customer-service

July 16, 2014

Vyatta Gateway Appliance vs Vyatta Network OS

I hear this question almost daily: “What’s the difference between the Vyatta Network OS offered by SoftLayer and the SoftLayer Vyatta Gateway Appliance?” The honest answer is, from a software perspective, nothing. However from a deployment perspective, there are a couple fundamental differences.

Vyatta Network OS on the SoftLayer Platform

SoftLayer offers customers the ability to spin up different bare metal or virtual server configurations, and choose either the community or subscription edition of the Vyatta Network operating system. The server is deployed like any other host on the SoftLayer platform with a public and private interface placed in the VLANs selected while ordering. Once online, you can route traffic through the Vyatta Network server by changing the default gateway on your hosts to use the Vyatta Network server IP rather than the default gateway. You have the option to configure ingress and egress ACLs for your bare metal or virtual servers that route through the Vyatta Network server. The Vyatta Network server can also be configured as a VPN end point to terminate Internet Protocol Security (IPSEC), Generic Routing Encapsulation (GRE), or OpenSSL VPN connections, and securely connect to the SoftLayer Private Network. Sounds great right?

So, how is a Vyatta Network OS server different from a SoftLayer Vyatta Gateway Appliance?

A True Gateway

While it’s true that the Vyatta Gateway Appliance has the same functionality as a server running the Vyatta Network operating system, one of the primary differences is that the Vyatta Gateway Appliance is delivered as a true gateway. You may be asking yourself what that means. It means that the Vyatta Gateway Appliance is the only entry and exit point for traffic on VLANs you associate with it. When you place an order for the Vyatta Gateway Appliance and select your public and private VLANs, the Vyatta Gateway Appliance comes online with its native VLAN for its public and private interfaces in a transit VLAN. The VLANs you selected are trunked to the gateway appliance’s public and private interfaces via an 802.1q trunk setup on the server’s interface switch ports. These VLANs will show up in the customer portal as associated VLANs for the Vyatta Gateway Appliance.

This configuration allows SoftLayer to create an outside, unprotected interface (in the transit VLAN) and an inside, protected interface (on your bare metal server or virtual server VLAN). As part of the configuration, we set up SoftLayer routers to static route all IP space that belongs to the associated VLANs to the Vyatta Gateway Appliance transit VLAN IP address. The servers you have in a VLAN associated with gateway appliance can no longer use the SoftLayer default gateway to route in and out of the VLAN. All traffic must be filtered through the Gateway Appliance, making it a true gateway.

This differs from a server deployed with the Vyatta Network OS because hosts behind the Vyatta Network OS server can route around it by simply changing their default gateway back to the SoftLayer default gateway.

N-Tier Architecture

Another difference is that the gateway appliance gives customers the option to route multiple public and private VLANs in the same pod (delineated by an FCR/BCR pair) through the device. This allows you to use the gateway appliance to create granular segmentation between different VLANs within your environment, and set up a traditional tiered infrastructure environment with ingress and egress rules between the tiers.

A server running Vyatta Network OS cannot be configured this way. The Vyatta Network OS server is placed in a single public and private VLAN, and there is no option to associate different VLANs with the server.

I hope this helps clear up the confusion around Vyatta on the SoftLayer platform. As always, if you have any questions or concerns about any of SoftLayer’s products or services, the sales and sales engineering teams are happy to help.

-Kelly

July 14, 2014

London Just Got Cloudier—LON02 is LIVE!

Summer at SoftLayer is off to a great start. As of today, customers can order SoftLayer servers in our new London data center! This facility is SoftLayer's second data center in Europe (joining Amsterdam in the region), and it's one of the most anticipated facilities we've ever opened.

London is the second SoftLayer data center to go live this year, following last month's data center launch in Hong Kong. In January, IBM committed to investing $1.2 billion to expand our cloud footprint, and it's been humbling and thrilling at the same time to prepare for all of this growth. And this is just the beginning.

When it comes to the Europe, Middle East, and Africa region (EMEA), SoftLayer's largest customer base is in the U.K. For the last two and a half years I’ve been visiting London quite frequently, and I've met hundreds of customers who are ecstatic to finally have a SoftLayer data center in their own backyard. As such, I'm especially excited about this launch. With this data center launch, they get our global platform with a local address.

The SoftLayer Network

Customers with location-sensitive workloads can have their data reside within the U.K. Customers with infrastructure in Amsterdam can use London to add in-region redundancy to their environments. And businesses that target London's hyper-competitive markets can deliver unbelievable performance to their users. LON02 is fully integrated with the entire SoftLayer platform, so bare metal and virtual servers in the new data center are seamlessly connected to servers in every other SoftLayer data center around the world. As an example of what that means in practice, you can replicate or integrate data between servers in London and Amsterdam data centers with stunning transfer speeds. For free. You can run your databases on bare metal in London, keep backups in Amsterdam, spin up virtual servers in Asia and the U.S. And your end users get consistent, reliable performance—as though the servers were in the same rack. Try beating that!

London is a vibrant, dynamic, and invigorating city. It's consistently voted one of the best places for business in the region. It's considered a springboard for Europe, attracting more foreign investors than any other location in the region. A third of world’s largest companies are headquartered in London, and with our new data center, we're able to serve them even more directly. London is also the biggest tech hub in-region and the biggest incubator for technology startups and entrepreneurs in Europe. These cloud-native organizations have been pushing the frontiers of technology, building their businesses on our Internet-scale platform for years, so we're giving them an even bigger sandbox to play in. My colleagues from Catalyst, our startup program, have established solid partnerships with organizations such as Techstars, Seedcamp and Wayra UK, so (as you can imagine) this news is already making waves in the U.K. startup universe.

For me, London will always be the European capitol of marketing and advertising (and a strong contender for the top spot in the global market). In fact, two thirds of international advertising agencies have their European headquarters in London, and the city boasts the highest density of creative firms of any other city or region in the world. Because digital marketing and advertising use cases are some of the most demanding technological workloads, we're focused on meeting the needs of this market. These customers require speed, performance, and global reach, and we deliver. Can you imagine RTB (real-time-bidding) with network lag? An ad pool for multinationals that is accessible in one region, but not so much in another? A live HD digital broadcast to run on shared, low-I/O machines? Or a 3D graphic rendering based on a purely virtualized environment? Just thinking about those scenarios makes me cringe, and it reinforces my excitement for our new data center in London.

MobFox, a customer who happens to be the largest mobile ad platform in Europe and in the top five globally, shares my enthusiasm. MobFox operates more than 150 billion impressions per month for clients including Nike, Heineken, EA, eBay, BMW, Netflix, Expedia, and McDonalds (as a comparison I was told that Twitter does about 7 billion+ a month). Julian Zehetmayr, the brilliant 23-year-old CEO of MobFox, agreed that London is a key location for businesses operating in digital advertising space and expressed his excitement about the opportunity we’re bringing his company.

I could go on and on about why this news is soooo good. But instead, I'll let you experience it yourself. Order bare metal or virtual servers in London, and save $500 on your first month service.

Celebrate a cloudy summer in London!

-Michalina

July 1, 2014

The Cloud in 100 Years

Today’s cloud is still in its infancy, with less than 10 years under its belt, yet it has produced some of the most advanced products and solutions known to date. Cloud, in fact, has helped change how the world connects by making information, current events, and communication available globally, at the speed of light.

The Internet itself was born in the 1960s and in just 44 years, look at what it has accomplished! Websites like Google, Bing, and Yahoo provide up-to-the-second information that is reinventing and replacing the role dictionaries and encyclopedias once played. Facebook, Twitter, and Instagram are revolutionizing how most of the world communicates. WordPress, Tumblr, and bloggers give voices to many journalist and writers who were once only heard by few, if any. It is truly a new landscape today. Do you think when Herman Hollerith thought he invented the punch card in the 1890s that it would evolve data processing to “the cloud” in just 100 years? IBM 100 explains:

One could argue that the information age began with the punch card, and that data processing as a transformational technology began with its 1928 redesign by IBM. This thin piece of cardboard, with 80 columns of tiny rectangular holes made the world quantifiable. It allowed data to be recorded, stored, and analyzed. For nearly 50 years, it remained the primary vehicle for processing the essential facts and figures that comprised countless industries, in every corner of the globe. (IBM 100)

What about the future?

It’s obvious that predicting 10 decades into the future is a difficult task, but one thing is for sure, this cloud thing is just getting started.

  • What will we call it? The Internet/World Wide Web is now almost synonymous with the term cloud. I predict that in the next 20 years it will take on another name. Something even more nebulous than the cloud … maybe even “The Nebula.” Or … quite possibly, Skynet!
  • How will it be accessed? In 100 years, I think the more fitting question will be, “how will you hide from it?” Today, we are voluntarily connected with our smart phones. You can be found and contacted using varying mediums from a single, handheld device. FaceTime, WhatsApp, Skype, Tango … you name it. You can make video calls to people halfway around the world in seconds. If Moore’s law still applies in 100 years, our devices could potentially be 50 times smaller than what they are today.
  • Ultimate Control: Nanotechnology will have the ability to control the weather and not only determine if we will have rain but regulate it. Weather control could rid the world of drought and make uninhabitable areas of the world flourish.
  • Medicine: The term “antibiotics” will take on a whole new meaning for medicine in 100 years. Imagine instead of getting a shot of penicillin, you receive 50mL of microscopic robots that can attack the virus directly, from within. The robots then send a push notification to your ‘iPhone 47S’ notifying you that your flu bug has been located and irradiated and that you can press “OK” to send the final report to your physician. The Magic School Bus finally becomes a reality!

Without a doubt, cloud services will be everywhere in the future. The change is already taking place with early adopters and businesses. In the 10 years since the industry coined the term cloud, it’s become a birthplace for technology and industry disruptive behavior. This has caught the attention of the traditional IT organizations as a way to save capital, lower time to market, and increase research and development on their own products and services.

SoftLayer is dedicated to helping the transformation of mid-market and enterprise companies alike. We understand that the cloud is virtually making this world smaller as companies reach into markets that were once out of reach; which is why we’re in the process of doubling our data center footprint to reach those unreachable areas of the world. Don’t be surprised when we announce our first data center on the moon!

-Harold

Categories: 
June 30, 2014

OpenNebula 4.8: SoftLayer Integration

In the next month, the team of talented developers at C12G Labs will be rolling out OpenNebula 4.8, and in that release, they will be adding integration with SoftLayer! If you aren't familiar with OpenNebula, it's a full-featured open-source platform designed to bring simplicity to managing private and hybrid cloud environments. Using a combination of existing virtualization technologies with advanced features for multi-tenancy, automatic provisioning, and elasticity, OpenNebula is driven to meet the real needs of sysadmins and devops.

In OpenNebula 4.8, users can quickly and seamlessly provision and manage SoftLayer cloud infrastructure through OpenNebula's simple, flexible interface. From a single pane of glass, you can create virtual data center environments, configure and adjust cloud resources, and automatic execution and scaling of multi-tiered applications. If you don't want to leave the command line, you can access the same functionality from a powerful CLI tool or through the OpenNebula API.

When the C12G Labs team approached us with the opportunity to be featured in the next release of their platform, several folks from the office were happy to contribute their time to make the integration as seamless as possible. Some of our largest customers have already begun using OpenNebula to manage their hybrid cloud environments, so official support for the SoftLayer cloud in OpenNebula is a huge benefit to them (and to us). The result of this collaboration will be released under the Apache license, and as such, it will be freely available to the public.

To give you an idea of how easy OpenNebula is to use, they created an animated GIF to show the process of creating and powering down virtual machines, creating a server image, and managing account settings:

OpenNebula

We'd like to give a big shout-out to the C12G Labs team for all of the great work they've done on the newest version of OpenNebula, and we look forward to seeing how the platform continues to grow and improve in the future.

-@khazard

Categories: 
June 9, 2014

Visualizing a SoftLayer Billing Order

In my time spent as a data and object modeler, I’ve dealt with both good and bad examples of model visualization. As an IBMer through the Rational acquisition, I have been using modeling tools for a long time. I can appreciate a nice diagram shining a ray of light on an object structure, and abhor a behemoth spaghetti diagram.

When I started studying SoftLayer’s API documentation, I saw both the relational and hierarchical nature of SoftLayer’s concept model. The naming convention of API services and data types embodies their hierarchical structure. While reading about “relational properties” in data types, I thought it would be helpful to see diagrams showing relationships between services and data types versus clicking through reference pages. After all, diagramming data models is a valuable complement to verbal descriptions.

One way people can deal with complex data models is to digest them a little at a time. I can’t imagine a complete data model diagram of SoftLayer’s cloud offering, but I can try to visualize small portions of it. In this spirit, after reviewing article and blog entries on creating product orders using SoftLayer’s API, I drew an E-R diagram, using IBM Rational Software Architect, of basic order elements.

The diagram, Figure 1, should help people understand data entities involved in creating SoftLayer product orders and the relationships among the entities. In particular, IBM Business Partners implementing custom re-branded portals to support the ordering of SoftLayer resources will benefit from visualization of the data model. Picture this!

Figure 1. Diagram of the SoftLayer Billing Order

A user account can have many associated billing orders, which are composed of billing order items. Billing order items can contain multiple order containers that hold a product package. Each package can have several configurations including product item categories. They can be composed of product items with each item having several possible prices.

-Andrew

Andrew Hoppe, Ph.D., is a Worldwide Channel Solutions Architect for SoftLayer, an IBM Company.

June 5, 2014

Sysadmin Tips and Tricks - Understanding the 'Default Deny' Server Security Principle

In the desktop world, people tend to feel good about their system’s security when they have the latest anti-virus and anti-spyware installed and keep their applications up-to-date. Those of us who compute for a living know that this is nothing close to resembling a “secure” state. But it’s the best option for non-technical people at this time.

Servers, on the other hand, exist in a more hostile environment than desktop machines, which is why keeping them secure requires skilled professionals. This means not only doing things like keeping applications patched and up-to-date, but also grasping the underlying principles of system security. Doing that allows us to make informed and skillful decisions for our unique systems—because no one knows our servers as well as we do.

One very powerful concept is “Default Deny” (as in Deny by Default), by which means that "Everything, not explicitly permitted, is forbidden." What does this mean, and why is it important?

Let’s look at a simple example using file permissions. Let’s say you installed a CGI (Common Gateway Interface) application, such as some blog software, and you’re having trouble getting it to work. You’ve decided the problem is the permissions on the configuration file. In this case, user “rasto” is the owner of the file. You try chmodding it 755 and it works like this:

-rwxr-xr-x 1 rasto rasto 216 May 27 16:11 configuration.ini

Now that it works, you’re ready to move to your next project. But there’s a possible security problem here. As you can see, you have left the configuration file Readable and Executable by Other. There is almost certainly no reason for that because CGI scripts are typically run as the owner of the file. There is potentially no reason for users of the same group (or other random users of the system) to be able to Read this configuration file. After all, some configuration files contain database passwords. If I have access to another user on this system, I could simply “cat” the configuration file and get trivial access to your data!

So the trick is to find the least permissions required to run this script. With a little work, you may discover that it runs just fine with 700:

-rwx------ 1 rasto rasto 216 May 27 16:11 configuration.ini

By taking a little extra time, you have made your system much more secure. “Default Deny” means deny everything that is not explicitly required. The beautiful thing about this policy is that you can remove vulnerabilities that you neither comprehend nor even know about. Instead of making a list of “bad” things you essentially make a list of “good” things, and allow only those things to happen. You don’t even have to realize that someone could read the file because you’ve made it a policy to always allow the least amount of access possible to all things.

Another example might be to prune your php.ini to get rid of any expanded capabilities not required by PHP scripts running on your system. If a zero-day vulnerability arises in PHP that affects one of the things you’ve disallowed, it simply won’t affect you because you’ve disabled it by default.

Another scenario might be to remove packages from your system that are not being used. If someone tries to inject some Ruby code into your system, it won’t run without Ruby present. If you’re not using it, get rid of it, and it can’t be used against you.

Note: It’s very easy to be wrong about what is not being used on your system—you can definitely break things this way—I suggest a go-slow approach, particularly in regards to built-in packages.

The important thing is the concept. I hope you can see now why a Default Deny policy is a powerful tool to help keep your system more secure.

-Lee

June 3, 2014

My 5 Favorite Sublime Text 2 Plugins

I can’t believe that is was only a mere year ago since I learned of Sublime Text 2. I know, I know … where have I been? What kind of developer was I that I didn’t even know of Sublime Text? I’ll take the criticism, as I can honestly say it has been the best text editor I have ever used.

It’s extremely fast. I rarely wait for saves, uploads, or syntax highlighting, it keeps up with everything I do and allows me to develop directly from the keyboard. I hardly ever reach for my mouse!

It looks awesome. It has kind of retro-look for those developers who remember coding purely from the terminal or DOS. It really brings back memories.

It can be extended. Need some extra functionality that doesn’t come out-of-the-box? Sublime Text 2 has a range of available plugins that you can install to enhance your capabilities with this awesome text editor. In this blog, I’ll cover my top five favorite plugins of all time, what they do, and why they’re great!

1. BracketHighlighter

Many people believe that bracket highlighting should be a ready-made helper for developers of all languages. I agree on this point, however, at least Sublime Text 2 provides a plugin for this. It’s a very simple addition; it allows you to see if your opening brackets have an accompanying closing bracket. Many developers will tell you stories of these large and complex programs that consumed much of their time as they searched for one simple error … only to find that it was just a missing closing bracket.

In addition, it highlights opening and closing tags and quotes, for those of you who do a lot of HTML/XHTML, both bracket and tag settings are customizable.

For more details on the plugin check out the BracketHighlighter GitHub page.

2. DocBlockr

This is a neat plugin that speeds up and simplifies documentation. It supports PHP, Javascript, Java, Action Script, Objective C, C, C++, and Coffee Script.

By typing this:

/** (Press Enter)

The plugin automatically returns this:

/**
*
*/

Boom, the quickest way to document that I’ve ever seen.

In order to document your functions, just put it in your comment:

/** (Press Enter)
function myFunction(var1, var2) { }

And, it'll become:

/**
*[myFunction description]
* @param {[type]} var1 [description]
* @param {[type]} var2 [description]
* @param {[type]}
*/

function myFunction (var1, var2) { }

When you want to do variable documentation, the structure is similar:

/** (Press Enter)
myVar = 10

The plugin will fill out the documentation block like this:

/**
*[myVar description]
* @type {Number}
*/

Tell me that this isn’t nifty! If you want to try it out or just get a closer look at this plugin, head here.

3. Emmet (previously known as Zen Coding)

Unfortunately, I encountered some oddities when I tried to install Emmet with SublimeLinter, so I decided to disable the Linter in favor of Emmet to give it a spin. I absolutely love Emmet.

It provides a much more efficient way to code by providing what they call “abbreviations.” For example, if I want to create a div with an unordered list and one bullet point in it, Emmet lets me save myself a lot of time ... I can type this into Sublime:

div>ul>li

And press Control+E, and my code automatically turns into this:

<div>
    <ul>
        <li></li>
    </ul>
</div>

If I need to add multiple <li> tags, I can easily replicate them with a small addition:

div>ul>li*3

When I hit Control+E, voila! The unordered list structure is quickly generated:

<div>
    <ul>
        <li></li> 
        <li></li>
        <li></li>
    </ul>
</div>

That's just the tip of the iceberg when it comes to Emmet's functionality, and if you’re as impressed as I am, you should check out their site: http://docs.emmet.io/

4. SFTP

I think the title of the plugin says it all. It allows you to directly connect to your server and sync projects and files just by saving. You will never have to edit a file in a text editor, open your FTP client and upload the file again. Now, you can do it directly from Sublime Text 2.

When used in conjunction with Projects, you’ll find that you can easily save hours of time spent on remote uploading. By far, SFTP for Sublime Projects is one of the most essential plugins you’ll need for any project!

5. SideBarEnhancements

This is a small plugin that makes minor adjustments to the Files and Folders sidebar, providing a more intuitive interface. Though this doesn’t add much functionality, it can definitely speed things up. Take a look at the plugin on the SideBarEnhancements GitHub page

I hope this list of Sublime Text 2 plugins will enhance your capabilities and ease up your processes, as it has done for me. Give them a try and let me know what you think. Also, if you have a different favorite plugin, I’d love to hear about it.

-Cassandra

May 29, 2014

Startups and BBQ – The New Memphis

BB King. Elvis. Graceland. Jerry Lee Lewis. Beale Street. Cotton. Shipping. Martin Luther King. Civil Rights on the national stage. All of these things come to mind when you think of Memphis, Tennessee. You can now add one more to that list: Startups.

Yep. That’s right. Startups.

Memphis has a long history of economic success. From the early days of its settlement, it was a shipping and trading hub for the early United States thanks to the Mississippi River. It progressed into one of the world’s largest cotton producers, even having a cotton exchange similar to the stock exchange on Wall Street. As our country grew, so did Memphis’ value because of geographic location. Today, more than 60 percent of the U.S. population is within a one-day drive of Memphis. It has grown into a logistics hub and houses several North American railway companies, as well as FedEx.

What’s awesome to see on my second stop of our 2014 small-market tour, is that there is an undercurrent happening in Memphis that is shifting the landscape of the economic success of the region to technology. And it’s happening through the leadership of folks like Eric Mathews and Patrick Woods. Mathews heads up StartCo, a regional accelerator with 20 startups, all of which have come to Memphis to develop their companies. Woods is in charge of a very unique program, started by A>M Ventures that helps early stage companies get the right message out about their products, who they are, and where they are going.

Our team met Woods at SXSW in 2013. Over the past year, we have worked together to help Woods’ outreach efforts by building a bridge from Memphis to Silicon Valley and through other early stage startup communities. We connected with Mathews at SXSW this year through one of our strongest partners, the Global Accelerator Network. Mathews was very convincing. He not only showed me a startup community that was thriving, but he also fed me world-class BBQ at the same time.

Did somebody say BBQ? You don’t really have to ask @KelleyHilborn or me twice. Our Pavlovian response kicked in and we had our flights booked before you could flip a coin.

Last week marked the annual celebration of Memphis’ BBQ Fest – one of the largest festivals of its kind in the world. It also marked the first week for the StartCo teams, and we were there to welcome them with some SoftLayer Catalyst goodness (as a side to that BBQ).

We met with all of the teams and were greeted by folks from all over the world. Teams from NYC, Europe, Silicon Valley, and even local Memphis were made up of entrepreneurs who were eager to hear about Catalyst and how we could connect them to our community. From big data companies, to analytics companies and even a company that manufactures a chip for your dog, these teams definitely have the smarts and character to disrupt and succeed.

Our office and mentor hours provided us a strong foundation to connect with the startups one-on-one. BBQ Fest and events with A>M Ventures, StartCo, and our friends from Keen.io gave us an opportunity to spend two full days with the entrepreneurs, getting a higher sense of where they hoped to take their businesses.

The teams in Memphis are just as hungry, innovative, capable, and smart as any we work with in our startup ecosystems around the world. What we loved most about our time in Memphis was how welcoming the local leaders were, and further how open-minded they are to making a positive impact on this world. The leadership that is building this tech ecosystem from the ground up is doing so in an open, communal, and giving way, which all tech ecosystems need to be built upon.

Because of this philosophy, they are ensuring their success. They’re creating a community based on collaboration and mutual success. It reminds me of cities like Boulder and Portland. These cities were built on the same principles, and they enjoy greater success than many other larger markets.

And SoftLayer was there at the beginning. We’re excited to watch this ecosystem grow, and to continue collaborating to help support people like Mathews, Woods and many others in Memphis who see the forest through the trees.

Next stop on the small market express…Kelowna, British Columbia. Our very own @gkdog will be delivering a keynote and sitting on a panel, instilling our community and strategic philosophies on his home Canadian turf.

-@JoshuaKrammes

May 20, 2014

The Next Next

Last month in Europe, I had a chance to participate is some interesting discussions at The Next Web (TNW) Europe and NEXT Berlin conferences. The discussions centered around where we are on the curve of technology development, what the scene looks like now, and what the future holds. TNW Europe inspired me to share my thoughts here on the topic of inevitable market evolution, in particular which aspects will be instrumental in this progress and the empowering phenomenon of embracing the possibility to fail and change.

Attending NEXT Berlin boosted my confidence about those conclusions and motivated me to write a few words of a follow up. Connected cars, or “new mobility,” Internet of Things, smart houses, e-health, and digitalized personal medicine, application of cloud and big data in various industries from automotive, to home appliances, to army, and to FMCG, all are proof that the world is changing at a stunning pace. And all that is fueled by the evolution of organizations and how they set up their IT, hosting strategies and environments.

The most invigorating talk, in my opinion, at NEXT Berlin was given by Peter Hinssen. His keynote on The New Normal gave the audience a couple solid “ah” and “ha” moments. Here are some of the highlights I took away from the talk:

  • Technology is not only relevant to (almost) every aspect of our lives; it is in fact obvious, if not commoditized. Digital is present everywhere, from grocery shopping, to stopping at traffic lights, to visiting a dentist office, to jogging, to going to the movies, to sharing holidays greetings with our friends, to drinking fresh water from our taps, and so on. Technology we use privately usually surpasses what we use at work. The moment we receive access to something new, we immediately expect that to be working seamlessly and we get irritated if it doesn’t (think: national coverage of LTE, Wi-Fi available on board of aircrafts, streamed HD on-demand television, battery life of smart devices). We take technology for granted, not because we’re arrogant, but because it is omnipresent.
  • Information and technology are becoming equally available to all, leveling the landscape and helping organizations stay ahead and constantly re-invent themselves. Access to data and new tools is no longer a privilege and luxury that only the biggest fish can afford. Nowadays, thanks to an expansive spectrum of as-a-service offerings, every organization can get an insight of their buyers’ attitudes and behaviors and change accordingly to gain competitive advantage. Those who resist to constantly remodel the way they operate and serve the market, will be quickly outrun by dozens of those who understand the value of being agile.
  • Organizations and markets run on two different clocks: one is internal, the other is external, and very often they are unsynchronized. The bigger the gap between the clocks, the less chance for that organizations survival. People learn new technologies very fast and become their users faster in private than professional space. Legacy processes, miscommunication, misperception, and sometimes ignorance overshadow the reality that the progress is on a slower lane when it comes to business. The development is unstoppable and it keeps on becoming more complex and more intense. Not to fall behind, organization need to become ‘fluid’ to respond real-time to those flux conditions.
  • Society and markets are operating as networks. In order to serve them efficiently, businesses need to reorganize their structures to operate as networks. With the dominance of social, the typical organizational hierarchy is detached from buyer’s mentality. In our private lives, we trust more of our peers, we give more credibility to influencers who have solid network of followers, and best ideas are fueled by different, unrelated sources. Applying the same principles to professional environments, restructuring the organizational chart from top-down reporting lines to more of a network topography, hence going beyond traditional divisions, silos, and clusters, will boost the internal creativity and innovation.
  • Information is not a pool with a fixed option to “read” and “write “anymore. It is actually fluid and should be seen more as a river with infinite number of branches and customers sitting at the heart of each cluster. It is not an organization who decides what and when is being said and known. The discretion belongs to users and buyers, who share widely their insights, reviews, likes, and opinions and whose recommendations—either coming from an individual or in an aggregated form—are much more powerful. At the same time that set of information is not static, but dynamic. Organizations should respect, embrace, and adapt actively to that flow.

Peter claims we’re probably not even half way down the S curve of that transformation. Being part of it, seeing those disruptive organizations grow on our platform, having a chance to talk to so many smart people from all over the world who shape the nowadays societies and redefine businesses, is one of the most thrilling aspects of working for SoftLayer. Even if my grandma still associates cloud with weather conditions, I know my kids will be all “no way” once I tell them a story of how we were changing the world.

Wondering what will be the age test for them…

- Michalina

May 8, 2014

SoftLayer Security: Questions and Answers

When I talk to IBM Business Partners about SoftLayer, one of the most important topics of discussion is security. We ask businesses to trust SoftLayer with their business-critical data, so it’s important that SoftLayer’s physical and network security is as transparent and understandable as possible.

After going through the notes I’ve taken in many of these client meetings, I pulled out the ten most frequently asked questions about security, and I’ve compiled answers.

Q1: How is SoftLayer secured? What security measures does SoftLayer have in place to ensure my workloads are safe?

A: This “big picture” question is the most common security-related question I’ve heard. SoftLayer’s approach to security involves several distinct layers, so it’s tough to generalize every aspect in a single response. Here are some of the highlights:

  • SoftLayer’s security management is aligned with U.S. government standards based on NIST 800-53 framework, a catalog of security and privacy controls defined for U.S. federal government information systems. SoftLayer maintains SOC 2 Type II reporting compliance for every data center. SOC 2 reports are audits against controls covering security, availability, and process integrity. SoftLayer’s data centers are also monitored 24x7 for both network and on-site security.
  • Security is maintained through automation (less likely for human error) and audit controls. Server room access is limited to authorized employees only, and every location is protected against physical intrusion.
  • Customers can create a multi-layer security architecture to suit their needs. SoftLayer offers several on-demand server and network security devices, such as firewalls and gateway appliances.
  • SoftLayer integrates three distinct network topologies for each physical or virtual server and offers security solutions for systems, applications, and data as well. Each customer has one or many VLANs in each data center facility, and only users and servers the customer authorizes can access servers in those VLANs.
  • SoftLayer offers single-tenant resources, so customers have complete control and transparency into their servers.

Q2: Does SoftLayer destroy my data when I’ve de-provisioned a compute resource?

A: Yes. When a customer cancels any physical or virtual server, all data is erased using Department of Defense (DoD) 5220.22-m standards.

Q3: How does SoftLayer protect my servers against distributed denial of service (DDoS) attacks?

A: A SoftLayer Network Operations Center (NOC) team monitors network performance and security 24x7. Automated DDoS mitigation controls are in place should a DDoS attack occur.

It’s important to clarify here that the primary objective of this DDoS mitigation is to maintain performance integrity of the overall cloud infrastructure. With that in mind, SoftLayer can’t stop a customer from being attacked, but it can shield the customer (and any other customers in the same network) from the effects of the attack. If necessary, SoftLayer will remove the target from the public network for periods of time and null-routes incoming connections. Because of SoftLayer’s three-tiered network architecture, a customer would still have access to the targeted system via the private network.

Q4: How is communication segmented from other tenants using SoftLayer?

A: SoftLayer utilizes industry standard VLANs and switch access control lists (ACLs) to segment customer environments. Customers have the ability to add and manage their own VLANs, providing additional security even inside their own accounts. ACLs are configured to permit or deny any specified network packet (data) to be directed along a switch.

Q5: How is my data kept private? How can I confirm that SoftLayer can’t read my confidential data?

A: This question is common customers who deal with sensitive workloads such as HIPAA-protected documentation, employee records, case files, and so on.

SoftLayer customers are encouraged to deploy a gateway device (e.g. Vyatta appliance) on which they can configure encryption protocols. Because the gateway device is the first hop into SoftLayer’s network, it provides an encrypted tunnel to traverse the VLANs that reside on SoftLayer. When securing compute and storage resources, customers can deploy single tenant dedicated storage devices to establish isolated workloads, and they can even encrypt their hard drives from the OS level to protect data at rest. Encrypting the hard drive helps safeguard data even if SoftLayer were to replace a drive or something similar.

Q6: Does SoftLayer track and log customer environments?

A: Yes. SoftLayer audits and tracks all user activity in our customer portal. Some examples of what is tracked include:

  • User access, both failed and authenticated attempts (destination IP is shown on a report)
  • Compute resources users deploy or cancel
  • APIs for each call (who called the API, the API call and function, etc.)
  • Intrusion Protection and Detection services that observe traffic to customer hosts
  • Additionally, customers have root access to operating systems on their servers, so they can implement additional logging of their own.

Q7: Can I disable access to some of my users through the customer portal?

A: Yes. SoftLayer has very granular ACLs. User entitlements are segmented into different categories, including Support, Security, and Hardware. SoftLayer also gives customers the ability to limit access to public and private networks. Customers can even limit user access to specific bare metal or virtual server.

Q8: Does SoftLayer patch my operating system?

A: For unmanaged cloud servers, no. Once the updated operating system is deployed on a customer’s server, SoftLayer doesn’t touch it.

If you want help with that hands-on server administration, SoftLayer offers managed hosting. In a managed hosting environment, Technical Account Managers (TAMs) are assigned as focal points for customer requests and issues. TAMs help with reports and trending data that provide recommendations to mitigate potential issues (including OS patching).

Q9: Is SoftLayer suited to run HIPAA workloads?

A: Yes. SoftLayer has a number of customers running HIPAA workloads on both bare metal and single-tenant virtual servers. A Business Associate Agreement (BAA), signed by SoftLayer and the customers, clearly define the shared responsibilities for data security: SoftLayer is solely responsible for the security of the physical data center, along with the SoftLayer-provided infrastructure.

Q10: Can SoftLayer run government workloads? Does SoftLayer use the FISMA standards?

A: The Federal Information Security Management Act (FISMA) defines a framework for managing information security that must be followed for all federal information systems. Some state institutions don’t require FISMA, but look to cloud hosting companies to be aligned to the FIMSA guidelines.

Today, two SoftLayer data centers are audited to the FISMA standards – Dallas (DAL05) and Washington, D.C. (WDC01). Customers looking for the FISMA standard can deploy their workloads in those data centers. Future plans include having data centers that comply with more stringent FedRAMP requests.

For additional information, I highly recommend the on-demand SoftLayer Fundamentals session, “Keep safe – securing your SoftLayer virtual instance.” Also, check out Allan Tate’s Thoughts on Cloud blog, “HIPAA and cloud computing: What you need to know” for more on how SoftLayer handles HIPPA-related workloads.

-Darrel Haswell

Darrel Haswell is a Worldwide Channel Solutions Architect for SoftLayer, an IBM Company.

Pages

Subscribe to customer-service