Cloud Appliances for Private Clouds

Cloud computing technologies have the ability to deliver a vast array of important benefits, including the option to leverage compute and storage resources on-demand. Public clouds are the most visible form of this. But, some organizations need important applications and workloads to be operated behind their firewall.

The size of  modern data sets makes it difficult to send over the internet to a public cloud data center. Management most likely has security concerns about data being stored in a facility outside of IT’s control. Often times there is specific hardware, software, or storage requirements that cannot be adhered to in public cloud ecosystems. In response, many organizations are leveraging private clouds.

There are two basic approaches to deployment of a private cloud environment: Build your own or purchase an appliance.

Build Your Own Private Cloud

With organizations operating their own compute, storage and network resources, one option to look into is redeploying these existing instances into a private cloud. Due to the trend of server consolidation, many of these machines may already be operating a virtualization layer. Beginning from this point, deploying infrastructure (IBM, VMWare, etc.) is a logical nest step.

Erecting a private cloud takes more than piling software layers on top of existing resources. Unfortunately, many enterprises may not have the internal resources and expertise to take on this integration workload. This is where a consulting firm like Nubifer can play an integral role in solving these vexing problems.

The Open Source Alternative

With proprietary and trade-marked technology comes the issue of being stuck with a specific vendor. In response, open-source options have evolved. Rackspace CEO Lew Moorman said his company opted to leverage OpenStack to open-source the software behind the cloud computing stack “because we believe a widely adopted, open platform will drive standards.” In the past 6 months, more than 50 companies had joined the community.

Opposition to adopting open source does exist. For example, the OpenStack code base is still very immature, and features such as supporting ‘VMware hypervisors’ and live migration of instances are still in development.

Also, IT folks need to download the releases and install themwith the existing compute, storage and networking infrastructure. This brings up another potential deal breaker: do you burden your internal IT staff with these modifications? Nubifer is here to help…

Cloud Appliances

An evolving method to deploying a private cloud is by leveraging a cloud appliance. A cloud appliance is a rack of computing resources delivered tested and ready to go, with the software versioned and configured. When the appliance is plugged in to power and the network, you’re ready to go.

For example, Nubifer partner, IBM, sells a private cloud appliance. This appliance blends standard hardware components and x86-based servers. By deploying an integrated cloud appliance,  IT is spared the time it would take to build its own. This frees up an organization to enterprise to focus on delivering business value rather than building IT componentry.

IBM’s private cloud offering is an integrated solution combining self-service, orchestration, and automation for heterogeneous resource pools.

Cloud appliances have drawbacks, though. For example,  new equipment is bought as part of the appliance, versus redeploying existing components.Because of this, an organization would probably consider an appliance during a hardware refresh cycle. In addition, there are a limited amount of pre-configured models, leading to a one size does not fit all situation.

Organizations are attempting to focus more on primary business functions, which for most does not include constructing IT infrastructure. All while public clouds are leveraging standardization to lower costs and offer greater levels of agility.

However, many workload requirements inhibit moving data sets to public cloud environments, spawning the deployment of private clouds. However, when an enterprise considers building a private cloud, it’s back in the discussion of building out IT infrastructure.

Cloud appliances offer a potential solution. By pre-integrating all components, IT simply plugs in and turns the power on. And after all, when buying a new car, you would prefer to turn the key and go, versus huddling hour upon hour reading the user manual. Why shouldn’t your private cloud deliver a similar experience?

For more information on private cloud implementation contact a Nubifer representative.

Advertisements

Compliance in the Cloud

Cloud computing seems like a simple idea, and, ease of operation, deployment and licensing are its most desirable qualities. But when it comes to issues of compliance, once you go beneath the surface you’ll discover more questions than you thought of originally.

Compliance covers a lot of issues, from government regulations, to industry regulations such as PCI DSS  and HIPAA. Your organization probably has internal guidelines in place, but migrating to a public cloud, a cloud application suite or something similar will mean giving up the reins to the cloud vendor.

That’s a position many auditors—and C level officials—discover themselves in today. They want to discover how to adopt the cloud  in a fashion that maintains their good standing with compliance. Here are a few tips for keeping an eye on compliance in the cloud.

Challenges to your Workload

When you survey cloud vendors, start by asking about sound practices and methods for identity and access management, data protection and incident response times. These are basic compliance requirements. Then, as you identify various compliance issues to your prospective cloud vendor’s controls, you’ll probably encounter a few cloud-specific challenges.

Multi-tenancy and de-provisioning also pose challenges. Public clouds use multi-tenancy to better provision server workloads and keep costs low. But multi-tenancy means you’re sharing server space with other organizations, so you should know what safeguards your cloud provider has in place to prevent any compromise. Depending on how critical your data is, you may also want to use encryption. HIPAA, for example, requires that all user data, both moving and at rest, be encrypted.

User de-provisioning is an issue that will become more challenging as password-authentication methods grow in complexity and volume. Federated identity management schemes will make it easier for users to log on to multiple clouds, and that will make de-provisioning much trickier.

Ever-Changing Standards

Like it or not, you’re an early adopter. Your decisions about what applications to move to the cloud and when to move them will benefit from an understanding of new and/or modified standards that are now evolving for cloud computing.

Today you can look for SAS 70 Type II and ISO 27001 certifications for general compliance with controls for financial and information security typically required by government and industry regulations, but these don’t guarantee that your company’s processes will comply.

Bringing visibility to users is a major goal of the Cloud Security Alliance, a three-year-old organization fast gaining popularity among users, auditors and service providers. A major goal of the CSA is development of standardized auditing frameworks to facilitate communication between users and cloud vendors.

Well underway, for example, is a governance, risk and compliance (GRC) standards suite, or stack, with four main elements: the Cloud Trust Protocol, Cloud Audit, Consensus Assessments Initiative and the Cloud Controls Matrix. The Cloud Controls Matrix includes a spreadsheet that maps basic requirements for major standards to their IT control areas, such as “Human Resources  Employment Termination,” while the Consensus Assessments Initiative offers a detailed questionnaire that maps those control areas to specific questions that users and auditors can ask cloud vendors.

Efforts of the CSA and other alliances, plus those of industry groups and government agencies, are bound to produce a wealth of standards in the next several years. The CSA has formal alliances with ISO, ITU and NIST, so that its developments can be used by those groups as contributions to standards they’re working on. And a 2010 Forrester Research report counted 48 industry groups working on security-related standards in late 2010.

Importance of an SLA

Regardless of your company’s size or status, don’t assume your cloud vendor’s standard terms and conditions will fit your requirements. Start your due diligence by examining the vendor’s contract.

Your company’s size can give you leverage to negotiate, but a smaller business can find leverage, too, if it represents a new industry for a cloud vendor that wants to expand its market. In any case, don’t be afraid to negotiate.

Security

To best understand your potential risk, as well as your benefits, you should bring your security team into the conversation at the earliest possible opportunity, says Forrester.

Moving to the cloud may offer an opportunity to align security with corporate goals in a more permanent way by formalizing the risk-assessment function in a security committee. The committee can help assess risk and make budget proposals to fit your business strategy.

You should also pay attention to the security innovations coming from the numerous security services and vendor partnerships now growing up around the cloud.

For more information regarding compliance and security in the Cloud, contact a Nubifer representative today.

Kentico Portal, a CMS for the Cloud

Cloud computing has been gaining momentum for the last few years, and has recently become required ingredient in every robust enterprise IT environment. Leading CMS vendor, and Nubifer partner, Kentico Software, took a step forward recently when they announced that their CMS Portals are now supported by the leading Cloud platforms. This means that you can now decide to deploy Kentico either on premise in your own IT landscape, using a public Cloud platform (such as Amazon or Windows Azure), or leveraging a hybrid model (with a database behind a firewall and a front end in the cloud).

Kentico Software sees the cloud computing as an important step for their customers. The recent releases of Kentico CMS “…removes barriers for our customers who are looking at their enterprise cloud computing strategy. Regardless of whether it’s on-premise or in the cloud, Kentico CMS is ready,” says Kentico Software CEO, Petr Palas.
Based on the influence of cloud, mobile devices and social media, the online needs of users and customers have changed significantly in recent years. The days of simple brochure-esque websites targeting traditional browser devices with one-way communication are quickly coming to an end. The web has evolved to become much more sophisticated medium. A business website is no longer a destination; rather, it is a central nexus for commercial engagement.Nubifer realizes that a business site today needs to cover the gamut – it needs to be visually appealing, it needs to have an intuitive information architecture, it needs to deliver dynamic, rich, compelling content, it needs to have mechanisms for visitor interaction, it needs to be optimized for speed and responsiveness, it needs to be highly scalable and it needs to deliver an excellent experience to traditional browser devices like desktops and laptops.
Kentico identified that in order to deal with the huge demand for web content from the social and mobile Internet, business websites need to be built with scalability at the forefront of the engineer’s minds. This is where the Cloud and Kentico CMS meet; elastic infrastructure which can be optimized to adapt to the growing needs of your business. Whether this is Infrastructure-as-a-Service ( IaaS ), or Platform-as-a-Service (PaaS), Kentico CMS provides turn-key solutions to the various options available which will allow your organization’s web properties to scale efficiently and economically.Kentico’s cloud optimized CMS platform enables organizations to deploy their portal in minutes and easily create a fully-configured, fault-tolerant and load-balanced cluster. Kentico’s cloud-ready portal deployments automatically scale to meet the needs’ of customers, which can vary widely depending on the number of projects, the number of people working on each project and users’ geographic locations.
By automatically and dynamically growing and reducing the number of servers on the cloud, those leveraging a Kentico CMS solution can reduce costs, only paying for the system usage as needed, while maintaining optimum system performance.”Kentico Software shares our vision of driving the expansion and delivery of new capabilities in the cloud,” said Chad Collins, Nubifer CEO. “The Kentico CMS brings automation, increased IT control and visibility to users, who understand the advantages of creating and deploying scalable portal solutions in the cloud.”
About Kentico CMS
Kentico CMS is an affordable Web content management system providing a complete set of features for building websites, community sites, intranets and on-line stores on the Microsoft ASP.NET platform. It supports WYSIWYG editing, workflows, multiple languages, full-text search, SEO, on-line forms, image galleries, forums, groups, blogs, polls, media libraries and is shipped with 250+ configurable Web parts. It’s currently used by more than 6,000 websites in 84 countries.

Kentico Software clients include Microsoft, McDonald’s, Vodafone, O2, Orange, Brussels Airlines, Mazda, Ford, Subaru, Isuzu, Samsung, Gibson, ESPN, Guinness, DKNY, Abbott Labs, Medibank, Ireland.ie and others.

About Kentico Software
Kentico Software (www.kentico.com) helps clients create professional websites, online stores, community sites and intranets using Kentico CMS for ASP.NET. It’s committed to deliver a full-featured, enterprise-class, stable and scalable Web Content Management solution on the Microsoft .NET platform. Founded in 2004, Kentico is headquartered in the Czech Republic and has a U.S. office in Nashua, NH. Since its inception, Kentico has continued to rapidly expand the Kentico CMS user base worldwide.Kentico Software is a Microsoft Gold Certified Partner. In 2010, Kentico was named the fastest growing technology company in the Czech Republic in the Deloitte Technology FAST 50 awards. For more information about Kentico’s CMS offerings, and how it can add value to your web properties, contact Nubifer today.

Strategies for Cloud Security

Security and compliance concerns continue to be the primary barrier to cloud adoption. Despite important security concerns, cloud computing is gaining traction. The issue now is not “will my organization move to the cloud?” Rather, it is “when?”In this article, Nubifer’s Research Team explores requirements for intelligent cloud security strategies. What are the minimum requirements? How do you coalesce traditional security protocols with advanced technologies like data loss prevention and risk management?
Security Concerns Slowing Cloud Adoption

A recent Cloud Trends Report for 2011 discovered that the number of organizations that are immenently planning the move to the cloud almost doubled from 2009 (24%) to 2010 (44%). The study also discovered that issues relating to cloud security is the primary obstacle to migration. In the published report, more than a quarter of those surveyed cited security as their number one concern, with almost 60% including security in their top three.

CA Technologies recently published a study concluding that, despite industry concerns about cloud security, roughly half of those leveraging the cloud do not effectively review vendors for security issues before deployments. The study, ‘Security of Cloud Computing Users: A Study of Practitioners in the US & Europe’, discovered that IT personnel vary with their determination of who is in charge of securing sensitive data and how to go about doing  it.

Constructing a Cloud Security Plan

Despite the ability of many organizations to analyze their own security protocols, there remain many valid cloud security fears. Shifting the burden of protecting important data to an outside vendor is nerve-racking, especially in a vertical that has to abide by regulations such as HIPAA, SOX or PCI DSS.

Risks involving cloud security still have many unknowns, so discovering an over-arching cloud strategy is a requirement. If your organisation does not have a game plan in place, are you ready to adapt and change as requirements evolove?

Your CFO or related exec is your organizations’ largest risk for financial application breach and data loss. The HR director needs to be effectively trained and managed so that ‘lost’ personnel files don’t come back to bite you.  Most importantly, the largest risk of all is the CEO.

Hackers realize this, which is why Chief executives are consistently victims of  “whaling attacks,” such as the well known ‘CEO subpoena phishing scam’.

A robust strategy to protect the most privileged users has the additional benefit of giving your organization an generalized cloud security road-map. Are mobile device risks a concern? Your most senior users desire remote and mobile access. What about data loss? Your senior users have more access to tarrying data points.

When your organization moves from analyzing itself to evaluating potential cloud application and platforms, do not neglect to look into how prevalent cloud services have already become in your IT infrastructure. Are you using Salesforce.com? Basecamp? Taleo? Google Apps?

Super brand cloud/SaaS/PaaS providers, Microsoft, Salesforce.com and Google all have tremendous reputations. So aligning projects leveraging these brands with security protocols should not be time consuming. You’ll want to analyze others to ensure they are legit providers that spend the time to properly secure their IT environments.

Lastly, as software licenses run out and as product upgrades come due, you’ll be in position to effectively begin analyzing the cloud vendors you will want to leverage for your mission-critical operations.

Following that advice will get you started. For more information on formulating a Cloud Security strategy visit Nubifer.com.


Organizations Leveraging the Cloud

In a recent poll by CDW, it found that nearly 28 % of all US based companies are leveraging the cloud, while almost 75% said that their first access to the cloud was through a simple cloud application.

The Cloud Computing Tracking Poll was conducted as a review of the current and future use of the cloud by business organizations and  government offices which was based on a survey of nearly 1,200 IT professionals.

About 84% of the organizations said that they have deployed at least one cloud application, while some others are not aware if they are a part of the users who are in the cloud.

“Many organizations are carefully – and selectively – moving into cloud computing, as well they should, because it represents a significant shift in how computing resources are provided and managed,” said David Cottingham, senior director, CDW. “With thoughtful planning, organizations can realize benefits that align directly with their organizational goals: consolidated IT infrastructure, reduced IT energy and capital costs, and ‘anywhere’ access to documents and applications.”

CDW mentioned that applications most frequently run in the cloud are service applications, such as email or docs, which have about half of the cloud users, file storage has 39 % of users, web and video conferencing has 36 and 32 % respectively, and 34 % of the respondents are the ones conducting online training programs.

Among those currently leveraging the cloud, almost 85 % said they cut application costs by moving to the cloud. On an average, users said, they save 21 % annually on those applications which are migrated to a cloud platform.

“The potential to cut costs while maintaining or even enhancing computing capabilities for end users presents a compelling case for investment in cloud computing,” Cottingham said. “The fact that even current cloud users anticipate spending just a third of their IT budget on cloud computing within five years suggests that before wide-scale implementation, IT managers are taking a hard look at their IT governance, architecture, security and other prerequisites for cloud computing, in order to ensure that their implementations are successful.”

This survey included 150 individuals from various industries who thought of themselves as familiar with their organization’s use of, or plans for cloud computing, a report on the CDW website said.

To learn more about how your organization can leverage cloud applications, visit Nubifer.com.

5 Recommendations to Keep your Personal Data Secure in the Cloud

Apple’s iCloud offering  is additional evidence of the unmitigated flow of data to the cloud. Despite the latest breaches of security at various organizations, including the issues that have affected many Sony customers, more and more of us are casting personal or business assets to the cloud.

Yet many of us remain uneducated about the required steps we should employ to keep our online data safe. Adhering to these five guidelines will go a long way towards aiding the average person keep online threats at a distance.

1. Don’t Take Security for Granted
There are two ways to your online data. One is through the cloud provider’s environment, and the second route is even more potent, and it’s much closer to home. The easiest and most available way for an intruder to get to your online records is through your login credentials. Of course you want the provider to be secure, but don’t let that make you listless about your personal log-in creds.

2. Use Strong, Memorable Passwords
The problem with having complicated passwords is that they are usually hard to remember. Thekey is to start with something notable and then merge it into a strong password — this entails mixing numbers, letters, lower and upper case, and symbols as well. Start with an address, car license numbers, telephone numbers, date of birth. Don’t use your own — use those you know; friends, kids, parents, partners, previous addresses; or old addresses you were at and cars you drove a decade ago. Choose something that can’t be linked to your online personality but always mix it up — half an area code, a name with half of a zip code, parts of an old address. Then add in a $, an !, or an @ sign to mix it up even more.

3. Guard your Inbox
You are going to recycle passwords, mostly for sites where you are not keeping  important information like your credit card numbers, DOB, address or SSN. There’s one place where you should never neglect to use a unique password — your email inbox. Because this is the primary location where all your other logins come back to when you reset a password. This one location is the portal to all your other online personas.

Although it’s a bit of a hassle, you should opt for double-protecting your inbox with a two-factor authentication, which means you have to enter a second password in order to gain access. This is especially crucial if you have a habit of going to malicious websites, you don’t keep your anti-malware software up to date, or you have a habit of failing to identify phishing emails.

4. Don’t Leave the Password Recovery Backdoor Open
Quite often, users take many precautions to protect their personal information but make it very easy to reset their password through the password recovery service. If your user ID is simple to guess (it’s often your email) then do not use something easy to figure out for your password reset, such as your DOB, wife’s maiden name or some other easily accessible piece of personal information.

5. Have an Alternate to Fall Back on
Security is mostly about risk avoidance, and however careful your execution, you can’t eliminate all risk. So give yourself a fallback option. Don’t put all your money in one account, have a separate emergency email address, make sure you’ve got local coffee shop with WiFi you can resort to if your main Internet connection disappears. Knowing that you’ve got a second option if something bad happens helps you remain calm in an emergency, which gives you a better chance of surviving a crisis.

For more information regarding the security of your online data, visit Nubifer.com.

Fujitsu to Deliver First Windows Azure Appliance This Summer

The “private cloud” Windows Azure appliances that Microsoft announced a year ago are here. There’s an August, 2011 ship date slated for the first of them.

Fujitsu, one of three OEMs that announced initial support for the Azure Appliance concept, is going to deliver its first Azure Appliance in August 2011, Fujitsu and Microsoft announced on June 7. Fujitsu’s offering is known as the Fujitsu Fujitsu Global Cloud Platform, FGCP/A5, and will be running in Fujitsu’s datacenter in Japan. Fujitsu has been running a trial of the service since April 21, 2011, with 20 companies, according to the press release.

Microsoft officials had no further updates on the whereabouts of appliances from Dell or Hewlett-Packard. Originally, Microsoft told customers to expect Azure Appliances to be in production and available for sale by the end of 2010.

Windows Azure Appliances, as initially described, were designed to be pre-configured containers with between hundreds and thousands of servers running the Windows Azure platform. These containers will be housed, at first, at Dell’s, HP’s and Fujitsu’s datacenters, with Microsoft providing the Azure infrastructure and services for these containers.

In the longer term, Microsoft officials said they expected some large enterprises, like eBay, to house the containers in their own data-centers on site — in other words, to run their own “customer-hosted clouds.” Over time, smaller service providers also will be authorized to make Azure Appliances available to their customers as well.

Fujitsu’s goal with the new Azure-based offering is to sign up 400 enterprise companies, plus 5,000 small/medium enterprise customers and ISVs, in the five-year period following launch, a recent Fujitsu press release noted.

For more information regarding the Azure Appliances, and how they can provide you with a turn-key private cloud solution, visit Nubifer.com/azure.