Recent Posts
Happy Holidays…Happy New Year
Digg
Reddit
Delicious
StumbleUpon
Facebook
Twitter
LinkedIn
BuzzBy John McEleney
You can’t turn on the radio without hearing holiday music, and one of my favorites is John Lennon’s “Happy Christmas.” As he and Yoko sang, “Another year over, and a new one just begun.” It really is hard to believe that we’re saying goodbye to 2010 and welcoming 2011.
2010 was a great year at CloudSwitch! We were extremely busy as we launched the company and our version 1.0 product, secured large enterprise customers whose use cases drove important new functionality in our version 2.0 (which we launched two weeks ago), and added some great new members to the team.
Members of the press always like to compile a list of predictions for the new year, and you can read our take from John Considine (Founder & CTO) and Ellen Rubin (Founder & VP Products) on how things may unfold.
As we lift our champagne glasses on New Year’s Eve, we wish you “a happy New Year, let's hope it's a good one!”
Image Conversion and VM Imports in Amazon
By John Considine
Yesterday Amazon announced another important tool in their ongoing platform innovation for EC2 – the VM Import tool. This converter allows you to “bring your VMware images to the cloud.” As we’ve seen extensively at CloudSwitch, this is a primary use case for most enterprises – the ability to take images you’ve already built (likely in VMware) and migrate them into the cloud. It’s great to see Amazon continue to innovate around these gaps in their offering, as this continues to drive the overall market growth and enterprise adoption. But it’s important to understand what this means for enterprises as they begin to move their workloads.
Enterprises do not want large engineering projects to be required as a step to the cloud. They want solutions that “just work” and allow them to focus on their applications and business – NOT their VM’s. They also need their cloud-based resources to remain completely unmodified in terms of the application stack (down to the lowest level of operating system) because their fundamental goal is for all the business processes around the application to continue to run independent of location.
Here are some critical requirements for image migration that we address TODAY at CloudSwitch – that can’t be addressed by simple image conversion:
- Maintaining the fundamentals of your operating system:
- No changes to the content of your operating system or applications
- No changes to the system registry
- Full system security:
- Automatic encryption of all data and communications
- No disabling of anti-virus, intrusion detection, or other protection systems
- No enabling of remote services (e.g., RDP) that potentially expose your apps to attackers
- Simple, enterprise-standard management:
- Management of all VM attributes (e.g., VMX, OVF, vApp…)
- No additional software in your OS images
- No changes to internal processes for building and managing VM’s
- No re-architecting of your networking or storage configurations
- No dependence on a cloud provider for your operating system selection, upgrades and patches
So where does this position the new VM Import converter from Amazon? It’s an important step along a much larger process of making EC2 become “enterprise-class,” or at the least, “enterprise-viable.” What’s needed is for the partner ecosystem around EC2 to build out the missing elements based on a deep, long-standing knowledge of enterprise needs and processes. At CloudSwitch, given our intense focus on enterprise requirements and team of experts in enterprise complex systems and software, we believe there is a very high bar to truly meeting the needs of the enterprise in the cloud. Beyond the underlying physical security, compliance and legal/procurement processes that cloud providers must address to be widely adopted, there are “tactical” issues around things like image migration that turn out to be far more complex than you’d think at first glance.
The key understanding of true enterprise needs is this: even small changes at the VM level can have major implications for application deployment, management, security and compliance. Enterprises care deeply about these issues and don’t want to adapt their processes to the cloud – they want the cloud to adapt to their needs. The Amazon VMware converter broadens the platform for developers in the cloud – this is good for the entire cloud industry. But if you want to run your enterprise applications in the cloud securely and without any modification or changes to your internal processes then you need CloudSwitch.
"Lights Out" in the Cloud
By Guest Author, Lori MacVittie
Anyone familiar with enterprise-class infrastructure and servers knows that lights-out management is a must-have; not just in the event of a failure but also in the face of any event that compromises the ability of an admin or operator from accessing the machine. Lights-out management was early on a “nice to have” that evolved steadily into a “must have” feature not just for servers but for network and infrastructure devices, as well. This was particularly important as we saw the impact of excessive traffic and malicious attacks on web sites, many of which disrupted the ability for administrators and operators to access devices and machines in the data center and redress the situation.
With the advent of virtualization we took a few steps back in our ability to lights-out manage “virtual” infrastructure and servers, especially in shared environments such as cloud computing. Because the lights-out management capabilities are generally associated with the physical machine, there was no mechanism for extending that capability to the individual, highly abstracted virtual machines executing atop that hardware platform. The only answer in shared environments is, then, to hit the reset button on the virtual machine. That’s not an ideal way of dealing with what may be an attack or configuration issue because you can’t identify the problem if you reset the instance back to what should be a pristine state.
Cloud computing makes this problem even more extreme. The public cloud platforms have been designed around a new cloud model with published APIs and their own control planes. These control planes are extremely powerful, enabling provisioning on demand, and programmatic access to resources. However, many of the clouds have limited or non-existent access to those low-level control functions that enterprises rely on, including (but not limited to): network booting, boot order control, boot and kernel options, the ability to boot to the last known good state, and the ability to attach debuggers to the systems in the cloud.
These challenges have emerged as barriers to enterprise cloud adoption. If administrators can’t control their machines in the cloud as they require, they’ll be reluctant to move any meaningful workloads there. So it’s great to see that CloudSwitch is tackling the issue with the latest version of their Enterprise software, released this week.
One of the key features CloudSwitch now provides is “console” access to the servers within the cloud. This access is running on an independent control plane so that the CloudSwitch user can access a server in the cloud even if it is having difficulty booting. The CloudSwitch console allows the user to access the keyboard and “VGA” display of the server in the cloud to be able to control boot parameters, setup (or repair) networking, or boot to safe mode, or even repair file systems. The enterprise can now administer and repair systems using the tried and true methods that they are used to.
CloudSwitch provides the low-level, independent access to the virtual hardware within cloud deployments to allow administrators the access and control they need. While console access may be a side-effect of the underlying cross-cloud deployment and management “isolation technology” used to enable CloudSwitch to perform its magic, it’s an important feature that should certainly be noticed – and appreciated – by administrators and operators for whom such “technology insurance” is valuable in troubleshooting and responding to issues occurring off-site.
CloudSwitch Enterprise 2.0 Delivers Greater Flexibility and Control in the Cloud
By the CloudSwitch Team
It feels like just yesterday that we unveiled CloudSwitch Enterprise to the world. Since then we have closed many large commercial customers, learned a lot from their use cases and have been hard at work building major new functionality in the product. Time flies when you’re having fun – in less than six months, we have delivered version 2.0 of our award-winning CloudSwitch Enterprise software. This release has some great features and improvements driven by our customers’ use cases as they move to the cloud. The 2.0 Enterprise release is further proof that we can innovate at a brisk pace on our core architecture, building on our patent-pending Cloud Isolation Technology™.
Our fundamental value proposition remains unchanged. We continue to provide customers with the ability to extend their internal virtual infrastructure to the cloud environment of their choice, independent of the provider’s underlying virtualization platform (VMware, Xen, etc.). This allows customers to run applications in the right cloud computing environment without requiring them to make any modifications to their applications or management tools – we maintain the same IP address, MAC address, storage controllers, subnet information, etc. Everything continues to work in the cloud just as if it were running locally in the data center.
We are seeing a growing level of confidence in how enterprises use the cloud. They are starting to move towards a production-oriented set of workloads beyond the initial development and test scenarios we saw earlier in 2010. With that trend in mind, we’ve developed new features that allow customers to provision new applications in the cloud, to extend network topologies into the cloud with full security and control, and to scale and better manage their growing cloud workloads via our CLI tools and intuitive web-based user interface.
Provisioning in the Cloud
This capability was driven by numerous requests from our customers to provision exactly the image they want in the cloud as opposed to relying on a cloud provider’s options, which may not always meet their specific requirements.
With CloudSwitch Enterprise 2.0, customers can now provision virtual machines in the cloud following the same process that they would in the data center. Our user interface gives you the ability to provision in the cloud with point-and-click simplicity by configuring virtual machine parameters such as the operating system, memory, number of disks, storage controllers, network settings and boot options to provision your application stack in the cloud either using your gold ISOs, or by leveraging PXE boot. You can provision as many virtual machines as required, add as many NICs as necessary, generate new MAC addresses for them and get console access to the virtual machines being provisioned in the cloud. Our CloudFit™ function allows you to use any combination of a cloud provider’s instance sizes to customize the cores, memory, storage, compute capacity and region before you provision in the cloud. All these features give you the freedom to create new virtual machines in the cloud without having to change other data center services such as DNS and identity management.
Now that customers can provision in the cloud, the next step is to automate the process of creating virtual machines in the cloud so they can scale up or down to meet peak demand. CloudSwitch Enterprise 2.0 has SOAP-based web services and command line interfaces to enable auto-scaling in the cloud, for capacity on-demand, such as cluster scale-outs and website scaling during marketing campaigns and seasonal peaks.
Extending Enterprise Network Topologies into the Cloud
Firewall in the Cloud & Public IP Access
As discussed in one of our previous blog posts, CloudSwitch gives customers secure, public connectivity to their applications in the cloud through a fully-featured firewall in the cloud. This allows customers to securely host multi-tiered applications in the cloud and give end users direct access to these cloud resources–reducing bandwidth constraints within their data centers and improving performance by moving compute resources closer to the end users.
There are also scenarios where customers use CloudSwitch to handle peak demand in the cloud using the load balancer that is part of our firewall solution. This is particularly useful when handling spikes in traffic during cyclical events such as tax season and holiday shopping. Our infrastructure allows customers to seamlessly direct traffic to the most appropriate load-balanced resource in the cloud.
Check out our how-to video to learn more about how you can create a secure, public IP gateway to the cloud.
Layer-2 Connectivity with Layer-3 Support
A core aspect of our architecture is to provide layer-2 connectivity between the data center the cloud. This allows our customers to run their workloads in the cloud without changing any network configuration data such as IP addresses, MAC addresses and netmasks, since this is transparent when connectivity is established at the data link layer.
Over the past several months, we have heard requests for layer-3 connectivity to use IPSec and other capabilities. For instance, if customers want to create IPSec connections from their branch offices directly to the cloud they now have the option to do that using our firewall in the cloud. This is in contrast to other technologies where all traffic is routed from the data center to the cloud. CloudSwitch provides customers with options to use their own routing controls, and leverage their existing networking tools. Internally, we still have layer-2 transparency so we can maintain the same IP address and MAC address for virtual machines in the cloud. Every enterprise customer has a unique and often highly-complex network configuration and CloudSwitch Enterprise 2.0 provides the flexibility to mix and match layer-2 and layer-3 connectivity based on their needs.
Multiple Subnets
CloudSwitch now offers sophisticated networking capabilities that allow customers to configure their networks in the cloud according to their specific requirements. CloudSwitch Enterprise 2.0 gives you the flexibility to build network topologies in the cloud that extend organizations’ internal data center networks. Customers can represent multiple subnets in the cloud, span subnets across clouds if necessary, easily map multiple NICs to multiple subnets through our user interface, and use a firewall to connect two subnets much like a colo deployment.
In addition to our networking enhancements, we’ve also added broader geographic support, including all Terremark and Amazon regions and availability zones, to ensure that customers get the best “fit” for their performance and compliance needs.
Working with Our Customers to Drive Cloud Innovation
The market for cloud computing is growing quickly and we’ve seen an increasing level of confidence in our enterprise customers and prospects who are using the cloud. The features in CloudSwitch Enterprise 2.0 will help address customer needs for greater flexibility, scalability and control as they begin to run and scale production workloads in the cloud. We take great pride in working closely with our customers at the forefront of the cloud revolution, and being responsive to customer and market requirements through our agile development process. Watch this space for more exciting product announcements in 2011 and try CloudSwitch Enterprise 2.0 so you can start running your enterprise applications in the cloud today!
Join our "CloudSwitch 2.0 Launch Overview & Product Demonstration" live webinar to learn how our enterprise customers are running their Windows and Linux apps in the cloud simply and securely using CloudSwitch.
After Security, Network Bandwidth is the Next Cloud Bottleneck
By Ellen Rubin
Security concerns (real and imagined) have long dominated much of the cloud conversation and caused many companies to deliberate about getting started in the cloud. Slowly, the security issues are being addressed--through the adoption of corporate policies for cloud usage, maturing cloud provider offerings, and by technologies such as CloudSwitch which isolate and encrypt all cloud resources to meet the requirements of the CSO. But while the focus has been on cloud security, another potential bottleneck is on the horizon as companies start using the cloud in more substantial ways.
In our discussions with IT executives and their teams, we’ve been hearing about a new concern: the ability of corporate networks to handle cloud traffic. Network performance is a lurking issue that hasn’t yet received the attention it deserves. That’s understandable, since bandwidth is rarely a problem for companies exploring the cloud in a small way, where they may deploy a few experimental VMs in order to understand the process. But as they start expanding their cloud footprint and running production-oriented applications, data movement takes on a completely different scale. As enterprises start to move real workloads out to the cloud (or to straddle internal and external clouds), look for network performance to become top of mind.
IT professionals and developers often assume they have huge network capacity, and it’s probably ample for their current Internet usage or the small cloud projects they may have tried so far. But what will happen, for example, when you have dozens of developers all trying to use cloud resources? Or if you put high-transaction processes in the cloud that need to “talk back” to your data center? What if you are trying to move a lot of video or graphics between your business users and the cloud? Network usage is about to get much more demanding, and the traffic will need to flow without bottlenecks (or saturating the network) for an organization’s cloud strategy to work.
Thus potential cloud users will have to do some back-of-the-envelope analysis of the maximum bandwidth they might need and how much additional traffic the network can handle. While the data center (or internal network) is running at speeds of 1Gb and even 10Gb, the connection to the Internet is lagging behind. Today, a “good” Internet connection is considered to be in the 100Mbps range. Some companies have more, and many have less than this capability, so when extending services to the cloud, you have to consider what impact this lower speed could have, and how to deal with it.
This is actually a two-part problem. You have to consider initial data movement: how long will it take to move a terabyte of data over the Internet and into the cloud? What impact will that have on current users and your business? You also have to look at ongoing updating of that data: how much traffic will be flowing back and forth, and what will that mean for your steady state? Will you have to buy more bandwidth for the cloud to be viable? Obviously, any major new capex requirements would be a challenge for cloud adoption.
Fortunately, technologies are emerging that can help optimize your current network and avoid an expensive upgrade. For example, CloudSwitch has a public IP address capability that provides direct access to cloud resources without having to go through the enterprise data center, avoiding what could otherwise be a huge bottleneck. Rather than relying on the Internet connection to the data center, cloud deployments can take advantage of the aggregate bandwidth of end users. This CloudSwitch feature also allows enterprise firewalls and load balancing capabilities to run in the cloud so traffic can flow smoothly and securely. In addition, companies like Citrix, F5, Riverbed, and Cisco are developing software versions of their WAN optimization technologies that can be deployed in the cloud. Their innovations in compression, de-duplication, and other techniques will enable much more efficient data movement so you can make better use of the network you already have.
If you’re the head of IT or Application Development looking ahead to 2011, you probably have some great cloud pilots under your belt, and you’re evaluating moving into the cloud in production mode. Just remember that bandwidth is something you’ll need to think about and prepare for.
CloudSwitch has been thinking about these issues, and together with our partners we’re working on solutions to ensure optimum bandwidth for the cloud. Emerging technologies will allow you to meet the bandwidth demands required by production applications, so you can scale out your cloud footprints without building out your corporate network, leveraging the investments you’ve already made.
AWS and Freedom of Speech?
By John McEleney
The blogosphere and twitter have been in overdrive the past couple of days with the removal of WikiLeaks from AWS. The reaction and condemnation of Amazon has been swift and often brutal – charging the company with censorship and cowardly behavior. Consider the announcement from WikiLeaks on Twitter:
“WikiLeaks servers at Amazon ousted. Free speech the land of the free — fine our $ are now spent to employ people in Europe.”
Even the New York Times is fanning the flame by suggesting that Amazon yielded to political pressure from Senator Lieberman: “WikiLeaks’ illegal, outrageous, and reckless acts have compromised our national security and put lives at risk around the world,” Mr. Lieberman said. “No responsible company – whether American or foreign – should assist WikiLeaks in its efforts to disseminate these stolen materials.”
It’s very clear that WikiLeaks violated their terms of service; in fact Amazon posted this announcement on their AWS site:
Amazon Web Services (AWS) rents computer infrastructure on a self-service basis. AWS does not pre-screen its customers, but it does have terms of service that must be followed. WikiLeaks was not following them. There were several parts they were violating. For example, our terms of service state that “you represent and warrant that you own or otherwise control all of the rights to the content…, that use of the content you supply does not violate this policy and will not cause injury to any person or entity.” It’s clear that WikiLeaks doesn’t own or otherwise control all the rights to this classified content.
I believe the decision by Amazon was neither censorship nor cowardly. If I had to choose a word to express the action taken, I would call it consistent. It is consistent with the agreement that end users accept when they use AWS. I applaud Amazon for taking this action. While there are valid arguments for both sides of the WikiLeaks issue, these are part of a much broader debate over the democratization of information enabled by the internet and the moral code that journalists in the print media have lived by for so many years. For Amazon, the issue is more specifically related to the nature of the WikiLeaks content.
Sometimes it is useful to examine this type of decision at a personal level. Imagine that tomorrow someone steals some of your own personal property and tries to sell it on eBay. Wouldn’t you expect eBay to respond to your request by removing the offending posting? That’s exactly what Amazon did – once alerted to the fact that WikiLeaks was using AWS to distribute material that did not belong to them, Amazon took the controversial, but proper step (consistent with their terms of usage) of discontinuing WikiLeaks’ service.
Conspiracy theorists will say that Obama and half the government called Jeff Bezos and demanded that he stop WikiLeaks or else… my guess is that the truth is that the AWS team simply looked at the material and made the decision to terminate their access because it violated their terms of usage.
This is plain and simple – no major conspiracy, no attack on freedom of speech, just consistent business practices – which is exactly what you and I should expect from a leading cloud provider.
