August 26th, 2011

Live Demo’s Next Week at VMworld and Dreamforce

Written by
Category Events
 

Next week we’ll be at two shows on the West Coast – VMworld in Las Vegas and Dreamforce in San Francisco. If you’re at either of these events make sure you drop by the Layer 7 booth and check out one of our demo’s.

vCloud API Management Demo – Booth 1361 at VMworld 

Learn how the gateway uses API adaptation and control capabilities to simplify integration of vCloud APIs into the end-user’s automation framework.

Salesforce Integration Demo – Booth 32 at Dreamforce 

Learn how to functionally integrate internal applications with Salesforce.com and leverage an existing IAM structure to provide SSO capabilities with a Layer 7 Gateway. See our new data sheet CloudConnect for Salesforce for more information.

August 16th, 2011

The Cloud Security Alliance Introduces The Security, Trust and Assurance Registry

As a vendor of security products, I see a lot of Requests for Proposal (RFPs). More often than not these consist of an Excel spreadsheet with dozens—sometimes even hundreds—of questions ranging from how our products address business concerns to security minutia that only a high-geek can understand. RFPs are a lot of work for any vendor to respond to, but they are an important part of the selling process and we always take them seriously. RFPs are also a tremendous amount of work for the customer to prepare, so it’s not surprising that they vary greatly in sophistication. I’ve always thought it would be nice if the SOA gateway space had a standardized set of basic questions that focused vendors and customers on the things that matter most in Governance, Risk and Compliance (GRC). In the cloud space, such a framework now exists. The Cloud Security Alliance (CSA) has introduced the Security, Trust and Assurance Registry (STAR), which is a series of questions designed to document the security controls a cloud provider has in place. IaaS, PaaS and SaaS cloud providers will self-assess their status and publish the results in the CSA’s centralized registry. Providers report on their compliance with CSA best practices in two different ways. From the CSA STAR announcement:
1. The Consensus Assessments Initiative Questionnaire (CAIQ), which provides industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings. The questionnaire (CAIQ) provides a set of over 140 questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. Providers may opt to submit a completed Consensus Assessments Initiative Questionnaire. 2. The Cloud Controls Matrix (CCM), which provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry. Providers may choose to submit a report documenting compliance with Cloud Controls Matrix.
The spreadsheets cover eleven control areas, each subdivided into a number of distinct control specifications. The control areas are:
  1. Compliance
  2. Data Governance
  3. Facility Security
  4. Human Resources
  5. Information Security
  6. Legal
  7. Operations Management
  8. Risk Management
  9. Release Management
  10. Resiliency
  11. Security Architecture
The CSA hopes that STAR will help to shorten purchasing cycles for cloud services because the assessment addresses many of the security concerns that users have today with the cloud. As with any benchmark, over time vendors will refine their product to do well against the test—and as with many benchmarks, this may be to the detriment of other important indicators. But this set of controls has been well thought through by the security professionals in the CSA community, so cramming for this test will be a positive step for security in the cloud.
August 8th, 2011

Amazon Web Services Startup Challenge

Written by
Category Amazon
 

The 2011 AWS Startup Challenge is now open. Every year Amazon stages a contest to promote up and coming startups that leverage the Amazon cloud. This is the 5th annual contest, and for the first time they’ve opened it to entrepreneurs world wide.

According to the contest FAQ, contestants are to be judged according to the following criteria:

(a) implementation and integration of AWS paid services as described in the Official Rules;

(b) originality and creativity;

(c) likelihood of long-term success and scalability;

(d) effectiveness in addressing a need in the marketplace.

The prizes are split evenly between cash and credits on AWS, acknowleding the new economics around bootstraping a modern tech company. Best of all—and unlike the more traditional sources of startup funding such as angels and VCs—the cash is non-dilutive. The free publicity of winning also doesn’t hurt.

New companies have always been the most aggressive adopters of cloud technology, and startups are obviously very important to Amazon. I’m a big fan of the free-tier pricing model they offer as a way to seed projects, but it doesn’t take too much success before you kick into higher-level tiers. It would be great to see Amazon create some kind of formal startup seeding program. It would be similar to what Sun once offered startups with its free servers back in the days when startups actually wanted physical boxes.


August 7th, 2011

AXG migration made easy

Category Uncategorized
 

The Cisco Ace XML Gateway (AXG) product is quickly nearing its end of life. Last year, Layer 7’s field team completed a number of successful AXG replacement projects and the rate of such projects has since picked up considerably. Layer 7 is now releasing the Cisco ACE XML Gateway Migration Guide. This guide includes a step-by-step methodology, which builds on our experience in AXG migration type projects.

A key component of this methodology is the AXG migration utility, a policy-based module which interprets an incoming AXG export file in PPF format and automatically populates a Layer 7 Gateway instance with corresponding service proxies and runtime policies. When we first considered the possibility of such a migration utility, we were skeptical about the amount of automation that could be reached due to the differences between both solutions. In the end, what made this possible was the flexibility of the Layer 7 Gateway design and our Gateway Management API facilitating programmatic provisioning. The migration utility uses a customizable stylesheet which can be tailored to the specific AXG setup in order to maximize automation and optimize resulting policy organization. By organizing policies in logical tree structures and grouping similar logic in imported fragments, the resulting configuration in the Layer 7 Gateway reduces the management overhead moving forward.

See this utility in action in the following video.


August 6th, 2011

Certificate Program in Cloud Computing

Written by
Category Cloud Computing
 

This fall, the Professional and Continuing Education division at the University of Washington is introducing a new certificate program in cloud computing. It consists of three consecutive courses taken on Monday nights throughout the fall, winter and spring terms. In keeping with the cloud theme, you can attend either in person at the UW campus, or online. The cost is US $2577 for the program.

The organizers invited me on to a call this morning to learn about this new program. The curriculum looks good, covering everything from cloud fundamentals to big data. The instructors are taking a very project-based approach to teaching, which I always find is the best way to learn any technology.

It is encouraging to see continuing ed departments address the cloud space. Clearly they’ve noted a demand for more structured education in cloud technology. No doubt we will see many programs similar to this one appear in the future.