CloudNavigator

Peter Galvin has a great blog post on NAS technology.  While he doesn't specifically talk about NAS IAAS solutions it is still worth a look.   

In this paper from the folks at Netflix there is great advice for best practices for migrating from an RDBMS to a Cloud Based Key-Value database.

The case study in the paper is how Netflix moved their movies on demand service from an in-house Relational Database solution to an Amazon Cloud SimpleDB based solution.

It makes for some good reading about these types of conversions.

It occurred to me recently that “Information Technology”, IT, is actually two words. Sometimes in this trade we get hung up on the second word and forget the first.

The Technology side of our world is increasingly abstracted and commoditized. I’m not so sure The Information is something that can be. It takes analytical skills, mathematics, communication capabilities, and an understanding of the information consumers to actually do something of value with The Technology.

By abstracting the hardware, getting rid of any physical infrastructure, and moving into the Cloud, what do you have left? The Information. The important part. The bit we usually overlook when we say “IT”.

How can you differentiate from your competitors if all of the Technology is essentially the same, inexpensive and readily accessible?

You’ll still need customer support, administrators, testers, developers, and project managers to support Cloud operations. So perhaps you can differentiate on your best practices, operational skills, and customer relationships.

Alternatively, and more valuably, you can differentiate based on your ability to manage, process, and deliver useful, timely , understandable, and accessible Information to the folks that need it. That is why we have IT in the first place.

I recently came across this blog post Malware-as-a-Service over at Splunk.

The folks who are developing large networks of compromised PC’s, for running DDOS attacks, mining for personal information, distributing SPAM, and other evil purposes need a place for their virus-infected systems to “phone home”. A place to control and manage their dark virtual empires.

If you are writing an app that needs to scale fast, potentially exponentially, and you want to be able to move out of the business quickly leaving minimal traces, and to start with as little initial overhead as possible (ie, not set up a data center) a cloud provider is the way to go.

I can think of a number of applications which bad guys might be able to leverage this technology for.

Should cloud providers care if they are also enablers of evil? How do they decide?

I find the new release of Opera Unite really interesing.

In some ways Opera Unite is the opposite of a Cloud Service.   Instead of publishing content "out there somewhere", you publish it right here on your very own PC.  It is fast and easy to flip a switch and offer all sorts of content (and processing power) to the world.  You don’t have to be an infrastructure architect, human factors specialist, system administrator, or IT professional to publish.  You don’t even have to know what DNS is.

Of course it is a Corporate Information Security person’s nightmare personified (less than 24 hours after its release my workplace already blocks even the links to Opera’s press releases on the tool).   The obvious concern is that if non-professionals start setting up their PC’s as webservers, there will be a whole new suite of successful hacker attacks on these unsuspecting producers.

Presumably Opera thought of that, and is being careful about managing that risk.  Time will tell.

It is fairly easy to imagine an organization leveraging this technology combined with a volunteer model like SETI@Home uses, to build a distributed application hosted on participating PC’s all over the world.  It seems possible, with minimal technology investment, and without requiring terribly sophisticated volunteers, said organization could scale their application to millions of computers worldwide.  Pretty cool, and you probably could call that Cloud Computing.

Something I’ve thought about, on and off, over the years is:  "How would one build an eCommerce infrastructure to support an illicit drug business?"   When I first started thinking about this, I was still working as the Information Systems Manager for the police departments in Central Maine.  "How would we catch them?" was the angle I was coming from.

Ultimately every webserver has an IP address and is routable.  What that means is ultimately, law enforcement authorities can track down and identify the exact location of the server.   There are offshore proxy servers and IP anonymizers that can make this very difficult, but it could still be done.   I’ve often thought the way to go is to build cheap, disposable web servers.  Perhaps ones that only run for a few hours before they self destruct .   You toss it in the bushes near a free wifi spot, use dynamic DNS, then spend your energy hiding the back end ecommerce engines instead of worrying about the side your customer sees.   By the time the webserver is physically located, it would long since have rendered itself useless.

Well, this could take quite a bit of engineering.  Opera Unite, however, makes it all so much easier.  You can use commodity hardware and software.  You could even use a 3G enabled smart phone.  You could still go the disposable server route.  This thought experiment, running through design scenarios, is something I find fun to work on when I have idle cycles.  The technology keeps changing and getting more interesting.  

Opera Unite was released at about the same time as the recent Iranian public uprising.  At the time organizers were using text messages to communicate with the members of their movement.     My first thought when I was reading about the events taking place was maybe they could use Opera Unite to organize the protests, publish information, videos, and more.  The text messages would only simply have to have a URL in it.  If the PC’s were moving around, and/or disposable, it could be very hard for the authorities to catch the organizers.

Maybe Opera Unite will fuel a new round of hackers.  Maybe it will be the IT solution for a "good cause".  Maybe it will become a tool of the underworld.  Or maybe, it will be an architecture for democratic revolution.   It certainly is an interesting new tool.

 

 

 

Most web service managers and architects I talk to describe their architecture as a "3-tier" model, meaning they have a web server tier, and appserver tier, and a database tier.  However most such architectures in fact turn out to be much more complicated with ESB components and other connectors, access control services, mulitple layers of data sources, firewalls, intrusion detection systems, audit servers, disaster recovery support and more.   Sure there are pieces which fall neatly into one of the classic three tiers.  However there are a lot of gray areas, side-bars, and odd pieces in the typical architecture as well.

Many popular web content management systems such as Django are particularily hard to fit in that model.

The traditional "Load Balancer" was a technology that mapped neatly into the spaces between the layers in the 3-tier model by providing horizontal scaling for at least the web layer and the appserver layer.   Nowadays, the technology has morphed what F5 calls Application Delivery infrastructure.  Intelligent adaptive traffic management which is almost a "tier" in and of itself.   In a lot of ways, deployment of F5 technology can render the webserver front-end to your application largely irrelevant (obsolete?).

Recently I came across Harbor which obliterates the traditional box based appserver layer by letting you write Java programs and then deploy the various classes to wherever in the cloud it makes sense to run them.  Cool technology!  The developer becomes abstracted from having to know where in the infrastructure they are running.  The application becomes highly flexible, adaptible, and hardware/platform independent.  Perfect for deployment in ambiguous Clouds.   Harbor seems cutting edge.  Clearly it will take some time for a paradigm shift such as what it represents to really catch on.

Throw in a neo4j data model (or two) - which I blogged about earlier and maybe it is time to finally break out of  the old 3-tier web architecture box and retire the concept….  

 

 

 

 

Here is a short posting titled "How Cloud Computing Hurts Venture Capitalism" which talks about the impact the new Cloud Infrastructure providers have on startup company strategies. 

Is the Relational Database Doomed?  is the title of a very interesting article exloring the pro’s and con’s of "key/value" databases, a common data structuring technique in Cloud Computing.  Clearly data management and modeling is evolving along with the technology we are using to store and access it

Due to the fluidic nature of the Cloud Computing architecture, your data could move around.  A system has to be devised that lets you keep track of where your data is, when you need it.  Traditional Vertical Scaling (building bigger and bigger boxes) has natural and obvious constraints.  It is not a model that lends itself well to cloud models.  The "key/value" data model described in the article is one technique for organizing certain kinds of data in a highly scalable array of inexpensive computing resources (a cloud).

In the comments to the article someone points out neo4j, an open source database technology which models data using Graph Theory techniques rather than as Tables.  As someone who really enjoyed graph theory in college, this data modelling approach really intriques me and will require much closer study as time permits.  (The graduate level Graph Theory course I took as an Undergraduate at U.Mass Lowell was one of the most challenging, mind expanding and interesting classes of my undergraduate and post-graduate education.)

 

Here’s an idea I had this morning - Could the Federal Government set up Cloud based services for use by various Federal Agencies (or even state and local agencies)?  It wouldn’t really be a centralized IT department in that each agency would still get to own the applications and data.  However the economies of scale and dynamic capacity and backups and recovery and even security management could be centralized.  Obama had mentioned he wanted to create the "Google of Government".  Maybe more than a search engine they should set up some Google/Amazon like Cloud Computing SaaS and IaaS too.

I’m sure that many government IT demands are fairly cyclical.  Maybe leveraging this kind of technology could keep overall costs down by being able to offer that extra capacity to other agencies who have complementary requirements.

They could even hand out some cool sounding job titles titles  such as "Assitant Deputy Secretary of the Cloud". 

 

ComputerWorld released Part Two of The Case Against Cloud Computing yesterday.  In part two they take a close look primarily at the challenges meeting audit and compliance requirements when some of your infrastructure is outsourced to a Cloud SaaS provider.

I’m not convinced those challenges are that much greater with a Cloud architecture than any other.

Audit requirements (legal, financial, or otherwise) all boil down to being able to answer the same basic set of questions - "Who had access to the data?", "When did they have access?", "Who changed the data?", and "When did the data change?".   The requirements are really about the DATA, not the architecture.   So, can you answer those questions in a Cloud SaaS?  Sure.  Perhaps you will need to include the vendor, perhaps not.  (Is the data encrypted while it is in the cloud?)  Specific methodologies for answering audit questions will necessarily vary depending on the architecture.  For example in a Cloud application you might now need to include proxy server or firewall logs.

Compliance analysis is differentiated from audit requirements in that sometimes you want real-time feedback if there are policy violations.  In the case of data abuse or other unauthorized data access, such metrics and monitors would probably need to be designed along with the cloud application similar to any traditional application.

Data Backup and Disaster Recovery processes, which are sometimes driven (rightly or wrongly) by meeting audit  requirements, could be serviced via a well negotiated SLA which would include contract mandated tests.

Change Management, is also sometimes driven in part by audit requirements (rightly or wrongly).   By their very nature, Cloud insfrastructures are usually fairly dynamic.  A rigid change micromanagement bureaucracy could quickly erode any advantage Clouds offer.  Just like some of other processes supporting Cloud infrastructure, change management is going to have to adapt as well.  Step back and consider the reasons for implementing Change Management in the first place.  How can some of those same goals be achieved (can they be achieved?) when you are deploying in a Cloud?  Rather than focusing initially on jamming your legacy processes into the new paradigm, focus on the real problem.   If the Cloud is well engineered, then maybe changes within the Cloud, as long as they are within engineering tolerances, need not be subject to more process than simply logging the internal change.  Grander activities, such as deploying new application releases and fundamental changes in the architecture would need bureaucratic oversight.  Where do you draw that line?  Certainly it is something else that will have evolve and require flexibility to succeed.