business

April 23, 2014

Security: 10 Tips for Hardening a Linux Server

In light of all the complex and specialized attacks on Internet-facing servers, it’s very important to protect your cloud assets from malicious assailants whose sole purpose is to leach, alter, expose, siphon sensitive data, or even to shut you down. From someone who does a lot of Linux deployments, I like to have handy a Linux template with some extra security policies configured.

Securing your environment starts during the ordering process when you are deploying server resources. Sometimes you want to deploy a quick server without putting it behind an extra hardware firewall layer or deploying it with an APF (Advance Policy Firewall). Here are a couple of security hardening tips I have set on my Linux template to have a solid base level of security when I deploy a Linux system.

Note: The following instructions assume that you are using CentOS or Red Hat Enterprise Linux.

1. Change the Root Password
Log in to your server and change the root password if you didn’t use a SSH key to gain access to your Linux system.

  • passwd - Make sure it’s strong.
  • Don't intend on using root.

2. Create a New User
The root user is the only user created on a new Linux install. You should add a new user for your own access and use of the server.

  • useradd <username>
  • passwd <username> (Make sure this is a strong password that’s different from your root password.)

3. Change the Password Age Requirements
Change the password age so you’ll be forced to change your password in a given period of time:

  • chage –M 60 –m 7 –w 7 <username>
    • M: Minimum of days required between password changes
    • m: Maximum days the password is valid
    • w: The number of days before password will warn of expiration

4. Disable Root Login
As Lee suggested in the last blog, you should Stop Using Root!

  • When you need super-user permissions, use sudo instead of su. Sudo is more secure than using su: When a user uses sudo to execute root-level commands, all commands are tracked by default in /var/log/secure. Furthermore, users will have to authenticate themselves to run sudo commands for a short period of time.

5. Use Secure Shell (SSH)
rlogin and telnet protocols don’t use an encrypted format, just plain text. I recommend using SSH protocol for remote log in and file transfers. SSH allows you to use encryption technology while communicating with your sever. SSH is still open to many different types of attacks, though. I suggest using the following to lock SSH down a little bit more:

  • Remove the ability to SSH as root:
    1. vi /etc/ssh/sshd_config.
    2. Find #PermitRootLogin yes and change to PermitRootLogin no.
    3. Run service sshd restart.
  • Change the default SSH 22 port. You can even utilize RSA keys instead of passwords for extra protection.

6. Update Kernel and Software
Ensure your kernel and software patches are up to date. I like to make sure my Linux kernel and software are always up to date because patches are constantly being released with corrected security flaws and exploits. Remember you have access to SoftLayer’s private network for updates and patches, so you don’t have to expose your server to the public network to get updates. Run this with sudo to get updates in RedHat or CentOS: yum update.

7. Strip Your System
Clean your system of unwanted packages. I strip my system to avoid installing unnecessary software to avoid vulnerabilities. This is called “reducing the attack surface.” Packages like NFS, Samba, even the X Windows desktops (i.e., Gnome or KDE) contain vulnerabilities. Here’s how reduce the attack surface:

  • List what is installed: yum list installed
  • List the package name: yum list <package-name>
  • Remove the package: yum remove <package-name>

8. Use Security Extensions
Use a security extension such as SELinux on RHEL or CentOS when you’re able. SELinux provides a flexible Mandatory Access Control (MAC); running a MAC kernel protects the system from malicious or flawed applications that can damage or destroy the system. You’ll have to explore the official Red Hat documentation, which explains SELinux configuration. To check if SELinux is running, run sestatus.

9. Add a Welcome/Warning
Add a welcome or warning display for when users remote into your system. The message can be created using MOTD (message of the day). MOTD’s sole purpose is to display messages on console or SSH session logins. I like for my MOTDs to read “Welcome to <hostname>. All connections are being monitored and recorded.”

  • I recommend vi /etc/motd

10. Monitor Your Logs
Monitor logs whenever you can. Some example logs that you can audit:

  • System boot log: /var/log/boot.log
  • Authentication log: /var/log/secure
  • Log in records file: /var/log/utmp or /var/log/wtmp:
  • Where whole system logs or current activity are available: /var/log/message
  • Authentication logs: /var/log/auth.log
  • Kernel logs: /var/log/kern.log
  • Crond logs (cron job): /var/log/cron.log
  • Mail server logs: /var/log/maillog

You can even move these logs to a bare metal server to prevent intruders from easily modifying them.

This is just the tip of the iceberg when securing your Linux server. While not the most secure system, it gives you breathing room if you have to deploy quick servers for short duration tests, and so on. You can build more security into your server later for longer, more permanent-type servers.

- Darrel Haswell

Darrel Haswell is an advisory SoftLayer Business Partner Solution Architect.

Categories: 
April 23, 2014

Sysadmin Tips and Tricks - Stop Using Root!

A common mistake newer Linux system administrators make is the overuse of root. It seems so easy! Everything is so much simpler! But in the end, it’s not—and it’s only a matter of time before you wish you had not been so free and easy with your super-user, use. Let me try to convince you.

Let’s start with a little history. The antecedents of Linux go all the way back to the early 1970s, when computers cost tens of thousands of dollars (at least). With that kind of expense, you as a user would hardly have a computer sitting on your desk (not to mention they were at least refrigerator-sized), and you would also not have the use of it dedicated to your needs. What was obviously needed was an operating system that would allow multiple users to use the machine at once, via terminals, in order to make the most use of the computing resources available.

If you think about it, it’s clear that the operating system had to be very good at keeping users from being able to stomp on each other’s files and processes. So the early UNIX™ variants were multi-user systems from the get-go. In the ensuing forty years, these systems have only gotten better at keeping the various users and processes from harming each other. And this is the technology that you’re paying for when you use Linux or other modern variants.

Now, you may think, “That doesn’t apply to me—I’m the only user on my server!” But are you, really?

You probably run Apache, which is generally run as the user httpd or apache. Why not root? Because if you run Apache as root, then anyone on the outside who manages to get Apache to execute arbitrary code, would then have that code running as root! Next thing you know, they can execute "rm –rf /," or worse, invade your system altogether and steal proprietary information. By running as a non-root user, even if the attacker gets total access to that user, they are limited to what that user can touch. Thus, user httpd is compromised, but not the entire server.

The same thing is true for mail servers, FTP servers, and so on. They all rely on the Linux permissions system in order to give the programs access to as little as possible—ideally, only exactly what they need to do their jobs.

So, think of yourself as another process on the system. When you log in as your regular user, you are limited in what you can do. But this is not intended to harm you or irritate you—indeed; the system is designed to keep you from accidentally doing damage to your server.

For example, consider if you wanted to completely remove a directory called ‘home’ within your home directory. Note the ever so slight difference between the first command:

rm –R home

And the second command:

rm –R /home

The first command removes a directory called ‘home’ from wherever you happen to be sitting on the file system. The second removes all users’ home directories from the system. One little slash makes all the difference in the world. This is probably why it has been said that Linux gives you enough rope to hang yourself with. Executing the second command as root looks like this:

server:# rm –R /home 
server.com#

And it’s just gone! Whereas if you accidentally put that slash in there while logged in as your user, you would get:

server:# rm –R /home 
server:# rm: cannot remove `home’: Permission denied

This will annoy you, until you realize that if you’d done it as root you would have wiped out all your customers home directories.

In short, just like the processes that run on your machine, you would be well served to use only the permissions you need. This is why many Linux distributions today encourage the use of sudo—you don’t even become root, but just execute things as root when needed. It’s a good policy, and makes the best use of four decades of expertise that have gone into the system you are using.

- Lee

P.S. This is also why you pretty much never want to chmod 777 anything!

April 17, 2014

Deep in the Heart of Te(ch)xas: SXSW 2014

SXSW 2014 was bigger and crazier than ever. For anyone who has been sleeping under a rock, SXSW is one of the largest, most intense start-up technology, music, and film festivals on the planet. Held in March, SXSW turns Austin, Texas, into the global epicenter of everything (startup) technology.

As in years past, SoftLayer hosted the Speakeasy lounge, a daytime co-working space and community/networking lounge in the evening. For the second straight year, the lounge blew our expectations out of the water. Over the course of 48 hours, we saw over a thousand partners, start-up clients, fellow colleagues, and members of the global start-up community come through the doors. To give you an idea of how “global” the community was, I walked through the lounge at one point and heard six different languages being spoken.

Our start-up partners used the lounge to escape the chaos of the festival so they could get work done. In the space, they could relax, send emails, connect with clients and friends, or just find some peace and quiet away from the cacophonous show floor (and even-noisier 6th Street).

Catalyst Lounge SXSW 2014

One of the biggest highlights at SXSW for the Catalyst team was a panel that I moderated about building meaningful, organic communities around brands. The panelists for this discussion were George Karidis, COO of SoftLayer; Ben Rigby, CEO of Sparked; Samar Birwadker, CEO of Good.co; and Justin Johnson, director of developer evangelism for Keen.io. The group explained how their brands’ approaches to community engagement helped them build momentum and succeed faster, and I was humbled to hear how the SoftLayer Catalyst program impacted their decisions shaping their own communities. To cap off the session, the panelists also brought up the benefits of using Catalyst for testing and scaling during their early stages, so they could understand how to use the infrastructure as they grew. You need look no further for validation of our model than to have three of our most successful clients attributing their success to it.

In addition to the Speakeasy and the panel discussion, SoftLayer was also well represented on the SXSW show floor. Over the course of the show, clients, partners, and prospects stopped by to try their hands at the Server Challenge, and we had some phenomenal conversations about the future of the cloud and how SoftLayer is forging a new path in the infrastructure as a service game.

What a lot of people don’t realize about SXSW is that the majority of business gets done outside of the show floor. Each night presents opportunities to connect with and learn about individuals in the global start-up community. For example, Catalyst partner Planwise held a party and barbecue where they discussed best practices for start-ups in financial technology. We got in on the fun as well when we partnered with Techstars to host one of the hottest parties at SXSW Interactive. DJed by Thievery Corporation and attended by over a thousand guests, if you managed to get a hard-to-come-by ticket, you had a great time and met a lot of amazing people.

SoftLayer & Techstars Party SXSW 2014

Over the years, SXSW has proven to be a melting pot for creativity and innovation on a global scale. As businesses look for new ways to gather and present information, providers like SoftLayer become an integral part of their approaches. Our goal with Catalyst is to stay front-and-center in the startup movement … So it’s a safe bet that you’ll see us again at SXSW 2015.

-@joshuakrammes

April 14, 2014

OpenSSL Heartbleed Update

On April 7th, the OpenSSL Project released an update to address a serious security flaw (CVE-2014-0160), which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

SoftLayer Infrastructure

After notification of this vulnerability we began a close examination of our services to determine any that may have been affected. Both the SoftLayer customer portal and API are serviced behind hardware load balancers and neither the hardware load balancers nor the software running on the servers behind them were found to be running vulnerable versions of OpenSSL. This was confirmed by the hardware vendor and direct testing as well. During these tests it was discovered that certain nodes of our Object Storage cluster were running a vulnerable version of OpenSSL. The software was immediately patched to remediate the issue. Although there is no indication that this vulnerability was exploited, the subset of customers potentially affected has been advised of precautionary measures to ensure continued security.

Additionally, our team forced updates to all of our internal operating system update mirrors as soon as patched versions were released by their publishers. Our system automatically checks for and updates all operating system versions hosted on our mirrors, but due to the urgency of this exploit, manual updates were run as quickly as possible to have patched versions available sooner.

SoftLayer Customers

Due to the nature, surface area, and severity of this vulnerability, we recommend revoking all possibly compromised keys and reissuing new certificates for any service secured using the OpenSSL library. The rekeying process can vary depending on your Certificate Authority (CA) and you should contact them if you have questions on how to complete this process. This OpenSSL vulnerability has major security implications for a wide range of operating systems and applications and may necessitate rebooting your hardware (or restarting services) to ensure all services linking against the affected code use the updated version of the OpenSSL library. We also recommend that you patch all of your servers and change passwords as soon as possible. Take this opportunity to review your overall password strategy including password strength and password sharing across sites.

-@skinman454

Keywords:
Categories:
April 3, 2014

Sprint Accelerator Spices Up Silicon Prairie

As part of the community development team here at SoftLayer, I get to travel the world and reach into cities to help local, born-on-the-Web communities grow and prosper. Last week, my travels took me (and my rock star team) to Kansas City, where we were invited to mentor startups in the Sprint Mobile Health Accelerator powered by TechStars (PBTS).

I know when you think of KC, you might not think of a technology startup community. As part of Silicon Prairie, where startups and tech are thriving, KC is taking its place amongst US tech communities, as companies like Sprint, Garmin, H&R Block, and Hallmark are investing in the local startup community.

Through the course of the days I spent in KC, we talked to 10 startups and held technical office hours. What we learned is that the startups in this accelerator had all of the qualities we hope to find: grit and determination coupled with brains and insane talent. (And some of the teams we met with are growing so quickly that they even have open positions.)

What struck me most from my trip was the sheer fact that even though I live in the epicenter of all things tech startup, I can see with my own eyes that the rest of the world is catching up––and they are doing so quickly. Most of the teams at Sprint PBTS are not from the startup mega cities like New York and San Francisco. They are from places off the beaten path. I’m happy to see it, and I’m even more excited for my trips later this year to other parts of the country like Memphis, Detroit, and Okanagan, where I’m sure to be as impressed as I was with KC.

True, for the time being the venture capital and investment communities will likely still steer startups toward the Bay Area, but I’m not convinced that is a trend that will continue forever. I’m more and more certain that as we advance technologies—and as SoftLayer maintains its edge in building the best platform on which to create them––geography will become a secondary factor in the success of startups.

Our Catalyst Startup Program provides that platform for early stage startups around the globe. Members have innovative concepts that need reliable infrastructure to support their growth from idea to enterprise. Recently, I sat down in front of a camera to share an overview of the program and it's benefits from the perspective of Catalyst member HAUL. Here is a crash course on Catalyst:

I believe in a year, a few of the teams from the Sprint Mobile Health Accelerator will combine forces to create one company that will eventually become a household name. Their evolution will be fun to watch from the beginning to end. And we are going to watch them closely. They’re going to do it, and we are going to be with them every step of the way.

-@joshuakrammes

March 19, 2014

An Inside Look at IBM Cloud Event 2014 in Hong Kong

On March 17 in Hong Kong, IBM and SoftLayer successfully concluded the first of many intimate cloud events. IBM Cloud Event 2014 marked the beginning of the $1.2 billion investment committed towards our global expansion plans.

Growing from 13 to 40 data centers is no mean feat, and Hong Kong is the starting point. Not only does this give our customers data redundancy in Asia-Pacific, but also provides data residency to our Hong Kong-based customers. Quite simply, we are growing where you want to grow.

For me, there were three key takeaways from the event.

We’re seeing overwhelming support from our customers.
Not only did we have an opportunity to host our Hong Kong clientele, but many also traveled from cities in Greater China to be a part of this milestone. It was immensely gratifying to see them being vocal advocates of SoftLayer services. Natali Ardianto from Tiket.com, Chris Chun from 6waves and Larry Zhang representing ePRO all shared their brilliant stories with the audience.

Tiket.com’s co-founder, Natali, is especially proud of the fact that the company sold out 6,000 tickets for the K-Pop Big Bang Alive concert in 10 minutes, while their competitor’s site was unable to meet the huge demand and shut down for four hours during the peak period. Tiket.com, founded in 2011, faced TCP, DoS and DDoS attacks and tried hosting unsuccessfully on two different IaaS providers before moving to SoftLayer’s infrastructure services in 2012.

6Waves, a gaming publisher, was started in 2008. Today, built on SoftLayer, 6waves has grown to the #1 third-party publisher on Facebook. 6waves manages 14 million monthly active users and 2 million daily active users. Chris, 6waves’ CTO and co-founder, shared that since 2009 6waves has launched more than 200 games on SoftLayer.

Larry Zhang, ePRO’s senior IT manager and architect, had a similar story to share. The B2C e-commerce platform, part of China-based DX Holdings, supports more than 200,000 items in 15 categories and saw a 66 percent increase in customers from October 2011 to September 2013. ePRO is now looking to cater to the US and Australian markets, and Larry believes that SoftLayer’s aggressive expansion plans will help them meet their goal.

SoftLayer in Hong Kong

There is a vested interest in the SoftLayer-IBM integration roadmap.
Large enterprises are moving towards the cloud. This is not a forward-looking statement, it's a fact. And from the feedback gathered and the questions put up by these organizations, it is clear that they are investing in leveraging cloud services for improving their internal processes and for bringing services to their end customers more quickly. Lance Crosby presented a SoftLayer-IBM integration roadmap. With SoftLayer forming the foundation of IBM's cloud offerings—SaaS, PaaS and BPaaS—there is no doubt that we are as invested in this partnership as our clientele.

The strong startup community in Hong Kong is committed to growing with Softlayer.
Catalyst, SoftLayer's startup incubator, has always had a strong presence in Hong Kong, and the startup spirit was evident on March 17 as well. The dedicated roundtable conducted for the community with Lance Crosby and Casey Lau, SoftLayer's Catalyst representative for APAC, was the highlight of the day. Lance left us with a powerful thought, "We are here to be an extension to your infrastructure... The question is what can you build on us."

All in all, this was a great start to our new journey!

- Namrata

March 12, 2014

Name Servers: Don't Get Lost in (Domain) Translation

The Domain Name System (DNS) is vital to keeping the Internet in order and easily accessible. Every byte on the World Wide Web lives in (at least) one specific place on the planet, and it's mapped to that location with an IP address like 66.228.118.53 (IPv4) or 2607:f0d0:4545:3:200:f8ff:fe21:67cf (IPv6). DNS translates the domain names you know and love to the correct IP addresses, so without DNS, you would have to memorize a 32-bit or 128-bit IP address for your favorite websites. Remember the last time your cell phone died? How many phone numbers did you have memorized?

There are plenty of resources available online to explain How DNS Works, so in this post, we'll focus on the basics of how we use DNS. Here's the scenario: We want to register a domain — softlayer.com — and make it available to the masses.

1. Reserve and Register a Domain Name
The first thing we need to do is purchase and register our domain name. To do this, we need to choose a domain registrar and verify that our domain is available. Every domain registrar effectively provides the same service: It will reserve an available domain on your behalf, and it will let you dictate where that domain will live. There's not a lot of differentiation or value-add in that service, so many registrars offer cheap or free domains as loss-leaders for higher margin hosting or Web services. Be sure to check the fine print to make sure you're not committing to a year of hosting to get a $0.99 domain name. Some registrars make the process of updating and configuring where a domain resolves more difficult than others, but for the sake of this example we'll assume that your registrar allows the same easy accessibility SoftLayer provides our customers in the customer portal.

The domain name we want is softlayer.com, and in this example, that domain name is available for us to reserve. Once we go through the ordering process, we'll need to associate the domain with a set of authoritative name servers. Authoritative name servers are effectively the go-to address book for a specified domain. By default, your domain registrar will provide name servers for your domain, but they can be changed easily to meet your needs. You have four typical options when it comes to choosing your domain's name servers:

  • Use the domain registrar's default name servers.
  • Use you hosting provider’s name servers.
  • Use a third party DNS service to manage your domain names.
  • Run your own name servers on your server to manage your domain names.

Each of these options has its own pros and cons, but because we're just interested in getting our domain online, we'll use SoftLayer's DNS control panel to manage our new domain name.

2. Create DNS Records
When we access our hosting provider's DNS control panel, we see this:

DNS Management

This is an extremely high level view of DNS, so we’re just going to focus on what we must have in order to make softlayer.com reachable via browser. The first thing we'll do is add a DNS zone. This is usually our domain, but in some situations, it can be a bit different. In this example, we'll create a “softlayer.com” zone to be responsible for the whole softlayer.com domain:

DNS Management

With that zone created, we now need to add new "Address Records" (A Records) within that zone:

DNS Management
DNS Management

The terminology used in different DNS control panels may vary, so let’s breakdown what the four sections in those screenshots mean:

  • Resource Type: This is our DNS record type. In our example, we have A records which link a hostname to our IP address. There are a number of DNS record types, each serving a different purpose.
  • Host: This is the host node or owner name — the name of the node that this record applies to. Using the @ symbol in the A record allows visitors to reach our website without the leading www. If we wanted blog.softlayer.com to live at a different IP address, we'd make that happen here.
  • Points To: This is the IP address of the host node. You might see this section referred to elsewhere as content, data or value. The standard term is RDATA — resource record data. This is specific to each data type.
  • TTL (Time-to-Live): TTL dictates how long your name server should keep a particular record before refreshing for possible updates. Generally speaking, longer TTLs work well if you’re just adding new entries and or don’t anticipate frequent record changes.

Once we save these changes in our DNS control panel, we play the waiting game. Because these DNS changes have to propagate across our DNS servers to be accessible to the Internet as a whole, the process typically takes 24-48 hours, if not sooner. SoftLayer’s customer portal has DNS check built-in as one a few different network tools. If you aren't a current customer, you can use What's my DNS? This is what the SoftLayer tool looks like:

DNS Management

3. Create rDNS Records
The last step we want to take in setting up our domain is to create Reverse DNS (rDNS) records. These records do the same thing as DNS records, but (as the name suggests) they function in the opposite direction. With rDNS, we can assign an IP address to a domain name. This step isn't required, but I recommend it to help ensure better performance of online activities like email and website visitor tracking.

DNS is a central piece of the Internet as we know it, so by understanding how to use it, you'll have a much better understanding of how the Internet works. It seems challenging at first glance, but as you see from this simple walkthrough, when you break down and understand each step, you won't get overwhelmed. A wealth of DNS tools and tutorials are available for free online, and our DNS documentation might be a great resource to bookmark so you'll never get lost in domain translation.

- Landon

March 7, 2014

Why the Cloud Scares Traditional IT

My background is "traditional IT." I've been architecting and promoting enterprise virtualization solutions since 2002, and over the past few years, public and hybrid cloud solutions have become a serious topic of discussion ... and in many cases, contention. The customers who gasped with excitement when VMware rolled out a new feature for their on-premises virtualized environments would dismiss any recommendations of taking a public cloud or a hybrid cloud approach. Off-premises cloud environments were surrounded by marketing hype, and the IT departments considering them had legitimate concerns, especially around security and compliance.

I completely understood their concerns, and until recently, I often agreed with them. The cloud model is intimidating. If you've had control over every aspect of your IT environment for a few decades, you don't want to give up access to your infrastructure, much less have to trust another company to protect your business-critical information. But now, I think about those concerns as the start of a conversation about cloud, rather than a "no-go" zone. The cloud is different, but a company's approach to it should still be the same.

What do I mean by that? Enterprise developers and engineers still have to serve as architects to determine the functional and operational requirements for their services. In that process, they need to determine the suitability of a given platform for the computing workload and the company's business objectives and core competencies. Unfortunately, many of the IT decision-makers don't consider the bigger business context, and they choose to build their own "public" IaaS offerings to accommodate internal workloads, and in many cases, their own external clients.

This approach might makes sense for service providers, integrators and telcos because infrastructure resources are core components of their businesses, but I've seen the same thing happen at financial institutions, rental companies, and even an airline. Over time, internal IT departments carved out infrastructure-services revenue streams that are totally unrelated to the company's core business. The success of enterprise virtualization often empowered IT departments through cost savings and automation — making the promise of delivering public cloud “in-house” a natural extension and seemingly attractive proposition. Reshaping their perspectives around information security and compliance in that way is often a functional approach, but is it money well spent?

Instead of spending hundreds of thousands or millions of dollars in capital to build out (often commoditized) infrastructure, these businesses could be investing those resources in developing and marketing their core business areas. To give you an example of how a traditional IT task is performed in the cloud, I can share my experience from when I first accessed my SoftLayer account: I deployed a physical ESX host alongside a virtual compute instance, fully pre-configured with OS and vCenter, and I connected it via VPN to my existing (on-prem) vCenter environment. In the old model, that process would have probably taken a couple of days to complete, and I got it done in 3 hours.

Now more than ever, it is the responsibility of the core business line to validate internal IT strategies and evaluate alternatives. Public cloud is not always the right answer for all workloads, but driven by the rapidly evolving maturity and proliferation of IaaS, PaaS and SaaS offerings, most organizations will see significant benefits from it. Ultimately, the best way to understand the potential value is just to give it a try.

-Andy

Andreas Groth is an IBM worldwide channel solutions architect, focusing primarily on SoftLayer. Follow him on Twitter: @andreasgroth

March 6, 2014

SoftLayer at SXSW 2014

When attending South by Southwest (SXSW), the streets of Austin can feel like a giant maze. Keeping up with all the events in and around the conference is exhausting (if not impossible), so we thought we'd create a simple "SoftLayer at SXSW 2014" cheat sheet to eliminate the twists, turns and Internet searches that you'd otherwise make to track us down.

SXSW Interactive (SXSWi) Tradeshow

You will find the SoftLayer team in the Austin Convention Center Exhibit Hall at Stands 404 and 406. SLayers will be on-hand to give you a guided tour of the SoftLayer customer portal and answer any questions you have about moving your business into the cloud in general or moving it onto SoftLayer, specifically. If you have trouble locating our booth, we've got an 8-bit-inspired milestone for you to look for: The Server Challenge II.

We launched the original Server Challenge at SXSW in 2011, and since then, we've been tweaking and improving the competition to engage with conference attendees and help us tell the SoftLayer story. The objective of the competition is to popular 24 drive trays into two 2U servers and plug the network cables into the correct switches in the fastest time possible. If at the end of the show you have the fastest time, you will walk away with a MacBook Air and major bragging rights. As a reward for reading the SoftLayer Blog, we'll give you a leg up on the competition by letting you watch the current 43-second Server Challenge II world record completion:

SoftLayer Speakeasy

If you're looking to chill, recharge or get work done in the midst of the SXSW craziness, sign up to join us at the SoftLayer Speakeasy, featuring the Catalyst Startup Lounge. Our Catalyst team is taking over a great 6th Street venue on Sunday and Monday to provide a relaxed co-working space for customers, partners, and startups. Entrepreneurs, investors, developers and individuals in the startup ecosystem are welcome to stop in for free WiFi, coffee and drinks all day, and after 7pm, you'll enjoy live music!

Catalyst Startup Lounge

Register Now
Location: 501 East 6th Street, on the 2nd floor
Dates/Times: Sunday, March 9 at 12:00 PM to Monday, March 10 at 10:00 PM

SoftLayer Catalyst Incubator Program - SXSWi Panel

SoftLayer VP of Community Development Joshua Krammes joins a panel of customers and partners on Monday for a look at the tangible resources startup companies need to succeed:

SoftLayer’s Catalyst Incubator Program
@JoshuaKrames, VP Community Development (+ Panel)
Monday, March 10 @ 12:30pm — Hilton Austin Downtown, Salon B

IBM Cognitive Food Truck

While you're in town for SXSW, you're going to get hungry. Luckily, the Austin food truck scene is amazing, and you have quick and convenient access to any kind of food you can think of. This year, you'll even have quick and convenient access to any kind of food that IBM Watson can think up! Stop by the corner of Red River and 4th Street for a creative, crowd-sourced treat from the IBM Cognitive Food Truck. By using algorithms to determine why people like certain foods, Watson comes up with unique combinations of ingredients that deliver unbelievable results. And the best part...

Cognitive Cooking

Vote for the dishes you want to see the IBM Cognitive Food Truck create at SXSW online or by Tweeting your desired dish using #IBMFoodTruck. And if you get to try any of the food, let us know what you think about it.

With this cheat sheet, finding SoftLayer at SXSW will be a breeze ... Navigating the streets of Austin in the midst of all the crowds and chaos still might be tricky, though.

See you on Sunday!

-Rachel

March 5, 2014

Making an Impact: Catalyst and BEHUM

Running a startup is hard. We all know that. The right help at the right time makes all the difference, and for many, finding that help is a challenge. Not knowing who to ask for help or where to meet the right people to help move the needle in the right direction, many entrepreneurs and startup teams don't even know where to start.

That's one of the biggest reasons we created Catalyst. When entrepreneurs are passionate enough about an idea to ditch "safe" careers to build their own companies, we want to help them succeed by getting them access to the right resources.

That vision may seem simple on paper, but when I reconnected with a Catalyst program graduate last night, I was humbled to hear how Catalyst helped his company succeed. That entrepreneur was Neal Bram, founder of BEHUM – Be Heard You Matter. BEHUM is a political engagement platform that empowers voters to take simple but meaningful actions to support the candidates and political issues they believe in. Or to put it more simply, BEHUM helps individuals make their political views a reality.

When I spoke with Neal about his Catalyst experience, he explained, "For this to work we need reliability and SoftLayer has always been up to the task. When a leading political official sends a BEHUM link to 2 million individuals at the same time as a statewide advocacy group’s petition is going viral, we have to stay up.” Those numbers might not seem huge for the Facebooks and Twitters of the world, but for early stage startups that can’t afford to pay for more capacity than they need, it's a mountainous task. The Catalyst program provides free cloud hosting resources for early stage startups like BEHUM, allowing them to be confident and aggressive about seizing opportunities to accelerate growth without fear of breaking the bank.

Hearing that the scalability of our platform could accommodate BEHUM's demands felt good, but what Neal said next was what really stuck with me: “Catalyst is far more than the technology and economics. It’s a network of entrepreneurs helping each other led by Catalyst mentors who provide invaluable insights and connections.”

It's easy for the tangible benefits of the program to get the lion's share of a startup's attention, so when I hear about qualitative and relational impact the Catalyst team is making, I know we're doing something right. When I asked Neal if he had any specific examples of that type of involvement, he answered, “Whether it’s commenting on pitches, input on business models, or making an important introduction, the Catalyst program provided BEHUM the right help at the right time.”

That's the best feedback any Catalyst customer could ever give about the program.

If you want your views on candidates and political issues to be heard, head over to BEHUM. And if you're interested in connecting with Neal and his team, let me know, and I'll make that happen.

-@JoshuaKrammes

Pages

Subscribe to business