March 1st, 2012

Layer 7 at the Hollywood IT Summit

Hollywood IT SummitThis week, at Mobile World Congress, I got to see firsthand how mobile and Cloud are transforming the distribution of content. People want to consume entertainment on four screens: TV, PC, smartphone and tablet. They want their watching, listening, gaming and reading experiences to be 100% portable. They want instant, on-demand access to content. They sometimes want to own the content but they sometimes prefer to rent or subscribe. These changes in how end-users want to consume content are demanding a rethink of how entertainment producers deliver this content.

Cloud and APIs figure prominently in enabling entertainment producers to deliver content anytime, anywhere. APIs allow producers to expose content and associated metadata to “apps” that can be delivered via any smart device, including a TV. Similarly, Cloud computing creates the promise of instant content delivery to any device, on-demand. But for the content producer, exposing content from the Cloud, over APIs, across the Internet, to a mixed universe of internally and externally-built apps that may live on TVs, PCs, tablets or smartphones creates challenges around security and management.

Layer 7 offers solutions for entertainment producers and distributors who need to secure and manage content delivered from the Cloud, over APIs, to apps. That’s why, this Friday, Layer 7 will be exhibiting at the Hollywood IT Summit. If you happen to be attending, stop by the booth or catch Layer 7’s Steve Loscialpo giving a talk called Simplifying Content Distribution Across Mobile & Cloud Using API Management. Here are the event details:

  • Hollywood IT Summit – Friday, March 2, 2012
    Pepperdine University, Malibu Campus, Los Angeles – Register here
February 16th, 2012

The Resilient Cloud for Defense: Maintaining Service in the Face of Developing Threats

TM Forum Management WorldSkill at computing comes naturally to those who are adept at abstraction. The best developers can instantly change focus — one moment they are orchestrating high-level connections between abstract entities, the next they are sweating through the side effects of each individual line of code. Abstraction in computing not only provides necessary containment, it also offers clear boundaries. There is also something very liberating about that line you don’t need to cross. When I write Java code, I’m happy to never think about byte code (unless something is going terribly wrong). And when I did board-level digital design, I could stop at the chip and not think much about individual gates or even transistors. It is undeniably important to understand the entire stack but nothing would ever get done without sustained focus applied to a narrow segment.

Cloud is the latest in a long line of valuable abstractions that extend the computing stack. It pushes down complex details of systems and their management under a view that promotes self-service and elastic computing. In this way, Cloud is as liberating for developers as objects were over assembler.

The physical location of resources is one of the first and most important casualties of such a model. Cloud means you should never have to worry about the day a power failure hits the data center. Of course the truth is that, as you move down the stack from Cloud to system through transistor to electron, physical location matters a lot. So, any Cloud is only as good as its ability to accommodate any failure of the real systems that underpin the resource abstraction.

Layer 7 has recently become involved in an interesting project that will showcase how Cloud providers (public or private) can manage Cloud workloads in the face of threats to their underlying infrastructure. The inspiration for this project is the following display from ESRI, one of the world’s leading GIS vendors:

ESRI developed this display to illustrate wireless outages as a storm rips through central Florida. Suppose that, instead of a wireless base station, each green diamond represents a data center that contributes its hardware resources to a Cloud. As the storm moves through the state, it may affect power, communications and even physical premises. Workloads in the Cloud, which ultimately could map to hardware hosted inside at-risk sites, must be shifted transparently to locations that are at less risk of catastrophic failure.

Today, few Clouds offer the mass physical dispersion of compute hardware suggested by this display. Amazon Web Services, for instance, has the concept of an availability zone, which consists of several massive data centers interconnected within a region (such as US-East, which is in the Dulles area, or EU, which is hosted in Ireland). Amazon’s Cloud is designed to leverage this regional redundancy in order to provide continuous service in the event of a site failure.

This big data center approach makes perfect sense for a service like Amazon. There will always be a place for the large data center that leverages commodity hardware deployed on a breathtaking scale. But there is an alternative that I think is set to become increasingly important. This is the Cloud composed of many smaller compute facilities. We will increasingly see large Clouds coalesce out of multiple small independent hardware sites — more SETI@home than supercomputer. This is where our initiative provides real value.

These highly mobile, micro-Clouds make particular sense in the defense sector. Here, compute resources can be highly mobile and face threats more diverse and much less predictable than hurricanes. This is an arena in which the physical shape of the Cloud may be in continuous change.

This project is being done as a “catalyst” within the TM Forum and we will show it at the TM Forum Management World 2012 show in Dublin this May. Catalysts are projects that showcase new technology for executives in the telecommunications and defense industries. This catalyst is sponsored by Telstra and it brings together a number of important contributors, including:

Watch this space for more information. Hope to see you in Dublin!

February 15th, 2012

Workshop: API Security for Mobile & Cloud

CSA Summit at RSA ConferenceLayer 7 will be at the RSA Conference next week, with CTO Scott Morrison and Director of Solutions Engineering Francois Lascelles both giving presentations. We’ll also be sponsoring the Cloud Security Alliance’s CSA Summit 2012, which will be taking place at the conference, on the 27th.

As part of our activities at the CSA Summit, we’ll be holding an enterprise-level workshop called API Security for Mobile & Cloud. This workshop, which will be held at the W Hotel, between 1pm and 5pm. Sessions will include:

  • Open APIs: The New Enterprise Imperative for Mobile & Cloud & Security Implications
  • API Security & Management Best Practices
  • Managing API Access Through OAuth
  • API Threat Protection & Metering
  • Enabling API Discovery & Developer Self-Service – An API Developer Portal Example

The workshop will include lunch, a networking session and guest speaker Caleb Sima of Andreessen Horowitz, one of the leading venture capital firms in Silicon Valley. Caleb has been engaged in the Internet security arena since 1996 and has become widely recognized as one of the leading experts in Web security, penetration testing and the identification of emerging threats. He is a highly in-demand speaker, press resource and is regularly featured in the Associated Press and global security media.

Space is limited, so if you’re going to be attending the CSA Summit, be sure to register for the workshop today.

February 3rd, 2012

Security in the Clouds: The IPT Swiss IT Challenge

Scott Morrison in GstaadProbably the best part of my job as CTO of Layer 7 Technologies is having the opportunity to spend time with our customers. They challenge my assumptions, push me for commitments and take me to task for any issues -  but they also flatter the whole Layer 7 team for the many things we do right as a company. And for every good idea I think I have, I probably get two or three great ones out of each and every meeting with the people who use SecureSpan to solve real problems on a daily basis.

All of that is good but I’ve learned that if you add skiing into the mix, it becomes even better. Layer 7 is fortunate to have an excellent partnership with IPT, a very successful IT services company out of Zug, Switzerland. Each year, IPT holds a customer meeting up in Gstaad, which I think surely gives them an unfair advantage over their competitors in countries less naturally blessed. I finally managed to draw the long straw in our company and was able to join my colleagues from IPT at their annual event this January.

Growing up in Vancouver, with Whistler practically looming in my backyard, I learned to ski early and ski well. Or so I thought, until I had to try to keep up with a crew of Swiss who surely were born with skis on their feet. But being challenged is always good and I can say the same for what I learned from my Swiss friends about technology and its impact on the local market.

The Swiss IT market is much more diverse than people from outside of it may think. Yes, there are the famous banks but it is also an interesting microcosm of the greater European market — albeit run with a natural attention to detail and extraordinary efficiency. It’s the different local challenges that shape technology needs and lead to different emphasis.

SOA and Web services are very mature and indeed are pushed to their limits but the API market is still in its very early stages. The informal, wild west character of RESTful services doesn’t seem to resonate in the corridors of power in Zurich. Cloud appears in patches but it is hampered by very real privacy concerns and this, of course, represents a great opportunity. Secure private Clouds are made for this place.

I always find Switzerland very compelling and difficult to leave. Perhaps it’s the miniscule drop of Swiss ancestry I can claim. But more likely it’s just that I think the Swiss have got this life thing all worked out.

Looking forward to going back.

January 13th, 2012

FROM THE VAULT: White Paper – The Value of Application Service Governance for Cloud Computing

Value of SOA Governance for CloudAs 2012 begins, it definitely seems like Cloud computing will continue to be a hot issue in enterprise IT, with the impetus driving large organizations into the Cloud continuing to gather pace. Consequently, there’s going to be a growing need for information on how services run in the Cloud can be governed in order to ensure data security and maximize performance.

Many of Layer 7’s customers have already made the move into the Cloud. These companies have benefited greatly from our expertise in governance for SOA. This is because SOA governance is directly applicable to the Cloud. Our white paper The Value of Application Service Governance for Cloud Computing provides a detailed explanation of this connection.

Written by internationally-respected SOA/Cloud thought leader David Linthicum, in collaboration with our own Scott Morrison, this white paper outlines how the structure of SOA – services distributed across departments and locations – is at the core of all Cloud computing. So, governance principles that are effective in SOA also work in the Cloud.

To learn more, download The Value of Application Service Governance for Cloud Computing.