and monitoring applications. A software which can provisions optimal virtual servers, network, storage (storage, CPU, bandwidth, Memory, alt.) resources on-demand and provide automation and ease of use to application owners to easily and securely run and maintain their applications will be critical for the...
posted @ Monday, December 01, 2008 2:59 AM |
|
|
Horizontal scalability achieved through the implementation of a load balancing solution is easy. It's vertical scalability that's always been and remains difficult to achieve, and it's even more important in a cloud computing or virtualized environment because now it can hurt you where it counts: the bottom line. Horizontal scalability is the ability of an application to be scaled up to meet demand through replication and the distribution of requests across a pool or farm of servers. It's the traditional load balanced model, and it's an integral component of cloud computing environments. Vertical scalability is the ability of...
posted @ Tuesday, November 25, 2008 3:29 AM |
|
|
The diseconomy of scale so adversely affecting the IP address management space isn't limited to network infrastructure; it's crawling up the stack steadily and infecting all layers of the data center like some kind of unstoppable infrastructure management virus. That is why, even with the simple act of managing an enterprise network’s IP addresses, which is critical to the availability and proper functioning of the network, actually goes up as IP addresses are added. As TCP/IP continues to spread and take productivity to new heights, management costs are already escalating. -- Greg Ness, "What Are the Barriers to...
posted @ Monday, November 24, 2008 3:47 AM |
|
|
Last month I happened across this amusing, and ironic, poem describing the dichotomy that exists in trying to define cloud computing. Go ahead and read it, I'll wait, it's worth the time. Seriously. I am not going to define cloud computing again. I've done that already and the point of this discussion is not what is cloud computing but rather how the cloud is beginning to separate into distinct models, each serving a different set of needs. The common theme between these models is "as a service". Some "thing" traditionally relegated to the local IT data center is...
posted @ Thursday, November 20, 2008 3:12 AM |
|
|
Load balancing an application should, by now, be a fairly routine scaling exercise. But too often when an application is moved into a load balanced architecture it breaks. The reason? Application sessions are often specific to an application server instance. The solution? Persistence, also known as sticky connections. The use of sessions on application servers to add state to web (HTTP) applications is a common practice. In fact, it's one of the greatest "hacks" in the history of the web. It's an excellent solution to the problem of using a stateless application protocol to build applications for which...
posted @ Wednesday, November 19, 2008 3:40 AM |
|
|
Michael Vizard over at eWEEK makes an interesting prediction about the future of application acceleration: "Some day the whole concept of application acceleration will be baked into the core routers and switches we have in place." I disagree. Routers and switches are packet-based. They focus on getting a single packet from here to there based on layer 2/3 information. Application acceleration solutions require action higher in the stack, usually layer 4 through 7; they are flow or connection based, and are often specific to the application (think CIFS, SAMBA, HTTP, etc..). The information necessary for application acceleration solutions...
posted @ Tuesday, November 18, 2008 3:38 AM |
|
|
The saying goes that to forget (or in some cases blatantly ignore) the mistakes of the past is to be doomed to repeat them. ODBC. BPEL. JDBC. All three are extensible standards in the software industry that cause no end of headaches and increased management overhead for folks attempting to deal with them. None of them are interoperable; you can't use the ODBC driver for Oracle to hook up to a SQL Server database, nor you can use the same BPEL produced by one BPM solution as within another. Because they're "extensible" and that extensibility leads,...
posted @ Monday, November 17, 2008 4:45 AM |
|
|
While I was at SD Best Practices in Boston last month I got to talk to a lot of engineers, developers, and architects about their environments and about what F5 does for application delivery. One of the developers glibly told me he wasn't sure we could help him out because his environment was the international space station. Yeah, how cool is that? Now that's cloud computing. Another architect, who turned out to be a friend of a friend who I've conversed with but never met in person said the same thing, but...
posted @ Friday, November 14, 2008 3:08 AM |
|
|
As a general rule, we spend far more time worrying about external appearances than we do internal. We are more concerned with our external web applications and how they look - and perform - than we are likely to regarding our intranet or internal only applications. This blog post was interesting in that rather than encouraging folks to optimize web sites and improve end-user response time for web applications for the sake of the user experience, it focused on the relationship between page load time and impact on Google AdWords quality scores. Which is a bit different than...
posted @ Thursday, November 13, 2008 3:36 AM |
|
|
Whenever there is a shift in architectural thinking about technology, such as is happening right now with cloud computing and virtualization, we start thinking forward, past the now, and into the future about how that technology might be leveraged. We start looking at the impact to architecture from the top of the stack to the bottom. For a company that's focused on application delivery, that means taking a good hard look at how that new technology might impact the architecture of applications. It's been suggested that perhaps, just maybe, we'll see service-oriented clouds; that the concepts of SOA...
posted @ Wednesday, November 12, 2008 8:52 AM |
|
|
It is often the case that application server clustering and load-balancing are mistakenly believed to be the same thing. They are not. While server clustering does provide rudimentary load-balancing functionality, it does a better job of providing basic fail-over and availability assurance than it does load-balancing. In fact, load balancing has effectively been overtaken by application delivery, which builds on load balancing but is much, much more than that today. Clustering essentially turns one instance of an application server into a controlling node, a proxy of sorts, through which requests are funneled and then distributed amongst several...
posted @ Tuesday, November 11, 2008 7:05 AM |
|
|
When SOA was the hot topic of the day (not that long ago) everyone was pumped up about the ability finally align IT with the business. Reusability, agility, and risk mitigation were benefits that would enable the business itself to be more agile and react dynamically to the constant maelstrom that is "the market". But only half of IT saw those benefits; the application half. Even though pundits tried to remind folks that the "A" in SOA stood for "architecture", and that it necessarily included more than just applications, still the primary beneficiary of SOA has been applications...
posted @ Monday, November 10, 2008 8:23 AM |
|
|
Many people are concerned with virtualization security (already coined VirtSec), and they're applying that concern from the virtual images all the way down the stack, to the network infrastructure through which virtualized application traffic is delivered. The desire for network infrastructure to be itself virtualized is growing out of a perceived need to isolate application traffic at every point in the infrastructure. But the technology to isolate application traffic at layer 2 and 3 of the infrastructure already exists, and has been essentially virtualized for years.
The sudden desire for everything in the infrastructure to be virtualized completely is borne...
posted @ Friday, November 07, 2008 6:33 AM |
|
|
How the cloud acts and is used is more important than where it physically resides Cloud computing and SOA suffer from the same lack of prescriptive architectures. They are defined by how they act rather than what they are, or from what they are composed. They are, in a way, existential technology that cannot be confined to a simple architectural diagram but require instead a set of properties or ways of acting in order to be recognized. To over simplify and paraphrase Jean-Paul Sartre's concepts of existentialism, we define ourselves (mankind) through our actions. To apply this to...
posted @ Monday, November 03, 2008 3:29 AM |
|
|
We all understand the lines in the sand (or the architectural diagram) that separate client-side scripting from server-side scripting. It's very clear that client-side scripting, e.g. JavaScript, VBScript, ActionScript, executes on the client while server-side scripting, e.g. PHP, ASP, executes on the server. But what about network-side scripting?
"There is no such thing!" might be the first response to this question, but I beg to disagree. Programmable proxies, a la F5's BIG-IP Local Traffic Manager, that provide a scripting language such as iRules, are simultaneously client-side and server-side, with the best definition to describe their placement in architectures being network-side...
posted @ Friday, October 31, 2008 5:26 AM |
|
|
Greg Ness calls it "connectivity intelligence" but it seems that we're really talking about is the ability of network infrastructure to both be agile itself and enable IT agility at the same time. Brittle, inflexible infrastructures - whether they are implemented in hardware or software or both - are not agile enough to deal with an evolving, dynamic application architecture. Greg says in a previous post The static infrastructure was not architected to keep up with these new levels of change and complexity without a new layer...
posted @ Wednesday, October 29, 2008 4:08 AM |
|
|
I'm off Monday to Boston for SD Best Practices. This is the first time I (and F5) have been at the show, and we're all excited about the opportunity to meet some new folks. Monday is a busy day, with travel and our keynote, "The Best Kept Secret in Building Scalable Applications." Wednesday, fellow blogger Colin and I will be running a technical session on the "9 Things You Can Do to Build Scalable Applications (and 3 You Can't)" that promises to be a lot of fun. In between our speaking engagements, we'll be hanging out...
posted @ Friday, October 24, 2008 8:26 AM |
|
|
I'm in a bit of mood after reading a Javaworld article on server load balancing that presents some fairly poor ideas on architectural implementations. It's not the concepts that are necessarily wrong; they will work. It's the architectures offered as a method of load balancing made me do a double-take and say "What?" I started reading this article because it was part 2 of a series on load balancing and this installment focused on application layer load balancing. You know, layer 7 load balancing. Something we at F5 just might know a thing or two about. But you...
posted @ Friday, October 24, 2008 7:55 AM |
|
|
You have just been promoted to CTO of Widgets, Inc. (Congratulations, by the way!) In your new role, on which of the following will you focus the most attention (and budget): (a) the network (b) the applications (c) the data Trick...
posted @ Thursday, October 23, 2008 4:40 AM |
|
|
According to Steve Rubel at Micro Persuasion, I must be way more geeky than your average consumer. (Thanks, Steve!) That's because I'm using RSS (Really Simple Syndication) and Google to peruse myriad feeds in my daily quest to "read the Internet." Steve comments on a recently released Forrester report citing the adoption of RSS as low with no real indication it will get any better in the future. According to the research, of the 89% of those who don't use feeds only 17% say they're interested in using them. In fact Forrester...
posted @ Tuesday, October 21, 2008 4:36 AM |
|
|
Over the years imaginative developers have come up with a number of ways through which they hope to stop the pilfering of their images. Whether due to copyright issues or the increased bandwidth and associated costs resulting from "hot linking", site owners have tried a variety of solutions from JavaScript that prevents the ability to right-click and "save as" to watermarking high-resolution versions to make their images less appealing to image thieves. Regardless of the reason you may want to prevent image theft, there's an easier and more effective method than introducing easily countered JavaScript and costly alternative...
posted @ Tuesday, October 21, 2008 3:31 AM |
|
|
Paul Maritz' keynote at VMWorld this year featured a demonstration of cloud computing using B-Hive, F5 Global Traffic Manager (GTM), and BlueLock. If you missed it, here's your chance to kick back and explore how these technologies fit together to provide a dynamic, virtualized environment. Related Links ...
posted @ Friday, October 17, 2008 4:14 AM |
|
|
One of the most dangerous threats to data security is also one of the least talked about: employees. Are Twitter and other microblogging sites yet another avenue through which sensitive data can leak out of the corporate database and into the hands of ... anyone? Perhaps more worrisome, what information are you giving away simply by being a part of the community? Of course Twitter is a potential threat. Like personal e-mail accounts and instant messaging, Twitter and sites of its ilk are primarily messaging mechanisms, which translates into personal channels for exporting sensitive data outside the...
posted @ Thursday, October 16, 2008 4:00 AM |
|
|
There are a lot of SOA governance solutions out there that fall into two distinct categories of purpose: one is to catalog services and associated security policies and the other is to provide run-time management for services, including enforcement of security and performance-focused policies. Vendors providing a full "SOA Stack" of functionality across the service lifecycle (design, development, testing, production) often integrate their disparate product sets for a more automated (and thus manageable) SOA infrastructure. But very few integrate those same products and functionality with the underlying network and application delivery infrastructure required to provide high-availability and scalability...
posted @ Wednesday, October 15, 2008 5:37 AM |
|
|
AJAX. SOA. Social network API integration. What is TCP Multiplexing? All of aforementioned technologies have one thing in common. Okay, they have more than that in common, but for the purposes of this discussion there's one very TCP multiplexing is a technique used primarily by load balancers and application delivery controllers (but also by some stand-alone web application acceleration solutions) that...
posted @ Tuesday, October 14, 2008 5:10 AM |
|
|
Everybody is jumping on the data center consolidation bandwagon again. It never really went away, it just took a leisurely Sunday drive through the countryside for a few years before turning back up on the streets of busy data centers everywhere.
RELATED LINKS
This time, it's virtualization that's driving consolidation, and this time it appears that the movement may actually have a better chance at...
posted @ Monday, October 13, 2008 4:16 AM |
|
|
I was reading an interesting article on the return on investment for WAN Optimization solutions as discussed by analyst research firm Aberdeen and decided to download the complimentary copy of the report. Reports are generally offered as PDF downloads, not displayed in Macromedia FlashPaper, so it was not easily obtainable for sharing with friends. However, there's a nice "e-mail to a friend" link so I clicked on it, thinking of many folks I know who might be interested in this report. The next thing I know my screen is screaming at me with a warning about malicious content...
posted @ Friday, October 10, 2008 6:00 AM |
|
|
Lately I've been seeing quite a few links to a white paper popping up in my alerts and feed-reader. Regardless of who's linking to it, it generally reads as promising to reveal some grand secret about how web application acceleration is an epic failure. I finally gave in and clicked on a link and ended up directed to download a white-paper, the description for which essentially distilled "web application acceleration" down to "caching". And then promised to tell me why caching wasn't a good way to accelerate web applications. I didn't download the white paper primarily because equating...
posted @ Friday, October 10, 2008 3:17 AM |
|
|
I spent a big chunk of time a few nights ago discussing neural networks with my oldest son over IM. It's been a long time since I've had reason to dig into anything really related to AI (artificial intelligence) and at first I was thinking how cool it would be to be back in college just exploring topics like that. Then, because I was trying to balance a conversation with my oldest while juggling my (fussy) youngest on my lap, I thought no, no it wouldn't. Artificial neural networks (ANN) are good for teaching a system how to...
posted @ Thursday, October 09, 2008 3:57 AM |
|
|
After having recently discussed all the different kinds of proxies that exist, it occurred to me that it might be nice to provide some examples of what you can do with proxies besides the obvious web filtering scenario. This is by no means an exhaustive list, but is provided to show some of the more common (and cool, I think) uses of proxies. What's really awesome is that while some of these uses are available with only one type of proxy (reverse or forward), a full proxy can provide all these uses, and more, in a single, unified...
posted @ Wednesday, October 08, 2008 4:27 AM |
|
|
For the past eight years I've been telecommuting, first for Network Computing Magazine and now for F5. In fact, Don and I have been telecommuters (or teleworkers, depending on whom you ask) for so long that our children don't realize that most people actually have to get dressed and go to work on a daily basis. Granted, that's because we happen to live (and want to stay) in that great technological mecca of the midwest (Green Bay) even though F5 is headquartered in Seattle, but F5 being the best high-tech company in the Pacific Northwest (really, I'm not just saying...
posted @ Monday, October 06, 2008 12:54 PM |
|
|
Darren Jefford has an excellent (and detailed with code examples) post Related Posts regarding what could easily be categorized as cloudbursting with BizTalk workflows. In a nutshell, Microsoft allows hosting of BizTalk activities in the cloud at BizTalk labs. Developers then integrate those...
posted @ Monday, October 06, 2008 3:29 AM |
|
|
After proclaiming very publicly that I loved HttpFox and everyone Related Posts should have it there were many comments regarding Firebug, including some that came via e-mail. I've used Firebug in the past, but hadn't really looked at it in comparison to HttpFox and thought that with so many people saying it was "all that and more" with regards to HttpFox, I should...
posted @ Friday, October 03, 2008 3:57 AM |
|
|
We often mention that the benefits derived from some application delivery controllers are due to the nature of being a full proxy. And in the same breath we might mention reverse, half, and forward proxies, which makes the technology sound more like a description of the positions on a sports team than an application delivery solution. So what does these terms really mean? Here's the lowdown on the different kinds of proxies in one concise guide. PROXIES Proxies (often called intermediaries in the SOA world) are hardware or software solutions that sit between the client and the...
posted @ Thursday, October 02, 2008 5:01 AM |
|
|
It seems that every time a new technology breaks through the surface a hundred "experts", vendors, and standards-bodies appear like moths to a flame attempting to define the term such that only "they" have the answer, the solution, the standard, or the product. When my son mentioned a research paper he wrote on cloud computing (which you still haven't sent me, by the way) he did so while disagreeing with a previous post of mine on the subject. He was quite vehement that grid computing did not equal cloud computing, and seemed almost shocked that I would dare...
posted @ Monday, September 29, 2008 11:07 AM |
|
|
One of the arguments against the deployment of web application firewalls (WAF) is that it takes time to configure these devices to fit each individual environment. This is allegedly one of the reasons that secure coding is preferred over security devices. But it takes time to code solutions and deploy them, too. In fact, depending on the lifecycle management at any given organization, it can take more time to code a solution and get it moved through a phased environment into production. One of the benefits of an application delivery platform and web application security deployed at...
posted @ Monday, September 29, 2008 4:38 AM |
|
|
Whether you're a network architect, a web developer, or a web administrator there's one tool that's a must have in your troubleshooting toolbox: a protocol analyzer.
Like many network focused folks, I traditionally rely upon ethereal (now Wireshark) for protocol analysis. It decodes just about every protocol up and down the stack, and it can import/export to a variety of formats. But being connected to the corporate LAN via an SSL VPN, wireshark is often constrained by it's own architecture. Because it inserts itself into the network stack to gather data, it can't decrypt the SSL encrypted packets, which makes...
posted @ Friday, September 26, 2008 7:24 AM |
|
|
There are a lot of things you can share on the Web today - you can bookmark pages, share pictures on Flickr or twitpic, blast a 12 second audio message out, e-mail links, or post nifty tidbits to your Facebook profile. But rarely do you find an online tool that lets you bring all that disparate content together in one elegant presentation-like format. Flowgram aims to change the way you share content, by allowing you to mashup multiple media formats into a single, audio-backed "flowgram", sharable across a large number of social networking sites as well as via...
posted @ Thursday, September 25, 2008 11:31 AM |
|
|
I've seen some controversial use of terminology to describe technology before but this one beats them all. I'm cruising through my Google alerts, looking for something interesting, when I come across this post: Linux Web Server Hack - How to Write Automated Load Balancing Script! Sounds cool, right? I like Linux. I like hacks. I like load balancing. So, much to my chagrin now, I read it. The script isn't the problem, it's really quite nice - I love a well-written script, especially one that makes use of awk - and it definitely...
posted @ Wednesday, September 24, 2008 5:18 AM |
|
|
Desktop virtualization. Virtual desktops. Application streaming. Whatever you want to call it makes no nevermind to me because the problem driving the entire concept is gone. Eradicated. Made irrelevant by the cloud. Made irrelevant by cloudware, SaaS (Software as a Service), and the ubiquitous browser. I cannot count the number of times I've heard complaints about some form of desktop virtualization/application streaming in the past. It's slow. The server died in the middle of my exam. It's slow. There are no more licenses left. It's slow today (why do you add "today", it's slow every day!). Sensing a...
posted @ Wednesday, September 24, 2008 5:01 AM |
|
|
It often seems that load balancing and high availability are associated with only high traffic sites, like Twitter and Google. But load balancing and high availability isn't just for Web 2.0 phenomenons or web monsters; it can be an invaluable tool in your strategy to maintain service level agreements and customer satisfaction no matter how large or small your customer base - and data center - might be. ...
posted @ Tuesday, September 23, 2008 4:34 AM |
|
|
No one likes to hear that they need to rewrite or re-architect an application because it doesn't scale. I'm sure no one at Twitter thought that they'd need to be overhauling their architecture because it gained popularity as quickly as it did. Many developers, especially in the enterprise space, don't worry about the kind of scalability that sites like Twitter or LinkedIn need to concern themselves with, but...
posted @ Friday, September 19, 2008 5:09 AM |
|
|
If your entire data center infrastructure is on one virtualized PC, you're doing it wrong. Where's F5 The comparison between the power of a modern PC and a 1960's mainframe is often made in conjunction with a smug "look how far we've come" look. ...
posted @ Thursday, September 18, 2008 7:26 AM |
|
|
No matter where you deploy it, it's still your application Related Reading Everyone's talking about cloud computing and cloudware (applications in the cloud) services and pointing to the hiccups of several major cloud providers already this year. Reliability, availability, and security are still major concerns, and yet some reports indicate these three "itys" aren't impeding adoption of cloud computing models at all. ...
posted @ Wednesday, September 17, 2008 3:20 AM |
|
|
Tony Bourke of the Load Balancing Digest points out that mega proxies are largely dead. Very true. He then wonders whether layer 7 persistence is really all that important today, as it was largely implemented to solve the problems associated with mega-proxies - that is, large numbers of users coming from the same IP address. Layer 7...
posted @ Tuesday, September 16, 2008 6:03 AM |
|
|
Yesterday it was reported that BusinessWeek had been infected with malware via an SQL injection attack. [begin Mom lecture] Remember when we talked about PCI DSS being a good idea for everyone, even though it's just a requirement for the payment card industry? If I've told you once, I've told you a million times: safer is better, more protection never hurts. ...
posted @ Tuesday, September 16, 2008 5:40 AM |
|
|
Don is off in Lowell working on a project with our ARX folks so I was working late last night (finishing my daily read of the Internet) and ended up reading Scott Hanselman's discussion of threads versus processes in Chrome and IE8. It was a great read, if you like that kind of thing (I do), and it does a great job of digging into some of the RAMifications (pun intended) of the new programmatic models for both browsers. But this isn't about processes or threads, it's about an interesting comment that caught my eye: ...
posted @ Thursday, September 11, 2008 4:01 AM |
|
|
David Linthicum of Real World SOA asks whether SOA governance should be delivered as a service, from the cloud. Core to this proposition is the use of a registry/repository in the cloud: This repository would provide more than just WSDL, but a complete design time and runtime SOA governance system delivered out of the cloud, perhaps linked with a local slave repository within your firewall. One of the problems with this, I see, is that in a SOA where governance is actively used and policies enforced, governance becomes crucial to...
posted @ Tuesday, September 09, 2008 4:17 AM |
|
|
We used to spend a lot of cycles worrying about detecting user agents (i.e. browser) and redirecting clients to the pages written specifically for that browser. You know, back when browser incompatibility was a way of life. Yesterday. Compatibility is still an issue, but most web developers are either using third-party JavaScript libraries to handle detection and incompatibility issues or don't use those particular features that cause problems. One thing still seen at times, however, is the "choose high bandwidth or low bandwidth" entry pages, particularly on sites laden with streaming video and audio, whose...
posted @ Tuesday, September 09, 2008 3:31 AM |
|
|
Jeremiah Owyang, Senior Analyst, Social Computing, Forrester Research, tweeted recently on the subject of Chrome, Google's new open source browser. Jeremiah postulates: Chrome is a nod to the future, the address bar is really a search bar. URLs will be an anachronism. That's an interesting prediction, predicated on the ability of a browser translate search terms into destinations on the Internet. Farfetched? Not at all. After all, there already exists a layer of obfuscation between a URL and an Internet destination; one that translates host names into IP addresses,...
posted @ Thursday, September 04, 2008 4:52 AM |
|
|
In general, we talk a lot about the benefits of SOA in terms of agility, aligning IT with the business, and risk mitigation. Then we talk about WOA (web oriented architecture) separately from SOA (service oriented architecture) but go on to discuss how the two architectures can be blended to create a giant application architecture milkshake that not only tastes good, but looks good. AJAX (Asynchronous JavaScript and XML) gets lumped under the umbrella of "Web 2.0" technologies. It's neither WOA nor SOA, being capable of participating in both architectural models easily. Some might argue that AJAX, being...
posted @ Tuesday, September 02, 2008 3:50 AM |
|
|
You walked past me again today without stopping. I remember when you used to stop and admire my glowing red ball every day. But that was back when I was brand new and you thought I was the center of your data center. I heard you talking to some friends about looking for a web acceleration solution yesterday. You were going to a meeting about it later that afternoon and you were so excited it was almost like old times, until you pointed me out on the way by and said, "Oh yeah, there's our load balancer." ...
posted @ Friday, August 29, 2008 4:05 AM |
|
|
Elasticity (adj) the ability of a cloud computing environment to expand or contract automatically on-demand according to real-time computing needs One of the promises of an on-demand cloud computing environment (that's redundant, I think) is the ability to burst resources. Much in the same way that ISPs have long offered contracts that include the ability of the organization to exceed its allotted bandwidth for a fee, it is expected that cloud computing providers offer a mechanism for "bursting resources" that allows an organization to exceed its agreed upon resources for a fee, based on any number of factors such...
posted @ Thursday, August 28, 2008 7:04 AM |
|
|
As I was reading the Internet this morning I happened across an article with "Tips for Optimizing Your WAN (Wide Area Network)" and I thought, "Huh. That's pretty ... generic." While the article uses SAP applications as an example, it speaks in terms of generalities. Selective ACKs, quality of service, data reduction techniques, and HTTP compression. That's when I said, "Whoop de doo." Really, these techniques have nothing to do with SAP and applications and everything to do with packets. Every WAN and acceleration solution can do this stuff. I'm not really picking...
posted @ Wednesday, August 27, 2008 5:14 AM |
|
|
No, it's not this one. It's not even mine. It's this one on High Scalability written by Todd Hoff. Not only does he explain latency and its sources, but its costs. Then he goes on to offer a plethora of ways to reduce latency. A couple of suggestions he offers are: Use a TCP Offload Engine (TOE). TOE tech offloads the TCP/IP stack from the main CPU and puts it on the network controller. This means network adapters can respond faster which means faster end-to-end communication. Network adapters respond faster because bus...
posted @ Monday, August 25, 2008 8:49 AM |
|
|
David Bressler of Progress Software, who acquired SOA vendor Actional in January 2006 wrote a very thought provoking post on marketing that really ended up being a post about SOA and where Progress fits into the "SOA continuum". He raises some questions, and problems, with SOA and product categories that ties in nicely with an excellent blog post on the subject Todd Biske wrote a while back containing some concepts that he presented at Burton's Catalyst 2006. One of the confusing things about any market is the wide variety of names used to describe the products and solutions that...
posted @ Monday, August 25, 2008 7:40 AM |
|
|
During the debate of WAF versus, well, just about everything, I heard an interesting thing.
See, I was taking the view that the duplication of security code across all services/applications lays the groundwork for the introduction of errors, accidental omission, and the degradation of performance. I argued that a WAF addressed all these problems and was therefore a better option.
The person with whom I was discussing the subject declared that security code did not necessarily need to be included in the application, it could be a service that, in the spirit of SOA, could be reused and that this...
posted @ Thursday, August 21, 2008 5:02 AM |
|
|
Ken Oestreich of the Fountainhead blog has an interesting take on cloud computing. Ken cites many examples of cloud computing experts who essentially claim that cloud computing cannot be done "inside" the data center. Then he postulates that yes, yes in fact it can. In general, I agree with Ken's assessment. A CRM (Customer Relationship Management) system is still a CRM whether it's hosted inside the data center or remotely by a SaaS (Software as a Service) provider. Similarly, a cloud is still a cloud regardless of whether it's implemented in someone else's data center, such as Amazon,...
posted @ Tuesday, August 19, 2008 9:40 AM |
|
|
One of the "real world" lessons rarely taught in the university setting is that in the "real world" you're going to have to follow coding standards. Back in the day, when I was allowed to code, I often railed against some of those coding standards on the basis that they impaired application performance. Anyone with a firm grounding in computer science knows that the introduction of a local scope necessarily means more work (and thus memory and cycles consumed) to set up the stack: copying variables, pushing parameters, etc... That means that a conditional statement with just one...
posted @ Tuesday, August 19, 2008 5:29 AM |
|
|
Dear Internet Tough Guy, You know who you are. You're the individual who has an insecurity complex, probably due to a sad childhood, the story of which no one is really interested in hearing. You're the troll that prowls technology blogs and forums looking for someone to voice an opinion with which you disagree just so you can tell them they're an (idiot|moron|fool) without any context or reference. You're the person who posts comments without leaving a name, e-mail address, or website because deep down you're afraid of voicing your opinion (insults) without hiding behind the...
posted @ Friday, August 15, 2008 9:34 AM |
|
|
Green IT is a fairly well hyped topic at the moment. While the term may be seen as hype, there are tangible benefits to employing green tactics within IT. Even research firm Gartner sees it as one of the hyped technologies organizations can use now to see real benefits. Jackie Fenn, vice-president and Gartner Fellow on green IT via The Standard Another set of technologies that's benefit to companies now is green IT, which is valuable in more ways than one, Fenn said. "The happy...
posted @ Friday, August 15, 2008 5:32 AM |
|
|
SC Magazine reports that (1) cloud computing environments may not be very secure and (2) a VPN can improve the security of cloud computing environments. Countering cloud computing threats via SC Magazine Technology such as two-factor authentication systems, when married to encrypted VPN connections, can secure an internet connection into a cloud computing-based service. That's the verdict from the Information Systems Audit and Control Association (ISACA), which concludes that using such techniques would tend to make interception of files and transmissions almost impossible. Sarb Sembhi, president of the...
posted @ Thursday, August 14, 2008 8:43 AM |
|
|
As a child of the 80s's I lived under an umbrella of fear surrounding nuclear everything. Living fairly close to a nuclear power plant, we all heard the words "chain reaction" a lot, and though we didn't understand the science we did know that it was a Very Bad ThingTM and like children in the 60's we were taught to hide under a desk in the event of a catastrophe. Now, one of the benefits of SOA is reuse. Business services provide consistency across multiple applications when they are reused both for data and for processes. This is...
posted @ Thursday, August 14, 2008 3:32 AM |
|
|
Nothing. At least not from an attacker's perspective. A blog is an individual content management system, requiring storage (either database or flat file) and the ability to write to that storage. Comments allow discussion but also require access to files and or databases. It's an app, and that means it comes with all the baggage today's web applications necessarily come with: vulnerabilities. Those vulnerabilities are likely to become more visible as more organizations adopt blogging and other Web 2.0 applications in the next two years. Analyst firm Gartner recently highlighted 27 technologies in its 2008 Hype Cycle for...
posted @ Wednesday, August 13, 2008 3:35 AM |
|
|
The debate on whether infrastructure devices, particularly those providing security, should fail open or closed is far from over. One of our field system engineers, Aidan Clark, has some thoughts on scenarios in which you should fail open, and provides some compelling arguments for his view point. He's graciously allowed me to post his thoughts as his response seems to be irritating the comment gremlins. The View from the Trenches Lori, Now you already know this, but other readers might not. My standard disclaimer first: I am an F5 employee. I...
posted @ Tuesday, August 12, 2008 7:25 AM |
|
|
An ant named Archimedes is in a hole 6' deep. He climbs half the distance to the top every hour. How long does it take for him to escape the hole? Trick question. He can never, mathematically, escape. Realistically, we know that when Archimedes gets close to the top he will escape because he is actually longer than the amount of hole he has left to go. But what if every hour that Archimedes climbed the hole expanded 6" and thus changed the equation? He'd be one frustrated ant, that's what he'd be. That's how...
posted @ Monday, August 11, 2008 3:54 AM |
|
|
We all know that SOA stands for Service Oriented Architecture, right? Gaurav Sharma over at Infosys-Oracle has another definition of SOA and it really fits well with both the business and IT goals surrounding SOA. Gaurav redefines SOA as Scalable, Open, and Adaptable, and then walks through how Oracle solutions fit this definition. This actually makes a lot of sense, because open and adaptable are inexorably tied to SOA as an architectural methodology. SOA is built on open standards like SOAP, WSDL, and XML and its meta-data driven execution style is highly adaptable, making it flexible or, in...
posted @ Thursday, August 07, 2008 5:20 AM |
|
|
No, that's not a typo. That's the reality of virtualization terminology today: a single term means multiple technology implementations. Server virtualization is used to describe at least two (and probably more) types of virtualization. 1. Server virtualization a la load balancing and application delivery 2. Server virtualization a la VMWare and Microsoft Server virtualization as implemented by load balancers/application delivery controllers is a M:1 virtualization scheme. An application delivery controller like BIG-IP can make many servers look like one server, a virtual server. This type of server virtualization is used...
posted @ Thursday, August 07, 2008 4:14 AM |
|
|
One of the most well-kept secrets in technology is the extensibility of HTTP. It's one of the reasons it became the de facto application transport protocol and it was instrumental in getting SOAP off the ground before SOAP 1.2 and WS-I Basic Profile made the requirement for the SOAP Action header obsolete. Web browsers aren't capable of adding custom HTTP headers on their own; that functionality comes from the use of client-side scripting languages such as JavaScript or VBScript. Other RIA (Rich Internet Applications) client platforms such as Adobe AIR and Flash are also capable of adding HTTP...
posted @ Wednesday, August 06, 2008 4:07 AM |
|
|
Slashdot is discussing a recent rant regarding Mozilla FireFox 3's SSL policy regarding self-signed certificates. The rant claims that the policy is "bad for the web."
Nat Tuck Thu on Mozilla SSL policy bad for the Web
Mozilla Firefox 3 limits usable encrypted (SSL) web sites to those who are willing to pay money to one of their approved digital certificate vendors. This policy is bad for the web. Not only does it make users less secure overall by reducing the number of encrypted connections, it damages the basic principle of equality among web participants.
The problem...
posted @ Tuesday, August 05, 2008 10:59 AM |
|
|
Who is responsible for security in the cloud? Let's say you just developed a web app through which customers can order widgets. You're pretty sure your widgets are going to be the hit of the year and you want to make sure that you don't suffer outages and performance issues like many retailers have in the past, especially around Black Friday. So you've decided to take advantage of the fact that a cloud computing provider can and will shoulder the responsibility for scaling your application even in the face of hundreds of thousands of customers knocking on your...
posted @ Tuesday, August 05, 2008 4:56 AM |
|
|
Cloud computing promises customers the ability to deliver scalable applications on-demand without the overhead of a massive data center. The visibility - and flexibility as well as control - you have into and over the cloud computing environment depends on whether the provider you select offers an opaque or a transparent cloud computing environment.
OPAQUE CLOUD COMPUTING MODEL
In an opaque cloud computing model all details are hidden from the organization. The hardware and software infrastructure details are not necessarily known or controlled by the organization but are completely managed by the cloud computing provider. This allows for a completely...
posted @ Monday, August 04, 2008 5:04 AM |
|
|
An application delivery controller (ADC) essentially acts a reverse proxy. That means that client requests interact with the ADC, and the ADC interacts with web and application servers on the client's behalf. This mediation offers the chance to implement acceleration, availability, and security features without requiring changes to existing applications. There are many, many more features in an ADC that provide significant value. These eight capabilities are the most commonly employed features in reverse-proxy application delivery solutions that provide immediate benefits to web applications, and all can be used without modifying applications or the servers on...
posted @ Friday, August 01, 2008 4:56 AM |
|
|
Forrester Research recently conducted a survey on virtualization, citing server consolidation as one of the primary drivers behind the 73% of enterprises already or planning on implementing virtualization technology. But virtualization, particularly operating system virtualization, assumes you have additional cycles on servers to spare. In some cases, that's just not true. Your application servers are working as hard as they can to serve up your applications and virtualizing them isn't going to change that fact. But application acceleration technologies can change that, and offer you the chance to consolidate servers. I know that sounds crazy. How can...
posted @ Thursday, July 31, 2008 5:49 AM |
|
|
Alistair Croll has a great post on GIGAOM discussing how networking vendors will need to change in order to support a cloud computing infrastructure. He outlines two options for networking vendors that will keep them relevant in a cloud computing environment. In option number one he postulates that virtual appliances are the way to go, that the "pendulum swings back to software". Option number two revolves around sales strategy, and he suggests that networking vendors will need to sell to the providers of the cloud. That makes sense to me. If you want to be a...
posted @ Wednesday, July 30, 2008 5:11 AM |
|
|
I read with interest an article on port knocking as a mechanism for securing SOA services on CIO.com. If you aren't familiar with port knocking (I wasn't) then you'll find it somewhat interesting: From Nicholas Petreley's "There is More to SOA Security Than Authorization and Authentication" For the sake of argument, let's say you have an SOA server component for your custom client software that uses port 4000. Port knocking can close off port 4000 (and every other port) to anyone who doesn't know the "secret method" for opening it. Any cracker who scans your...
posted @ Tuesday, July 29, 2008 9:21 AM |
|
|
Outside of the technology world a lot of products are billed as "one size fits all". Anyone who's purchased such a product generally knows, no, no they don't. They're close, but never a truly good fit. Inside the technology world we know better. Software and solutions are never a "one size fits all" proposition, that's why so many business software solutions are "customizable": ERP (enterprise resource planning), CRM (customer relationship management), workflow, automation, and portals. Just about every software solution you can purchase these days takes a customizable approach to actually meeting the needs of the business. ...
posted @ Monday, July 28, 2008 6:46 AM |
|
|
I'm going to give you an engine low to the ground. An extra-big oil pan that'll cut the wind underneath you. That'll give you more horsepower. I'll give you a fuel line that'll hold an extra gallon of gas. I'll shave half an inch off you and shape you like a bullet. When I get you primed, painted and weighed... ...
posted @ Friday, July 25, 2008 11:30 AM |
|
|
IPv6 was supposed to eliminate NAT (Network Address Translation). But in order to make the transition from IPv4 reasonable and less painful, it's being added to IPv6. It's intended use in being included in IPv6 is to create gateways that bridge between IPv6 and IPv4 while the transition occurs. The IETF is not thrilled however. It's description of how it feels about NAT and the necessity to include it make it sound like school-children forced to allow that kid to play in their game of kickball. And then they put him in far right field. And I mean...
posted @ Friday, July 25, 2008 4:14 AM |
|
|
Apache is a great web server if for no other reason than it offers more flexibility through modules than just about any other web server. You can plug-in all sorts of modules to enhance the functionality of Apache.
But as I often say, just because you can doesn't mean you should.
One of the modules you can install is mod_security. If you aren't familiar with mod_security, essentially it's a "roll your own" web application firewall plug-in for the Apache web server.
Some of the security functions you can implement via mod_security are:
Simple filtering
...
posted @ Wednesday, July 23, 2008 5:53 AM |
|
|
I do an awful lot of talking about SOA: problems, challenges, concepts, solutions, security, products. But I don't often present "the big picture", and certainly rarely discuss how F5 and SOA go together like ice-cream and pretzels. I know, that isn't a traditional simile, but if you've ever tried hot pretzels and ice-cream you might agree with me in saying that while they don't sound like they go together they really do, and they do so well. It's also applicable because when you think of ice-cream you don't immediately think of pretzels, and I'm fairly certain...
posted @ Tuesday, July 22, 2008 4:17 AM |
|
|
I ran across an interesting site containing an algorithm that predicts your sex based on browser history. This algorithm uses demographics from popular sites, determines which popular sites you have visited by digging through your browser history, and then predicts what gender you are based on your browsing habits. This algorithm sounds a lot like an adaptation of the Turing Test. But instead of predicting which of two participants in the test is human, this one predicts what gender they are. The Turing Test has long been the standard for judging the intelligence of a computer system, even...
posted @ Friday, July 18, 2008 5:11 AM |
|
|
No one questions the need to secure applications today, we just argue over how we should do it. Let's take a break for a minute from that debate to ensure that we don't get so focused on layer 7 (application) that we forget about the rest of the stack and the importance of securing it as well. Just as a chain is only as strong as its weakest link, an application is only as secured as its most vulnerable layer in the stack. If your application is well secured, but the network layer (IP) is wide...
posted @ Wednesday, July 16, 2008 8:24 AM |
|
|
Cisco CEO John Chambers recently announced that the slowdown in corporate IT spending will continue until 2009. NEW YORK (Fortune) -- Cisco chief John Chambers has some bad news for the technology sector: He no longer expects the recent slowdown in tech spending to pick up until next year at the earliest. IT is still spending dollars, but not as freely as in past years. In a constrained budgetary environment, IT now has to ask the question, "What's going to give me the best bang for my buck?" ...
posted @ Tuesday, July 15, 2008 5:16 AM |
|
|
Neil McAllister @ InfoWorld has a great blog post on The Web development skills crisis. He postulates at that "The most agile developers, however, are those who approach programming with a firm grounding in computer science."
Amen, brother. Say it again, only this time loud enough my son hears you.
The basic premise of Neil's post revolves around the frenetic rate at which programming technology is changing. It isn't just languages, though that is certainly part of the mix, it's also the increasing number of libraries and frameworks from which web developers can choose to develop web applications.
In order to...
posted @ Monday, July 14, 2008 8:31 AM |
|
|
The increasing webification of applications both for external and internal consumption combined with the concept of outsourced data centers and applications, i.e. cloud computing and Software as a Service (SaaS), may resolve in a perfect storm for proponents of telecommuting.
Consider the scenario: A small to medium organization needs more horsepower but it really doesn't have the budget yet to build out its own enterprise-class data center. Cloud computing offers an off-site, managed data-center that can be used to deploy applications for use by both external and internal constituents. Take advantage of SaaS offerings such as those from Salesforce.com and you've...
posted @ Monday, July 14, 2008 5:15 AM |
|
|
twitter (v) to allow your services go up and down randomly under heavy load due to inadequate architecture or planning, annoying a lot of the known (online) world In case you've been living under a rock (or been heads down coding for the past week), Apple launched its latest iPhone today to the delight and, it appears, consternation of customers. A colleague relates his experience not just purchasing one of the eagerly awaited phones, but the disaster that was the activation process. Apparently Apple wasn't satisfied with all the good press it gets about how hip and trendy...
posted @ Friday, July 11, 2008 2:19 PM |
|
|
The English language is one of the most expressive, and confusing, in existence. Words can have different meaning based not only on context, but on placement within a given sentence. Add in the twists that come from technical jargon and suddenly you've got words meaning completely different things. This is evident in the use of persistent and persistence. While the conceptual basis of persistence and persistent are essentially the same, in reality they refer to two different technical concepts. Both persistent and persistence relate to the handling of connections. The former is often used as a general...
posted @ Friday, July 11, 2008 5:12 AM |
|
|
Cloud computing is, at its core, about delivering applications or services in an on-demand environment. Cloud computing providers will need to support hundreds of thousands of users and applications/services and ensure that they are fast, secure, and available. In order to accomplish this goal, they'll need to build a dynamic, intelligent infrastructure with four core properties in mind: transparency, scalability, monitoring/management, and security.
Transparency
One of the premises of Cloud Computing is that services are delivered transparently regardless of the physical implementation within the "cloud". Transparency is one of the foundational concepts of cloud computing, in that the actual implementation of...
posted @ Thursday, July 10, 2008 5:45 AM |
|
|
Keynote, well known for its application performance testing and monitoring services, just announced a new version of its KITE (Keynote Internet Testing Environment) that is now capable of testing Web 2.0 sites that make use of AJAX, Flash, and other "hidden" methods of obtaining content. Announcement of KITE 2 Performance testing dynamic and HTML websites is now a fairly straightforward process, however the rise of Web 2.0 sites that don’t rely on clicking to reveal another new page have been almost impossible to test. However Keynote has now developed a scripted system that allows you to...
posted @ Wednesday, July 09, 2008 5:06 AM |
|
|
Not all DoS (Denial of Service) attacks are the same. While the end result is to consume as much - hopefully all - of a server or site's resources such that legitimate users are denied service (hence the name) there is a subtle difference in how these attacks are perpetrated that makes one easier to stop than the other. SYN Flood A Layer 4 DoS attack is often referred to as a SYN flood. It works at the transport protocol (TCP) layer. A TCP connection is established in what is known as a 3-way handshake. The client...
posted @ Tuesday, July 08, 2008 4:31 AM |
|
|
After reading this discussion on Slashdot regarding an anti-virus agent pretending to be Internet Explorer and flooding sites with requests I waited to see a response come from an Apache fan on using mod_rewrite to detect and stop the flood of useless traffic coming from these robots. It was sure to come, particularly after the first post in the discussion pointed out how to use an iRule to detect and "nuke from orbit" these nasty little requests. I was not disappointed. It's not the case that the solution won't work. It will, and it's certainly a viable solution....
posted @ Monday, July 07, 2008 6:18 AM |
|
|
I read a very nice blog post yesterday discussing some of the traditional pros and cons of load-balancing configurations. The author comes to the conclusion that if you can use direct server return, you should. I agree with the author's list of pros and cons; DSR is the least intrusive method of deploying a load-balancer in terms of network configuration. But there are quite a few disadvantages missing from the author's list. Author's List of Disadvantages of DSR The disadvantages of Direct Routing are: Backend server...
posted @ Thursday, July 03, 2008 4:29 AM |
|
|
Bob owns a widget shop. Now this widget shop is not your ordinary widget shop, because the widgets are made from Swarovski crystal. Very expensive stuff. Bob is aware that losing any number of his widgets would be financially devastating, and the negative press he'd receive would darken his shop's reputation. So he's invested in a very modern physical security system that utilizes electronic locks on all the doors, and includes all the newest laser motion detection technology. It's further connected to a monitoring service just in case, so he'll know if security has been breached and can...
posted @ Wednesday, July 02, 2008 4:58 AM |
|
|
Web 2.0 is built on primarily two technologies: AJAX and RSS. AJAX is used to develop interactive, real-time applications while RSS is primarily used as for integration and syndication. Import a feed, share a feed, drag-n-drop a gadget, widget, or component. It's all RSS (XML) today. It's further becoming a requirement of Web 2.0 sites that they provide some sort of API through which developers can write add-on applications. Twitter, Tumblr, Facebook. They all offer APIs that are quite heavily used at this time and startups are following suit. Other sites offer richer media, like video or slideware,...
posted @ Tuesday, July 01, 2008 4:53 AM |
|
|
|
|
|
|
