Apparently, our Top Cloud Computing Stories for May podcast was well-received, because David Linthicum invited me back to swap top stories for June. Check out our podcast. Then, consider this: What will be the ‘Tang’ of cloud computing?
In IBM’s November 2009 SOA Newsletter, Fill Bowen, Program Manager responsible for Smart SOA in IBM Software Group, discusses the relationship between SOA and Cloud Computing, and shares prerequisites for providing services in a cloud and consuming services in a cloud.
The newsletter emphasizes that SOA and Cloud Computing are complements. SOA is an architectural style, while Cloud Computing is a deployment model. These concepts can come together in the design of the cloud computing environment:
"’SOA is an architectural style for building applications, loosely coupled, allowing composition,’ says Jerry Cuomo, CTO of IBM’s WebSphere business. ‘Can we build a datacenter infrastructure on SOA principles? Yes, and that’s the cloud, so it’s a service-oriented infrastructure,’ he adds. ‘It’s taking that architectural principle of SOA and applying it to an infrastructure.’" – InfoWorld, “The cloud-SOA connection”
In discussing the SOA-Cloud Computing relationship, Fill offers a helpful analogy using books and a library:
“An interesting analogy for cloud and SOA is to think of books in a library. The books represent the services that customers can access once the library acquires them, and the library building represents the cloud where people come to check out the books/services. Books are reusable, and several books might make up a series or topic. Someone writes the book once and it is reused many times.
Using our analogy of books in the library, there are two components to consider when thinking about services in a cloud environment. One is the providing of services (books) to the cloud (library). And the other is the consuming (checking out) of those services (books). Each has different requirements.”
Read the article to learn of the prerequisites for providing and consuming services in a cloud.
[Disclosure: IBM is not a direct client of my firm, Elemental Links, however IBM is a founding sponsor of the SOA Consortium, which is a client.]
Reports from the Trenches: What’s Working in Virtualization and Green IT, moderated by Larry Hale, Director, Office of Infrastructure Optimization, GSA
Panelists:
- Jack Baxter, Manager, IT&S, Government Printing Office
- Richard Fichera, Director, Blade Systems Strategy, HP
- Bernard Golden, CEO, HyperStratus
- Dale Wicklizer, US Public Sector CTO, NetApp
Larry Hale has some starter questions for the panel:
1. Biggest challenges in adopting virtualization?
Jack Baxter: Greatest challenges: application qualification, funding, hardware and how it’s going to be used. Heterogeneous environment calls for a lot of up-front research.
Energize and Save, Tod Nielsen, Chief Operating Officer, VMWare, opening keynote
Todd starts by talking about all of the government agencies VMWare works with. The list is extensive. One example, the CIA is virtualizing 4000 servers, saving millions in capital and energy costs.
Gartner factoid, 89% of virtualized apps run on VMWare (dated December 2008).
Early in virtualization journey, 0 – 20% virtualized, the big savings is Capex. These projects are typically for IT owned assets, file and print, mail etc. Next phase, is line of business applications, the concerns here shift from just capex to “speeds and feeds”, business continuity, up-time. Often, these are less critical, tier 2 and 3 applications. Todd shares anecdote of organization where CIO was concerned that tier 2 and 3 had better up-time than tier 1, response tiers 2 – 3 are virtualized, was driver for tier 1 virtualization as well. So, capex, energy and up-time.
Session abstract:
“You are on cloud 9. You are ready to go lights-on in your new virtual data center. But wait: virtualization changes everything when it comes to security. Some gaps are obvious, such as the elimination of separation of duties, or the lack of visibility into the virtual network. Some issues are more subtle, such as temporal attacks against crypto. This talk will describe what gaps are introduced in the move from physical to virtual specifically where security is concerned, and prescribe specific steps to ensure security and compliance for production deployments.
Specific topics to be covered include:
• Recommend strategies for updating in-house security and compliance best-practices guides to incorporate and protect virtual infrastructure.
• An analysis of the new virtualization threat surface and what new policies should be introduced to prevent, detect and control risks and violations.
• Configuration of the virtual network for security and visibility, even over Vmotion and over VMware port groups.
• Enforcement of separation of duties, least privilege and change management in the virtual data center (currently not part of most virtualization platforms).
• Examination of the risks of VM Sprawl and establishment of programs and policies for managing this risk.
• How you can guarantee your cloud implementation is even more secure than your pre-cloud analogue.”
Michael Berman is CTO of Catbird Networks, a provider of security virtualization solutions to cloud computing operators.
David Snead on Virtualization and Legal implications. David is a practicing attorney focusing on web infrastructure concerns. From a legal perspective, David shares that from a legal perspective, virtualization and cloud computing are similar.
Three aspects to be considered:
Software or Operating System
Expectations – your own, that of your users, that of your customers
Contract Review
Goal of session to give information on how to parse legal risk. Lawyers who say “no legal risk” are misstating the truth.
