Have you checked out the features in the new release of the IBM Smart Business Development and Test on the IBM Cloud? Well you should. Version 1.1 provides support for Virtual Private Networks and Virtual Local Area Networks plus new premium support services are now available. I've heard from my tweeps on Twitter that the new release rocks so had to share the news with all of you in our very cool developer community.
Okay so if you want to realize faster application deployment with reduced costs, you have to check out the IBM Cloud. You virtually have no infrastructure to maintain and benefit from pay-as-you-go pricing. And, you can set up more accurate test environments in minutes versus weeks using standardized configurations. Sound irresistible?
So you ask, what does this new release really mean for me as a developer? Well here's a quick summary of what Version 1.1 has to offer:
Security is a top priority, you can now use a VPN to access your machine instances on the IBM Cloud to provide virtual network isolation of your instances. Each VPN service consists of a private virtual LAN (VLAN) in an IBM Cloud Center of your choice plus a VPN gateway for accessing that VLAN. Pretty cool!
In addition, the VPN option allows isolation of your development and test environment on the IBM Cloud on a VLAN that only you can access. Plus your instance is not accessible from the Internet or from other instances unless you have provisioned them to use your private VLAN. Very secure.
New premium support services have been added. On top of the existing tech support, you may also purchase premium levels of support that include around-the-clock telephone support and a web-based ticketing system to submit and review service requests plus remote technical support to assist you in the use of the Cloud web portal, access to services, instance creation, and image management functions within the portal. And you have the ability to add Linux operating support for Linux OS provisioned through the Cloud web portal, including support for virtual machine instances. This is really awesome.
Driven by trends in the consumer internet, cloud computing
is becoming the new way to consume and deliver IT services.As an IT Professional, we need to understand
the different aspects of cloud to seize this opportunity to grow our career and
serve our clients towards a successful adoption of cloud computing.
I’m in the process of learning several aspects of cloud -
emerging trends in cloud solutions, workloads, infrastructure, technologies and
modern services industry.So thought of
this idea to post my learning as a series of blogs which any cloud enthusiast can
benefit to understand cloud computing.When
discussing a topic, instead of reinventing the wheel lets build the content
with links to different articles for further reading that can provide for a
The articles shall cover the entire lifecycle of a cloud
project covering various aspects right from the business requirements,
Architecture /Design, Implementation to Operations. The intention of this blog
is provide the reader a step by step any one or more of the following broad
range of topics
of Cloud Computing
Delivery Models - Infrastructure as a Service, Platform as a Service,
Software as a Service, Business Process as a Service
Deployment Models - Private Clouds, Public Clouds, Hybrid Clouds, Industry
Management - Asset Management, Business Resiliency, Service Management, Capacity
Planning, Charging models and economics,Usage Reporting, Billing &
Metering, Provisioning, Monitoring
We will have something to learn for every week and will
dedicate each week for understanding one of the above topics. So by the end of
16 weeks that we have remaining for the year, we would have learned all the
steps to walk on cloud.The comments to
these posts from all of the members would definitely go a long way in getting
our step right and enriching the content. So C’mon everyone, lets take a walk
in the clouds – step by step…
I just wanted to give everybody a quick update on the Cloud Certification, I took the pre-assessment exam, Test 000-032: Foundations of IBM Cloud Computing Architecture V1. I'm happy to say I received a passing score of 75%. The pre-assessment exam was broken down into three sections
Cloud Computing Concepts and Benefts
Cloud Computing Design Principles
IBM Software Cloud Computing Architecture
Believe it or not I had the most difficulty with section 3 , indentifying IBM software products. Maybe that's something with can discuss during our next study session. Has anybody else taken the pre-assessment exam? I'd like to hear your thoughts about it.
I'll make no bones about the fact that I'm a huge fan of Cloud Foundry. It's the right play, by the right people at the right time. Despite all the attempts to dilute the message over the last eleven years, Platform as a Service (or what was originally called Framework as a Service) is about write code, write data and consume services. All the other bits from containers to the management of such are red herrings. They maybe useful subsystems but they miss the point which is the necessity for constraint.
Constraint (i.e. the limitation of choice) enables innovation and the major problem we have with building at speed is almost always duplication or yak shaving. Not only do we repeat common tasks to deploy an application but most of our code is endlessly rewritten throughout the world. How many times in your coding life have you written a method to add a new user or to extract consumer data? How many times do you think others have done the same thing? How many times are not only functions but entire applications repeated endlessly between corporate's or governments? The overwhelming majority of the stuff we write is yak shaving and I would be honestly surprised if more than 0.1% of what we write is actually unique.
Now whilst Cloud Foundry has been doing an excellent job of getting rid of some of the yak shaving, in the same way that Amazon kicked off the removal of infrastructure yak shaving - for most of us, unboxing servers, racking them and wiring up networks is a thankfully an irrelevant thing of the past - there is much more to be done. There are some future steps that I believe that Cloud Foundry needs to take and fortunately the momentum is such behind it that I'm confident of talking about them here without giving a competitor any advantage.
First, it needs to create that competitive market of Cloud Foundry providers. Fortunately this is exactly what it is helping to do. That market must also be focused on differentiation by price and quality of service and not the dreaded differentiation by feature (a surefire way to create a collective prisoner dilemma and sink a project in a utility world). This is all happening and it's glorious.
Second, it needs to increasingly leave the past ideas of infrastructure behind and by that I mean containers as well. The focus needs to be server less i.e. you write code, you write data and you consume services. Everything else needs to be buried as a subsystem. I know analysts run around going "is it using docker?" but that's because many analysts are halfwits who like to gabble on about stuff that doesn't matter. It's irrelevant. That's not the same as saying Docker is not important, it has huge potential as an invisible subsystem.
Fourth, and most importantly, it needs to tackle yak shaving at the coding level. The simplest way to do this is to provide a CPAN like repository which can include individual functions as well as entire applications (hint. Github probably isn't upto this). One of the biggest lies of object orientated design was code re-use. This never happened (or rarely did) because no communication mechanism existed to actually share code. CPAN (in the Perl world) helped (imperfectly) to solve that problem. Cloud Foundry needs exactly the same thing. When I'm writing a system, if I need a customer object, then ideally I should just be able to pull in the entire object and functions related to this from a CPAN like library because lets face it, how many times should I really have to write a postcode lookup function?
But shouldn't things like postcode lookup be provided as a service? Yes! And that's the beauty.
By monitoring a CPAN like library you can quickly discover (simply by examining meta data such as downloads, changes) as to what functions are commonly being used and have become stable. These are all candidates for standard services to be provided into Cloud Foundry and offered by the CF providers. Your CPAN environment is actually a sensing engine for future services and you can use an ILC like model to exploit this. The bigger the ecosystem is, the more powerful it will become.
I would be shocked if Amazon isn't already using Lambda and the API gateway to identify future "services" and Cloud Foundry shouldn't hesitate to press any advantage here. This process will also create a virtuous cycle as new things which people develop that are shared in the CPAN library will over time become stable, widespread and provided as services enabling other people to more quickly develop new things. This concept of sharing code and combing a collaborative effort of the entire ecosystem was a central part of the Zimki play and it's as relevant today as it was then. By the way, try doing that with containers. Hint, they are way too low level and your only hope is through constraint such as that provided in the manufacture of uni-kernels.
There is a battle here because if Cloud Foundry doesn't exploit the ecosystem and AWS plays its normal game then it could run away with the show. The danger of this seems slight at the moment (but it will grow) because of the momentum with Cloud Foundry and because of the people running the show. Get this right and we will live in a world where not only do I have portability between providers but when I come to code my novel idea for my next great something then I'll discover that 99% of the code has already been done by others. I'll mostly need to stitch all the right services and functions together and add a bit extra.
Oh, but that's not possible is it? In 2006, Tom Inssam wrote for me and released live to the web a new style of wiki (with client side preview) in under an hour using Zimki. I wrote an internet mood map and basic trading application in a couple of days. Yes, this is very possible. I know, I experienced it and this isn't 2006, this is 2016!
Cloud Foundry (with a bit of luck) might finally release the world from the endless Yak shaving we have to endure in IT. It might make the lie of object re-use finally come true. The potential of the platform space is vastly more than most suspect and almost everything, and I do mean everything will be rewritten to run on it.
I look forward to the day that most Yaks come pre-shaved. For more read....
Cloud Security – The top most concern and Opportunity
First of all, wishing all my readers a
very happy and prosperous year 2012 ahead.
Few things happened towards the end
of the year which was significant to me. IBM acquired Q1 Labs to Drive Greater Security Intelligence and created a New Security Division. I also joined this
newly formed IBM Security Systems team last quarter as a solution architect for cloud security. This is a great time to be looking at cloud security. Happy to be on this new role where I can provide solution to customers to handle their cloud security concerns and make it easy for them to adopt cloud and innovate at a faster rate than before.
In my previous
post, we discussed security as the top most concern why customers and
enterprises are not adopting cloud.As
part of year’s posts, I plan to discuss the various security issues and aspects
of cloud computing.
We will explore to understand what are
the unique challenges with Cloud Security and discuss what aspects is important
for each customer
adoption pattern that we have seen.
We will also learn how the IBM Security
Framework can be used to address the various security challenges namely
forward to your comments and inputs in this journey of understanding the
security requirements for cloud and how we can overcome this major challenge to
cloud adoption using the World’s Most Comprehensive Security Portfolio – IBM
Security Systems. I’ll
try and elaborate the IBM Point of View on cloud security and discuss the architectural
model to address the security requirements for cloud. Stay tuned and keep those comments and inputs coming.
While I’m writing this blog, the Ministers of Tamil Nadu and
Kerala are having a meeting
with Prime Minister to discuss the contentious issue of Mullaperiayar at length.
For those who don’t know about this issue, this is about the Mullaperiayar Dam in
Mullaperiyar Dam is a masonry gravity dam over River Periyar and operated
bythe Government of Tamil Nadu based on
a 999-year lease agreement. The catchment areas and river basin of River
Periyar downstream include five Districts of Central Kerala, namely Idukki,
Kottayam, Ernakulam, Alappuzha and Trissur with a total population of around
This dam is at the centre stage again in the wake of reports that
the dam is weakening due to increase in incidents of tremor in Idduki district
in Kerala. Ministers from Kerala are seeking Central Government intervention in
ensuring the safety of the dam. At the same time, Tamil Nadu is insisting on
increasing the water level in the reservoir for enhancing water supply to the
state. While Tamil Nadu wants to increase the water-level in the reservoir,
Kerala has been insisting that it be reduced from the current 136 feet to 120
Currently I don’t think we have clear metrics on the exact usage
of water by each state, what is right level of water to be retained by the dam,
what are the risks etc. We have been relying on data that we have from the
However you look at it -- whether too much or not enough,
the world needs a smarter way to think about water. We need to look at the
subject holistically with all the other considerations as well. We use water
for more than drinking. We need to make an inventory of how much water we get
and how is it used – of industries, irrigation, etc.
This is where I think we need smarter ways to manage the water in the best possible way that addresses both states
Smarter Water Management can help us think in a smarter way about water. For
instance IBM is helping
the Beacon Institute to do source-to-sea real-time monitoring network for New York’s Hudson
and St. Lawrence Rivers as well as report on conditions and threats in real
time. There are many other case studies across the globe on IBM Smarter Water
Those interested in the problem and the possible solutions should
definitely read IBM’s broader outlook on Water Management as covered in the Global Innovation Outlook.
for Tomorrow is another interesting partnership between IBM and The Nature
Conservancy. IBM is providing a state-of-the-art support system for a free,
online application that will provide easy access to data and computer models to
help watershed managers assess how land use affects water quality.
Though it's a worldwide entity, water is treated as a regional
issue. I think we should try putting technology to use to solve our water problems.
The solution should be more instrumented, interconnected and intelligent system
that can not only take into consideration the realtime monitoring of the river
but also include early warning systems to notify risks related to earth quakes
etc. IBM’s Strategic
Water Management Solutions include offerings to help governments, water
utilities, and companies monitor and manage water more effectively. The IBM
Strategic Water Information Management (SWIM) solutions platform is both an
information architecture and an intelligent infrastructure that enables
continuous automated sensing, monitoring, and decision support for water
you might be wondering what has this to do with Cloud and why is this post on
cloud computing Central. For these solutions and platforms to be successful it
is highly important that we have energy efficient high-performance computing
platforms and complex sensor, metering, and actuator networks. Such platform
needs and flexible choices of having the solution on-premise as well as
leverage different delivery models can only be supported through a cloud.
I think we should just leverage these solutions on the cloud to
solve this issue and keep all the states and its people happy :-).
As we discussed in the previous post, it is important that the all the
processes work together to bring successful automation in the cloud management
platform.A process workflow automation
engine is what makes this possible. In this chapter we will discuss more about Tivoli process automation
engine that’s form the base for IBM process automation in the cloud space.
process automation engine provides a user interface, configuration services, workflows and the common data system needed
for IBM Service Management products and other services. As we already know IBM
Service Management (ISM) is a comprehensive and integrated approach for
Service Management, integrating technology, information, processes, and people
to deliver service excellence and operational efficiency and effectiveness for
traditional enterprises, service providers, and mid-size companies. Tivoli process automation engine, previously known as Tivoli base services, provides
the base infrastructure for applications like Tivoli Maximo Asset Management,
Change and Configuration Manager Database (CCMDB), Tivoli Service Request
Manager (SRM), Tivoli Asset Management for IT (TAMIT), Tivoli Proivisioning
Manager as well as Tivoli Service Automation Manager. Any product that has the Tivoli process automation engine as its foundation can be
installed with any other product that has the Tivoli process automation engine.
Management that integrates and automates IT management processes
Management that integrates people, processes, information and technology
for real business results
Management to automate tasks to address application or business service
operational management challenges
Through having a common process automation engine, the
we can successfully link Operational and Business services with Infrastructure
through a single (J2EE) platform. We can also leverage current investments
through linking this engine with existing process automation technologies and
products. So by building a unified platform
to automate processes, we have taken data integration to the next level where sharing
data between applications has never been easier.This integrated process automation platform can
support the repeatable IT functions like Incident Management, Problem
Management, Change Management, Configuration Management all the way through to
Release Management. All of these processes tie into the CMDB where they share
consistent data via bidirectional integration. The platform supports best
practices such as ITIL and other Industry best practices. This facilitates an automated approach across
the IT management lifecycle. It's also forms the basis for automating
repetitive tasks that can be handled by the system instead of requiring human (costly)
intervention. TPAE through the adapters provide data federation from multiple
sources that you already have and translating the information into usable data
that can be leveraged by internal process and workflow.
Figure 1 Tivoli
process automation integrated portfolio
A cloud is not a cloud if it is not elastic. The elastic
property of the cloud to expand and shrink based on demand is possible only
with a proper capacity planning. I feel the most difficult exercise to do while
making a cloud solution is capacity planning for your cloud.By this, I mean you have to size
managed environment as well as
Most of the engagements that I’ve walked into might have
some capacity or infrastructure that they want us to leverage and use it in the
cloud.So the comparison becomes
difficult if you don’t have a standard measuring unit for your infrastructure –
for instance how do you know a Quadcore
on an intel platform compares to power7 core. So I found a good explanation in
this guide, in this interesting article –
The answer to the difficult question was to use something
called the cloud CPU unit which is
nothing but the computing power equal to the processing power on a one
gigahertz CPU. When a user requests two CPUs, for example, they will get the
processing power of two 1 GHz CPUs. This means that a system with two CPUs,
each with four cores, running at 3 GHz will have the equivalent of 24 CPU units
(2CPUs x 4Cores x 3GHz = 24CPU Units).
The other dimension of the complexity is to determine the
resource needs and do the trends and forecasting. I typically collect the
projections from the clients and then put down some critical assumptions to
determine how big my cloud should be. Some critical questions that I typically
many concurrent users and peak users and what percentage of these users
needs to be covered?
type of workloads they typically run – development, test ?
image attributes – mem, cpu, storage etc
infrastructure planner for cloud made life easy for me that had a user
friendly interface to take me through these steps and arrive at a sizing for
the managed environment. Once we know
the managed environment, we can make
the sizing of the management platform. The details of how to plan the managed
environment, I’ll discuss in my next post.
I’ll be interested in putting together the top 10 parameters
that are critical for sizing the cloud managed and management environment. Look forward to your comments.
of the important things to decide when you discuss Cloud Service Strategy and
Design is the consideration for a Reference Architecture. This is something that is useful to align to
as it represents the blueprint for your cloud and make the implementation risk
free.The Cloud Computing Reference
Architecture (RA) is intended to be used as a blueprint / guide for
architecting cloud implementations, driven by functional and non-functional
requirements of the respective cloud implementation. The RA defines the basic
building blocks - architectural elements and their relationships which make up
the cloud. The RA also defines the basic principles which are fundamental for
delivering & managing cloud services.
architecture is more than just a collection of technologies and products. They
consist of several architectural models and are much like a city plan.The RA defines how your cloud platform should
be constructed so that it can satisfy not you’re your current demands and but
also be extensible to support the future needs of a diverse user population. So
this blueprint should be responsive to changing business and technology
requirements and adaptable to emerging technologies. Existing “legacy” products and
technologies as well as new cloud technologies can be mapped on the AOD to show
integration points amongst the new cloud technologies and integration points
between the cloud technologies and already existing ones. By delivering best practices in a standardized,
methodical way, an RA ensures consistency and quality across development and
IBM Cloud Computing RA is structured in a modular fashion with each functional capability
(architectural elements), the user roles (that we discussed in Chapter 12) and
their corresponding interactions. The IBM CCRA is created based on several
cloud engagements and incorporates all the good practices and methods
implemented across these projects. So for an end user adopting these good
practices the risk and cost of implementation of their cloud will be low. The
CC RA is built on the ELEG ( Efficiency, Lightweightness, Economies-of-scale,
of the principles that I want to highlight here is the Genericity Principle –
That’s the capability to define and manage generically along the Lifecycle of
Cloud Services: Be generic across I/P/S/BPaaS & provide ‘exploitation’
mechanism to support various cloud services using a shared, common management
platform (“Genericity”).As we know or
discussed in the cloud delivery and deployment models (Chapter 3) there can
many models for deployment and delivery of a Cloud Services. As we know Cloud
Service can represent any type of (IT) capability which is provided by the Cloud
Service Provider to Cloud Service Consumers - Infrastructure, Platform,
Software or Business Process Services. The beauty and significance of the IBM
Cloud Computing Reference Architecture is that it can cater to any of these
service delivery and deployment models. So if you are building your private
cloud or public cloud or using cloud to deliver IAAS, PAAS or SAAS the RA
remains the same and handle all of these combinations. We have seen the
capabilities that we need (Chapter 6) for implementing a common cloud
has recently submitted
Cloud Computing Reference Architecture 2.0 (CC RA) (.doc) to the Cloud
Architecture Project of the Open Group,
a document based on “real-world input from many cloud implementations across
IBM” meant to provide guidelines for creating a cloud environment. Check
out this link
which has the interview with Heather Kreger, one of the authors of Cloud Computing
Reference Architecture as well as the details of the components that make up
the topic there is also an article that I found on syscon cloud computing
journal which is comparing the Reference Architecture of the Big Three (
IBM, HP and Microsoft)which is an
before we get into the details of the Service Implementation / Transition phase
it is important that we understand the bigger picture. The word document IBM
Cloud Computing Reference Architecture 2.0 (CC RA) (.doc) provides a great
description of this bigger picture and going into the details as required. The
architectural principles define the fundamental principles which need to be
followed when realizing a cloud across all implementation stages (architecture,
design, and implementation). This is a must read for all - development teams
implementing the cloud delivery & management capabilities as well as
practitioners implementing private clouds for customers.
Chapter 6 - Multiple Entry Points to Deploy and manage Cloud Based Services
Cloud Service Management capabilities are needed to
enable visibility, control and automation of cloud services. IBM provides the
following open standards based integrated capabilities to implement service
management for the cloud.
hardware, software and services optimized for cloud
If you are looking for A la carte software offering/solution for maximum flexibility, you
start with IBM Tivoli Service Automation
Manager.This flexible solution
supports user driven service requests and automated resource deployment. The key capabilities
Self service User Interface for
Service Requests for improved responsiveness and efficiency
Workflow support to manage the
process for approval of usage
Provisioning – Automatesprovisioning of resources / IT resource
deploymentfor efficient operations
and to address fluctuating business requirements
with existing hardware to
leverage available resources and previous investment
Delivery Manager (ISDM) is a new offering which is pre-configured
management solution optimized for managing virtual environments and cloud
deployments.Like Tivoli Service
Automation Manager this again is also“software only” offering.In addition to the IBM Tivoli Service
Automation Manager features ISDM includes the additional capabilities
Pre-integrated solution, delivered
as virtual images for faster installation and time to value.
Monitoring to provide Visibility
of Performance of Virtual Machines
Usage and Accounting tracking for
Server ready for High Availability
Energy Management for tracking and
optimizing operational costs
IBM CloudBurst compared
to Tivoli Service Automation Manager and ISDM not only has the software
solution optimized for cloud but also ships the integrated hardware. In
addition to what was provided by its sibling offerings, IBM Cloudburst provides
the following capabilities.
Self-contained solution (managed from
and to environment) to accelerate cloud deployments
Pre-integrated solution bundled with
HW, SW, storage, network and QuickStart services for fastest time to
Thus the three offerings are designed for specific
purposes and selecting the right solution is based on the requirement. You can pick
from the following list and depending on what all you need, it is easy to
select the solution that meets those requirements.
Automation and Provisioning
Storage, Network Hardware
Quite often people are interested to know about IBM WebSphere
CloudBurst and how it is different from the three discussed above. While IBM
CloudBurst and WebSphere CloudBurst are both appliances that accelerate
time-to-value and reduce costs they are designed for two distinct purposes.
CloudBurst is a general-purpose cloud solution. It enables users to
virtualize, deploy, manage, and monitor highly heterogeneous workloads in
their private cloud. IBM CloudBurst is a pre-packaged cloud with
integrated blades, storage, network switches, and software management
CloudBurst is purpose-built to enable users to create, deploy, and manage
private clouds created from IBM Hypervisor Edition images and patterns. IBM
WebSphere CloudBurst delivers specialized WebSphere knowledge in the form
of pre-configured, optimized WebSphere patterns and images. WebSphere
CloudBurst is a cloud management device: 1U appliance that manages a private or on-premise
cloud. It requires supporting infrastructure (hypervisors, storage, and
networking) and virtual images.
Their integration augments the value of each offering
with IBM CloudBurst enabling end-to-end service request governance for
WebSphere CloudBurst provisioning and users still able to leverage a single portal
for cloud service requests forrapid and
optimized provisioning of virtualized WebSphere systems
IT Service Management is the integrated management of the people,
processes, technologies and information required to ensure the cost and quality
of IT services valued by the customer. IT Service Management (ITSM) is the
design, creation, implementation, execution and ongoing management of the IT
environment and services that meet the needs of the business and consumers.It includes:
·Management of IT as a business
·Design, implementation, and deployment of IT services
·Delivery of services to IT customers at
agreed-to levels of service and price
·Optimization of services through Service
Lifecycle Management & Continual Service Improvement
Service Management is at the
heart of the Cloud. Research shows on an average, 81% of cloud payback is
driven by labor savings enabled by service management. As discussed in the
previous chapter, Cloud Computing provides IT departments of enterprises an opportunity
to move towards a service driven management model. The same engineering
discipline that rationalized factory floors and production can be applied to IT
services. Cloud computing provides technical foundations enabling reengineering
of IT service model.But the goals for
service management remains the same the way it is applied for traditional IT.
The key objective of the service management system is to provide the
visibility, control and automation needed for efficient cloud delivery in both
public and private implementations.
The ability to see everything that’s going on
across the infrastructure. This
includes the visibility to services; enable end users to request
services through a self enablement portal
The ability to keep the infrastructure in its
desired state by enforcing policies.Control enables the
fulfillment of user requests based on best practices for request types
& conformance to organizational processes
The ability to manage huge and growing
infrastructures while controlling cost and quality. Automation of service delivery
includes automating user requests and operational tasks to improve
efficiency and effectiveness
ITIL is one of the
foundations for service management best practices.A key element of ITIL is the service lifecycle
and the need for best practice processes throughout the life of a service.ITIL Service Lifecycle Modules are:
Service Improvement (CSI)
Cloud services also have a lifecycle that maps to the
ITIL service management lifecycle. In the Cloud context, Service Management
controls an efficient implementation of new services, integration with the
existing portfolio and lifecycle management of standardized IT services. For
instance Cloud Computing will become a relevant topic in your Service Strategy.You need to see how to leverage integration of
Cloud and traditional IT services during the Service Design. For Service
Operation you need a automated way to deploy your cloud services – an automated
provisioning and image management. For Continual Service Improvement (CSI) it
requires the capability for managing, monitoring, securing and metering your
When discussing IT Service Lifecycle management it is
good to discuss the standardization step as well. Standardization helps improve overall operations. The more you can
standardize the more you can reduce operating expense such as labor and
downtime – which is the fastest growing portion of IT expenditures. Tivoli
Service Automation manager takes care of Standardization and best practices in
all the steps of Service Lifecycle with the capabilities discussed below.
Design and Transition
a Service Template Definition
to build service and management plans for Service
Service Offering Creation
& Registration – a way to define Service based on Template and register
the same in the Catalog.
Service Offering Subscription
& Instantiation – Provides a way users can select the service, specify
parameters and SLAs.
The ability to automatically
instantiate the Service.
for autonomic execution of management plans leveraging Automation and
DestroyService and free up resources based on Service
Instance Termination requests
These capabilities of providing visibility, control and
automation across the business and IT infrastructure results in the following key
Integrated processes across the business
more reliable service delivery
efficiency and staff productivity
operational risk and exposure
We will discuss in detail how you could use IBM
Cloudburst, IBM Service Delivery Manager and Tivoli Service Automation Manager
for each of these steps in the lifecycle. If you are developer, the following
chapters will help you understand the technologies and skills needed to do the
services design, automation and management.
For the enterprises, the most attractive factor of cloud is its flexible sourcing options and the
choices of deployment. And again the different deployment and delivery models can co-exist and it is
possible to integrate with traditional IT systems and with other clouds.
Cloud Delivery Models
The key delivery models for cloud are discussed below.
Cloud refers to IT
capabilities are provided “as a service,” over an intranet, within the enterprise
and behind the firewall. Privately owned and managed. The access limited to
client and its partner network. The Private cloud drives efficiency,
standardization and best practices while retaining greater customization and
control within the organization. In a private cloud environment, all resources
are local and dedicated.All cloud
management is local.
Figure 1 Private Cloud
Public Cloud refers to IT activities / functions are
provided “as a service,” over the Internet Service provider owned and managed.
In public cloud, access is by subscription.
The public cloud delivers select set of standardized
business process, application and/or infrastructure services on a flexible
price per use basis.Multiple tenancy is a key characteristic of public
Figure 2 Public Cloud
Hybrid cloud is a combination of characteristics of
both public and private cloud where internal and external service delivery methods
are integrated. For example in the case of an Off-Premise Private Cloud, resources
are dedicated, but off-premise.Enterprise administrator
can manage the service catalog and policies.Cloud provider operates and manages the cloud infrastructure and
Figure 3 Off-Premise Private Cloud
Community cloud – This is the model where the cloud
infrastructure is shared by several organizations and supports a specific
community that has shared concerns (e.g., mission, security requirements,
policy, and compliance considerations). It may be managed by the organizations
or a third party and may exist on premise or off premise.
Public vs. Private
Overall private clouds have higher levels of consideration
than public clouds with most of the enterprises but there are various other
models that are emerging.
Figure 4 Cloud Delivery Models
We need to
balance the business benefits of increased speed and lower cost with public
cloud offerings versus the security and ownership of infrastructure and service
management considerations while choosing between a public and private cloud
offering for a capability. The governance model, resiliency, level and source
of support, architectural & management control, compliance, customization /
specialization etc are other considerations.
Public and Private Clouds are preferred for different
workloads. Many enterprises still prefer to host their traditional applications
out of their private cloud. The top private workloads include
Data mining, text mining, or
Data warehouses or data marts
Business continuity and
As and when
a workload becomes more standard and the SLAs are well established, the same
service becomes easy to consume over a public cloud.This is similar to how you can access well
defined banking functions through ATMs. Only when you need some special
services you go to your bank these days.Similarly top public workloads include
Service help desk
Infrastructure for training and
WAN capacity, VOIP
Test environment infrastructure
Data Centre network capacity
Cloud Deployment Models
All the computing related functions that clouds provide are
accessed through a service catalog and delivered as integrated services. The
different layers of IT-as-a-Service are referred to as the Cloud Deployment
Models. More details of these definitions can be found at the NIST website which
is source for some of the text below.
Figure 5 Cloud Deployment Models
Infrastructure as a Service (IaaS) is the service
delivery model where customers use processing (server), storage, networks and other
computing resources/ data center functionality.Iaas has the ability to rapidly and elastically provision and control resources.
In this model customers can deploy and run software and services without the
need to manage or control the underlying resources. The IBM Research Compute
Cloud (RC2) is an example for this model. Smart
Business Desktop on the IBM Cloud is another example for IaaS that enables
desktop virtualization with a subscription service with no upfront fees or
capital expense. Consider reading about IBM
Cloudburst if you are building your own IaaS platform.
Platform as a Service (PaaS) is the delivery model
where customers can use programming languages, tools and platforms to develop
and deploy applications on multi-tenant shared infrastructure with ability the to
control deployed applications and environments. All of these again can be done without
the need to manage or control the underlying resources. IBM BPM BlueWorks provides
tools to build your own business process. WebSphere
Cloudburst is also something for you to look at if you building a PaaS
Software as a Service (SaaS) is the popular model
where customers use applications (Eg, CRM, ERP, E-mail) from multiple client
devices through a Web browser on multi-tenant and shared infrastructure without
the need to manage or control the underlying resources. An example of this
model is IBM lotuslive.
Business Process as a Service (BPaaS) is an emerging
model where customers can consume business outcomes (Eg, payroll processing,
HR) by accessing business services via Web-centric interfaces on multi-tenant
and shared infrastructures.Smart Business Expense Reporting on the IBM
Cloud is one of the offerings in this category.
As part of the first two parts of this series we have tried
to define the term “cloud computing”.Having understood what it is, let us now try to look at how and cloud
computing is gaining importance now.
As the world is becoming more interconnected, infrastructure
needs to become dynamic to bring together business and IT. Growth of
instrumentation, interconnection and intelligence in the world is driving the
emergence of IT and business services and the requirement for service
management systems. To create such a
dynamic infrastructure, the customers (businesses) are looking for following
have to worry about the full IT capacity they need at peak time.
only for what they actually use. They do not have to buy servers or
capacity for maximum use. i.e. Move to a reduced Capex (Capital Expense) model
with leveraging the economies of Opex (operating expense) for IT
allocation and de-allocation of resources or semi-automatically on demand
If you research on how the business can address or acquire
the above capabilities, cloud computing seems to be holding to the key answers
to the above considerations. An effective Cloud Computing deployment is built
on a Dynamic Infrastructure and is highly optimized to achieve more with less leveraging
virtualization, standardization and automation to free up budget for new
Computing is a new IT consumption and delivery model for businesses that makes
the above capabilities a reality.
AConsumption model: new user
experience and a business model
Standardized SERVICES offerings
Ease of access
Computing and Delivery model:
Integrated Service Management
Progression toward transformation starts with optimizing
existing assets/processes and leverages best in class technology at transitions.
Each step balances improvements in efficiency and effectiveness and can be measured
by business returns. However, an organization can move to cloud systematically
taking one step at a time, or they can move right to a cloud deployment if it
aligns best with their strategic vision for the business.
Readying the infrastructure requires the implementation of a
Dynamic Infrastructure:consolidate your
servers and storage, implement virtualization technologies to increase
utilization, standardizing your processes for operational efficiency, automating
procedures for a more flexible delivery and enabling clients for
self-service.Then you identify common
workloads and set up shared resources, and finally, to achieve a true
cloud-enabled environment, clients must be able to provision the workloads in a
to cloud consumption and delivery model is like a big transformation effort. So
before taking this long journey, it is important to understand the typical use
cases, workloads that you can move to cloud and the associated ROI.
Cloud Business Use Cases
One of the
earliest groups to take a step towards identifying some of these use cases is
Computing Use Cases Workgroup on google groups. This collaborative
effort of cloud consumers and cloud vendors has put out a white paper that
discusses some of the basic definitions. The paper further discusses the
various Use Case Scenarios from a Delivery and Deployment model perspective. The
white paper is in its fifth iteration were the group members are now discussing
what and how about “moving to the cloud”. The current version of the paper can
be found here.
effort on the subject on use cases from a business perspective is “Strengthening your
Business Case for Using Cloud” whitepaper from the open group.I was also one of the key contributors to this
effort. This White Paper incorporates a unique collection of Cloud business use
cases, findings, and conclusions that can help executives and business process
owners make the appropriate Cloud investment decisions. By describing
real-world granular business problems, requirements, and analysis of the value
and business implications of Cloud computing, reading this paper will equip you
with the necessary business insights to justify your path for using Cloud.
consideration is that the adoption of cloud computing will be workload
The delivery model (public, private or hybrid) selection
depends on the workload. The research studies by IBM indicate that the
different types of workloads that could be delivered internal with a private
cloud or on a fully shared environment on a public cloud are the following.
Database- and application-oriented workloads emerge as most
appropriate for private workloads where as Infrastructure workloads emerge as most
appropriate for the public cloud.
Most customers want to start with something under their
control and behind their firewalls.So
the tremendous interest today among businesses is for private clouds – in both
Large Enterprises and the Mid-market.There is also great interest in public cloud
services – especially with smaller clients for infrastructure services. As businesses
become more comfortable moving workloads to public clouds more domain applications
will become available on the cloud. This will also result in a proliferation of
hybrid clouds as businesses integrate their private cloud environments with
public cloud services.
Benefits of Cloud Computing
The analysis of these use cases as well as what is discussed
in the open group whitepaper, point to the following benefits of using Cloud
to dynamically source and consume IT services
(infrastructure, platforms, software, and business services) on a demand
use basis – an instantly secure and managed service provisioning process
to move/abstract the service complexity off-premise to provide more
efficient availability, resilience, and security patching
agility, ability to adjust to business requirements and market
forces on demand
risk management through improved business resiliency
pricing model, eliminating cost of excess capacity
and flexible service for users, enabling self-service
requests and delivering services more rapidly, with fewer errors, and
based on requested qualities of service or SLAs
time to marketand acceleration of innovation projects
costs, both capital and operational expenditures
up skilled resources to focus on high value work and innovation
Significantly improve energy
efficiency and reduce idle time
Cloud Deployment and Delivery Models
There are multiple delivery and deployment models that cloud
computing supports to deliver the promised capabilities. This choice and
flexibility of having different deployment delivery models is the key to
success of Cloud Computing platform. The cloud flexible delivery models include
Standard Cloud service types are emerging and guiding the IT
Industry development. The different deployment models are
as a Service (IaaS)
as a Service (PaaS)
as a Service (SaaS)
Process as a Service (BPaaS)
multiple deployment and delivery models can co-exist and it is possible to integrate
with traditional IT systems and with other clouds.We will discuss them in detail in the
Let’s start the first module with trying to understand and
define the term Cloud Computing in its details.It is comprised of two words – Cloud and Computing.So simply put it is computing that you can
offer on the cloud.What’s the Cloud
referred here? The term "cloud" is used as a metaphor for the
Internet, based on the cloud drawing used in the past to represent the network.The computing could be any goal-oriented
activity requiring, benefiting from the usage of Information Technology that
includes hardware and software systems used for a wide range of purposes;
processing, structuring, and managing various kinds of information;
There are several definitions that you can find on the web
for cloud computing.
National Institute of Standards and Technology (NIST),
Information Technology Laboratory has been promoting the effective and secure
use of cloud computing technology within government and industry by providing
technical guidance and promoting standards.
Definition - Cloud computing is a pay-per-use model for enabling
available, convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage,
applications, services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction.
- Cloud computing is Internet-based computing, whereby shared resources,
software, and information are provided to computers and other devices on
demand, like the electricity grid.
Internet-based computing was always available. So what’s
different now?The different is Cloud
computing is a paradigm shift. Cloud computing is a new consumption and
delivery model inspired by consumer internet services. Cloud computing is still
an evolving paradigm. But in general most of the companies involved with cloud
have agreed on certain general characteristics or essentials that qualify any
internet-based computing to be referred to as a cloud. They are the following
On-demand self-service - A consumer can unilaterally
provision computing capabilities, such as server time and network storage, as needed
without requiring human interaction with each service’s provider.
Ubiquitous network access - Capabilities are
available over the network and accessed through standard mechanisms that
promote use by heterogeneous thin or thick client platforms (e.g., mobile
phones, laptops, and PDAs).
Location independent resource pooling - The
provider’s computing resources are pooled to serve all consumers using a
multi-tenant model, with different physical and virtual resources dynamically
assigned and reassigned according to consumer demand. The customer generally
has no control or knowledge over the exact location of the provided resources.
Examples of resources include storage, processing, memory, network bandwidth,
and virtual machines.
Rapid elasticity - Capabilities can be rapidly and
elastically provisioned to quickly scale up and rapidly released to quickly
scale down. To the consumer, the capabilities available for rent often appear
to be infinite and can be purchased in any quantity at any time.
Pay per use - Capabilities are charged using a
metered, fee-for-service, or advertising based billing model to promote
optimization of resource use. Examples are measuring the storage, bandwidth,
and computing resources consumed and charging for the number of active user
accounts per month. Clouds within an organization accrue cost between business
units and may or may not use actual currency.
The intent of this blog is not to duplicate the content from
other web sites into this article. But provide a means to navigate through a
variety of resources that are available and take a structured approach to
understanding the term.Once we have
understood this basic definition, let’s look at other resources for further
·Is Cloud Computing same as
·Where can I learn more about Cloud
·What types of application can run
in the Cloud?
Computing Primer -Part 1 – This
white paper recommended as one of the resources for the Cloud Computing
Certification discusses the definition in detail. Beyond the definition, it
discusses the cloud computing context and how is it different from current
hosted services. Virtualization plays a key role for meeting some of the
characteristics of cloud like Elasticity and Scalability, Workload Migration
and Resiliency. This article discusses Virtualization and its effect on cloud
is computing. The article further tries to burst some common myths about cloud
computing should satisfy all the requirements specified: scalability, on
demand, pay per use, resilience, multitenancy, and workload migration.
Cloud computing is useful only if you are outsourcing your IT functions to
an external service provider.
computing requires virtualization
computing requires you to expose your data to the outside world.
networks are essential to cloud computing
To get an overview best is to start with these excellent 3 to 4 minute videos onintroduction to the basics of cloud computing
from common craft and rPath – Cloud Computing in
Plain English and Cloud
Computing Plain and Simple. Cloud
Computing Explained is another simple video that explains Cloud Computing
in a way that everyone can understand! You can find many videos on Youtube if you search for cloud
computing. But the best that I liked is this one where a Dad is explaining Cow
computing – I mean Cloud Computing to his daughter. Check it out.
share is another good place where I found there are some very interesting
presentations on cloud.
We had our first meeting of the IBM Cloud Certification Study Group yesterday.The objective of the study group is to pass the IBM Certified Solution Advisor Cloud Computing Architecture V1 certification exam I wanted to thank all the group members who attended and shared their ideas on how to study for the certification exam. We had groups members participate from all over the globe, from Sweden, India, North America and Australia. If you couldn't make it ,have no worries we'll arrange another meeting in a couple of weeks time. Please feel free to join us.
During our meeting we decided on a strategy of " Divide and Conquer" in our approach to studying for the exam. By this I mean, take advantage of each individuals strengths and share it with the group. One group member might be well versed on Cloud Security and another might be proficient on SaaS. The idea is to get together and share our knowledge.
During our meeting we covered the following:
Key areas of competency for the Cloud Solution Advisor certification
We've recorded our first session and if you'd like to watch the replay, it can be viewed here. PDF presentation files of the meeting are located here. We've also posted a couple of activities to complete prior to our second meeting. Those are located under the activities section of the group. If you'd like to be notified when we add additional activities let me know and I'll add you to the list.
I'm really looking forward to working with the study group and ultimately becoming a IBM Certified Solution Advisor too.
Cloud storage services have seen a massive increase in the number of users in the last few years - both in the personal storage space and the business use case. This increase has come with a lot of scaling challenges for the service providers. One such challenge is to implement a good resource sharing management system. The users may want to share their content with others; this is fine in ordinary conditions but when a user shares the content with a large audience, your service takes a hit due to hotlinking.
There are many other problems in this space. The content that has been shared might be of illegitimate origins or might contain offensive material, so the service becomes a vector for illegal activity. This is particularly troublesome in the case of pirated content. Another problem is that the shared resource might cause an unintentional denial of service attack on the service in case it is shared widely. The service would not be able to collect any meaningful analytics either. What if the user wants to consume the content themselves but cannot login every time to reach it? This is very common when a download manager is used for fetching the resource, or when the user wants to resume the resource download at a later time. What if the user wants to share the content with a limited set of people and would like that the resource URL expires after a certain time period? Solutions to all these problems and more find their use in cloud storage services like the Amazon S3, Google Cloud and Virtual Data Rooms.
URL signing is a scalable solution to the problems mentioned above. The idea is very simple - each resource URL is generated in a way that it is unique and is identifiably linked to the creator of that URL. This is done by including an identification object in JSON format in the URL as a parameter, which is encrypted as per the JOSE standard. This object can contain a number of claims which identify the issuer of the URL, the expiration time, the start time, the scope of sharing (which identifies who all have access to the content other than the creator), and the sharing policy (public vs. private vs. login required). When a request is received, the service provider verifies it using Public-key cryptography and denies all invalid requests.
URL signing comes with some caveats too, the biggest one being difficulty in implementing caching strategies. Let’s say that a user looks at a picture on a website. This picture is served to the user via a signed URL. If the appropriate headers are set on the resource, the browser will cache it and link it to the URL it came from. However with signed URLs, unless you maintain a state on the server side, or design a stateless algorithm that issues the same signed URL within a specified duration, the browser will not be able to leverage the cached image since the URL signature would change the next time the user looks at the picture. This is also problematic when the resource has a large size, so it takes considerable time to download it. In that case the user may want to download a portion of the resource later on but resume would not work if the signed URL changes. The increased degree of difficulty in implementation is well rewarded with the benefits that come with signed URLs though.
Both Google Cloud and Amazon S3 provide first class access to URL signing in their platforms, which differ a little in their implementation details. More details can be found in their respective documentations here and here.
With any new technology, there’s “fake news”, and SD-WANs are no exception. It’s true, SD-WANs probably won’t reduce your WAN costs by 90 percent or make WANs so simple a 12-year old can deploy them. But there are plenty of reasons to be genuinely excited about the technology -- and we’re not just talking about cost savings. Often, these “other” reasons get lumped into the catechisms of greater “agility” and “ease of use,” but here’s what all of that really means.
Align the Network to Business Requirements
When organizations purchase computers for employees, they try to maximize their investment by aligning device cost and configuration to user function. Developers receive machines with fast processors, plenty of memory, and multiple screens. Salespeople receive laptops and designers get great graphics adapters (and Apples, of course).
Mission critical locations, such as datacenters or regional hubs. These can be connected by active-active, dual-homed fiber connections managed and monitored 24x7 by an external provider -- and with a price tag that approaches MPLS.
A single, xDSL connection. This can connect small offices or less critical locations for significant savings as compared against MPLS.
Short-term connections. These can be set up with 4G/LTE and, depending on the service, mobile users can be connected with VPN clients.
All are governed by the same set of routing and security policies used on the backbone. By adapting the configuration to location requirements, businesses are able to improve their return on investment (ROI) from SD-WANs.
Easy and Rapid Configuration
For years, WAN engineering has meant learning CLIs and scripts, mastering protocols like BGP, OSPF, PBR, and more. It was an arcane art, and CCIEs were the master craftsmen of the trade. But for many companies, managing their networks in this way is too expensive and not very scalable. Some companies lack the internal engineering expertise, others have the expertise, but far too many elements in their networks.
SD-WANs may not make WANs simple, but they do allow your networking engineers to be more productive by making WANs much easier to deploy and manage. The “secret sauce” is extensive use of policies.
Policy configuration helps eliminate “snowflake” deployments, where some branch offices are configured slightly differently than other offices. Policies allow for zero-touch provisioning and deployment. Policies also guide application behavior, making it easier to deliver new services across the WAN without adversely impacting the network. With an SD-WAN, you really can drop-ship an appliance to Ittoqqortoormiit, Greenland and have just about anyone install the device.
Limit Spread of Malware
SD-WANs position an organization to stop attacks from across the WAN. The MPLS networks that drive most enterprises were deployed at a time when threats predominantly came from outside the company. “Security” meant protecting the company’s central Internet access point and deploying endpoint security on clients. Once inside the enterprise, though, many WANs are flat-networks with all sites being able to access one another. Malware can move laterally across the enterprise easily, as happened in the Target breach that exposed 40 million customer debit and credit card accounts.
SD-WANs start to address some of these challenges by segmenting the WAN at layer three (actually, layer 3.5, but let’s not get picky) with multipoint IPsec tunnels. The SD-WAN nodes in each location map VLANs or IP address ranges to the IPsec tunnels (the “overlays”) based on customer-defined policies. Users are limited to seeing and accessing the resources associated with that overlay. As such, rather than being able to attack the complete network, malicious users can only attack the resources accessible from their overlays. The same is true with malware. Lateral movement is limited to other endpoints in the overlay -- not the entire company.
Don’t Sweat the Backhoe
As much as MPLS service providers manage their backbones, none of that would protect you from the errant backhoe operator, the squirrels, or anyone of a dozen other “mishaps” that break local loops. Redundant connections are what’s needed.
With MPLS, that would normally mean connecting a location with an active MPLS line and a passive Internet connection that’s only used for an outage. Running active-active is possible, but can introduce routing loops or make route configuration more complicated. Failover between lines with MPLS is based on DNS or route convergence, which takes too long to sustain a session. Any voice calls, for example, in process at the moment of a line outage will be disrupted as the sessions switch onto a secondary line.
With SD-WANs use of tunneling, running active-active is not an issue. The SD-WAN node will load balance the connections and maximize their use of available bandwidth. Determination to use one path or another is driven by the same user-configured traffic policies that drive the SD-WAN. Should there be a failure, some SD-WANs can failover to secondary connections (and back) fast enough to preserve the session. The customer’s application policies continue to determine access to the secondary line with the additional demand.
Conventional enterprise wide area networks are a hodgepodge of routers, load balancers, firewalls, next generation firewalls (NGFW), anti-virus and more. SD-WANs change all of that with a single consistent policy-based network, making it far easier to configure, deploy, and adapt the WAN. As SD-WANs adapt to evolve and include security functions as well, the agility and usability of SD-WANs will only grow.
Implementation details about the Microservice can be studied in the source code by loading the project into your preferred Java IDE such as Eclipse.
Before the Microservice can be run inside Docker, the Docker technology must be installed on your local machine. You can follow step-by-step Docker installation procedure at: Docker Installation
Once Docker is installed correctly, you can test your installation using the following command:
docker run hello-world
Create a Microservice Docker Image
In the Docker ecosystem, there are two main concepts to understand.
Docker container: A Docker container is a lightweight instance of a Linux based OS running on top of your host Operating System
Docker image: Docker image represents your Application software + entire environment running inside a container
For the above microservice, the container loads the microservice image, and as part of this image it not only loads the Application Code for the microservice, but also the Java 8 environment it needs to run the microservice.
But, before you can load the microservice into Docker, you need to create a Docker image for that software. The steps to create the image are as follows:
Create a directory next to your microservice project
Copy microservice artifacts to the build directory
CMD java -jar hello-microservice-1.0-SNAPSHOT.jar server hello-microservice.yaml
From the Docker session, goto the hello-microservice-build directory and issue the command
docker build -t hello-microservice-local .
The Docker build process uses a file named Dockerfile to get its instructions about what to do when building an image. In this particular microservice, the Dockerfile instructs the Docker system to download an image called 'java:8'. This is the core infrastructure needed to run the microservice. Next it adds the microservice jar and configuration to the image. And later, it exposes the ports 9000 and 9001 to service the requests.
docker build -t hello-microservice-local . (is the command that processes the Dockerfile and produces the hello-microservice-local image)
Note: make sure this command is issued from the Docker session and not just any command line session.
Once this Java Microservice Docker image is created, it must be run inside a Docker container using the following command:
docker run -p 9000:9000 --name hello-microservice-local -t hello-microservice-local
With the recent exploration of cloud computing technologies, organizations are using cloud service models like infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) along with cloud deployment models (public, private and hybrid) to deploy their applications.
There is a concept in the cloud world that is based on application characteristics: the concept of cloud-enabled and cloud-centric applications. In this blog post, Dan Boulia provides a concise explanation about the concept.
You can say that a cloud-enabled application is an application that was moved to cloud, but it was originally developed for deployment in a traditional data center. Some characteristics of the application had to be changed or customized for the cloud. On the other hand, a cloud-centric application (also known as cloud-native and cloud-ready) is an application that was developed with the cloud principles of multi-tenancy, elastic scaling and easy integration and administration in its design.
When developing an application that will be deployed in the cloud, you must keep the cloud principles in mind. They should be taken into account as part of the application. So we come to the first point: Is it better to work within an existing application or to completely redesign it? There is no exact answer because it depends. You have to evaluate the level of effort (labor, time and cost) to transform the application into cloud-enabled versus the effort to completely redesign it to a cloud-centric application.
The second point is: Will my cloud-enabled application work better than a new cloud-centric application? Here I would say no. It’s rare to find an existing traditional application that was developed with any of the cloud principles in mind. It may be possible to construct the same feel (for the user) as a cloud-centric application, but it will not function the same way internally.
Changing an existing application could be easier since you already have the skills and tools in the organization and you won’t need to learn any new technology. However, while it may be easier to change the application, in the long term it will be harder to maintain. New technologies (social media, mobile, sensors) continue to appear and it is becoming more important to integrate them. Doing this will require additional and continuous effort and may exponentially increase development and supporting costs.
Now comes the third point: What can you use to help expedite the move or redevelopment of an existing application to a cloud-centric model? Many cloud companies have development tools that can help an organization on this path. For instance, IBM has recently announced IBM Bluemix, a development platform to create cloud-centric applications. Shamim Hossain explains the capabilities in more detail in his blog post. Another option is to use IBM PureApplication System to expedite the development.
I discussed some points here that I hope can provide a better understand about an important concept in cloud computing and how to address it. Let me know your thoughts on it! Follow me at Twitter @varga_sergio to talk more about it
Come to the first Cloud Foundry Meetup in the Waltham area this coming Wednesday, December 11th!
This meetup is your opportunity to learn more about Cloud Foundry and meet people excited about the technology.
On the agenda is an Introduction to Cloud Foundry: the technology and the community by Chris Ferris of IBM.
This will be followed by a talk by Renat Khasanshyn of Altoros on Implementing Cloud Foundry 2.0.
More information at: //bit.ly/1azS5PX
Managing software and product lifecycle integration has always been a challenge and with the rate of the new demands on the enterprise the challenges are increasing. Leaders from different standards organizations and industry will lead interactive discussions on the importance of open technologies to help enterprises manage the lifecycle activities within their environments. Learn about the direction lifecycle integration is taking as a result of the inclusion of open standards and the importance of this work to you. You will also hear how you can bring forward your requirements and influence the supporting work activities.
The Open Lifecycle Summit will feature short lightning talks and panel discussions with industry leaders such as OASIS CEO Laurent Liscia, Tasktop CEO Mik Kirsten, Opscode VP of Solutions George Moberly, and IBM Fellows Michael Michael Kaczmarski and Kevin Stoodley, and IBM VP of Standards and IBM Cloud Labs, Dr. Angel Diaz.
The Summit is free to attend for all those attending IBM Innovate. Join us for an exciting session and refreshments to start your attendance at Innovate 2013. For more information and to RSVP visit http://ibm.co/16jTusU
The challenges of
virtualized environments are driving the shift to greater integration of
service management capabilities such as image and patch management, high-scale
provisioning, monitoring, storage and security. Join us for this webcast to learn how
organizations can realize the full benefits of virtualization to reduce
management costs, decrease deployment time, increase visibility into
performance and maximize utilization.
Even though server proliferation can be partially addressed through virtualization, the usage of virtual and physical assets becomes complex to accurately assess or manage. Cost management is crucial to integrate into overall service management, especially with a move into cloud. This webcast discusses how to implement a financial management roadmap and the key requirements for cloud transparency-- the ability to allocate IT costs, usage, and value.
As a result of feedback from SmartCloud Enterprise customers
and business partners, IBM is rolling out new enhancements this week.*
In addition to the availability of IBM SmartCloud
Application Services, IBM’s platform-as-a-service offering, new and enhanced
capabilities for IBM SmartCloud Enterprise include:
Platinum M2 VM sizes, now generally available
Alternate Windows Instance Capture, now generally available
Windows Import/Copy pre-release, available by request
Windows 2012 pre-release, available to all users
Cloud Services Framework enhancements
APIs for guest messaging, new and available for all users
ISO 27001 Certification for all IBM SCE data centers
Object storage with enhanced portal integration with SCE
All the details of each new capability/enhancement can be
found on the SCE portal in the “What’s
New in SmartCloud Enterprise 2.2” document (SCE account sign-in is required
to review the document), but here are a few highlights:
IBM SmartCloud Application Services (SCAS)
IBM’s platform as a service -- IBM SmartCloud Application
Services -- runs on top of and deploys virtual resources to IBM SmartCloud
Enterprise. SmartCloud Application Services delivers a secure, automated,
cloud-based environment that supports the full lifecycle of accelerated
application development, deployment and delivery. SCAS provides an
enterprise-class infrastructure, enhanced security and pay-per-use, and allows
clients to differentiate themselves with built-in flexible options that
configure cloud their way – leading to a competitive advantage.
You can find the SmartCloud Application Services offering on
the “Service Instance” tab within your SmartCloud Enterprise account.
As a direct result of client requests, we are offering
additional flexibility and choice in Windows instance capture. Clients can now use
the “Save private image” function with or without the use of Sysprep, the
Microsoft System Preparation tool.
We invite you to learn more about all of these enhancements
via the documentation library in the SCE portal and welcome your feedback.
Thank you for your continued support!
* IBM will roll out these new
capabilities in waves beginning mid-December 2012. IBM’s platform as a service offering, IBM
SmartCloud Application Services, can be found in the “Service Instance” tab
within your SmartCloud Enterprise account.
DevOps has become something of a buzzword lately but the idea behind it can be truly powerful. Using a combination of technology and best practices to increase collaboration between development and operations teams can accelerate the application development lifecycle while improving software quality and reducing costs.
Here’s how IBM is addressing DevOps, with the launch of SmartCloud Continuous Delivery--an agile, scalable and flexible solution for end-to-end lifecycle management that allows organizations to reduce software delivery cycle times and improve quality. Learn more: http://ibm.co/UeAl0B
The challenges of managing virtualized environments are mounting. The benefits of virtualization—from cost and labor savings to increased efficiency—are being threatened by its staggering growth and the resultant complexity. A critical piece to solving these challenges, as many organizations have already discovered, is image management. Read more: http://ibm.co/SpHTlV
Orchestration can be one of those ambiguous concepts in cloud computing, with varying definitions on when cloud capabilities truly advance into the orchestration realm. Frequently it’s defined simply as automation = orchestration.
But automation is just the starting point for cloud. And as organizations move from managing their virtualized environment, they need to aggregate capabilities for a private cloud to work effectively. The automation of storage, network, performance and provisioning are all aspects handled in most cases by various solutions that have been added on over time as needs increase. Even for organizations that take a transformational approach -- jumping to an advanced cloud to optimize their data centers -- the management of heterogeneous environments with disparate systems can be a challenge not simply addressed by automation alone. As the saying goes, “If you automate a mess, you get an automated mess.”
With the proliferation of cloud computing, many businesses are starting
to adopt a service provider model—either as a deliberate strategy to
establish new revenue streams or, in some cases, inadvertently to
support the growing needs of their organizations. This is especially
true for companies with diverse needs, whether they’re tech companies
with dev teams churning out new apps and services, or business owners
driving requirements for SaaS services and cloud capabilities to enhance
their data center operations.
Computing is a term that is often bandied about the web these days and
often attributed to different things that -- on the surface -- don't
seem to have that much in common. So just what is Cloud Computing? I've
heard it called a service, a platform, and even an operating system.
Some even link it to such concepts as grid computing -- which is a way
of taking many different computers and linking them together to form one
very big computer.
basic definition of cloud computing is the use of the Internet for the
tasks you perform on your computer. The "cloud" represents the Internet.
Cloud Computing is a Service
The simplest thing that a computer does is allow us to store and
retrieve information. We can store our family photographs, our favorite
songs, or even save movies on it. This is also the most basic service
offered by cloud computing.
a great example of cloud computing as a service. While Flickr started
with an emphasis on sharing photos and images, it has emerged as a great
place to store those images. In many ways, it is superior to storing
the images on your computer.
Flickr allows you to easily access your images no matter where you are
or what type of device you are using. While you might upload the photos
of your vacation to Greece from your home computer, you can easily
access them from your laptop while on the road or even from youriPhone while sitting in your local coffee house.
Second, Flickr lets you share the images. There's no need to burn them to a compact disc or save them on a flash drive. You can just send someone your Flickr address.
Flickr provides data security. If you keep your photos on your local
computer, what happens if your hard drive crashes? You'd better hope you
backed them up to a CD or a flash drive! By uploading the images to
Flickr, you are providing yourself with data security by creating a
backup on the web. And while it is always best to keep a local copy --
either on your computer, a compact disc or a flash drive -- the truth is
that you are far more likely to lose the images you store locally than
Flickr is of losing your images.
This is also where grid computing comes
into play. Beyond just being used as a place to store and share
information, cloud computing can be used to manipulate information. For
example, instead of using a local database, businesses could rent CPU
time on a web-based database.
downside? It is not all clear skies and violin music. The major
drawback to using cloud computing as a service is that it requires an
Internet connection. So, while there are many benefits, you'll lose them
off if you are cut off from the Web.
Cloud Computing is a Platform
The web is the operating system of the future. While
not exactly true -- we'll always need a local operating system -- this
popular saying really means that the web is the next great platform.
a platform? It is the basic structure on which applications stand. In
other words, it is what runs our apps. Windows is a platform. The Mac OS
is a platform. But a platform doesn't have to be an operating system.
Java is a platform even though it is not an operating system.
Through cloud computing, the web is becoming a platform. With trends such as Office 2.0,
we are seeing more and more applications that were once the province of
desktop computers being converted into web applications. Word
processors like Buzzword and office suites likeGoogle Docs are
slowly becoming as functional as their desktop counterparts and could
easily replace software such as Microsoft Office in many homes or small
But cloud computing transcends Office 2.0 to deliver applications of all shapes and sizes fromweb mashups to Facebook applications to web-based massively multiplayer online role-playing games.
With new technologies that help web applications store some information
locally -- which allows an online word processor to be used offline as
well -- and a new browser called Chrome to push the envelope, Google is a major player in turning cloud computing into a platform.
Cloud Computing and Interoperability
A major barrier to cloud computing is the interoperability of
applications. While it is possible to insert an Adobe Acrobat file into a
Microsoft Word document, things get a little bit stickier when we talk
about web-based applications.
is where some of the most attractive elements to cloud computing --
storing the information on the web and allowing the web to do most of
the 'computing' -- becomes a barrier to getting things done. While we
might one day be able to insert our Google Docs word processor document
into our Google Docs spreadsheet, things are a little stickier when it
comes to inserting a Buzzword document into our Google Docs spreadsheet.
for a moment that Google probably doesn't want you to have the ability
to insert a competitor's document into their spreadsheet, this creates a
ton of data security issues. So not only would we need a standard for
web 'documents' to become web 'objects' capable of being generically
inserted into any other web document, we'll also need a system to
maintain a certain level of security when it comes to this type of data
Possible? Certainly, but it isn't anything that will happen overnight.
What is Cloud Computing?
brings us back to the initial question. What is cloud computing? It is
the process of taking the services and tasks performed by our computers
and bringing them to the web.
What does this mean to us?
With the "cloud" doing most of the work, this frees us up to access the
"cloud" however we choose. It could be a super-charged desktop PC
designed for high-end gaming, or a "thin client" laptop running the
Linux operating system with an 8 gig flash drive instead of a
conventional hard drive, or even an iPhone or a Blackberry.
can also get at the same information and perform the same tasks whether
we are at work, at home, or even a friend's house. Not that you would
want to take a break between rounds of Texas Hold'em to do some work for the office -- but the prospect of being able to do it is pretty cool.
Now 400 millions research papers are available for peace solution,but there is no result for the same,unless the messages posted in the website http://www.goldenduas.com are researched by all the researchers in the world.Otherwise the world cannot peace and unity for the following reasons.
Thank you very much joining with me in the interest of public,Safety and peace in the world.Most of my friends and followers are youngsters and good educated persons involving peace,Unity and safety amongst all communities in the world and accordingly we sought support from all of you to study and analyse the God's messages posted in the website www.goldenduas.com and same may be advertised all over the world on the reasons that every person are suffering,due to all kind of naturalcalamaties in the world.Unless God's messages posted in the website www.goldenduas.com are followed,otherwise No government and Scientist can safeguard life and liberity of the public of the all communities in the world according to Quranic verses 17:16 and 28:59.Internet services in the world and requesting support us to spread our website messages to each and every corner of the world to know and discuss by all the internet communities in the world. Holy Bible says: 1."Behold, I send you forth as sheep in the midst of wolves: be ye therefore wise as serpents, and harmless as doves". - Matthew 10:16. 2."Be strong, do not fear; your God will come, he will come with vengeance; with divine retribution he will come to save you". - Isaiah 35:4 Holy Quran says: 28:59. Nor was thy Lord the one To destroy a population until He had sent to its Centre An apostle, rehearsing to them Our Signs; nor are We Going to destroy a population Except when its members Practise iniquity. Our website http:www.goldenduas.com contains more information not only to avoid all kinds of natural calamities in the world but also to12:15 improve economic growths in business, education, employment, jobs, health, wealth, security, faith, climate changes (heavy snow,rain,heat etc),and causes unity and peace all over the world.Our service all over the world is a non-profitable service to all mankind and animals.
Please check our homepage of the website to know our services. Otherwise, the public of the world will suffer due to all kind of natural calamities till the day of resurrection and also they will fail to improve in economy in businesses,unity,peace,education,health,wealth,security,faith and also climate changes.
Organizations looking to optimize across the application lifecycle recognize the need for enhanced innovation and speed to market. Yet most IT resources are focused on covering the basics, leaving fewer resources to support business agility. The solution: Platform as a Service (PaaS).
IBM’s PaaS solution, IBM SmartCloud Application Services, or SCAS, allows clients to differentiate themselves with built-in flexible services that allow them build and customize cloud solutions their way – leading to a competitive advantage. Companies are using enterprise-class IBM Application Services to measure and respond to market demands, capture new markets, and reduce application delivery and management costs.
What are the benefits of a PaaS solution?
First, with IBM Collaborative Lifecycle Management Service, included within SCAS, development teams can establish shared team development environments in minutes – before it used to take weeks. Within hours they can quickly define their development team and begin working collaboratively to respond to business needs.
Another significant benefit of a PaaS approach is the time it takes to get an application deployed and to market. Application deployment can take weeks on a traditional environment but with IBM SmartCloud Application Services, applications can be deployed to the cloud in minutes.
SCAS also allows clients to respond rapidly to changing market conditions by deploying or modifying cloud-centric (“born on the cloud”) or cloud-enabled (legacy applications) quickly and easily. In fact, developers can move from the dev/test environment directly into production with SCAS, taking advantage of proven repeatable patterns contained within the SmartCloud Application Workload Service, thus eliminating human error. These repeatable patterns allow clients to eradicate errors by avoiding manual processes – this drives consistent results, increases productivity, and reduces risk.
IBM SmartCloud Application Services are compatible with the newly announced IBM PureSystems family. For example, through SmartCloud Application Services clients can rapidly design, develop, and test their dynamic applications on IBM's public cloud and deploy those same application patterns on a private cloud built with PureApplication Systems, or vice versa.
Want to try IBM’s PaaS . . . for free*? IBM SmartCloud Application Services is now in pilot and accepting new client who want to get ready to accelerate their cloud initiatives. Clients won’t pay for SCAS services during the pilot, but will only be charged for the underlying *SmartCloud Enterprise infrastructure used by the services (that’s because SCAS runs on top of IBM’s Infrastructure as a Service offering, SmartCloud Enterprise, or SCE). Existing SCE customers can get up and running on the pilot quickly and start realizing the benefits of PaaS right away.
To be considered for the program, new or existing SCE customers should IBM SmartCloud Application Services web site and click the button on the right titled, “Get a jump on the competition with the SmartCloud Application Services pilot program.”
Who is using IBM SmartCloud Application Services? CLD Partners, a leading provider of IT consulting services with a particular focus on cloud computing, began using SCAS during the beta which launched in 2011 and has now transitioned into the pilot program.
“We share IBM’s vision for how enterprise customers can achieve huge productivity gains by embracing cloud technologies. SCAS allowed us to utilize world class software in a managed environment that greatly reduced the complexity of the deployment while also providing for future scalability that our customers only pay for when they need it,” said Steve Clune, Founder and CEO of CLD Partners. “Ultimately, traditional infrastructure planning and configuration that would have required weeks was literally reduced to hours. And future flexibility as infrastructure needs change is virtually limitless.”
Who would be interested in the SmartCloud Application Services pilot program? IT Operations, Independent Software Vendors (ISVs), Line of Business, and Application Developers would benefit from the SCAS pilot program. And it doesn’t matter the company size, enterprise or mid-market; all types of businesses can realize value from getting their applications to market faster.
One of the exciting and valuable characteristics of IBM SmartCloud Enterprise is it's tight linkage with the IBM Software Group portfolio of offerings. In addition to the offerings from IBM Software Group, innovative software vendors are making exciting offerings available as well. There is an ever-growing list of offerings available to IBM SmartCloud Enterprise customers. These recent additions are now in the SmartCloud Enterprise public catalog and available to you to use.
BYOL - Bring Your Own License; PAYG - Pay As You Go
IBM Business Process Manager is a comprehensive BPM platform giving you visibility and insight to manage business processes. It scales smoothly and easily from an initial project to a full enterprise-wide program. IBM Business Process Manager harnesses complexity in a simple environment to break down silos and better meet customer needs.
The following BPM images are now available in the catalog:
IBM Process Center Advanced 7.5.1 64b - BYOL IBM Process Center Standard 7.5.1 64b - BYOL IBM Integration Designer 7.5.1 64b - BYOL IBM Process Server Advanced 7.5.1 64b - BYOL IBM Process Server Standard 7.5.1 64b - BYOL IBM Process Designer 7.5.1 64b - BYOL, PAYG IBM BPM Express 7.5.1 64b - BYOL, PAYG
IBM WebSphere Service Registry and Repository (WSRR) is a system for storing, accessing and managing information, commonly referred as service metadata, used in the selection, invocation, management, governance and reuse of services in a successful Service Oriented Architecture (SOA). In other words, it is where you store information about services in your systems, or in other organizations' systems, that you already use, plan to use, or want to be aware of.
The following WSRR images are now available in the catalog:
IBM WebSphere Service Registry 64bit BYOL IBM Image IBM WebSphere Service Registry 22.214.171.124 64bit BYOL
IBM WebSphere Message Broker (WMB) delivers an advanced Enterprise Service Bus (ESB) that provides connectivity and universal data transformation for both standard and non-standards-based applications and services to power your SOA.
The following WMB images are now available in the catalog:
IBM WebSphere Message Broker 126.96.36.199 64b BYOL
IBM SPSS Decision Management enables business users to automatically deliver high-volume, optimized decisions at the point of impact to achieve superior results.
The following SPSS image is now available in the catalog
IBM SPSS Decision Management 6.2 64b BYOL
From our partner Riverbed comes Riverbed® Stingray™. This software-based application delivery controller (ADC) designed to deliver faster and more reliable access to public web sites and private applications.
The following Riverbed Stingray images are now available in the catalog:
Riverbed Stingray V 8.0 RHEL 6 32 bit BYOL Riverbed Stingray V 8.0 RHEL 6 64 bit BYOL Riverbed Stingray V 8.0 SLES 11 SP1 32 bit BYOL Riverbed Stingray V 8.0 SLES 11 SP1 64 bit BYOL
Additionally, Alphinat SmartGuide provides visual, drag and drop tools that can help you quickly build interactive web dialogues that guide people to the relevant response, help them diagnose problems or lead them through a series of well-defined steps that make it easy to complete complex—or infrequently performed—tasks.
The following Alphinat SmartGuide images are now available in the catalog:
GridRobotics' Cloud Lab Grid Automation Server can manage any number of client or agent computers, which can be spun up automatically on public clouds like IBM SCE or private clouds. Grid Robotics’ Cloud Lab Classroom is a virtual classroom management solution.
The following GridRobotics Cloud Lab images are now available in the catalog:
GridRobotics Cloud Lab Grid Automation Base Server 1.4 32b R2 - BYOL GridRobotics Cloud Lab Classroom Base Server 1.4 32b R2 - BYOL
GridRobotics Cloud Lab Base Agent V 1.4 32b R2 - BYOL
computing tests the limit of security operations and infrastructure from
various perspectives. Let us examine what
is different about Cloud Security and identify what are existing threats and what
are the new areas that we should be concerned about.
Figure 2 Cloud Security - Existing & New Threats
I think what make cloud security complex is the number of
layers involved in the cloud service stack and the number of components in each
layers. So it means
·Increased infrastructure layers to
manage and protect
·Multiple operating systems and
applications per server
More Components = More Exposure
As we can see we already do perimeter protection at the
network and operating systems as well as do physical and personnel security for
the traditional infrastructure. All of them holds good for cloud as well to combat
the existing threats at these layers.
us examine what are the new points of exposure with cloud. Security and resiliency complexities are raised
by virtualization and automation which are essentials to cloud. The new risks
·Cloud Service Management Vulnerabilities
·Secure storage of VMs and the
·Managing identities on the
increasing number of virtual assets
·Stealth rootkits in hardware now possible
·Virtual NICs & Virtual Hardware
·Virtual sprawl, VM stealing
·Dynamic relocation of VMs
·Elimination of physical boundaries
·Manually tracking software and
configurations of VMs
managing these additional complexities, you need a reference model that is
comprehensive and covers security controls that can combat not only the
existing challenges but also the new challenges that cloud brings in.
Foundational Security controls for IBM cloud reference model (see below)
provides the different elements and controls required to build a secure cloud.
Figure 1 Foundation Security Controls for IBM Cloud
Managing datacenter identities (Identity and access
Management) is one of the top-most security concerns and we discussed how to
handle the same in my previous
post. I’ll discuss how to handle the
virtualization related threats in my next post.
Meanwhile let me know your comments on this reference model.
Do you think these set of controls are comprehensive. Do you see any areas not
covered from a cloud security perspective? If so, just add it as comment to
this post and let us discuss.
Join us for the 2012 IBMSmartCloud
Symposium event on 16-19 April 2012 in San Francisco, California. This
Symposium will help you Rethink IT and Reinvent Business.
event will introduce Cloud Computing’s disruptive potential to not only
reduce cost and complexity but reinvent the way we do business. Over the
course of four days, there will be sessions that define cloud computing
and discuss transformative benefits and challenges to consider while
sharing specific, proven patterns of success. We will provide proven
methods to get started on the Cloud journey from the up-front
investments to capacity planning. This event will cover the technology
behind private and public clouds whether you choose to build your own,
leverage prepackaged solutions or have it delivered as a service.
will explore challenges and solutions for securing, virtualization and
performance of mission critical applications as well as automating
service delivery processes for cloud environments. We will help you:
design, deploy and consume.
challenges for cloud , I discussed Security as the top concern. I also
detailed the top concerns with regard to securing the cloud in the subsequent post.
Cloud computing tests the limits of security operations and infrastructure for
the various security and privacy domains
Cloud brings in lot of additional considerations like
multi-tenancy, data separation, virtualization etc. In a cloud environment,
access expands, responsibilities change, control shifts, and the speed of
provisioning resources and applications increases - greatly affecting all
aspects of IT security.We will discuss
the different security aspects classifying them against specific adoption
patterns (see post here).
The cloud enabled data center pattern is the more predominant one which has Infrastructure
and Identity management as the top concerns.Within cloud security doing the right design
for the infrastructure security is the important aspect – the details of which
and how it is done by different public clouds we discussed in the previous post.
Now with regard to Identity lets discuss the top requirements, use cases and
look at what solutions that we can provide to make the cloud secure. Lets start
with managing datacenter identities which is the top concern.
Managing Datacenter Identities
Identity and Access Control needs to deliver capability that
can be used to provide role based access to securely connect users to the cloud.
The users include the cloud service provider as well as consumer roles. Within
each user groups we need to support User as well as Administrator Roles. The
identity and access management should the 4As - Authentication, Authorization,
Auditing and Assurance.
§For a cloud consumer user, it is
about making sure the user identity is verified and authenticated at the self
service portal and providing right access to the resource pools.
§For the administrator, we need to
provide role based access to Service Lifecycle Management functions
§We will need to integrate with
existing User Directory infrastructure (AD/LDAP/NIS) to extend the user
identity to the cloud environment as well.
§Once in the cloud environment, we
need to automatically manage access to the cloud resources, through provisioning
and de-provision of resource profiles and users against the resources in the cloud
identity and access management systems. Manual processes to manage accounts for
users on various virtual systems and applications are not going to scale in a
cloud environment. The same is true with the manual processes to process
various audit logs to meet compliance and audit requirements
§In massively parallel,
cloud-computing infrastructures involves enormous pools of external users as
well. We need to ensure smooth user experience for the users so that they don’t
need to enter their credentials multiple times to access various applications
hosted within the enterprise or by business partners and Cloud providers.
§Management of user identities and
access rights across hosted, private and hybrid clouds for internal Enterpise
users is also a major challenge that includes
oCentralized user access management to on and off-premise applications
oEnables Federated Single Sign-on and Identity Mediation across
different service providers
Lets look at some of the capabilities that we can leverage
to solution these requiremnts.
IBM Security Identity and Access Assurance - provides
the following capabilities.These
capabilities enable clients to reduce costs, improve user productivity,
strengthen access control, and support compliance initiatives.
and policy-based user management solution that helps effectively manage
Enterprise, Web, and
federated single sign on, inside, outside, and between organizations,
including cloud deployments.
and access support for files, operating platforms, Web, social networks,
and cloud-based applications.
with stronger forms of authentication (smart cards, tokens, one-time
passwords, and so on).
monitoring, investigating, and reporting on user activity across the
Tivoli Identity Manager complements its role management
capabilities with role mining and lifecycle management, provided by the
IBM Security Role and Policy Modeler component, which helps reduce time
and effort to design an enterprise role and access structure, and
automates the process to validate the access information and role
structure with the business.
Security Access Manager for Enterprise Single Sign-On offers wide
platform coverage, strong authentication enhancements, and simpler
deployments.It introduces 64-bit
operating system and application support, a virtual appliance for easier
installation and configuration of the server, expanded support for smart
cards, and simplified profiling.
Tivoli Federated Identity Manager offers additional Open Authorization
(OAuth) authorization standards support, (for business to consumer
deployments and utilization of cloud-based applications and identities),
enhanced security for Secure Hash Algorithm (SHA-2), usability
enhancements, and new Business Gateway capabilities.
As we discussed in my previous post, transparency or more
control is need of the hour with regards to security on the cloud.Let examine how this is done by the popular
cloud providers and understand the method and the technologies. We need to
secure the infrastructure, network, endpoints, applications, processes, data,
and information and overall have a governance to mitigate the risk and meet the
compliance. Let us take the infrastructure to begin with.
The key areas for a security team to design for with regards
to infrastructure security are
logs on all resources – VMs and hypervisors
Let us start looking at the public cloud implementations to
understand how they are managing these aspects.
Almost all the vendors – IBM, Amazon,
provide a means to do SSH with keys to the Guest OS. The protocol runs over SSL
and is authenticated with a certificate and private key which could be
generated by the customer.
SmartCloud is designed with enterprise security as a top priority. Access
to the infrastructure self-service portal and application programming interface
(API) is restricted to users with an IBM Web Identity. The infrastructure
complies with IBM security policies, including regular security scans and controlled
administrative actions and operations. Within our delivery centres, customer
data and virtual machines are kept in the data centre where provisioned, and
the physical security is the same as that for IBM’s own internal data centres.With virtual private network (VPN) option,
customers can isolate their servers in the IBM SmartCloud on a virtual local
area network (VLAN) that can act as an extension of their internal network.
This VPN capability can also be used to create security zones in an Internet-facing
configuration to better protect their servers against attacks.
roles across LotusLive and their access authorizations are recorded in a
Separation of Duty matrix.
security-rich infrastructure: Security configuration reviews
and periodic vulnerability scanning of all systems and infrastructure.
enforcement points providing application security: multi-layered
compliance with periodic programs that address all elements of the service
We will see how the infrastructure
security aspects are dealt with for private clouds in my next post. Stay tuned
and keep those comments coming. I’d some of my readers tell me that the blog
entries are not showing up fine on Internet explorer. While I will make the
effort to fix the issue, please use Firefox or any other browser in the
And if you these posts interesting dont forget to rate the post (click on the stars) and if you got an extra minute do put in a comment on what apsects you find interesting or need discussion.
IT Security is well researched and
matured area. The reason why we have enterprises doing commerce over the web
today is because IT Security practices, tools and technologies have matured to
establish the trustand have overcome the
concerns. As with most new technology paradigms, security concerns surrounding
cloud computing have become the most widely talked about inhibitor of
widespread usage as discussed in my previous post.
To gain the trust of organizations,
cloud services must deliver security and privacy expectations that meet or
exceed what is available in traditional IT environments. Let us discuss what’s are
the Top Security Concerns when it comes to cloud.
Transparency or Less Control
If we look at the security and
privacy domains in cloud, they are no different from the traditional domains.
We need to secure the infrastructure, network, endpoints, applications,
processes, data, and information and overall have a governance to mitigate the
risk and meet the compliance. But in a cloud environment, access expands,
responsibilities change, control shifts, and the speed of provisioning
resources and applications increases - greatly affecting all these aspects of
IT security. The different cloud deployment models like the public, private and
hybrid clouds also change the way we think need to about security. The
responsibilities are spread across Consumer, Service Resellers and Providers.
The immediate risks of these shared responsibility is that nobody gets a
holistic view of the security and so less customization of any security
controls. Consumers need visibility into day-to-day operations as well as need
access to logs and policies. The aspect of less visibility or transparency is
mostly the top most concern shared universally.
Data and Information Security
The next primary concern that
customers mention related to security on the cloud is related to data and
information security. The specific concerns include
§Protection of intellectual property and data
§Ability to enforce regulatory or contractual obligations
§Unauthorized use of data
§Confidentiality of data
§Availability of data
§Integrity of data
A shared, multi-tenant
infrastructure increases potential for unauthorized exposure especially in the
case of public-facing clouds. Security Administrators need to worry about
designing security for applications and data that are publically exposed which
can be potentially accessed by anybody on the internet.
Different industries and geographies have different regulations
and rules that they need to comply to depending on the workloads and data they
put on the cloud. Complying with SOX,
HIPAA and other regulations are one risk or issue because of which customers
are not ready to put their applications on the cloud. Cloud or no cloud for
these sort of workloads comprehensive auditing capabilities are essential.
Security Management - Methods and Tools
Finally customers would need to know how today’s enterprise
security controls are represented in the cloud.They need to understand how the security events are monitored correlated
and actions taken when needed to keep their infrastructure, workload and data
safe. Security coming on the way of high availability is another key
concern.IT departments worry about a
loss of service should outages occur because of security reasons. If so, when
running mission critical applications how soon you can get the environment back
at the same level of security is the priority.
Until all of these concerns are addressed and without strong
availability guarantees, customers may not be ready to run their apps in the
cloud. But things are not that bad as we might think. We will discuss how these
aspects can be addressed and what tools and technologies to put to use in the
With the barrage of cloud news constantly hitting the market, it can be challenging for organizations to differentiate between all of the solutions and capabilities out there.
But with the latest cloud offering from IBM, the value proposition is quite simple—you get a low-cost, low-risk entry to cloud computing with compelling features. This is especially important for organizations who are still trying to leverage the cost savings of virtualization.
Our customers have told us they’re looking to cloud computing to increase agility—the ability of IT to evolve and meet business needs—and they’re looking for ways to control expenses related to IT investments. They also want to reduce IT complexity while at the same time increase utilization, reliability and scalability of IT resources. And they are looking for the ability toexpand capabilities gradually, as their needs change and grow.
In designing a solution to meet all of these needs, we developed IBM SmartCloud Provisioning. Using industry best practices for cloud deployment and management, this new solution allows organizations to quickly deploy cloud resources with automated provisioning, parallel scalability and integrated fault tolerance to increase operational efficiency and respond to user needs.
The name doesn’t tell the whole story though. IBM SmartCloud Provisioning is a full-featured solution wrapped up in an easy-to-implement package. That means you get:
·Rapidly scalable deployment designedto meet business growth
·Reliable, non-stop cloud capable of automatically tolerating and recovering from software and hardware failures
·Reduced complexity through ease of use and improve time to value
·Reduced IT labor resources with self-service requesting and highly automated operations
·Control over image sprawl and reduced business risk through rich analytics, image versioning and federated image library features
Using this technology, we’ve seen customers get a cloud up and running in just hours—realizing immediate time to value. It’s fast—administrators have been able to go from bare metal to ready-for-work in under five minutes, or start a single VM and load OS in under 10 seconds, or scaleup to 50,000 VMs in an hour (50 nodes).
But ultimately, these IT benefits have translated to business benefits—customers have been able to see how cloud computing can impact their business, and how they can accelerate the delivery of new services to drive revenue.
With the new release of IBM SmartCloud Provisioning this week, you can try and see firsthandthe potential of this breakthrough technology to accelerate your journey to cloud.
And if you want a preview of what’s in development, you can join our Open Beta program for access to beta-level code.
In my previous post, we looked at understanding the
different adoption patterns – i.e. how customers are turning towards
cloud.Some of the key reasons of the
“why” are listed below
Ease of deployment
More flexibility in
supporting evolving business needs (both from a technical and business
Lower cost of
Easier way to scale
and ensure availability and performance
Overall ease of use
While all of these are good, there are
still many yet to get on to this cloud computing train. Let’s explore what are
their key concerns or challenges why they are reluctant to jump in. The
following are inputs that I’ve got from various analyst studies and resources
on the internet.
Securityand Privacy- The top most concern that everybody seem to agree
as a challenge with cloud is security. The data security and privacy
concerns ranks top on almost all of the surveys. Cloud computing
introduces another level of risk because essential services are often
outsourced to a third party, making it harder to maintain data integrity
and privacy, support data and service availability, and demonstrate compliance.
Real Benefits / Business Outcome – Though we have several case studies showcasing
the benefits arising out of implementing cloud technologies, some of the
customers are still not convinced on the possible benefits. Their main
concern is how to realize the investment to full potential and make cloud
part of their mainstream IT Portfolio.Enterprises
need to a good view into the real benefits of cloud computing rather than
the seeing the potential of cloud computing to add value. The return on
investment (ROI) on cloud needs to be substantiated by comparing specific
metrics of traditional IT with Cloud Computing solutions that can show
savings that demonstrate cost, time, quality, compliance, revenue and
profitability improvement. The cloud ROI model should include things such
as indicators for comparing the availability, performance versus recovery
SLA, Workload-wise assessments, Capex versus Opex costs benefits,
Service Quality: Service quality is one of the biggest factors that the enterprises
cite as a reason for not moving their business applications to cloud. They
feel that the SLAs provided by the cloud providers today are not
sufficient to guarantee the requirements for running a production
applications on cloud especially related to the availability, performance
and scalability.In most cases,
enterprises get refunded for the amount of time the service was down but
most of the current SLAs down cover business loss. Without proper service
quality guarantee enterprises are not going to host their business
critical infrastructure in the cloud.
Performance / Insufficient responsiveness over
network: Delivery of
complex services through the network is clearly impossible if the network
bandwidth is not adequate.Many of
the businesses are waiting for improved bandwidth and lower costs before
they consider moving into the cloud.Many cloud applications are still too bandwidth intensive.
Integration: Many applications have complex integration needs to connect to other
cloud applications as well as other on-premise applications.These include integrating existing cloud
applications with existing enterprise applications and data structures.
There is a need to connect the cloud application with the rest of the
enterprise in a simple, quick and cost effective way.
I plan to discuss more on what are the
perceived and real threats related to Security and Privacy in my subsequent
posts. In my new role, as an Architect for IBM Security Solutions,
I’ll like to discuss the details on what IBM tools and technologies you could use to overcome the issues.
Meanwhile keep those comments coming and I look
forward to them to understand what other areas you think are key
concerns to be addressed to accelerate adoption of cloud.
The IBM Tech Trends report is out! We asked, you answered. Check out the results of IBM developerWorks' 2011 Tech Trends survey and find out what more than 4,000 IT professionals -- your peers -- have to say about the future of technology, including their opinions on cloud computing, business analytics, mobile computing, and social business.
The report provides insight from the worldwide IT development community into the adoption, preferences and challenges of key enterprise technology trends including cloud, business analytics, mobile computing, and social business. The results also provide guidance on areas where IT professionals like you say they need help with skills to develop new technologies and platforms that will be in demand in the coming years.
As we focus in on cloud, there is absolutely a growing trend in cloud computing to view it as more than just cheap infrastructure. Companies are now exploring the possibility of developing applications in the cloud (you guys are already doing that) many of them related to mobile development.
Currently the biggest challenge is integrating the cloud into application development as the reduction of operating expenses is the driver of this move. We still have a way to go however with 40% of the survey responders saying their company is not yet involved in cloud currently. Hmm, interesting right.
The cool news is that the expectation from those same responders is that over the next two years 75% of the IT professionals responded that they expect that this will change and that theirs and other enterprises will take to building cloud infrastructure.
I did discuss the - The Next Big thing – Cloud enabled
business model Innovation in my previous post. But you may be asking where do I
start.That’s where I guess Cloud
Adoption Patterns work that IBM has pioneered is going to help. This is some
great analysis - Cloud Adoption
Patterns that IBM have done based on thousands of cloud engagements that we
have done so far. This analysis is a good abstraction of the ways organizations
are consuming cloud -- a good starting /entry point discussions on cloud.
The four most common entry points to cloud solutions are discussed in the
picture above. I love these videos on youtube - Cloud Adoption
Patterns that tells you the essence of these patterns in less than 2 minutes.
Data Center – to achieve better return on investment and manage
complexity by extending virtualization well beyond just hardware consolidation.
Solutions on Cloud – to access enterprise-level capabilities through a
provider’s applications running on a cloud infrastructure; to improve
innovation and flexibility while minimizing risk and capital expense.
Service Provider – to innovate with new business models by building,
extending, enabling and marketing cloud services.
For each of these patterns of cloud adoption, we have defined a set of
proven projects that it supports with software, services and solutions to help
businesses streamline the implementation of their chosen cloud capabilities.
While the Cloud
Enabled Data Center pattern is the case for most of the private cloud
implementation. Most customers start with providing infrastructure as a service
on the cloud. This pattern also discusses how we can share infrastructure
across multiple projects and drive benefits.This also discusses a lot of automation in the operation and business
process that’s possible to have a responsive IT department that can help the
business to be agile.
The next level of gain or reuse would be run your workloads on a shared
stack of middleware.Platform
as a Service Pattern is an integrated stack of middleware that is optimized
to execute and manage different workloads, for example, batch, business process
management and analytics. This middleware stack standardizes and automates a
common set of topologies and workloads, providing businesses with elasticity,
efficiency and automated workload management. A cloud platform dynamically
adjusts workload and infrastructure characteristics to meet business priorities
and service level agreements. All the layers below understanding what workloads
are running on top of it and optimizing self is going to help run these
workloads more efficiently and at a lower cost.The Cloud Platform Services adoption pattern can improve developer
productivity by eliminating the need to work at the image level so that
developers can instead concentrate on application development.
solutions pattern maps to the SAAS model where you leverage cloud toinnovate with speed and efficiency to drive
sales and profitability. In these we
look at creating and consuming business solutions on the cloud. Some of the key
offerings in this space are things like business process design, social and
collaboration tools, supply chain and inventory, digital marketing
optimization, B2B integration Services etc. These generic services consumed
from the cloud relieves you of the pain of setting up things from scratch as
well as enable you to scale based on your demands.
Cloud Service Provider (CSP) Pattern is the one that most of the Telcos
adopt when they have to service multiple consumers with a single cloud
solution. We provide tools and technologies to design and deploy highly secure,
multi-tenant cloud services infrastructure that can integrate nicely with
plenty of 3rd party applications.
As we understand it is easy to do the IaaS pattern and more
work to do when we implement SaaS or CSP patterns. But the gain is more when we
do sharing at the software or application level. Depending on where you are in
your current IT Environment, you can pick up and implement any of these
patterns that suit you. The work that we have done to analyse these patterns
and provide a consistent set of technologies and tools to build out these
patterns should make life easy for you. Leverage it –less pain and more to gain.
There's still time to sign up for the IBM webcast: Managing the Cloud – Best practices for cloud service management
Organizations today are looking to cloud computing to deliver cost savings and faster service delivery. However, most organizations are still struggling to have the basic IT infrastructure that is necessary to take the leap to a robust cloud. This session will explain how service management can help provide the essentials to maintain service levels in the cloud and best practices based on IBM's work with customers. This information will provide the foundation for building and managing a cloud to meet your business objectives and transform IT.
The Next Big thing – Cloud enabled business model Innovation
I remember the day when one of our Executives - Nick
Donofrio visited us in India.
He is like the chief mentor for all the members of the IBM technical community
and he has seen IBM and the IT industry for many years. He was addressing a
Technical Exchange event few years ago and then someone in the audience asked
him this question – “Sir , you have seen technology for so many years now – can
you tell us what’s going to be the next big thing in terms of
invention/innovation”. Everyone was all ears waiting for the answer - is it the
next version of the internet, the search, a web2.0 application or may be an
intelligent mobile app. But his answer was that he believes that there is not
going to be any next big thing in technology. The next big thing for all of us
is going to be Business model innovation. Even today his statements holds very
true. Businesses that are able to reinvent their business model are succeeding
and managing to stay on top and others vanish from the scene.
There are lots of innovative and technical things happening all
around us like
and doing more and more using mobile devices
Media – thinning the line between work and life and business having reach
to your social network
Data and its related analytics giving the business insights that were not
possible few years ago.
I believe the next big thing is going to be how well you can
use all these elements for business seamlessly and cost effectively. The key to
succeed is to use technology to do this business model innovation and do it
How do you do it faster ?-- The answer is cloud.This is something that I’m saying based on
the data that IBM has got analyzing over 2000 customers cloud adoption
patterns. All of them have seen the below advantages with Cloud.
Considering all these factors, I think the next big thing is
Cloud Enabled Business Model Innovation. I was able to relate with some of the
latest announcements that we have made in the cloud easily because they are
just restating my same belief.As
discussed in this interesting
video by IBM's Saul Berman (Innovation & Growth Leader), 60% of the
customers that IBM interviewed is saying they would consider cloud immediately
and 70% of the them intend to use cloud to enable business model innovation. Based
on the rate at which they adopt the new technologies they may be an Optimizer (looking
at improving existing model), Innovator (looking at new model) or a Disruptor (who
is ready to bring in game changing ideas).
So as today’s IT leaders, let us broaden our focus from merely
delivering technology to solving larger business issues. One great opportunity for that is to tune in
or be present for the SWG
Universe India 2011.You will get a
chance to listen to some great speakers who will talk about how to use cloud
for business model innovation.
Cloud enabled Business Model Innovation I feel is the next
big thing that could change IT and Businesses. – So come let’s Rethink IT & Reinvent Business
In order for me to be responsive to your reading interests and learning needs, I thought I'll take a short feedback that will help me understand your reactions to my blog. Request your response by taking this short survey. This should not take more than two minutes 30 seconds of your time. It is primarily for me to improve the focus on my blog. Please note that there is nothing official about this survey and all responses are anonymous within the system.
You can see all the blog entries in this category by clicking on the tag "stepbystep" If you liked any entry in the blog, please rate it by clicking on the "star"
or feel free to provide your comments and inputs through this feedback form.
You can access the feedback form here. Look forward to your comments and inputs.
I've been writing about the step by step approach to Cloud
till now. The rate at which I see cloud computing being adopted inside and
outside the Enterprise, I think we really need to get out of our step-by-step
approach and start riding the wave. IBM has implemented may be over 2000
cloud engagements in the last year and are managing over 1 million virtual
machines today.We have identified the
customer cloud adoption patterns and entry points to cloud and have lots of
lessons learnt and experience to share.So won’t it be nice if we could talk to you about the things as well as
share the best practices with you.All
of it is difficult to discuss through a blog. So You have a better option – The IBM Software Universe 2011 – The Next Big Wave.
Yes, the 7th edition of IBM India’s largest annual software
conclave is happening this year Oct 19th and Oct 20th.I believe it would be time well spent to
learn from our learnings and accelerate your adoption of cloud.We have some interesting sessions on Private Cloud [R]Evolution which will
discuss some of the key trends and technologies to look at for building the
cloud insider your firewall. If you are looking to understand how to expand
your existing Data Center capabilities to have better visibility, control and
automation across your physical and virtual environments then “Integrated Service Management – Thinking
Beyond the Data Center” is a must attend session.If you are one of those business or
Enterprise IT Manager who is looking to start with the cloud – you don’t want
to miss the “Get Your Head in the Cloud” session which can tell you how you
could get some of your collaboration requirements from the cloud.
Finally it is wonderful opportunity for you to talk to some
of the Distinguished Engineers and IBM Fellows who can spend 1:1 time with you
to listen about your issues/problems as well as discuss the future roadmap. For
instance, Bala Rajaraman who is the Distinguished Engineer with
responsibilities including the architecture and design for Cloud &
Service Management solutions is going to be in India and it is your opportunity to
catch up with Bala.
Last but not the least, there is going to be Solution Expos
that will be setup for you, so you have a opportunity to touch and feel the
cloud solutions. This should include industry specific demos and
technology/product demos from IBM as well as partners.
So be there on Oct 19, 20that the IBM Software Universe 2011. It is
going to teach you a new skill – How to ride the next big wave… the cloud wave..
Join us for the Managing the Cloud Webcast series to learn more about best practices, technical approaches and capabilities to help solve your business and technical challenges in the cloud. Sign up for these free 1 hour webcasts today.
Organizations today are looking to cloud computing to deliver cost savings and faster service delivery. However, most organizations are still struggling to have the basic IT infrastructure that is necessary to take the leap to a robust cloud. This session will explain how service management can help provide the essentials to maintain service levels in the cloud and best practices based on IBM's work with customers. This information will provide the foundation for building and managing a cloud to meet your business objectives and transform IT.https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-tivoli-nov8managingcloud