funny

April 29, 2013

Web Development - Installing mod_security with OWASP

You want to secure your web application, but you don't know where to start. A number of open-source resources and modules exist, but that variety is more intimidating than it is liberating. If you're going to take the time to implement application security, you don't want to put your eggs in the wrong basket, so you wind up suffering from analysis paralysis as you compare all of the options. You want a powerful, flexible security solution that isn't overly complex, so to save you the headache of making the decision, I'll make it for you: Start with mod_security and OWASP.

ModSecurity (mod_security) is an open-source Apache module that acts as a web application firewall. It is used to help protect your server (and websites) from several methods of attack, most common being brute force. You can think of mod_security as an invisible layer that separates users and the content on your server, quietly monitoring HTTP traffic and other interactions. It's easy to understand and simple to implement.

The challenge is that without some advanced configuration, mod_security isn't very functional, and that advanced configuration can get complex pretty quickly. You need to determine and set additional rules so that mod_security knows how to respond when approached with a potential threat. That's where Open Web Application Security Project (OWASP) comes in. You can think of the OWASP as an enhanced core ruleset that the mod_security module will follow to prevent attacks on your server.

The process of getting started with mod_security and OWASP might seem like a lot of work, but it's actually quite simple. Let's look at the installation and configuration process in a CentOS environment. First, we want to install the dependencies that mod_security needs:

## Install the GCC compiler and mod_security dependencies ##
$ sudo yum install gcc make
$ sudo yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

Now that we have the dependencies in place, let's install mod_security. Unfortunately, there is no yum for mod_security because it is not a maintained package, so you'll have to install it directly from the source:

## Get mod_security from its source ##
$ cd /usr/src
$ git clone https://github.com/SpiderLabs/ModSecurity.git

Now that we have mod_security on our server, we'll install it:

## Install mod_security ##
$ cd ModSecurity
$ ./configure
$ make install

And we'll copy over the default mod_security configuration file into the necessary Apache directory:

## Copy configuration file ##
$ cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

We've got mod_security installed now, so we need to tell Apache about it ... It's no use having mod_security installed if our server doesn't know it's supposed to be using it:

## Apache configuration for mod_security ##
$ vi /etc/httpd/conf/httpd.conf

We'll need to load our Apache config file to include our dependencies (BEFORE the mod_security module) and the mod_security file module itself:

## Load dependencies ##
LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua5.1.so
## Load mod_security ##
LoadModule security2_module modules/mod_security2.so

We'll save our configuration changes and restart Apache:

## Restart Apache! ##
$ sudo /etc/init.d/httpd restart

As I mentioned at the top of this post, our installation of mod_security is good, but we want to enhance our ruleset with the help of OWASP. If you've made it this far, you won't have a problem following a similar process to install OWASP:

## OWASP ##
$ cd /etc/httpd/
$ git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
$ mv owasp-modsecurity-crs modsecurity-crs

Just like with mod_security, we'll set up our configuration file:

## OWASP configuration file ##
$ cd modsecurity-crs
$ cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Now we have mod_security and the OWASP core ruleset ready to go! The last step we need to take is to update the Apache config file to set up our basic ruleset:

## Apache configuration ##
$ vi /etc/httpd/conf/httpd.conf

We'll add an IfModule and point it to our new OWASP rule set at the end of the file:

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_config.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

And to complete the installation, we save the config file and restart Apache:

## Restart Apache! ##
$ sudo /etc/init.d/httpd restart

And we've got mod_security installed with the OWASP core ruleset! With this default installation, we're leveraging the rules the OWASP open source community has come up with, and we have the flexibility to tweak and enhance those rules as our needs dictate. If you have any questions about this installation or you have any other technical blog topics you'd like to hear from us about, please let us know!

-Cassandra

April 26, 2013

Catalyst at SXSW 2013: The Startups Speak

SoftLayer listens to customers. There's no marketing spin or fluff on that statement ... I'm a former client, so I can attest to that from a customer perspective and from an internal perspective. When I joined the company as part of the community development team to work with startups in Catalyst, I knew my role was going to be more relationship-based than project-oriented, and that was one of the most exciting aspects of the job for me.

In my last blog about mentorship and meaningfulness, you heard from George Karidis and Paul Ford about the vision to make Catalyst a part of the startup ecosystem, committing to helping participating teams with more than just their hosting needs. While we attended SXSW Interactive, I ran into a few of our phenomenal customers and had the opportunity to sit down with them and talk about their businesses, their connection to SoftLayer and what the future holds:

Over the next few weeks, we'll add video interviews to that YouTube playlist to show off all of the startups that stopped by the Catalyst Startup Lounge at SXSW 2013. When a new video is published, it'll be added to the embedded playlist above, and we'll send some social media shout-outs via Twitter and Facebook.

With SoftLayer's 7th birthday coming up on May 5, we still feel like a startup, and a lot of that has to do with how closely we work with our customers ... Their energy is contagious, and it only encourages us to keep innovating and building our platform for the future. That's why entrepreneurs like the ones you meet in these videos choose SoftLayer. The fact that we have better technology and provide a more powerful cloud infrastructure winds up being a fringe benefit.

A big "Thanks!" goes out to the folks from Epic Playground, Flowmio, Medved, Urbane, YouNoodle, KeenIO, Cloudability and Preferred Return for taking time out of their busy SXSW schedules to chat with me. We love you guys!

-@JoshuaKrammes

April 23, 2013

Server Challenge II: How SoftLayer Saves the World

SoftLayer made our way to San Francisco for another great year of digital marketing fun at ad:tech. This event is always a blast because it allows us trade show roadies to change up our usual dialogue and talk about SoftLayer in a unique way ... Instead of fielding technical questions about our platform, we get to talk about our cloud hosting solutions from a "big picture" perspective. This year, the bridge between those "big picture" discussions and the hardware and technical side of our business was the Server Challenge II.

This isn't the first time the advertising-focused crowd at ad:tech has seen the Server Challenge, but with the competition's new retro arcade game design, it was much more of a focal point this year than it has been in years past ... And it didn't hurt that we were in an awesome location right at the entrance of the expo floor:

Server Challenge II - ad:tech

Given the fact that most people who stopped at our booth were drawn to us as part of a crowd around the Server Challenge, the first question we heard was subtly different than the "What does SoftLayer do?" question we're used to answering at ad:tech. This year, most of my conversations started with an attendee asking, "What in the world does this game have to do with SoftLayer?" Luckily, the graphic on the front of the Server Challenge with three simple objectives provides a great outline for the competition's relevance to our business:

  1. Load the Data
  2. Connect the Network
  3. Save the World

1. Load the Data

Game Application: Insert all 24 of the drive trays into the drive bays of two Supermicro servers.
SoftLayer Significance: We have more than 100,000 Supermicro servers in our 13 data centers around the world. When you walk into one of our facilities in Dallas, Houston, Seattle, Washington, D.C., San Jose, Amsterdam or Singapore, you'll see racks filled with servers just like the ones in the Server Challenge II, and those servers are loaded up with the hard drives you choose when you order from us.

2. Connect the Network

Game Application: Connect the 18 network cables into the three network switches.
SoftLayer Significance: The three different colors of network cables are the same colors you'll see in our data centers. The red cables carry public network traffic, the blue cables carry private network traffic, and the green cables carry out-of-band management network traffic. This is a huge differentiator for SoftLayer because those three physical networks allow for much greater flexibility for our customers. While the public network is serving public traffic to your websites, games and apps, you could be running an off-site backup of your database over the private network (where you don't incur bandwidth charges), and you can manage your server over SSL, PPTP and IPSEC connections via the out-of-band management network carried by the green cables.

3. Save the World

Game Application: Win a MacBook Air!
SoftLayer Significance: SoftLayer provides the flexible, scalable platform on which you can build your application, run your game or push an advertising campaign. The fact that all of our servers are racked, networked and ready for your order means that we're ready to "Save the World" for you by provisioning on-demand bare metal cloud servers and virtual cloud computing instances.

At least four or five times per show, I hear attendees talking about how the Server Challenge is the most fun game at the conference (even at GDC ... where the entire expo hall is filled with gaming companies). While it draws crowds for being fun, the best part of the competition is that it helps us tell our story and creates memories at the same time. When Server Challenge competitors hear that their companies need a new server, they're going to have a flashback to stepping up to a SoftLayer server rack and learning what makes SoftLayer the best choice as a cloud hosting provider. With the crowds we see at every show, that means we've got a lot of future customers:

Server Challenge II - ad:tech

Thanks to all of the ad:tech attendees who took on the Server Challenge II this year. The show actually had one of the most dramatic conclusions of any we've ever had before! Yuki Matsumoto broke the one-minute mark early on Day 2 of the expo with his first attempt of the day, and John Li managed to squeak by him with a time of 0:58.05 less than five minutes before the show floor closed:

Yuki had one shot at redemption as the last competitor of the show, but he wasn't able to beat John's 58-second completion, so the MacBook Air went to John Li! Keep practicing your server-building skills and come look for SoftLayer (and the Server Challenge) in an expo hall near you!

-Summer

April 22, 2013

Going Global: How to Approach Expansion into Asia

Asia is an amazing place for business, but companies from outside the region often consider it mysterious and prohibitive. I find myself discussing Asian business customs and practices with business owners from other regions on an almost daily basis, so I feel like I've become an informal resource when it comes to helping SoftLayer customers better understand and enter the Asian markets. As the general manager for SoftLayer's APAC operations, I thought I'd share a few thoughts about what companies outside of Asia should consider when approaching new business in the region.

Before we get too far into the weeds, it's important to take a step back and understand the Asian culture and how it differs from the business cultures in the West. The Asian market is much more relational than the market in the United States or Europe; significant value is placed on the time you spend in the region building new networks and interacting with other your prospective customers and suppliers. Even for small purchases, businesses in Asia are much more comfortable with face-to-face agreements than they are with phone calls or emails. Many of the executives I speak to about entering Asia argue they don't have time to spend weeks and months in the region, and they make whistle-stop trips in various countries to get a snapshot of what they need to know to make informed decisions. Their businesses often fail at breaching the market because they don't invest the time and resources they need to create the relationships required to succeed. Books, blogs (even this one), consultants and occasional visits aren't nearly as important to your success as investing yourself in the culture. Even if you can't physically travel to your target market for some reason, find ways to plug into the community online and become a resource.

Asia is not homogenous. There are 20 distinct countries and cultures, dozens of languages and hundreds of dialects. There are distinct legal systems, currencies, regulatory frameworks and cultural norms. From a business perspective, that means that what you do to appeal to an audience in Singapore won't be as effective for an audience in Japan ... This is not the United States of Asia nor is there an Asian Union. Having partners in Hong Kong does not get you into China; if you want to access markets in China, you need to build relationships with partners and customers in China. One of the biggest reasons for this in-country presence to understand and avoid a "death by a thousand cuts" situation where minor, seemingly insignificant questions and problems cumulatively prevent a business from successfully entering the market. Take these questions from customers as an example:

  • When I buy from your office in Bangkok, where is the contract jurisdiction?
  • I'm in Hong Kong. Can I pay in Hong Kong Dollars? Who takes the currency risk?
  • Corporate credit cards aren't common in Vietnam. Can I pay for my online purchase in cash?
  • If I sign up for a webinar, is it at a time convenient for me (i.e. repeated for other time zones), or do I have to be at my PC at 3am?
  • If you invite me to a meeting on 12/4, is that April 12th, or December 4th?
  • When I print whitepapers from your website, do I need to resize to a different paper size?

The way you handle currencies, time zones and how you present information are barometers of how approachable your business is for users and businesses in a particular market. Most users won't reach out to you to ask those kinds of questions; they'll just move on to a competitor who answers their questions without them asking. You learn about these sticking points by having people on the ground and talking to potential customers and partners. Since globalization is "flattening" the World Wide Web, the mechanics of hosting a site, application or game in a data center in Singapore are identical to hosting the same content in Dallas. It's easy to make your data locally available and have infrastructure available in your target market, but that's only a start. You need to approach Asian countries as unique opportunities to redefine your business in a way that fits the culture of your potential customers and partners.

In my next blog, I plan to share a few best practices about management, responsiveness and responsibility, positioning, operations and marketing in Asia. These posts are intended to get you thinking about how your business can approach expanding into Asia smartly, and if you have any questions or want any advice about your business in particular, please feel free to email me directly: dwebb@softlayer.com.

-@darylwebb

April 16, 2013

iptables Tips and Tricks - Track Bandwidth with iptables

As I mentioned in my last post about CSF configuration in iptables, I'm working on a follow-up post about integrating CSF into cPanel, but I thought I'd inject a simple iptables use-case for bandwidth tracking. You probably think about iptables in terms of firewalls and security, but it also includes a great diagnostic tool for counting bandwidth for individual rules or set of rules. If you can block it, you can track it!

The best part about using iptables to track bandwidth is that the tracking is enabled by default. To see this feature in action, add the "-v" into the command:

[root@server ~]$ iptables -vnL
Chain INPUT (policy ACCEPT 2495 packets, 104K bytes)

The output includes counters for both the policies and the rules. To track the rules, you can create a new chain for tracking bandwidth:

[root@server ~]$ iptables -N tracking
[root@server ~]$ iptables -vnL
...
Chain tracking (0 references)
 pkts bytes target prot opt in out source           destination

Then you need to set up new rules to match the traffic that you wish to track. In this scenario, let's look at inbound http traffic on port 80:

[root@server ~]$ iptables -I INPUT -p tcp --dport 80 -j tracking
[root@server ~]$ iptables -vnL
Chain INPUT (policy ACCEPT 35111 packets, 1490K bytes)
 pkts bytes target prot opt in out source           destination
    0   0 tracking    tcp  --  *  *   0.0.0.0/0        0.0.0.0/0       tcp dpt:80

Now let's generate some traffic and check it again:

[root@server ~]$ iptables -vnL
Chain INPUT (policy ACCEPT 35216 packets, 1500K bytes)
 pkts bytes target prot opt in out source           destination
  101  9013 tracking    tcp  --  *  *   0.0.0.0/0        0.0.0.0/0       tcp dpt:80

You can see the packet and byte transfer amounts to track the INPUT — traffic to a destination port on your server. If you want track the amount of data that the server is generating, you'd look for OUTPUT from the source port on your server:

[root@server ~]$ iptables -I OUTPUT -p tcp --sport 80 -j tracking
[root@server ~]$ iptables -vnL
...
Chain OUTPUT (policy ACCEPT 26149 packets, 174M bytes)
 pkts bytes target prot opt in out source           destination
  488 3367K tracking    tcp  --  *  *   0.0.0.0/0        0.0.0.0/0       tcp spt:80

Now that we know how the tracking chain works, we can add in a few different layers to get even more information. That way you can keep your INPUT and OUTPUT chains looking clean.

[root@server ~]$ iptables –N tracking
[root@server ~]$ iptables –N tracking2
[root@server ~]$ iptables –I INPUT –j tracking
[root@server ~]$ iptables –I OUTPUT –j tracking
[root@server ~]$ iptables –A tracking –p tcp --dport 80 –j tracking2
[root@server ~]$ iptables –A tracking –p tcp --sport 80 –j tracking2
[root@server ~]$ iptables -vnL
 
Chain INPUT (policy ACCEPT 96265 packets, 4131K bytes)
 pkts bytes target prot opt in out source           destination
 4002  184K tracking    all  --  *  *   0.0.0.0/0        0.0.0.0/0
 
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source           destination
 
Chain OUTPUT (policy ACCEPT 33751 packets, 231M bytes)
 pkts bytes target prot opt in out source           destination
 1399 9068K tracking    all  --  *  *   0.0.0.0/0        0.0.0.0/0
 
Chain tracking (2 references)
 pkts bytes target prot opt in out source           destination
 1208 59626 tracking2   tcp  --  *  *   0.0.0.0/0        0.0.0.0/0       tcp dpt:80
  224 1643K tracking2   tcp  --  *  *   0.0.0.0/0        0.0.0.0/0       tcp spt:80
 
Chain tracking2 (2 references)
 pkts bytes target prot opt in out source           destination

Keep in mind that every time a packet passes through one of your rules, it will eat CPU cycles. Diverting all your traffic through 100 rules that track bandwidth may not be the best idea, so it's important to have an efficient ruleset. If your server has eight processor cores and tons of overhead available, that concern might be inconsequential, but if you're running lean, you could conceivably run into issues.

The easiest way to think about making efficient rulesets is to think about eating the largest slice of pie first. Understand iptables rule processing and put the rules that get more traffic higher in your list. Conversely, save the tiniest pieces of your pie for last. If you run all of your traffic by a rule that only applies to a tiny segment before you screen out larger segments, you're wasting processing power.

Another thing to keep in mind is that you do not need to specify a target (in our examples above, we established tracking and tracking2 as our targets). If you're used to each rule having a specific purpose of either blocking, allowing, or diverting traffic, this simple tidbit might seem revolutionary. For example, we could use this rule:

[root@server ~]$ iptables -A INPUT

If that seems a little bare to you, don't worry ... It is! The output will show that it is a rule that tracks all traffic in the chain at that point. We're appending the data to the end of the chain in this example ("-A") but we could also insert it ("-I") at the top of the chain instead. This command could be helpful if you are using a number of different chains and you want to see the exact volume of packets that are filtered at any given point. Additionally, this strategy could show how much traffic a potential rule would filter before you run it on your production system. Because having several of these kinds of commands can get a little messy, it's also helpful to add comments to help sort things out:

[root@server ~]$ iptables -A INPUT -m comment --comment "track all data"
 
[root@server ~]$ iptables -vnL
Chain INPUT (policy ACCEPT 11M packets, 5280M bytes)
 pkts bytes target prot opt in out source           destination
   98  9352        all  --  *  *   0.0.0.0/0        0.0.0.0/0       /* track all data */

Nothing terribly complicated about using iptables to count bandwidth, right? If you have iptables rulesets and you want to get a glimpse at how your traffic is being affected, this little trick could be useful. You can rely on the information iptables gives you about your bandwidth usage, and you won't be the only one ... cPanel actually uses iptables to track bandwidth.

-Mark

April 15, 2013

The Heart of SoftLayer: People

When I started working for SoftLayer as a software engineer intern, I was skeptical about the company's culture. I read many of the culture posts on the blog, and while they seemed genuine, I was still a little worried about what the work atmosphere would be for a lowly summer intern. Fast-forward almost a year, and I look back on my early concerns and laugh ... I learned quickly that the real heart of SoftLayer is its employees, and the day-to-day operations I observed in the office consistently reinforced that principle.

It's easy to think about SoftLayer as a pure technology company. We provide infrastructure as a service capabilities for businesses with on-demand provisioning and short-term contracts. Our data centers, portal, network and APIs get the spotlight, but those differentiators wouldn't exist without the teams of employees that keep improving them on a daily basis. By focusing on the company culture and making sure employees are being challenged (but not overwhelmed), SoftLayer was indirectly improving the infrastructure we provide to customers.

When I walked into the office for my first day of work, I imagined that I'd be working in a cramped, dimly lit room in the back of the building where I'd be using hand-me-down hardware. When I was led to a good-sized, well-lit room and given a Core i3 laptop with two large monitors and a full suite of software, I started realizing how silly my worries were. I had access to the fully stocked break room, and within about a week, I felt like part of a community rather than a stale workplace.

My coworkers not only made me feel welcome but would frequently go out of their way to make sure I am comfortable and have the resources I needed to succeed. While the sheer amount of new information and existing code was daunting, managers assigned projects that were possible to complete and educational. I was doing useful work building and improving a complex production system rather than the busy work offered by many other employers' internship programs. I learned several new techniques and solidified my understanding of software engineering theory through practice. The open-door policy and friendly people around me not only created a strong sense of community but also allowed more efficient problem solving.

You may have noticed early in this post that I joined the company on a summer internship and that I also told you it's been about a year since I started. While summers in Texas feel long, they don't actually last a full year ... After my internship, I was offered a part-time position as a software engineer, and I'm going to be full-time when I graduate in May.

It's next to impossible to find a company that realizes the importance of its employees and wants to provide an environment for employees to succeed. The undeniable runaway success of the company is proof that SoftLayer's approach to taking care of employees is working.

-John

April 12, 2013

Catalyst at SXSW 2013: Mentorship and Meaningfulness

In the Community Development group, our mission is simple: Create the industry's most substantially helpful startup program that assists participants in a MEANINGFUL way. Meaningfulness is a subjective goal, but when it comes to fueling new businesses, numbers and statistics can't tell the whole story. Sure, we could run Catalyst like some of the other startup programs in the infrastructure world and gauge our success off of the number of partners using the hosting credits we provide, but if we only focused on hosting credits, we'd be leaving a significant opportunity on the table.

SoftLayer is able to offer the entrepreneurial community so much more than cloud computing instances and powerful servers. As a startup ourselves not so long ago, our team knows all about the difficulties of being an entrepreneur, and now that we're able to give back to the startup community, we want to share battle stories and lessons learned. Mentorship is one of the most valuable commodities for entrepreneurs and business founders, and SoftLayer's mentors are in a unique position to provide feedback about everything from infrastructure planning to hiring your first employees to engaging with your board of advisors to negotiating better terms on a round of funding.

The Catalyst team engages in these kinds discussions with our clients every day, and we've had some pretty remarkable success. When we better understand a client's business, we can provide better feedback and insight into the infrastructure that will help that business succeed. In other words, we build meaningful relationships with our Catalyst clients, and as a result, those clients are able to more efficiently leverage the hosting credits we provide them.

The distinction between Catalyst and other startup programs in the hosting industry has never been so apparent than after South by Southwest (SXSW) in Austin this year. I had the opportunity to meet with entrepreneurs, investors, and industry experts who have been thirsting for a program like Catalyst for years, and when they hear about what we're doing, they know they've found their oasis. I had a chance to sit down with Paul Ford in the Catalyst Startup Lounge at SXSW to talk about the program and some of the insights and feedback we'd gotten at the show:

Paul was quick to point out that being a leader in the startup community has more impact when you provide the best technology and pair that with a team that can deliver for startups what they need: meaningful support.

Later, I had an impromptu coffee with one of the world's largest, most prestigious Silicon Valley-based venture capital firms — probably THE most respected venture capital firm in the world, actually. As we chatted about the firm's seed-funding practices, the investment partner told me, "There is no better insurance policy for an infrastructure company than what SoftLayer is doing to ensure success for its startup clients." And I thought that was a pretty telling insight.

That simple sentence drove home the point that success in a program like Catalyst is not guaranteed by a particular technology, no matter how innovative or industry-leading that technology may be. Success comes from creating value BEYOND that technology, and when I sat down with George Karidis, he shared a few insights how the Catalyst vision came to be along with how the program has evolved to what it is today:

Catalyst is special. The relationships we build with entrepreneurs are meaningful. We've made commitments to have the talented brainpower within our own walls to be accessible to the community already. After SXSW, I knew I didn't have to compare what we were doing from what other programs are doing because that would be like comparing apples and some other fruit that doesn't do nearly as much for you as apples do.

I was told once on the campaign trail for President Clinton in '96 that so long as you have a rock-solid strategy, you cannot be beaten if you continue to execute on that strategy. Execute, Execute, Execute. If you waiver and react to the competition, you're dead in the water. With that in mind, we're going to keep executing on our strategy of being available to our Catalyst clients and actively helping them solve their problems. The only question that remains is this:

How can we help you?

-@JoshuaKrammes

April 10, 2013

Plivo: Tech Partner Spotlight

We invite each of our featured SoftLayer Tech Marketplace Partners to contribute a guest post to the SoftLayer Blog, and this week, we're happy to welcome Mike Lauricella from Plivo. Plivo is an open communications and messaging platform with advanced features, simple APIs, easy management and volume pricing.

Company Website: http://www.plivo.com/
Tech Partners Marketplace: http://www.softlayer.com/marketplace/plivo

Bridging the Gap Between the Web and Telephony

Businesses face a fundamental challenge in the worlds of telephony and messaging: Those worlds move too slowly, require too much telecom knowledge and take too long to adopt. As a result, developers often forgo phone and SMS functionality in their applications because the learning curves are so steep, and the dated architecture seems like a foreign language. Over the last twenty years, the web has evolved a lot faster than telephony, and that momentum only widens the gap between the "old" telecom world and the "new" Internet world. Plivo was created to bridge that gap and make telephony easy for developers to understand and incorporate into their applications with simple tools and APIs.

I could bore you to tears by describing the ins and outs of what we've learned about telephony and telecom since Plivo was founded, but I'd rather show off some of the noteworthy ways our customers have incorporated Plivo in their own businesses. After all, seeing those real-world applications is much more revealing about what Plivo does than any description of the nuts and bolts of our platform, right?

Conferencing Solution
The purest use-cases for Plivo are when our customers can simply leverage powerful telephony functionality. A perfect example is a conferencing solution one of our customers created to host large-scale conferences with up to 200 participants. The company integrated the solution into their product and CRM so that sales reps and customers could jump on conference calls quickly. With that integration, the executive management team can keep track of all kinds of information about the calls ... whether they're looking to find which calls resulted in closed sales or they just want to see the average duration of a conference call for a given time frame.

Call Tracking
Beyond facilitate conference calls quickly and seamlessly, many businesses have started using Plivo's integration to incorporate call tracking statistics in their environments. Call tracking is big business because information about who called what number, when they called, how long they talked and the result of the call (sale, no sale, follow up) can determine whether the appropriate interaction has taken place with prospects or customers.

Two Factor Authentication
With ever-increasing concerns about security online, we've seen a huge uptick in developers that come to Plivo for help with two factor authentication for web services. To ensure that a new site registrant is a real person who has provided a valid phone number (to help cut down on potential fraud), they use Plivo to send text messages with verification codes to those new registrant.

Mass Alert Messaging
Because emergencies can happen at any time, our customers have enlisted Plivo's functionality to send out mass alerts via phone calls and SMS messages when their customers are affected by an issue and need to be contacted. These voice and text messages can be sent quickly and easily with our automated tools, and while no one ever wants to deal with an emergency, having a solid communication lifeline provides some peace of mind.

WebRTC
An emerging new standard for communications is WebRTC — open project that enables web browsers with Real-Time Communications (RTC) capabilities. WebRTC make communications a feature of the Web without plugins or complex SIP clients. Plivo already supports WebRTC, and even though the project is relatively young, it's already being used in some amazing applications.

These use-cases are only the tip of the iceberg when it comes to how our customers are innovating on our platform, but I hope it helps paint a picture of the kinds of functionality Plivo enables simply and quickly. If you've been itching to incorporate telephony into your application, before you spending hours of your life poring over complex telecom architecture requirements, head over to plivo.com to see how easy we can make your life. We offer free developer accounts where you can start to make calls to other Plivo users and other SIP endpoints immediately, and we'd love to chat with you about how you can leverage Plivo to make your applications communicate.

If you have any questions, feel free to drop us a note at hello@plivo.com, and we'll get back to you with answers.

-Mike Lauricella, Plivo

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
April 5, 2013

Server Challenge II Soliloquy: GDC 2013

This guest blog comes to us from one of the most popular members of the SoftLayer trade show team: The SoftLayer + Supermicro Server Challenge II. You've seen our coverage of conference attendees competing to win a MacBook Air, but you've never gotten the story from the Server Challenge's perspective ... until now. We secretly recorded the Server Challenge's introspective reflections on the competition at GDC 2013 to share with the world.

To compete, or not to compete, that is the question ... Or at least the question I see most conference attendees struggle with when they see me. Some people light up with excitement at the sight of me while others turn away in fear, and I've even noticed a few of them start shaking uncontrollably as they recount the years of toil they survived in data centers when they managed server hardware for a living. I don't take it personally, though ... which is fitting because I'm not a person.

I am just a simple server rack with an ambitious purpose. I was made to give conference attendees a tangible, server-related experience when they visit SoftLayer's booth, and I can humbly say that I've served that role faithfully and successfully. As attendees step up before me, they may have never touched a server in their lives, but by the time they finish their first attempt at the competition, that naivete is completely vanquished ... Some even spend hours asking questions and studying strategy about how to most effectively install drive trays and plug in network cables. In fact, I wouldn't be surprised if a few of the people reading this post are doing so in preparation for their next attempt.

When I was chosen as one of only a few server racks to don the Server Challenge II moniker, I knew my life would be difficult and dangerous. Luckily, I've been equipped with Supermicro servers that have proven to be even more resilient and durable than my creators would have hoped. While hard drive bays are designed to be hot-swappable, no one could have ever expected those bays would be swapped thousands of times by (often careless) conference attendees, but I haven't needed a single server to be replaced, and my hard drive trays have also held up remarkably well. As I was sleeping last night, I had a flashback to GDC in San Francisco:

It's dizzying to have flashbacks of time-lapse pictures, but those pictures painted a pretty accurate picture of what a single day of competition looks like for me. It's clear that I'm serving my purpose when I see crowds of attendees looking on as competitors set amazingly fast times. As I hear the conversations about strategies and techniques that might shave tenths or hundredths of seconds off the next attempt, I stand a little taller and play my 8-bit music a little louder.

I am the Server Challenge II ... Who's next?

-The Server Challenge II

April 1, 2013

SoftLayer Mobile: Now a Universal iOS Application

Last month, we put SoftLayer Mobile HD out to pasture. That iPad-specific application performed amazingly, and we got a lot of great feedback from our customers, so we doubled-down on our efforts to support iPad users by merging SoftLayer Mobile HD functionality with our standard SoftLayer Mobile app to provide a singular, universal application for all iOS devices.

By merging our two iOS applications into a single, universal app, we can provide better feature parity, maintain coherent architecture and increase code reuse and maintainability because we're only working with a single feature-rich binary app that provides a consistent user experience on the iPhone and the iPad at the same. Obviously, this meant we had to retool much of the legacy iPhone-specific SoftLayer Mobile app in order to provide the same device-specific functionality we had for the iPad in SoftLayer Mobile HD, but I was surprised at how straightforward that process ended up being. I thought I'd share a few of the resources iOS includes that simplify the process of creating a universal iOS application.

iOS supports development of universal applications via device-specific resource loading and device-specific runtime checks, and we leveraged those tools based on particular situations in our code base.

Device-specific resource loading allows iOS to choose the appropriate resource for the device being used. For example, if we have two different versions of an image called SoftLayerOnBlack.png to fit either an iPhone or an iPad, we simply call one SoftLayerOnBlack~iphone.png and call the other one SoftLayerOnBlack~ipad.png. With those two images in our application bundle, we let the system choose which image to use with a simple line of code:

UIImage* image = [UIImage imageNamed: @"SoftLayerOnBlack.png"];

In addition to device-specific resource loading, iOS also included device-specific runtime checks. With these runtime checks, we're able to create conditional code paths depending on the underlying device type:

if (UI_USER_INTERFACE_IDIOM() == UIUserInterfaceIdiomPad) {
    // The device is an iPad running iOS 3.2 or later.
} else {
    // The device is an iPhone or iPod touch.
}

These building blocks allow for a great deal of flexibility when it comes to creating a universal iOS application. Both techniques enable simple support based on what device is running the application, but they're used in subtly different ways. With those device-specific tools, developers are able to approach their universal applications in a couple of distinct ways:

Device-Dependent View Controller:
If we want users on the iPhone and iPad applications to have the same functionality but have the presentation tailored to their specific devices, we would create separate iPhone and iPad view controllers. For example, let's look at how our Object Storage browser appears on the iPhone and the iPad in SoftLayer Mobile:

Object Storage - iPhoneObject Storage - iPad

We want to take advantage of the additional real estate the iPad provides, so at runtime, the appropriate view controller is be selected based on the devices' UI context. The technique would look a little like this:

@implementation SLMenuController
...
 
- (void) navigateToStorageModule: (id) sender {
UIViewController<SLApplicationModule> *storageModule = nil;
    if (UI_USER_INTERFACE_IDIOM() == UIUserInterfaceIdiomPad) {
        storageModule = [SLStorageModule_iPad storageModule];
    } else {
        storageModule = [SLStorageModule storageModule];
    }
    [self navigateToModule: storageModule];
}
...
@end

"Universal" View Controller
In other situations, we didn't need for the viewing experience to differ between the iPhone and the iPad, so we used a single view controller for all devices. We don't compromise the user experience or presentation of data because the view controller either re-scales or reconfigures the layout at runtime based on screen size. Take a look at the "About" module on the iPhone and iPad:

About Module - iPhoneAbout Module - iPad

The code for the universal view controller of the "About" module looks something like this:

@implementation SLAboutModuleNavigationViewController
…
 
- (id) init {
    self = [super init];
    if (self) {
      _navigationHidden = YES;
_navigationWidth = [[UIScreen mainScreen] bounds].size.width * 0.5;
    }
    return self;
}@end

There are plenty of other iOS features and tricks in the universal SoftLayer Mobile app. If you've got a SoftLayer account and an iOS devices, download the app to try it out and let us know what you think. If you were a SoftLayer Mobile HD user, do you notice any significant changes in the new app from the legacy app?

-Pawel

P.S. If you're not on iOS but you still want some SoftLayer love on your mobile device, check out the other SoftLayer Mobile Apps on Android and Windows Phone.

Pages

Subscribe to funny