Databases in the Cloud Revisited
A few of us were talking on Facebook about high speed rail (HSR) and where/when it makes sense the other day, and I finally said that it almost never does. Trains lost out to automobiles precisely because they are rigid and inflexible, while population densities and travel requirements are highly flexible. That hasn’t changed since the early 1900s, and isn’t likely to in the future, so we should be looking at different technologies to answer the problems that HSR tries to address. And since everything in my universe is inspiration for either blogging or gaming, this lead me to reconsider the state of cloud and the state of cloud databases in light of synergistic technologies (did I just use “synergistic technologies in a blog? Arrrggghhh…). There are several reasons why your organization might be looking to move out of a physical datacenter, or to have a backup datacenter that is completely virtual. Think of the disaster in Japan or hurricane Katrina. In both cases, having even the mission critical portions of your datacenter replicated to the cloud would keep your organization online while you recovered from all of the other very real issues such a disaster creates. In other cases, if you are a global organization, the cost of maintaining your own global infrastructure might well be more than utilizing a global cloud provider for many services… Though I’ve not checked, if I were CIO of a global organization today, I would be looking into it pretty closely, particularly since this option should continue to get more appealing as technology continues to catch up with hype. Today though, I’m going to revisit databases, because like trains, they are in one place, and are rigid. If you’ve ever played with database Continuous Data Protection or near-real-time replication, you know this particular technology area has issues that are only now starting to see technological resolution. Over the last year, I have talked about cloud and remote databases a few times, talking about early options for cloud databases, and mentioning Oracle Goldengate – or praising Goldengate is probably more accurate. Going to the west in the US? HSR is not an option. The thing is that the options get a lot more interesting if you have Goldengate available. There are a ton of tools, both integral to database systems and third-party that allow you to encrypt data at rest these days, and while it is not the most efficient access method, it does make your data more protected. Add to this capability the functionality of Oracle Goldengate – or if you don’t need heterogeneous support, any of the various database replication technologies available from Oracle, Microsoft, and IBM, you can seamlessly move data to the cloud behind the scenes, without interfering with your existing database. Yes, initial configuration of database replication will generally require work on the database server, but once configured, most of them run without interfering with the functionality of the primary database in any way – though if it is one that runs inside the RDBMS, remember that it will use up CPU cycles at the least, and most will work inside of a transaction so that they can insure transaction integrity on the target database, so know your solution. Running inside the primary transaction is not necessary, and for many uses may not even be desirable, so if you want your commits to happen rapidly, something like Goldengate that spawns a separate transaction for the replica are a good option… Just remember that you then need to pay attention to alerts from the replication tool so that you don’t end up with successful transactions on the primary not getting replicated because something goes wrong with the transaction on the secondary. But for DBAs, this is just an extension of their daily work, as long as someone is watching the logs. With the advent of Goldengate, advanced database encryption technology, and products like our own BIG-IPWOM, you now have the ability to drive a replica of your database into the cloud. This is certainly a boon for backup purposes, but it also adds an interesting perspective to application mobility. You can turn on replication from your data center to the cloud or from cloud provider A to cloud provider B, then use VMotion to move your application VMS… And you’re off to a new location. If you think you’ll be moving frequently, this can all be configured ahead of time, so you can flick a switch and move applications at will. You will, of course, have to weigh the impact of complete or near-complete database encryption against the benefits of cloud usage. Even if you use the adaptability of the cloud to speed encryption and decryption operations by distributing them over several instances, you’ll still have to pay for that CPU time, so there is a balancing act that needs some exploration before you’ll be certain this solution is a fit for you. And at this juncture, I don’t believe putting unencrypted corporate data of any kind into the cloud is a good idea. Every time I say that, it angers some cloud providers, but frankly, cloud being new and by definition shared resources, it is up to the provider to prove it is safe, not up to us to take their word for it. Until then, encryption is your friend, both going to/from the cloud and at rest in the cloud. I say the same thing about Cloud Storage Gateways, it is just a function of the current state of cloud technology, not some kind of unreasoning bias. So the key then is to make sure your applications are ready to be moved. This is actually pretty easy in the world of portable VMs, since the entire VM will pick up and move. The only catch is that you need to make sure users can get to the application at the new location. There are a ton of Global DNS solutions like F5’s BIG-IP Global Traffic Manager that can get your users where they need to be, since your public-facing IPs will be changing when moving from organization to organization. Everything else should be set, since you can use internal IP addresses to communicate between your application VMs and database VMs. Utilizing a some form of in-flight encryption and some form of acceleration for your database replication will round out the solution architecture, and leave you with a road map that looks more like a highway map than an HSR map. More flexible, more pervasive.iDo Declare: iPhone with BIG-IP
Who would have imagined back in 1973 when Martin Cooper/Motorola dialed the first portable cellular phone call, that one day we'd be booking airline tickets, paying bills, taking pictures, watching movies, getting directions, emailing and getting work done on a little device the size of a deck of cards. As these 'cell-phones' have matured, they've also become an integral part of our lives on a daily basis. No longer are they strictly for emergency situations when you need to get help, now they are attached to our hip with an accompanying ear apparatus as if we've evolved with new bodily appendages. People have grown accustomed to being 'connected' everywhere. There have been mobile breakthroughs over the years, like having 3G/4G networks and Wi-Fi capability, but arguably one of the most talked about and coveted mobile devices in recent memory is the Apple iPhone. Ever since the launch of the iPhone in 2007, it has changed the way people perceive and use mobile devices. It's not just the tech-savvy that love the iPhone, it's Moms, Florists, Celebrities, Retailers and everyone in between that marvel at the useful ways iPhone can be used, and for their very own novel purpose. There are literally hundreds of thousands of apps available for iPhone, from the silly and mundane to banking and business. Browsing the web is a breeze with the iPhone with the ability to view apps in both portrait and landscape modes. The ability to zoom and 'pinch' with just your fingers made mobile browsing tolerable, even fun from an iPhone. Shopping from your cell phone is now as common as ordering a cup of coffee - often at the same time! iPhone developers are pushing the limits with augmented reality applications where you can point your iPhone into the sky and see the flight number, speed, destination and other such details as planes fly by. When the iPhone was first introduced and Apple started promoting it as a business capable device, it was missing a few important features. Many enterprises, and small businesses for that matter, use Microsoft products for their corporate software - Exchange for email, Word for documents, Excel for spreadsheets and PowerPoint for presentations. Those were, as expected, not available on the iPhone. As new generations of iPhones hit the market and iOS matured, things like iPhone Exchange ActiveSync became available and users could now configure their email to work with Exchange Server. Other office apps like Documents-to-Go make it possible for iPhone users to not only to view Microsoft Word and Excel documents, but they were able to create and edit them too. Today, there are business apps from Salesforce, SAP and Oracle along with business intelligence and HR apps. Companies can even lock down and locate a lost or stolen iPhone. Business users are increasingly looking to take advantage of Apple iOS devices in the corporate environment, and as such IT organizations are looking for ways to allow access without compromising security, or risking loss of endpoint control. IT departments who have been slow to accept the iPhone are now looking for a remote access solution to balance the need for mobile access and productivity with the ability to keep corporate resources secure. The F5 BIG-IP Edge Portal app for iOS devices streamlines secure mobile access to corporate web applications that reside behind BIG-IP Access Policy Manager, BIG-IP Edge Gateway and FirePass SSL VPN. Using the Edge Portal application, users can access internal web pages and web applications securely, while the new F5 BIG-IP Edge Client app offers complete network access connection to corporate resources from an iOS device; a complete VPN solution for both the iPhone and iPad. The BIG-IP Edge Portal App allows users to access internal web applications securely and offers the following features: User name/password authentication Client certificate support Saving credentials and sessions SSO capability with BIG-IP APM for various corporate web applications Saving local bookmarks and favorites Accessing bookmarks with keywords Embedded web viewer Display of all file types supported by native Mobile Safari Assuming an iPhone is a trusted device and/or network access from an iPhone/iPad is allowed, then the BIG-IP Edge Client app offers all the BIG-IP Edge Portal features listed above, plus the ability to create an encrypted, optimized SSL VPN tunnel to the corporate network. BIG-IP Edge Client offers a complete network access connection to corporate resources from an iOS device. With full VPN access, iPhone/iPad users can run applications such as RDP, SSH, Citrix, VMware View, VoIP/SIP, and other enterprise applications. The BIG-IP Edge Client app offers additional features such as Smart Reconnect, which enhances mobility when there are network outages, when users roaming from one network to another (like going from a mobile to Wi-Fi connection), or when a device comes out of hibernate/standby mode. Split tunneling mode is also supported, allowing users to access the Internet and internal resources simultaneously. BIG-IP Edge Client and Edge Portal work in tandem with BIG-IP Edge Gateway, BIG-IP APM and FirePass SSL VPN solutions to drive managed access to corporate resources and applications, and to centralize application access control for mobile users. Enabling access to corporate resources is key to user productivity, which is central to F5’s dynamic services model that delivers on-demand IT. ps Resources F5 Announces Two BIG-IP Apps Now Available at the App Store F5 BIG-IP Edge Client App F5 BIG-IP Edge Portal App F5 BIG-IP Edge Client Users Guide iTunes App Store Securing iPhone and iPad Access to Corporate Web Applications – F5 Technical Brief Audio Tech Brief - Secure iPhone Access to Corporate Web Applications Is the iPhone Finally Ready for Business Use? iPhone in Business The next IT challenge: Mobile device management Use Your iPhone to See Where Planes are HeadedF5 Long Distance VMotion Solution Demo
Watch how F5's WAN Optimization enables long distance VMotion migration between data centers over the WAN. This solution can be automated and orchestrated and preserves user sessions/active user connections allowing seamless migration. Erick Hammersmark, Product Management Engineer, hosts this cool demonstration. psConnecting to a Cloud while Flying thru the Clouds
CloudFucius checked out some In-flight WiFi this week while traveling to Seattle. Alaska Air offers GoGo Inflight Internet on their 737 fleet flying the 48 contiguous for $4.95, but the service is free through July 2010. An instruction card is located in the magazine pouch located in front of your seat and after the climb to 10,000 ft, you can connect with your WiFi enabled device. The setup is simple: 1. Turn on WiFi; 2. Find ‘gogoinflight’ signal (which happens to be the only one found at 10,000 ft); 3. Launch browser and log in. You do need to create an account, if you haven’t already, and fill out a couple pages of info – not at all cumbersome. We got connected fairly easily and quickly without any issues. We even got connected to F5’s corporate VPN and was able to open Outlook and download any new email along with anything else I usually do while working remotely. The signal was strong and the speed was usable. There have been a couple articles about the latency and performance challenges of these cellular connections once more than a few flyers connect. Limited number of power ports on planes might also discourage fliers, especially on long flights. Plus, according to this article, ‘Of the 230 respondents who guide corporate travel policy within their organizations, only 34 percent said it's OK for travelers to unsheathe their corporate cards to access Wi-Fi on all flights.’ The Business Travel News survey found that only 7% would reimburse in-flight internet access and only on very long flights. I usually use business air travel time to rest, play a game on the handheld, read and other relaxing activities but Internet-in-the-Sky does allow the classic road-warrior to stay productive, procrastinators to complete tasks and personal travelers to surf the web. Internet on a Plane got me thinking about the security implications of connecting while looking down at actual clouds. Certainly, you need to be aware of all the usual cautions and risks while connected to a typical open, unencrypted WiFi signal like protecting both your privacy and computer. Use a VPN if you have access to one, encrypt file transfers, enable your firewall & antivirus, ensure OS patches are up to date and disable any file shares. In-air Internet does pose some new threats. Over the shoulder eavesdropping is certainly a concern. Who hasn’t snuck a peek, glanced or outright watched the row in front, through the 2 inch seat separation either out of boredom or nosiness? While viewing someone edit a corporate PowerPoint isn’t that much of a threat; being able to see emails, VPN credentials or an internal web application URL and log in info being typed in, certainly is a risk. Call it back seat key logging. Forget about malware, I’ll watch and jot down what they type. I found myself feeling a little anxious as I entered the small bit of sensitive information required to create the GoGo account. Seeing the screen is also a concern and do believe there will be an uptick in privacy filters that protect computer screens from unwanted eyes. Protecting data in public places is hard enough, but in a cramped airplane there is almost no privacy and you really can’t just get up and leave. I’ve never been one who favored ‘save password’ but in this instance, having auto-filled asterisks instead of typing it in public is a good idea. Heightened awareness of the evolving business travel risks should be reiterated often to all employees. And one from Confucius: The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved. ps The CloudFucius Series: Intro, 1, 2, 3, 4, 5, 6, 7, 8, 9
Evaluating Your Tech Needs
In our increasingly digitised world, consumption habits are changing – both at a consumer and enterprise level – which in turn will significantly impact the way the C-Suite assesses their company’s technology needs. Consumers and employees are demanding access to information from any device, anywhere, at any time. This places additional pressure on existing technology infrastructure to essentially deliver more with shrinking IT budgets, without compromising security or performance. What’s more, as businesses continue to recover in the aftermath of the Global Financial Crisis, many are still dealing with cutbacks in IT investment and a shift in purchasing decision makers from the IT manager to business division heads, and the C-suite. With the increasing ability to implement critical technology services via software, businesses will demand the flexibility to grow based on their requirements, simply by adding additional software resources on their servers. This shift from Capital Expenditure (CapEx) to Operational Expenditure (OpEx) will mean that IT is viewed more as a utility in the coming years, opening up huge cost saving opportunities for businesses. Ultimately, services available on-demand through flexible licensing models will become a well-trodden path – given the reported benefits are to address increasing demand on delivering services. By having access to flexible billing options, executives will be able to scale the services up (or down) as needed, without a major upfront investment. Another trend that set to cause a series of technology shifts for businesses is the proliferation of new device adoption such as mobile phones, tablets, and ultra-mobile PCs, along with social technologies and The Internet of Things. In fact, with the cost of smartphones predicted by Gartner to come down to below the US$50 mark, it will open up mobile technology to more people than ever before. Inevitably, businesses need to consider more intelligent ways to serve customers online and on-the-go. As consumer mobile devices become ‘corporatised’, end-users will expect secure access to services from any device, and with web applications under increasing attack, security will also need to be top of mind. Ultimately, whether it’s for security, mobility, performance or ensuring availability, IT infrastructure will need to align with new innovations and changing user demands. The velocity of non-traditional enterprise applications being used in business will open up risks and require organisations to consider the security implications. Gen Y and Z employees will continue to demand a socialised environment; blurring the lines between personal-social and business-social applications. From malware to data leakage, organisations will find themselves at risk if they don’t adequately manage the social element of their organisations. C-level executives will need to start thinking about introducing policies and ensuring their IT infrastructure is prepared to cater to this new breed of employees, in order to stay competitive. Regardless of how they access corporate information through applications, these users have come to expect equivalent or better performance on a mobile or tablet than that achieved on a typical desktop computer. What businesses need is a backend infrastructure that can help deliver image-heavy content, prioritise traffic to overcome mobile network latency, and offer visibility into application performance. Furthermore, as cyber crime becomes more complex, with attacks from multiple angles on different devices, single-purpose security machines will be phased out in favour of sophisticated multi-purpose machines. This convergence will also happen in the context of performance, as businesses come to expect fast, reliable user experience on any device.
Sudah Saatnya Perusahaan Mengkaji Kembali Kebutuhan Sistem IT Agar Mampu Mengatasi Tantangan Bisnis Di Masa Depan
Please find the English language post from which this was adapted here. Pesatnya perkembangan teknologi digital di Indonesia saat ini, membuat pola konsumsi berubah-ubah; baik di level konsumen maupun enterprise. Perubahan ini berpengaruh besar terhadap bagaimana para eksekutif perusahaan mengkaji kebutuhan teknologi perusahaan mereka, karena kini untuk bisa mengakses informasi dari perangkat apapun, kapanpun, dan di manapun sudah menjadi kebutuhan yang semakin meningkat. Kebutuhan ini menimbulkan tantangan bagi perusahaan untuk mampu menyediakan lebih banyak layanan kepada karyawan dan konsumen mereka, dalam batasan infrastruktur yang sudah ada, ditambah lagi dengan budget anggaran belanja IT yang kian menyusut dari tahun-ke-tahun, namun tanpa mengorbankan keamanan dan kinerja sistem IT perusahaan. Tantangan lainnya yang juga dihadapi perusahaan adalah semakin berkurangnya anggaran IT, yang dikarenakan keputusan belanja IT tidak lagi berada di tangan pimpinan divisi IT melainkan di tangan pimpinan divisi bisnis. Hal ini lumrah dilakukan karena perusahaan mencari berbagai cara untuk meningkatkan daya saing mereka dalam menghadapi pasar bebas dan salah satu cara yang paling mudah dilakukan adalah efisiensi biaya. Agar perusahaan mampu menjaga efisensi biaya namun tetap dapat menyediakan berbagai inovasi ke pasar serta meningkatkan layanannya, maka perusahaan membutuhkan solusi yang memungkinkan mereka untuk menerapkan berbagai teknologi yang penting bagi perusahaan melalui software. Solusi ini merubah model pembelanjaan anggaran dari CapEx (biaya investasi) menjadi OpEx (biaya operasional), karena itu, di masa depan, IT akan dianggap sebagai utilitas. Keuntungan bagi perusahaan adalah mereka mendapatkan fleksibilitas untuk bisa mengembangkan layanan IT mereka, hanya dengan menambahkan software yang dibutuhkan ke dalam server tanpa perlu menanamkan investasi berupa hardware; bayangkan penghematan anggaran yang bisa dilakukan oleh perusahaan! Pada akhirnya layanan-layanan on-demand yang didapat model lisensi software akan banyak digunakan oleh perusahaan, karena mereka dapat menyediakan berbagai layanan dengan cepat tanpa harus mengeluarkan biaya investasi yang besar di awal. Dengan model lisensi, para eksekutif perusahaan akan mampu meningkatkan (atau menurunkan) skala layanan mereka kapanpun dibutuhkan dengan mudah dan biaya yang efektif. Tren lainnya, yang juga mendorong perkembangan teknologi enterprise, adalah tingkat adopsi smartphone, tablet, dan PC portabel yang bertumbuh dengan pesat, serta kemunculan teknologi-teknologi ‘baru’ sepeti teknologi sosial dan Internet of Things. Khususnya untuk smartphone, saat ini banyak smartphone murah yang harganya sekitar 500 ribu rupiah, dan harga ini akan mampu menjangkau lebih banyak konsumen di Indonesia. Memang tidak dapat dihindari lagi, perusahaan perlu mempertimbangkan berbagai cara yang lebih cerdas untuk mengakomodir dan melayani pelanggan dan karyawan mereka kapanpun dan di manapun secara online. Salah satu kebutuhan yang semakin meningkat di kalangan karyawan adalah BYOD, karena itu perusahaan harus siap mengamankan akses kedalam layanan perusahaan yang dilakukan dari berbagai macam perangkat, milik perusahaan maupun pribadi. Tren ini tentu saja tidak lepas dari ancaman keamanan, dimana serangan cyber menjadi semakin canggih dan masif, karena itu keamanan perlu menjadi prioritas bagi sebuah perusahaan. Pada akhirnya baik itu untuk keamanan, mobilitas, kinerja ataupun memastikan ketersediaan aplikasi untuk diakses, perusahaan harus mampu menyelaraskan infrastruktur IT mereka dengan permintaan atau kebutuhan pengguna (pelanggan dan karyawan) yang berubah dari waktu-ke-waktu. Perubahan yang dapat terlihat saat ini adalah kebutuhan Generasi Y dan Generasi Z, di mana lingkungan sosial menjadi hal yang penting bagi mereka. Kedua generasi ini mengaburkan batasan antara aplikasi yang digunakan untuk pribadi dengan aplikasi yang digunakan untuk operasional kantor; seperti contoh mereka menggunakan perangkat pribadi untuk mengakses email perusahaan atau menyimpan data-data perusahaan di cloud publik karena alasan kemudahan akses, dan di perangkat yang sama mereka juga melakukan banyak aktifitas pribadi seperti menjelajahi internet, chatting, hingga beraktifitas di sosial media. Berbagai ancaman bisa saja muncul karena ‘perilaku’ ini; seperti serangan malware hingga kebocoran data, karena itu mau tidak mau para eksekutif perusahaan juga perlu mengatur elemen-elemen sosial di perusahaan mereka. Mereka (para eksekutif perusahaan) perlu mulai berpikir tentang bagaimana menerapkan kebijakan dan infrastruktur yang mampu mengakomodir kebutuhan karyawan-karyawan generasi baru, agar menjadi tetap kompetitif di pasar. Terlepas dari perangkat yang digunakan karyawan mengakses data-data perusahaan melalui sebuah aplikasi, mereka berharap bisa mengakses apliaksi dan data perusahaan dengan kinerja yang sama atau bahkan lebih baik dari yang mereka dapatkan ketika menggunakan dekstop PC. Untuk memenuhi kebutuhan tersebut, perusahaan perlu memiliki infrastruktur backend yang mampu membantu mereka untuk mengirimkan berbagai konten yang terdapat banyak gambar, mampu mengatur prioritas dari trafik untuk mengatasi latensi jaringan mobile, dan menawarkan visibilitas ke dalam kinerja sebuah aplikasi. Seperti yang sudah disebutkan, ancaman keamanan di dunia saat ini telah berkembang menjadi semakin rumit, canggih dan masif, dari berbagai sumber di berbagai perangkat, yang membuat sistem keamanan tradisional tidak lagi mampu menghadapi gempuran dari penjahat cyber. Akibatnya, sistem keamanan tradisional akan semakin tergerus dengan sistem keamanan IT yang multi-fungsi. Konvergensi ini juga akan terjadi di dalam konteks kinerja sistem IT perusahaan, karena bisnis akan menuntut perusahaan untuk dapat menyediakan pengalaman pelanggan yang memuaskan di berbagai perangkat. Salah solusi yang dapat memberikan perusahaan adalah solusi Application Delivery Controller (ADC), seperti yang ditawarkan oleh F5 Networks. Solusi ADC memungkinkan perusahaan untuk meningkatkan tingkat ketersediaan akses ke aplikasi di dalam sebuah jaringan. Selain meningkatkan ketersediaan, solusi ADC juga mampu meningkatkan kinerja aplikasi dan jaringan perusahaan dengan sumber daya yang lebih sedikit dan efektif. Tidak luput, solusi ini juga mampu mengamankan trafik yang ingin mengakses aplikasi dan data sekaligus mengamankan aplikasi tersebut.The Inter-Cloud: Will MAE become a MAC?
If public, private, hybrid, cumulus, stratus wasn’t enough, the ‘Inter-Cloud’ concept came up again at the Cloud Connect gathering in San Jose last week. According to the Wikipedia entry, it was first introduced in 2007 by Kevin Kelly, both Lori MacVittie and Greg Ness wrote about the Intercloud last June and many reference James Urquhart in bringing it to everyone’s attention. Since there is no real interoperability between clouds, what happens when one cloud instance wants to reference a service in another cloud? Enter the Inter-Cloud. As with most things related to cloud computing, there has been lots of debate about exactly what it is, what it’s supposed to do and when it’s time will come. In the ‘Infrastructure Interoperability in a Cloudy World’ session at Cloud Connect, the Inter-Cloud was referenced as the ‘transition point’ when applications in a particular cloud need to move. Application mobility comes into play with Cloud Balancing, Cloud Bursting, disaster recovery, sensitive data in private/application in public and any other scenario where application fluidity is desired and/or required. An Inter-Cloud is, in essence, a mesh of different cloud infrastructures governed by standards that allow them to interoperate. As ISPs were building out their own private backbones in the 1990’s, the Internet needed a way to connect all the autonomous systems to exchange traffic. The Network Access Points (NAPs) and Metropolitan Area Ethernets (now Exchange – MAE East/MAE West/etc) became today’s Internet Exchange Points (IXP). Granted, the agreed standard for interoperability, TCP/IP and specifically BGP, made that possible and we’re still waiting on something like that for the cloud; plus we’re now dealing with huge chunks of data (images, systems, etc) rather than simple email or light web browsing. I would imagine that the major cloud providers already have connections the major peering points and someday there just might be the Metro Area Clouds (MAC West, MAC East, MAC Central) and other cloud peering locations for application mobility. Maybe cloud providers with similar infrastructures (running a particular hypervisor on certain hardware with specific services) will start with private peering, like the ISPs of yore. The reality is that it probably won’t happen that way since clouds are already part of the internet, the needs of the cloud are different and an agreed method is far from completion. It is still interesting to envision though. I also must admit, I had completely forgotten about the Inter-Cloud and you hear me calling it the ‘Intra-Cloud’ in this interview with Lori at Cloud Connect. Incidentally, it’s fun to read articles from 1999 talking about the Internet’s ‘early days’ of ISP Peering and those from today on how it has changed over the years. psLost Your Balance? Drop The Load and Deliver!
It’s not named dough, melted cheese, mushrooms and pepperoni balancing. Its called Pizza Delivery. The user makes a request either over the phone or on-line with all the context of the ingredients and specifics of the request. The Pizza Parlor then confirms the delivery location, gets to work and tries to deliver it to the destination as fast as they can. The request arrives, both parties validate the order sometimes with a two-person handshake and the user consumes the content that was delivered. Somewhat similar but much faster is what happens when a user makes a request from a web application. They type in the location they want to go to, the ADC considers such contextual information like user, IP address, browser type, location and other variables to then deliver the specific content that is being requested – as fast as possible. It’s not about load balancing an application, it’s about Application Delivery. If you’ve lost your balance, then your equilibrium might be off and that is not a good thing. You might have blurred vision, trouble hearing, dizziness and headaches and your decision making process could be off kilter. You are slow to react, misunderstand requests, and give someone something they didn’t ask for or something different than what they asked for. You are unable to take requests, process the information load and deliver an answer. Load balancing an application is no longer sufficient to ensure that the right users are receiving the right information at the right time, quickly, efficiently and securely. Load balancing almost seems like an afterthought, or late in the process of delivering an application. You need to take into context the various variables of the user request and deliver that application based on the contextual information. We use contextual information all the time to make our little daily decisions. Which jacket to wear? Well, what’s the temperature; is it raining; what am I doing; what’s the forecast; does it have pockets; does it have a hood; is it zipper or pull over and so forth. Of course all this happens in an instant and we select what is needed. You can’t make application delivery decisions simply based on ‘next in line,’ those judgments need to consider all the available information to make an informed application delivery decision. ps Resources: All “50 Ways” to use your BIG-IP system entries 50 Ways to Use Your BIG-IP: Availability 50 Ways to Use Your BIG-IP: Availability Presentation Availability resources on DevCentral Availability Solutions on F5.com Follow #50waystousebigip on TwitterBYOD Policies – More than an IT Issue Part 3: Economics
#BYOD or Bring Your Own Device has moved from trend to an permanent fixture in today's corporate IT infrastructure. It is not strictly an IT issue however. Many groups within an organization need to be involved as they grapple with the risk of mixing personal devices with sensitive information. In my opinion, BYOD follows the classic Freedom vs. Control dilemma. The freedom for user to choose and use their desired device of choice verses an organization's responsibility to protect and control access to sensitive resources. While not having all the answers, this mini-series tries to ask many the questions that any organization needs to answer before embarking on a BYOD journey. Enterprises should plan for rather than inherit BYOD. BYOD policies must span the entire organization but serve two purposes - IT and the employees. The policy must serve IT to secure the corporate data and minimize the cost of implementation and enforcement. At the same time, the policy must serve the employees to preserve the native user experience, keep pace with innovation and respect the user's privacy. A sustainable policy should include a clear BOYD plan to employees including standards on the acceptable types and mobile operating systems along with a support policy showing the process of how the device is managed and operated. Some key policy issue areas include: Liability, Device Choice, Economics, User Experience & Privacy and a trust Model. Today we look at Economics. Many organizations look at BYOD as an opportunity to reduce some costs. Clearly, not having an equipment cost - $200-$600 per-device - can add up depending on the company's size. It might also make financial sense for a smaller company with few employees. Since the phone is owned by the employee, then they are probably responsible for the bill every month. Depending on their personal contract/plan, excessive charges could arise due to the extra minutes used for work related calls. Often, monthly charges are fairly consistent with established plans, and while there are times when the bill is higher due to an incidental charge to some other overage, many people fail to review their phone bill when it arrives. BYOD could force employees into a higher monthly service plan but it also gives users visibility into their usage, if for instance, the corporate BYOD policy allows for reimbursement. This can drive personal responsibility for how they use their minutes. While BYOD could reduce the overall expenditure for IT issued devices and many organizations report employees are happier and more productive when they are using the device of their desire (an enablement tool), there might be other areas that costs could increase. While the employee does spend their own money on the device, there are certainly enterprise costs to managing and securing that device. There could also be a snag however when it comes to licensing. Does BYOD also require Bring Your Own License? In many instances, this is an area that IT needs to keep an eye on and often the answer is yes. Some of the most common enterprise software licensing agreements require licensing any device used "for the benefit of the company" under the terms of the enterprise agreement. That often means that all those BYO devices might require a license to access common corporate applications. This also means that even if the user already has a particular license, which they purchased on their own or it came with the device, the organization might still need to license that device under their enterprise software agreement. This could diminish any cost savings from the BYOD initiative. There are solutions to such as using alternative products that are not restricted by licensing but, those may not have the key features required by the workforce. IT needs to understand if their license agreements are per-user or per-device and what impact that may have on a BYOD policy. A few questions that the Finance department should determine is: Should the company offer users a monthly stipend? How is productivity measured? Will the management and security cost more than IT (volume) procurement? What are the help desk expenses and policy about support calls. There certainly needs to be discussion around mobile app purchase and deployment for work use. Are there any compliance, additional audit costs or tax implications with a BYOD initiative? As part of the BYOD Policy the Economics Checklist, while not inclusive, should: · Investigate the effects of a BYOD reimbursement plan on your ability to negotiate with wireless carriers · Consider putting logging and reporting in place to monitor after-hours use · Incorporate a “help desk as a last resort” guideline into your employee BYOD social contract · Estimate costs for any increased need for compliance monitoring · Ask Finance about tax implications (cost or benefit) of a BYOD policy ps Related BYOD Policies – More than an IT Issue Part 1: Liability BYOD Policies – More than an IT Issue Part 2: Device Choice BYOD–The Hottest Trend or Just the Hottest Term FBI warns users of mobile malware Will BYOL Cripple BYOD? Freedom vs. Control What’s in Your Smartphone? Worldwide smartphone user base hits 1 billion SmartTV, Smartphones and Fill-in-the-Blank Employees Evolving (or not) with Our Devices The New Wallet: Is it Dumb to Carry a Smartphone? Bait Phone BIG-IP Edge Client 2.0.2 for Android BIG-IP Edge Client v1.0.4 for iOS New Security Threat at Work: Bring-Your-Own-Network Legal and Technical BYOD Pitfalls Highlighted at RSAVirtualize This.
#ApplicationMobility holds a place in IT’s future. Check out this app virtualization and movement tool. We in IT have spent a ton of time, ink, and electrons discussing server virtualization, and with good reason. Server virtualization did wonders for IT as an industry, offering hardware independence for older applications – many an OS/2 app that was necessary but not “cool” ended up on VMware to relieve worries that the hardware it was running on might break, and a lot of poorly utilized servers were consolidated. Meanwhile, we greatly ignored all the other bits of virtualization while they were growing up. Application Virtualization has been around forever, and yet we don’t spill barrels of ink about it. Many organizations use app virtualization, yet it gets third rank, talked about when talking about overall virtualization strategy. That might just be about to end. I recently had the opportunity to chat with Greg O’Connor of AppZero about their solution to application virtualization. It’s not the application virtualization of a decade ago, that’s for certain. AppZero wraps up an application in a device-independent package. As long as you’re moving from like OS to like OS, you can move the application across the globe. This may sound like not a big deal in the age of virtualizing everything (did you see F5’s press release about virtualizing the network for VMware?), in practice what AppZero is doing certainly is the type of thing that IT admins need, even if they don’t yet know they need it. Consider moving an application from cloud A to cloud B. Do you copy the entire VM across the Internet? Do you reinstall everything and just copy the application bits across the Internet? Both are inefficient. Copying an entire VM – even with compression – can be expensive in terms of dollars because it is bits across your cloud, while both take an inordinate amount of time. In the case of installing everything and then just copying the app files, there’s the risk of human error also. But what if you could install the operating system on the target, and then simply say “move my app”? That’s what AppZero is building toward. And from what I’ve seen, they’re doing a good job of it. Moving only the application means that you’re moving less across the network, but they also compress, so you’re moving really very little. Depending on the app, the savings can be huge. While I no longer have the full-fledged test lab that we used to use to test out vendors’ claims, I did pop out to their “enterprise app store” and install OpenOffice directly. I also sat through a demo where an entire web application was shifted from Amazon to IBM clouds. The entire web app. While we were on the phone. For my part, I prefer to talk about the parts that I’ve touched more than the parts I’ve seen. I’ve been through enough dog-n-pony shows to know there are a million ways for marketing folks to show something that’s not there yet… Or not there at all. So what I can touch is a much better gauge of product readiness. The OpenOffice install was the fastest I have ever done. I’ve installed OpenOffice a few bazillion times, and this was the fastest. The amazing part about that statement is that all of my previous installs were from local disk (CD or hard disk, depending), this one was over a hotel network. I was attending meetings at corporate HQ, so sitting in my hotel room at night, I ran the installer over hotel wireless. Not the fastest environment in the world. Yet it was the fastest install I’ve done. So what use do we have for someone like AppZero? It is time to start asking those questions. The “limitations” that Greg admitted to are not, IMO, all that limiting. First is the “like to like” requirement. I was (and you will be) unsurprised to discover that you can’t move an app running on Windows to a Linux server. While I’d love to see the day when we have that level of portability, first you crawl, then you walk. Second, in the web app world, the “app” you are moving is the web server, and it takes the directory structure with it, so you might end up with several web apps moved when you only intended to move one. Knowing that one means you can plan around it. The mobility falls into two categories also. They wrap the application in a container for movement, and that container will run on your machine as-is. But it’s not running native, which causes some support staff to get touchy. So they provided a “dissolve” function that unwraps it and moves it to a 100% native install – registry modifications, copy to default directories, etc. The one issue I did have a bit of concern about was that you have to choose which services move with the app. When moving you are presented with a list of services and you have to pick which ones go along. Hopefully they’re working on making that more mobile. Again, that does not figure into their “Enterprise App Store”, where they have pre-packaged applications, only to moving a live app. Cloud mobility requires that you are able to bring up processing power on a new cloud to avoid lock-in. AppZero is young yet, but they show promise of filling in that gap by allowing you to package applications and move them along. Integration for large applications might well be problematic – if you move the web app, but not the database, or if you move the entire application and need to merge databases for example. But cloud mobility had to get started, and this is a start. AppZero is relatively new, as is the “application mobility” space that they’re placed in by analysts. Lori and I were discussing how cool technology like this would be to enable “I have application X, it can run in Amazon, IBM, Rackspace, or the datacenter… What are the costs, strengths, and weaknesses of each?” It’s going to be an interesting ride. We certainly need this market segment to grow and mature, will be fun seeing where it ends up. I’ll certainly be paying more attention. Of course, F5 gives me a lot of leeway about what I choose to cover in my blog, but in the end, pays me to consider things in light of our organization, so I can say unequivocally that it doesn’t hurt at all that you’ll need global DNS and global server load balancing (GSLB) to take advantage of moving applications around the globe. Particularly the GSLB part, where a wide IP can represent whatever you need it to, dynamically, without waiting for DNS propagation. But only for the server side. The desktop application side is very cool, and I’ll be watching both. Meanwhile, Greg tells me they are taking the Enterprise App Store into beta next month. If you have questions, you can contact him at go connor /at/ app zero /dot/ com. After you remove the spaces and s// the // .
