CloudNavigator

I recently came across this blog post Malware-as-a-Service over at Splunk.

The folks who are developing large networks of compromised PC’s, for running DDOS attacks, mining for personal information, distributing SPAM, and other evil purposes need a place for their virus-infected systems to “phone home”. A place to control and manage their dark virtual empires.

If you are writing an app that needs to scale fast, potentially exponentially, and you want to be able to move out of the business quickly leaving minimal traces, and to start with as little initial overhead as possible (ie, not set up a data center) a cloud provider is the way to go.

I can think of a number of applications which bad guys might be able to leverage this technology for.

Should cloud providers care if they are also enablers of evil? How do they decide?

I find the new release of Opera Unite really interesing.

In some ways Opera Unite is the opposite of a Cloud Service.   Instead of publishing content "out there somewhere", you publish it right here on your very own PC.  It is fast and easy to flip a switch and offer all sorts of content (and processing power) to the world.  You don’t have to be an infrastructure architect, human factors specialist, system administrator, or IT professional to publish.  You don’t even have to know what DNS is.

Of course it is a Corporate Information Security person’s nightmare personified (less than 24 hours after its release my workplace already blocks even the links to Opera’s press releases on the tool).   The obvious concern is that if non-professionals start setting up their PC’s as webservers, there will be a whole new suite of successful hacker attacks on these unsuspecting producers.

Presumably Opera thought of that, and is being careful about managing that risk.  Time will tell.

It is fairly easy to imagine an organization leveraging this technology combined with a volunteer model like SETI@Home uses, to build a distributed application hosted on participating PC’s all over the world.  It seems possible, with minimal technology investment, and without requiring terribly sophisticated volunteers, said organization could scale their application to millions of computers worldwide.  Pretty cool, and you probably could call that Cloud Computing.

Something I’ve thought about, on and off, over the years is:  "How would one build an eCommerce infrastructure to support an illicit drug business?"   When I first started thinking about this, I was still working as the Information Systems Manager for the police departments in Central Maine.  "How would we catch them?" was the angle I was coming from.

Ultimately every webserver has an IP address and is routable.  What that means is ultimately, law enforcement authorities can track down and identify the exact location of the server.   There are offshore proxy servers and IP anonymizers that can make this very difficult, but it could still be done.   I’ve often thought the way to go is to build cheap, disposable web servers.  Perhaps ones that only run for a few hours before they self destruct .   You toss it in the bushes near a free wifi spot, use dynamic DNS, then spend your energy hiding the back end ecommerce engines instead of worrying about the side your customer sees.   By the time the webserver is physically located, it would long since have rendered itself useless.

Well, this could take quite a bit of engineering.  Opera Unite, however, makes it all so much easier.  You can use commodity hardware and software.  You could even use a 3G enabled smart phone.  You could still go the disposable server route.  This thought experiment, running through design scenarios, is something I find fun to work on when I have idle cycles.  The technology keeps changing and getting more interesting.  

Opera Unite was released at about the same time as the recent Iranian public uprising.  At the time organizers were using text messages to communicate with the members of their movement.     My first thought when I was reading about the events taking place was maybe they could use Opera Unite to organize the protests, publish information, videos, and more.  The text messages would only simply have to have a URL in it.  If the PC’s were moving around, and/or disposable, it could be very hard for the authorities to catch the organizers.

Maybe Opera Unite will fuel a new round of hackers.  Maybe it will be the IT solution for a "good cause".  Maybe it will become a tool of the underworld.  Or maybe, it will be an architecture for democratic revolution.   It certainly is an interesting new tool.

 

 

 

I had a server crash to deal with and in general a hectic past few months.  I think I’m catching up now and expect to resume blogging about Clouds this weekend or early next week.  I was looking at my pending posts (all partially written) and I have 9 in queue.  For the fans of this blog that have been wondering where I went, wonder no longer, I’ve just been busy lately.  I’ll revive my regular posting schedule within a few days.

Thank you for your patience.

 

 

Most web service managers and architects I talk to describe their architecture as a "3-tier" model, meaning they have a web server tier, and appserver tier, and a database tier.  However most such architectures in fact turn out to be much more complicated with ESB components and other connectors, access control services, mulitple layers of data sources, firewalls, intrusion detection systems, audit servers, disaster recovery support and more.   Sure there are pieces which fall neatly into one of the classic three tiers.  However there are a lot of gray areas, side-bars, and odd pieces in the typical architecture as well.

Many popular web content management systems such as Django are particularily hard to fit in that model.

The traditional "Load Balancer" was a technology that mapped neatly into the spaces between the layers in the 3-tier model by providing horizontal scaling for at least the web layer and the appserver layer.   Nowadays, the technology has morphed what F5 calls Application Delivery infrastructure.  Intelligent adaptive traffic management which is almost a "tier" in and of itself.   In a lot of ways, deployment of F5 technology can render the webserver front-end to your application largely irrelevant (obsolete?).

Recently I came across Harbor which obliterates the traditional box based appserver layer by letting you write Java programs and then deploy the various classes to wherever in the cloud it makes sense to run them.  Cool technology!  The developer becomes abstracted from having to know where in the infrastructure they are running.  The application becomes highly flexible, adaptible, and hardware/platform independent.  Perfect for deployment in ambiguous Clouds.   Harbor seems cutting edge.  Clearly it will take some time for a paradigm shift such as what it represents to really catch on.

Throw in a neo4j data model (or two) - which I blogged about earlier and maybe it is time to finally break out of  the old 3-tier web architecture box and retire the concept….  

 

 

 

 

Here is a short posting titled "How Cloud Computing Hurts Venture Capitalism" which talks about the impact the new Cloud Infrastructure providers have on startup company strategies. 

Is the Relational Database Doomed?  is the title of a very interesting article exloring the pro’s and con’s of "key/value" databases, a common data structuring technique in Cloud Computing.  Clearly data management and modeling is evolving along with the technology we are using to store and access it

Due to the fluidic nature of the Cloud Computing architecture, your data could move around.  A system has to be devised that lets you keep track of where your data is, when you need it.  Traditional Vertical Scaling (building bigger and bigger boxes) has natural and obvious constraints.  It is not a model that lends itself well to cloud models.  The "key/value" data model described in the article is one technique for organizing certain kinds of data in a highly scalable array of inexpensive computing resources (a cloud).

In the comments to the article someone points out neo4j, an open source database technology which models data using Graph Theory techniques rather than as Tables.  As someone who really enjoyed graph theory in college, this data modelling approach really intriques me and will require much closer study as time permits.  (The graduate level Graph Theory course I took as an Undergraduate at U.Mass Lowell was one of the most challenging, mind expanding and interesting classes of my undergraduate and post-graduate education.)

 

Here’s an idea I had this morning - Could the Federal Government set up Cloud based services for use by various Federal Agencies (or even state and local agencies)?  It wouldn’t really be a centralized IT department in that each agency would still get to own the applications and data.  However the economies of scale and dynamic capacity and backups and recovery and even security management could be centralized.  Obama had mentioned he wanted to create the "Google of Government".  Maybe more than a search engine they should set up some Google/Amazon like Cloud Computing SaaS and IaaS too.

I’m sure that many government IT demands are fairly cyclical.  Maybe leveraging this kind of technology could keep overall costs down by being able to offer that extra capacity to other agencies who have complementary requirements.

They could even hand out some cool sounding job titles titles  such as "Assitant Deputy Secretary of the Cloud". 

 

ComputerWorld released Part Two of The Case Against Cloud Computing yesterday.  In part two they take a close look primarily at the challenges meeting audit and compliance requirements when some of your infrastructure is outsourced to a Cloud SaaS provider.

I’m not convinced those challenges are that much greater with a Cloud architecture than any other.

Audit requirements (legal, financial, or otherwise) all boil down to being able to answer the same basic set of questions - "Who had access to the data?", "When did they have access?", "Who changed the data?", and "When did the data change?".   The requirements are really about the DATA, not the architecture.   So, can you answer those questions in a Cloud SaaS?  Sure.  Perhaps you will need to include the vendor, perhaps not.  (Is the data encrypted while it is in the cloud?)  Specific methodologies for answering audit questions will necessarily vary depending on the architecture.  For example in a Cloud application you might now need to include proxy server or firewall logs.

Compliance analysis is differentiated from audit requirements in that sometimes you want real-time feedback if there are policy violations.  In the case of data abuse or other unauthorized data access, such metrics and monitors would probably need to be designed along with the cloud application similar to any traditional application.

Data Backup and Disaster Recovery processes, which are sometimes driven (rightly or wrongly) by meeting audit  requirements, could be serviced via a well negotiated SLA which would include contract mandated tests.

Change Management, is also sometimes driven in part by audit requirements (rightly or wrongly).   By their very nature, Cloud insfrastructures are usually fairly dynamic.  A rigid change micromanagement bureaucracy could quickly erode any advantage Clouds offer.  Just like some of other processes supporting Cloud infrastructure, change management is going to have to adapt as well.  Step back and consider the reasons for implementing Change Management in the first place.  How can some of those same goals be achieved (can they be achieved?) when you are deploying in a Cloud?  Rather than focusing initially on jamming your legacy processes into the new paradigm, focus on the real problem.   If the Cloud is well engineered, then maybe changes within the Cloud, as long as they are within engineering tolerances, need not be subject to more process than simply logging the internal change.  Grander activities, such as deploying new application releases and fundamental changes in the architecture would need bureaucratic oversight.  Where do you draw that line?  Certainly it is something else that will have evolve and require flexibility to succeed.

 

 

 

 

ComputerWorld published  The case against cloud comuting, part one  yesterday.   The arguments are mostly about how hard it is to make the paradigm shift for the external Software as a Service (SaaS) cloud solutions.  The headline implies the arguments apply to any of the related cloud computing technologies, but they don’t really.  The article is a little bit whiny: "Its too hard!".  No doubt there are challenges and required new ways of thinking about how to manage things with the new architectures.  No doubt there are legacy vendors and technology investments that are going to suffer.  No doubt there are old timers in IT who like things the way they are.

Some of the arguments sound exactly like the arguments we heard with the emergence of distributed computing.  A paradigm shift is underway and the younger, nimbler, and adaptable IT enterprises are going to leapfrog into the new age.  Mainframes never went away, and may never go away.  Legacy static architecture and fat clients aren’t going to completely go away either.  Sometimes for good reasons, sometimes simply because they have momentum.

 

Two or three years ago I purchased a Zonbu mini.  This was a little, relatively inexpensive, small form factor, ITX based system.  It consumed very small amounts of power, was easy to set up and use, and satisfied an immediate need in my household for another web access point and general purpose system.  The main selling point, however, was that none of the storage (except for a compact flash based cache) was local.   I wouldn’t have to worry about backups.

In fact, I can do backups of important files from my other systems by copying them to my Zonbu and saving them there.  (wherever "there" is)

The term "Cloud Computing" didn’t really exist when this product emerged.  Zonbu was pioneering consumer cloud storage before it even had a name.  They haven’t been standing still over the past couple of years.  They added a laptop, and then higher end systems.  Now they even have a software only solution.  And you can try it out, without the personal storage space, of course, for free.

The Zonbu system includes a handful of simple games, the Open Office productivity suite, a browser and a few other utilities and tools.  It is all pre-configured and easy to use.

And they take care of your backups for you.

Your data is safe, stored in an encrypted format somewhere in their cloud.  You have the option of storing the data without a recoverable password, or with a recoverable password (meaning; do you want the folks at Zonbu to maintain a ‘back door’ to your data, or do you want to have the only key?  It is up to you.)

They also added a storage area that is accessible over the web.  You can easily publish web pages and other content, or use it as an interim waystation when to copying files from your Zonbu to somewhere else.  

There are mechanisms to obtain root on your Zonbu if you really want to customize the installed software or just hack it.  I haven’t had the need.  It works well enough as-is, out of the box.  It would be nice to have a newer version of the Firefox browser, or maybe have the option to use Opera or Google’s Chrome for a browser sometimes.  Otherwise it does everything it promised and I haven’t felt the need to have it do more.

Zonbu customer support is great!  They’ve been very responsive and helpful the few times I’ve needed them.  They even took care of a hardware issue I ran into with my wireless interface with minimal fuss and remarkable turnaround.

If you are looking to spend some money and go with the herd, then a Microsoft solution is probably better.  If you are looking for a high quality (and pricey) solution, then go for a Mac.  If you are looking for a flexible desktop solution with many options, then maybe try a PC with Ubuntu.  If you are looking for something that is simple, doesn’t require a lot of maintenance, is inexpensive, and just does the (basic) job, Zonbu may be the right solution.

I think over the long term this is the future of basic desktop computing.  You can personalize your environment, and yet the bulk of the hard part (security, integration, & backups) are managed centrally by professionals.  This is a slightly different model than the web based application suite [ accessed from a full fledged PC ].  At least until HTML 5 is ready, programming complex desktop applications for the web is much harder than programming for the desktop.  There are significantly more desktop applications already available than web based ones.  The Zonbu-like solution will work with lower bandwidth and higher latency environments, something which can be another challenge for successful web based "desktop" application implementations.   Desktop based (cached) applications with encrypted (cached) storage seem easier for an organization to contain entirely "inside" their virtual borders, and to license, and therefore may be much more palatable.  

This is basically the ‘thin client’ model, which has waxed and waned in the world of system architecture over the years. What makes this model really work is the technology has finally caught up with the idea.  The synergy of being able to leverage the breadth of applications already available on the Linux desktop platform, with the cloud storage technologies, on low power, inexpensive, consumer friendly small form factor hardware bears at least watching.