CloudEnterprise.info

Cloud track announced for TEC 2011

Posted by: Dmitry Sotnikov on: October 26, 2010

The Experts Conference 2011: Advanced Training on Cloud Technologies for Enterprise IT ArchitectsWhat do enterprise IT architects need to know about the Cloud? What is the difference between SAML and OAuth? Can you really host an AD domain controller in the cloud? How do you enable single sign-on (SSO) between Active Directory and Salesforce.com? Microsoft’s Office 365 or Google Apps? What is the state of art for security and compliance in the cloud?

These are just some of the questions which are probably going to be discussed at The Experts Conference 2011 in Las Vegas, April 17-20 2011.

If these questions are relevant to you – register today and get the early bird discounts.

If you are an industry expert willing to present at the event on one of the topics I listed above or a related cloud topic - you still have a few days to submit a session proposal here. You can also contact me for more information or assistance in submitting your session proposal.

Tags: , ,

Cloud with an eagle eye

Posted by: Dmitry Sotnikov on: October 21, 2010

Cloud can make your environment *more* secure. A new cloud service alerts IT pros when specific events happen in their environment. For example, you might want to receive an email when a sensitive resource gets accessed, certain permissions get granted, membership for a privileged group gets changed and so on. This all is now part of the Quest OnDemand Log Management service – just watch this two-minute video to see how it works:

(Full disclosure: I work for Quest Software and participate in our Quest OnDemand efforts.)

What’s best is that this is a cloud service – so no local deployment or additional infrastructure is required. You can just go to the website, sign-up for a free trial, download a small agent, and start getting alerts for the events you care about!

Cloud is good for you! Sign-up for a free trial now and have the cloud help you keep your environment secure.

Tags: , , , , , , , ,

Cloud or On-Premise: Which is more secure?

Posted by: Dmitry Sotnikov on: October 15, 2010

The Department of Health and Human Services headquarters by the National Mall, image from wikipediaIt bugs me that for some irrational reason there is still a common-sense believe that data is more protected when kept in someone’s own datacenter and not with a trusted cloud provider.

US Department of Health and Human Services (HHS) has just published data on past year data breaches in the medical industry. These only include breaches affecting 500 or more individuals and reaching the “harm” threshold defined by the current rules. Yet, there 166 of those affecting the total of 4,905,768 patients.

PHIPrivacy.net does a good job analyzing the breach data, and you can see that even in the industry which is highly regulated and paranoid about data security and privacy – data being stored locally is getting stolen or lost all the time.

Compare that to a cloud provider (pick any cloud service which you like: Salesforce.com, Microsoft BPOS, Amazon, Google Apps, Quest OnDemand) – have you heard of 166 breaches for any of those? There are good reasons why you have not:

  • High security standards of the datacenters: a lot of these are compliant with SAS 70 Type I and Type II and ISO/IEC 27001:2005 – does your datacenter get formally certified that high?
  • Clear segregation of duties: people running the datacenter are not your employees, they have no idea what kind of data is getting stored by who and no vested interest in seeing that data,
  • Needle in a haystack effect: public clouds have multiple customers, so even if a squad of ninjas attack the datacenter and manage to steel a harddrive it will just have some bits from data from various customers in format specific to a particular application and probably encrypted – making the whole exersize completely meaningless,
  • No local device data: your local laptops or mobile devices only work with remote cloud data – so if the device gets lost or stolen you loose the device, not the data.
  • Security is in the cloud business model: for any credible SaaS vendor security is number one concern (see for example Quest OnDemand security FAQ). They implement specific security measures such as data isolation, audit trails, and so on.

It is just incredibly hard and costly to set all these measures and maintain them, and I find it hard to see how (apart from really select few companies) these days will have the resources to provide that level of protection and security for on-premise systems. Cloud makes things more secure. Cloud is good for you.

Tags: , , , ,

Time Machine for Active Directory

Posted by: Dmitry Sotnikov on: October 6, 2010

Cloud-based AD backup and recovery service – Quest OnDemand Recovery – just got updated allowing among other things to easily locate the whole change history for a given account throughout the whole backup history, and roll the object back to any particular moment in time.

The new feature is available right from the main screen. Simply search for the user account:

Select the moment in time for this AD object:

Click Finish and the object will get back to the selected time in the past!

This new feature was introduced earlier this week and is now available to all OnDemand Recovery customers (the beauty of the cloud!).

If you have not tried this service, there is a free 30 day trial available here. (Full disclosure: I work for Quest Software and am involved in the project.)

Tags: , , , ,

Gartner case study on transition from software to services

Posted by: Dmitry Sotnikov on: September 30, 2010

Ruggero Contu has published a case study which he created after studying Quest Software‘s transition from being a pure software vendor to also a SaaS cloud-based IT management company: “Case Study: Quest Leverages Cloud Services to Introduce SaaS-Based Log Management Product” (registration required to access the page):

Although new business opportunities can justify a SaaS project, implementation of a new cloud-based offering is not a straightforward task. CTOs, development managers, and sales, marketing and service delivery managers should plan for the far-reaching changes needed across the organization to reach a successful implementation.

SaaS-based security products have been gaining popularity and adoption within organizations over the past few years. Although demand for SaaS-based security information event management (SIEM) products is not as high as for other security areas, such as messaging security and remote vulnerability assessment, SaaS-based SIEM is a valuable option for those enterprises that cannot implement security information tools. An on-premises SIEM implementation may not be justified, particularly in those cases where there are limited resources available to be dedicated to deploying and managing SIEM products; the cost of SIEM implementation may be unjustified also in those instances with well-defined but limited technology needs, such as to meet a specific regulatory requirement. As a result, there are interesting market opportunities for SIEM vendors willing to embark on the launch of a SaaS-based log management solution. This Case Study discusses how Quest Software developed and implemented a SaaS-based product offering.

Ruggero goes into the details of why and how Quest went from software to SaaS, what was involved in the transition, and which benefits did this move bring to both the vendor and its customers.

If you work for a software company considering a similar move, or if you are an IT professional considering starting to use SaaS in your environment, I would recommend obtaining and reading the full document here.

Tags: , , , , , , , , ,

Windows Marketplace: Why can’t Microsoft make it happen?

Posted by: Dmitry Sotnikov on: September 27, 2010

Burgeoning application stores satisfying any possible consumer need seem to be the number one reason for the incredible success of products like iPad tablets and iPhone and Android smartphones. What is it that does not let Microsoft provide the same application distribution for Windows consumers? Surprisignly, it increasingly seems that Microsoft has all the technology it needs and it is a matter of just connecting the dots rather than dramatically changing the way that the operating system is designed.

Let’s see of what it would take to get a Windows Marketplace rolled out. There is actually not that much involved – Microsoft is almost there:

1. Popular platform – it is the exposure to consumers that makes marketplaces attractive to developers. There are more applications created for iPhone and Android than for, say, Palm WebOS simply because there are more iPhone and Android users so a bigger addressable market. With the 91%+ marketshare that Windows still enjoys – I bet you can put check for that one.

2. Developer community and tools – again – clear check here: there are many .NET developers out there and Microsoft’s development tools such as Visual Studio are great and spawn all groups of developers from enthusiasts who can download Express edition for free to big teams which can get all the high-end features one can think of.

3. Marketplace application or portal – you know the actual site with stars, reviewers, popularity index, ability to buy an application, application submission process and so on. Microsoft clearly did not have this a year ago – but guess what – now they do. Windows Phone 7 Marketplace is launching and all the technology and processes used there are going to be totally applicable for any application store. Another check.

4. Application and data isolation – this is probably the hardest one. Windows was not designed with portable applications in mind, and if you really want applications to be easy to find, install, use, upgrade and remove you really need each application to be self-contained. Each application on iPad or Android comes with all it needs, can self-update and can never affect any other installations.

Windows on the other hand was designed as a file-oriented operating system in which you have the files: some with data such as your pictures or documents and some with with executable code – and all of them, as well as application and user settings in the Windows registry – are shared among applications and introduce potential dependencies and ability to negatively impact the operating system and other applications.

So is Windows hopeless? Not at all! Microsoft actually owns application isolation technology it acquired back in 2006 (more than 4 years ago!) from SoftGrid – called Microsoft Application Virtualization or App-V. It makes all applications totally isolated from others, not affected by any compatibility issues, easily upgradeable and removable. And it even natively supports streaming of the application packages from network. So what is the reason why it has not revolutionized the way we run applications on our PCs?

Seems like the Microsoft’s size and org chart are the answers. App-V is part of Systems Center (Microsoft’s division selling management tools to enterprises) and not Windows client OS. And it is not free either – and even enterprises only get it if they buy Microsoft Desktop Optimization Pack or Microsoft Application Virtualization for Terminal Services.

Seems to me that if Microsoft really wants to fight the iPad and Android tablet battle and not let Windows get marginalized to professional workstation use only this needs to be changed. App-V should be made a standard component of Windows 8 and App-V package creation tools standard part of developer tools.

That, in combination with a more touch-oriented graphical user interface and nice hardware from partners, will immediately make Microsoft big in the consumer tablet market – which seems to be the consumer PC market of the future.

Come on, Microsoft! You are almost there. Just make the teams talk and make it happen.

Tags: , , , , ,

Provide feedback on Quest OnDemand – get an iPad

Posted by: Dmitry Sotnikov on: September 23, 2010

Now that our services for IT Pros: OnDemand Recovery for Active Directory and OnDemand Log Management – have been out for a couple of months, got their first customers, and demonstrated (knock on wood) 100% uptime, it seems to be the right time to start collecting feedback and give back some prizes.

This is exactly what we are going to be doing from now till the end of October 2010. All you need to do is:

  1. Start your free trial of either of the services.
  2. When you have enough feedback, fill out a quick evaluation survey.
  3. Get your $50 Amazon certificate and (if you are among the the two users who provide the most detailed feedback) iPad!

Try one of our OnDemand IT management services, complete a survey, and win a prize

The prizes should make evaluation more fun, and the survey results will help us make the services even better.

Go to this page to learn more, sign up for the services, and submit your feedback to get the prize.

Tags: , , , , ,

When federation does not work

Posted by: Dmitry Sotnikov on: September 21, 2010

The official Windows Live ID logo. Opaque back...

One of the leading providers of IT management SaaSQuest OnDemand – has decided to stop using federation with Live ID as its main user authentication method and switched to simple email address/password way.

In the age of everyone trying to federate with everyone else this move seems to be going into the opposite direction. It turned out that in this particular case – IT professionals signing up for a service – found having to use a third-party identity to be not intuitive and had privacy concerns about the same identity being used for different levels of access to various services from different vendors.

Let’s have a look at what was the rationale behind choosing Live ID initially and then abandoning it. I hope that these lessons learnt will help more thoughtful discussion of when and what kind of federation is the right one to use as opposed to someone one-sided perspective the industry seems to have at the moment.

Why Live ID?

Quest OnDemand is a set of online services for Windows IT professionals. The services currently available include eventlog management and AD backup and recovery. Considering that these are primarily used by IT professionals in the Microsoft world, and that Microsoft uses Live ID (also known as Microsoft Passport or MSN Passport) as a way to authenticate for all Microsoft’s services, it made total sense to let users sign into the new service with their existing Live ID accounts instead of making them register new ones.

When we launched Quest OnDemand in June 2010, anyone interested in any of its services could just come to portal.ondemand.quest.com and sign in with Live ID credentials.

What went wrong?

Once we launched we got overwhelmed by our users telling us how confused and frustrated they were.

The complaints seemed to fall into a few categories:

Confusion about Live ID

Surprisingly enough, a lot of people don’t realize that Live ID is an authentication system which can be used across other web properties from various companies. A lot of people don’t know that what they are using to post to Microsoft’s forums or access their hotmail account is indeed Windows Live ID.

Users signing up or deciding to try a service from your company want that to be a business between them and your company, and are not expecting a third party to get into the mix.

Broken workflow

User experience suffered from users being taken away to another site with different look and feel during their registration process. When user already had a Live ID and used it to sign-in this was not as bad – she was taken back to Quest OnDemand upon authentication. However, if a new ID had to be created user was taken away completely, asked a lot of unrelated questions such as date of birth, and then not brought back to the original site.

If you want your customers to survive your sign-up procedure you need to control the account creation experience – just redirecting them to a third-party site does not work.

Privacy concerns

Even though all Quest OnDemand wanted to know about customers were their Live ID logon names (for example, to be then used as handles for delegation purposes) Live ID in theory holds keys to a lot more data including for example hotmail address book. From the web user interfaces customers could not clearly see that they are not accidentally providing access to their private data and as result did not want to proceed with the delegation.

Using primary ID seems to be a big commitment

Email address is a much smaller commitment for a service sign-up than some sort of credentials you are actively using as your core identity. If I try a service and I don’t like it worst case – the vendor will send me some email from which I will need to unsubscribe. If I share the ID I am actively using it kind of feels like I am committing myself in a bigger way and will not have the flexibility to easily go away, and then maybe come again some other day and so on.

The industry has trained customers to supply email addresses pretty much for any sort of access – now this is what people are expecting to use for sign-ups.

What’s there now?

Starting last Friday, Live ID is gone (obviously with all existing customer profiles and data migrated) and we are back to simple email address and password sign-in process.

The benefit is that although there is indeed yet another password to keep in mind (or to reset every now and then when you forget it), the web site behavior is completely expected and well understood by anyone, and the sign-up process includes way smaller number of steps and is easier to follow.

Is federation dead?

Not at all. There are multiple other cases in which identity federation makes total sense and makes users’ lives easier and solutions more secure. For example, while dropping Live ID, Quest OnDemand still has Active Directory Federation Services (ADFS) authentication option for enterprises federating their local Active Directory with Quest’s cloud. In fact, this is the only way Quest’s own employees (for example, technical support) can log onto Quest OnDemand. In this case, federation has clear advantage because it provides tight access control and ensures that only authorized Quest employees access the service and the access happens under strict corporate control.

There are cases in which federation works great and is the best way to implement user access to your system. There are cases in which it is not. Carefully evaluate your options and find which solutions works best for your customers!

Did you have similar experience on federation either not working or quite opposite solving your problems? If so – please share.

Tags: , , , , , ,

Cloud Systems Management talk in Silicon Valley

Posted by: Dmitry Sotnikov on: July 30, 2010

This Monday, August 2nd, 2010 I will be talking about how cloud computing is transforming the Systems Management industry at the Cloud Computing usergroup in Mountain View, CA. Here’s the abstract:

As SaaS and cloud matures and gets wider acceptance it starts affecting new markets and application areas. While more and more widely adopted in consumer space, collaboration, CRM and human resource management, cloud only recently started affecting IT professionals and systems management in general.

Dmitry Sotnikov heads Cloud efforts at one of the biggest IT management software vendors – Quest Software. In this session he will share his views on how cloud is changing enterprise IT and what threats and opportunities he sees for existing IT software vendors, as well as Value-Added Reseller (VAR), Managed Service Provider (MSP) and System Integrator (SI) companies.

Please stop by if you are in the Valley or close. See you on Monday!

Tags: , , , ,

Amazon’s push for the enterprise

Posted by: Dmitry Sotnikov on: July 26, 2010

What do you do once you become the top bookseller and web-startup hoster? You shoot for the enterprise market!

That seemed to be the sentiment of Amazon’s Cloud for the Enterprise event which the company held in Sofitel Los Angeles last week. The pitch boiled down to:

  • Amazon’s datacenters are the most reliable, secure, and cost-effective option you can find,
  • Amazon Virtual Private Cloud (VPC) lets you securely connect an isolated subnet of Amazon Web Services (AWS) to your intranet,
  • If you are already virtualizing your applications, why not then run them in AWS and not spend money and efforts on whatever datacenter expansion you might need on your end?

Why this makes sense?

Amazon went a long way to make their datacenters more reliable and secure, they have the technology for network connectivity, and they do get significant economies of scale. The latter is not just words. Amazon’s CTO – Werner Vogels – showed pie chart of the cost structure for their datacenters.

They have almost eliminated labor among the significant cost factors – which is great considering that labor is one of the top (if not the top) elements of typical on-premise IT environments.

However, they went further than that. In their current cost structure server hardware is by far the number one cost absorbing more than 50% of what they have to spend. This made them work hard on improving the utilization of these resources. What they did is sell these compute resources as a combination of:

  • Reserved instances (when customers commit to resources for a long period of time to get 50%-70% discounts),
  • On-demand instances (normal hourly pay as you go model), and
  • Spot instances (when the remaining resources get automatically auctioned among bidders in a name-your-own-price scheme)

This means that they can get server utilization close to 100% – which is incredible considering that typical numbers in the industry are probably within 10-30% range.

Considering all this, why bother buying a new server when Amazon can deliver a potentially better service (with additional availability options, global datacenters and so on) at a lower rate?

What is in it for Amazon?

This also seems to be a natural adjacent market for Amazon (the IaaS company – not the online retailer). If they already successfully host web startups and are the most well-known compute platform for tasks such video transcoding or text recognition – why not use that same expertise and infrastructure to sell it to enterprises?

Enterprise IT is a huge market with great margins, and as corporate CIOs are looking for ways to use the cloud to cut costs and/or become more agile – Amazon has the brand recognition to be their number one choice.

This seems to be a high priority effort for the company considering that they have their CTO attending and delivering his keynote at events like the one in LA. And it should be if Amazon does not want to be squeezed between enterprise vendors like Microsoft and VMware getting the higher margin enterprise cloud segment, while initiatives like OpenStack commoditizing lower end cloud compute services.

With so many vendors going after them, Amazon needs to keep moving fast to stay relevant.

Are we there yet?

With all that being said, today Amazon’s pitch remains a great story rather than reality for both technology, business and perception issues.

Technological challenges include inability for IT today to easily (or better automatically) move workloads between their on-premise datacenters and Amazon’s cloud. Even the virtual machine images Amazon is using are not compatible with the VMware and Hyper-V hypervisors enterprises have.

Obviously most of the existing IT management and monitoring tools that companies are using are not yet Amazon aware either – meaning that administrators cannot just get Amazon added to what they have already but instead would have to learn new ways and find new tools.

From business perspective, Amazon is just not an enterprise vendor yet. Corporations have contracts with Microsoft, IBM and others – Amazon is brand new to these customers.

Perception-wise, Amazon needs to find early adopters of that enterprise IT scenario to showcase at events like this. The 4 customers presenting at the event in LA were using AWS to:

  1. Offload computation tasks,
  2. Do image processing,
  3. Host web sites, and
  4. Host their SaaS electronic medical records application in the cloud.

Needless to say, these are not the scenarios Amazon was trying to pitch.

Summary

With the enterprises starting to evaluate their cloud options, the fight for the cloud for the enterprise is only going to become hotter. It is going to be interesting to see if Amazon finds a way to “descend” from the public cloud to the on-premise and hybrid scenarios with smart partnering and acquisition strategy, or traditional enterprise and virtualization players add public cloud to their solution sets and squeeze Amazon out.

Tags: , , ,
Older Entries
Newer Entries

 Subscribe in a reader


Subscribe by email


Add to Technorati Favorites

RSS My company’s main blog

  • The Jelastic Spotlight May 25, 2012
    We are starting something new here on the blog for Fridays. Up until now, we were doing more light-hearted stuff but as we were sitting around talking about the different sweet apps that you, our customers, are deploying, we realized that we should be showcasing the apps and the developers! So, as of today, Fridays [...]
  • Remote Access to MySQL in Jelastic: Import/Export Dump Files in a Few Minutes May 24, 2012
    Recently, we told you about that another cool feature that you have access to in the commercial version of Jelastic, Public IPv4. With a single click you access to a number of cool new capabilities. One of the most important opportunity you get with this feature is the ability to work with your databases remotely and [...]
  • The Jelastic Newsletter – May 23, 2012 May 23, 2012
    Java 7 adoption, Commercial releases in Europe and Russia and Software stack market share. . . The Jelastic newsletter is a weekly round-up of news, how-to’s and contribution opportunities. Here’s what’s happening this week: Commercial Releases in Europe and Russia As we continue to grow and add partners, we are happy to say that, as of yes […]
  • We are now available commercially in Europe! May 22, 2012
    In partnership with dogado, we are now available commercially in Germany The last few weeks have been hectic here at Jelastic! We launched commercially in the US with ServInt; then we did the same in Russian with Rusonyx; and now we have launched commercially in Europe with Germany. Now in Europe Our commercial release with [...]
  • Software stacks market share: May 2012 May 21, 2012
    Every month we share stats on the usage and popularity of different software stacks within Jelastic PaaS with you. This month it’s even more interesting, because the scope of our stats has grown: we have a new hosting partner in Russia, Rusonyx. So, let’s check out the stats on databases, servers and JVMs for May and analyze the differences betwe […]
  • Geek Project of the Day May 18, 2012
    Just in time for the weekend. Here is your geek project of the day. Because sometimes, a regular grill is not enough. We want one. Going to “borrow” a friend’s car and turn it into a grill.
  • Jelastic announces the commercial availability of its Java cloud hosting platform with Rusonyx May 17, 2012
    Rusonyx’s Jelastic offering provides Cloud Java hosting with no lock-in or code changes required PALO ALTO, Ca. – Jelastic, the world’s first standards-based Platform-as-a-Service, today announced its commercial availability in Russia through its partner, Rusonyx, one of Russia’s leading web hosting service providers. Rusonyx is the exclusive provider […]

My Recent Tweets

Blogroll

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer Jelastic or anyone else for that matter. All trademarks acknowledged.

© 2008-2012 Dmitry Sotnikov

Blog at WordPress.com.

Theme: Albeo by Design Disease.

Follow

Get every new post delivered to your Inbox.