services

Pay No Attention to the Infrastructure Behind the Cloudy Curtain What is needed to customize the cloud is a pair of data center ruby slippers called Infrastructure 2.0. Frank Gens of IDC discussed the “New IDC IT Cloud Services Survey: Top Benefits and Challenges” in his blog and what is not surprising is that security continues to top the challenges associated with cloud services. What may be surprising to some is the increasing focus on customization. It shouldn’t be. As customers continue to push at the boundaries  of the cloud computing model they will inevitably find it unable to meet some need they have, such as customization.... posted @ Friday, February 26, 2010 3:31 AM | Feedback (3)

Knowing is Half the Battle There’s a difference between automation and orchestration, and knowing which one you’re really doing is half the battle in achieving a truly dynamic data center. Randy Heffner on CIO.Com wrote an excellent article on SOA and its value, “SOA: Think Business Transformation, Not Code Reuse.” The problem I had with the article was not in any way related to its advice, conclusions, or suggestions. The problem I had was that I kept thinking about how perfectly much of his article could be applied to data center orchestration, operational transformation, and automation. Simply replace “SOA” with “orchestration”, “software reuse”... posted @ Monday, February 22, 2010 3:43 AM | Feedback (1)

That Whole Concept is Broken Agreed that cloud vendors need to differentiate on services. Disagreed that cloud standards will not forward that cause and that virtualization platform makes a difference.    The battle for virtualization platform dominance rages on, but it will not be virtualization that makes or breaks a cloud computing offering; it will be the diversity – or lack thereof - of the services it offers. We need to stop focusing on virtualization as the be-all and end-all of cloud computing and start bending our efforts toward what really matters: the ability of providers to efficiently offer a broad set of... posted @ Wednesday, February 10, 2010 4:35 AM | Feedback (8)

Data as a Service Could Drastically Impact Success of SQL Injection Attacks The question is whether that impact is positive (a reduction) or negative (an increase). One of the biggest threats to data integrity is the introduction of malicious content via SQLi (SQL Injection) attacks. Traditional database access methods don’t provide a lot in the way of validating requests and like HTML the vagaries of SQL allow for myriad ways in which a statement can be constructed – and thus exploited. These vagaries, of course, are one factor in the reason why SQLi continues to plague applications and sites driven by user generated content. Another factor is certainly... posted @ Monday, November 16, 2009 4:52 AM | Feedback (2)

AJAX and Network-Side Scripting AJAX enables the use of network-side scripting enabled application delivery solutions to offload client-side functionality and improve capacity and performance of dynamic (Web 2.0/AJAX) applications. In the last couple of weeks I’ve embarked on a home project to rewrite – from scratch – a couple of web applications that Don and I and friends use on a regular basis. Consider it a very restricted (in terms of users) social networking application, because that’s basically what it is. I made heavy use of AJAX for one component in the past version but have been really leveraging it a lot more... posted @ Wednesday, September 16, 2009 5:02 AM | Feedback (13)

Cloud is Not a Big Switch Why Carr’s analogy doesn’t describe today’s cloud environments and how SOA can get us closer to what he describes Back when cloud first starting drifting in to obscure the computing landscape there were a lot of parallels drawn between it and grid, and a lot of analogies used to explain the concept behind it. Cloud computing is most often analogized using Nicolas Carr’s analogy of the cloud as an electrical grid; that’s always bothered me at almost a visceral level. But I could never articulate why well enough and a lot of smart people told me that if I... posted @ Monday, August 10, 2009 3:57 AM | Feedback (1)

Rip and Replace Won’t Solve Twitter’s (Or Your) Security Problems The “replace” in “rip and replace” essentially means getting rid of old security problems and replacing them with new ones. Twittergate is (thankfully) behind us but it’s almost assuredly going to be the case that we’ll be rehashing this one for a while. This certainly isn’t the first time Twitter and security issues have clashed, and as in the past Twitter (and really any very public application in a similar situation) is the clear loser. And of course there comes the unsolicited advice offered regarding what Twitter needs to do to address its security issues. I am, of... posted @ Monday, July 20, 2009 3:43 AM | Feedback (2)

The End of 3-Teared Architectures No, that isn’t a homophonic mistake. Dan directed my attention to an interesting article recently, “Are 3-tier web architecture models too rigid?” in which the author postulates that “maybe it is time to finally break out of  the old 3-tier web architecture box and retire the concept…” In addition to a great mention of F5 and an “application delivery tier” in web architecture models (the concept of which deserves its very own blog post), the author inadvertently, I think, brings to the fore one of the reasons SOA might have failed to dominate the world: service... posted @ Monday, July 13, 2009 3:22 AM | Feedback (0)

To Boldly Go Where No Production Application Has Gone Before The importance of stress-testing in production Everyone is still a-twitter over the problems the web experienced last week right after the news of Michael Jackson’s death. There have been numerous stories on the fact that the Internet nearly fell over itself and died under the strain of trying to support the rush of millions of users as they queried, clicked, watched video, read blogs and news reports on the subject. The Internet itself, of course, was just fine. The infrastructure comprising our electronic highway was humming along, routing packets happily here and... posted @ Wednesday, July 01, 2009 4:14 AM | Feedback (1)

What is server offload and why do I need it? One of the tasks of an enterprise architect is to design a framework atop which developers can implement and deploy applications consistently and easily. The consistency is important for internal business continuity and reuse; common objects, operations, and processes can be reused across applications to make development and integration with other applications and systems easier. Architects also often decide where functionality resides and design the base application infrastructure framework. Application server, identity management, messaging, and integration are all often a part of such architecture designs. Rarely does the architect concern him/herself with the network infrastructure, as that is... posted @ Wednesday, June 17, 2009 4:07 AM | Feedback (4)

Cloud computing is not Burger King. You can’t have it your way. Yet. Don’t confuse computing services with infrastructure services. We aren’t there yet. The subtext to the cloud computing discussion is subtle, as is the wont of subtext. But it is clear that underlying all the concerns about cloud computing is a common theme: control. Whether we’re talking about reliability or security, it should be obvious if you’re reading between and beneath the lines that the biggest stumbling block to massive cloud adoption is the issue of control. There is a very real difference between on-demand computing and on-demand infrastructure. What the cloud provides now, and is described... posted @ Thursday, May 07, 2009 3:11 AM | Feedback (4)

It’s like load balancing. On steroids. What is this application delivery thing that everyone keeps telling me I need? Isn’t that just the latest marketing term for load balancing? A recently released Forrester report concludes that “firms must develop and integrated strategy for application delivery.” We don’t disagree with that, or with the Gartner report claiming that “Load Balancing is Dead, Time to Focus on Application Delivery.” Application delivery is the next step in the logical evolutionary path from the tactical solution of load balancing to a comprehensive application infrastructure strategy. Forrester’s research indicates that despite the fact that application... posted @ Monday, April 20, 2009 3:40 AM | Feedback (6)

Infrastructure 2.0: As a matter of fact that isn't what it means We've been talking a lot about the benefits of Infrastructure 2.0, or Dynamic Infrastructure, a lot about why it's necessary, and what's required to make it all work. But we've never really laid out what it is, and that's beginning to lead to some misconceptions. As Daryl Plummer of Gartner pointed out recently, the definition of cloud computing is still, well, cloudy. Multiple experts can't agree on the definition, and the same is quickly becoming true of dynamic infrastructure. That's no surprise; we're at the beginning of what Gartner would call the hype cycle for both concepts, so... posted @ Wednesday, January 28, 2009 7:19 AM | Feedback (1)

Informatica: Data Integration in (and for) the cloud After talking about data integration being the Achilles heel of cloud computing I had a chat with Informatica, who is not only providing a solution for data integration for the cloud, but is leveraging the cloud to do it. While we at F5 are focused on tearing down the silos that exist in IT to support the delivery and management of applications both internal and external (SaaS, cloud), Informatica is looking to tear down the silos in the cloud that currently exist as Software as a Service (SaaS) offerings. Integration, always a painful subject, has become... posted @ Friday, January 09, 2009 7:11 AM | Feedback (0)

Cloud Computing: What's stopping service-oriented clouds? Whenever there is a shift in architectural thinking about technology, such as is happening right now with cloud computing and virtualization, we start thinking forward, past the now, and into the future about how that technology might be leveraged. We start looking at the impact to architecture from the top of the stack to the bottom. For a company that's focused on application delivery, that means taking a good hard look at how that new technology might impact the architecture of applications. It's been suggested that perhaps, just maybe, we'll see service-oriented clouds; that the concepts of SOA... posted @ Wednesday, November 12, 2008 8:52 AM | Feedback (2)

How AJAX can make a more agile enterprise In general, we talk a lot about the benefits of SOA in terms of agility, aligning IT with the business, and risk mitigation. Then we talk about WOA (web oriented architecture) separately from SOA (service oriented architecture) but go on to discuss how the two architectures can be blended to create a giant application architecture milkshake that not only tastes good, but looks good. AJAX (Asynchronous JavaScript and XML) gets lumped under the umbrella of "Web 2.0" technologies. It's neither WOA nor SOA, being capable of participating in both architectural models easily. Some might argue that AJAX, being... posted @ Tuesday, September 02, 2008 3:50 AM | Feedback (0)

You're Doing It Wrong Don and I were discussing security as a service and, as usual, he spouted off some wisdom in the form of an analogy that was too good to not to share. When you're walking down the street with your entourage and an angry, I mean really angry, man steps out in front of you with a lead pipe where should your bodyguard be? Yeah, that was my thought, too. He should be in front of me to stop the threat before I have to react. Even though the threat may not hit... posted @ Tuesday, August 26, 2008 5:01 AM | Feedback (4)

SOA What? David Bressler of Progress Software, who acquired SOA vendor Actional in January 2006 wrote a very thought provoking post on marketing that really ended up being a post about SOA and where Progress fits into the "SOA continuum". He raises some questions, and problems, with SOA and product categories that ties in nicely with an excellent blog post on the subject Todd Biske wrote a while back containing some concepts that he presented at Burton's Catalyst 2006. One of the confusing things about any market is the wide variety of names used to describe the products and solutions that... posted @ Monday, August 25, 2008 7:40 AM | Feedback (1)

Some services are more equal than others   During the debate of WAF versus, well, just about everything, I heard an interesting thing. See, I was taking the view that the duplication of security code across all services/applications lays the groundwork for the introduction of errors, accidental omission, and the degradation of performance. I argued that a WAF addressed all these problems and was therefore a better option. The person with whom I was discussing the subject declared that security code did not necessarily need to be included in the application, it could be a service that, in the spirit of SOA, could be reused and that this... posted @ Thursday, August 21, 2008 5:02 AM | Feedback (1)

Port Knocking: What are you hiding in there? I read with interest an article on port knocking as a mechanism for securing SOA services on CIO.com. If you aren't familiar with port knocking (I wasn't) then you'll find it somewhat interesting: From Nicholas Petreley's "There is More to SOA Security Than Authorization and Authentication" For the sake of argument, let's say you have an SOA server component for your custom client software that uses port 4000. Port knocking can close off port 4000 (and every other port) to anyone who doesn't know the "secret method" for opening it. Any cracker who scans your... posted @ Tuesday, July 29, 2008 9:21 AM | Feedback (3)

4 Things You Need in a Cloud Computing Infrastructure Cloud computing is, at its core, about delivering applications or services in an on-demand environment. Cloud computing providers will need to support hundreds of thousands of users and applications/services and ensure that they are fast, secure, and available. In order to accomplish this goal, they'll need to build a dynamic, intelligent infrastructure with four core properties in mind: transparency, scalability, monitoring/management, and security.  Transparency One of the premises of Cloud Computing is that services are delivered transparently regardless of the physical implementation within the "cloud". Transparency is one of the foundational concepts of cloud computing, in that the actual implementation of... posted @ Thursday, July 10, 2008 5:45 AM | Feedback (4)

Application Delivery: Loose-Coupling for Legacy Apps How to apply SOA principles to traditional web application architecture I promised kudos and comments last week for Ronald Schmelzer's ZapNote on the requirement for a service proxy in SOA implementations and so I shall right now. While Ron didn't come right out and say it, a major reason the service proxy is an essential component of a successful SOA implementation is that it protects the concept of loose-coupling, a primary foundational principle of SOA. Loose-coupling is generally applied to consumer-producer relationships and essentially requires that there be no code or logic on the consumer (client) that binds it tightly... posted @ Tuesday, March 11, 2008 9:49 AM | Feedback (0)

You say "Late", I say "Delayed" The language of application delivery and SOA finally meets in the middle Ronald Schmelzer at ZapThink wrote a recent ZapFlash titled, "Why Service Consumers and Service Providers Should Never Directly Communicate." Yes, I agree, the title is way too long, but you should read it anyway. The basic premise of this one is that there is a need for a service proxy to protect your investment in SOA. I'll save my kudos and comments for another post, but in general I agree with Ron and his vision of SOA and the need for a proxy/intermediary to prevent the loss... posted @ Tuesday, March 04, 2008 9:33 AM | Feedback (0)