startup-series

September 22, 2014

Becoming a SLayer in Hong Kong

When I came on board at SoftLayer, the company was at the beginning of a growth period. IBM had just invested $1.2 billion to build 15 new data centers all over the world including one in Hong Kong—I was excited to get to work there!

Before I joined the Hong Kong data center’s Go Live Team as a server build tech, I went through a lengthy interview process. At the time, I was working for a multinational bank. But after the Chinese New Year, something inside me said it was time to take on a new challenge. Many people in Chinese cities look for new opportunities around the New Year; they believe it will give them luck and fortune.

After much anticipation (and interviews and paperwork), my first day was finally here. When I arrived at the SoftLayer data center, I walked through glass security doors and was met by Jesse Arnold, SoftLayer’s Hong Kong site manager; Russell Mcguire, SoftLayer’s Go Live Team leader whom I met during my interview process; and Shahzad, my colleague who was also starting work that day.

Shahzad and I felt very welcomed and were excited to be joining the team. During our first-day tour, I took a deep breath and said to myself, “You can do this Ying! This is transition, and we never stop learning new things in life.” Learning new things can be challenging. It involves mental, physical, and emotional strength.

Inside the Data Center: Building Racks!

When our team began to build racks and work with cables it was uncharted, but not totally unfamiliar territory for me. For a time, I worked as a seafarer cadet electrician on a container ship. I have worked with cables, electric motors, and generators before—it was just in the middle of the ocean. So, needless to say I know cables, but SFP cables were new. With the help of my colleagues and the power of the Internet, I was on my way and cabling the data center in no time.

When we build a server, we check everything: the motherboard, processors, RAM, hard drives, and most importantly, OS compatibility. After learning those basics, I started to look at it like a big puzzle that I needed to solve.

Inside the Data Center: Strong Communication!

That wasn’t the only challenge. In order to do my job successfully and adhere to data center build procedures, I had to learn the best way to communicate with my colleagues.

In the data center, our team must relay messages precisely and provide all the details to ensure every step in the build-out process is done correctly. Jesse constantly reminds us what is important: communication, communication, communication. He always repeats it three times to emphasize it as a golden rule. To me, this is one sign of a successful leader. I’m glad Jesse has put a focus on communication because it is helping me learn what makes a good leader and SLayer.

Inside the Data Center: Job Satisfaction!

I am so happy to be working at SoftLayer. All the new challenges I’ve been faced with remind me of Nike’s slogan: Just Do It! And our young team is doing just that. We work six days a week for 14 hours a day. And for all of that time, I use my mental and physical strength to tackle my new job.

I’ve learned so much and am excited to expand the knowledge base I already have, so I can be a stronger asset to the SoftLayer team.

I consider myself a SLayer that is still-in-training because there is more to being a SLayer than just building racks. SLayers are the dedicated people that work at SoftLayer, and they’re my colleagues. As my training continues, I look forward to learning more and to continue gaining more skills. I don't want to get old without learning new things!

For all our readers in Asia below you will find the blog in Mandarin translation!

在我刚刚来到SoftLayer的时候,它正处于发展的初级阶段。那时候,IBM公司正投资了120万在世界各地建立数据中心,其中一个在香港。我非常荣幸我可以在这里工作!

在我加入香港数据中心——Go Live Team,成为一个服务器构建技术员以前,我经历了一个很长的面试过程。当时,我正在为一家跨国银行工作。然而,中国农历新年以后,我的内心告诉我,是时候要迎接新的挑战了。很多中国人在新年的时候寻求新的工作机会,他们相信,这会给他们带来好运和财富。

经过一番前期工作(还有采访和文书工作),我终于迎来了新的第一天。当我来到SoftLayer数据中心的时候,我穿过玻璃安全门,见到了SoftLayer香港站的经理——Jesse Arnold,我曾经采访时遇到的SoftLayer里Go Live Team的组长——Russell Mcguire,还有Shahzad,和我一样第一天开始工作的同事。

Shahzad和我都觉得非常的开心和兴奋能够加入这个组。在我们第一天工作的时候,我深深地吸了一口气,对自己说:你可以做到!这是一个进步的过程。我们从不会停止学习新的东西。学习新的东西是很有挑战性的,它包含了心理、身体和精神的力量。

在数据中心里面:建筑架!
当我们的团队开始构建建筑架和电缆的时候,它们都是新的东西。但不是完全不熟悉它们。以前,我的工作是在集装箱船的海员电工。那时候我的工作和电缆、发动机、发电机打交道,虽然它们都只是在海里,但是,我很确定我了解电缆,我很容易的上手了数据中心的工作。

当我们建立一个服务器的时候,我们得检查每一样东西:主板、处理器、内存、硬盘,还有最重要的,操作系统的兼容性。了解了这些基本的东西以后,我把它当做一个摆在面前的难题,认真地对待。

在数据中心里面:很强的沟通能力!
这并不是唯一的挑战。为了成功地做好我的工作,在建立数据中心的过程中,我必须学会用最佳方式和我的同事沟通。

在数据中心,我们的的团队必须精确地传送信息,并提供所有的细节,以确保扩建过程中每一个步骤正确地完成。Jesse不断地提醒我们,沟通交流是非常重要的。他强调沟通是黄金规则。对我来说,这是一个成功领导者的标志之一。我很高兴Jesse已经把重点放在沟通作为重点,因为它帮助我学习,什么是一名优秀的领导者。

在数据中心里面:工作满意度!
我很高兴可以在SoftLayer工作。面对所以新的挑战,我都度自己说:放手去做!我们年轻的团队都在努力。我们每周工作六天,每天14小时。那段时间内,我把我所有的精力都投入到了我的新工作中。

我从我的经历中学到了很多,增长了很多知识。所以我可以说,我给SoftLayer团队带来了价值。

我把自己当做一个让在学习进步的技术员,因为一个技术员不仅仅要会构架。精英是在SoftLayer执着工作的人们,他们是我的同事。由于我正处于训练学习阶段,我期待学习更多知识和技能。活到老,学到老!

- Ying

September 18, 2014

The Cloud Doesn't Bite, Part III

Why it's OK to be a server-hugger—a cloud server hugger.

(This is the final post in a three-part series. Read the first and second posts here.)

By now, you probably understand the cloud enough to know what it is and does. Maybe it's something you've even considered for your own business. But you're still not sold. You still have nagging concerns. You still have questions that you wish you could ask, but you're pretty sure no cloud company would dignify those questions with an honest, legitimate response.

Well we’re a cloud company, and we’ll answer those questions.

Inspired by a highly illuminating (!) thread on Slashdot about the video embedded below, we've noticed that some of you aren't ready to get your head caught up in the cloud just yet. And that's cool. But let's see if maybe we can put a few of those fears to rest right now.

“[The] reason that companies are hesitant to commit all of their IT to the cloud [relates to] keeping control. It's not about jobs, it's about being sure that critical services are available when you need them. Whenever you see ‘in the CLOUD!’, mentally replace it with ‘using someone else's server’—all of a sudden it looks a whole lot less appealing. Yes, you gain some flexibility, but you lose a LOT of control. I like my data to not be in the hands of someone else. If I don't control the actual machine that has my data on it, then I don't control the data.”

You guys are control FREAKS! And rightfully so. But some of us actually don't take that away from you. Believe it or not, we make it easier for you.

In fact, sometimes you even get to manage your own infrastructure—and that means you can do anything an employee can do. You'll probably even get so good at it that you'll wonder why we don't pay you.

But it doesn't stop at mere management. Oh, no, no, no, friends. You can even take it one further and build, manage, and have total control over your very own private cloud of virtual servers. Yes, yours, and yours only. Now announcing you, the shot caller.

The point is, you don't lose control over your data in the cloud. None. 'Cause cloud companies don't play like that.

“The first rule of computer security is physical access, which is impossible with cloud services, which means they are inherently insecure.”

Curious. So since you can't physically touch your money in your bank account, does that mean it's a free-for-all on your savings? Let us know; we'll bring buckets.

“These cloud guys always forget to mention one glaring problem with their model— they're not adding any new software to the picture.”

Ready for us to blow your minds? We're actually adding software all the time; you just don't see it—but you do feel it.

Your friendly Infrastructure as a Service (IaaS) providers out there are doing a lot of development behind the scenes. An internal software update might let us deploy servers 10 minutes faster, for example. You won't see that, but that doesn't mean it's not happening. If you're happy with your servers, then rest assured you're seeing some sweet software in action. Some cloud companies aren't exclusively focused on software (think Salesforce), but that doesn't mean the software is dial-up grade.

“I personally don't trust the cloud. Think about it for a moment. You are putting your data on a server, and you have no clue as to where it is. You have no clue about who else is able to see that data, and you have no clue about who is watching as you access your data and probably no clue if that server is up to date on security patches.”

Just ask. Simply ask all these questions, and you'd have all these answers. Not to be cheeky, but all of this is information you can and do have a right to know before you commit to anything. We're not sure what makes you think you don't, but you do. Your own due diligence on behalf of your data makes that a necessity, not a luxury.

“As long as I'm accountable, I want the hardware and software under my control. That way when something goes wrong and my boss calls and asks 'WTF?', I can give him something more than ’Well I called Amazon and left a message with our account representative.’"

We can't speak for Amazon, but cloud companies often offer multiple ways you can get a hold of a real, live person because we get that you want to talk to us, like, yesterday. Yes, we totally get you. And we want to fix whatever ails you. In the cloud, that is.

But what makes you think we won't know when something goes wrong before you do? (Checkmate.)

“No matter how much marketing jargon you spew at people, ‘the cloud’ is still just a bunch of servers. Stop lying.”

Why yes, yes, it is. Who's lying to you about that? You're right. "They" should stop lying.

The concept of "the cloud" is simply about where the servers are located and how you consume computing, storage, and networking resources. In "the cloud," your servers are accessed remotely via a network connection (often the Internet, for most of the clouds you know and love) as opposed to being locally accessed while housed in a server room or physical location on the company premises. Your premises, as in wherever you are while performing your computing functions. But no one's trying to pull the wool over your eyes with that one.

Think about it this way: If servers at your location are "on the ground," then servers away from your location can be considered "in the cloud." And that's all there is to it.

Did we help? Did we clear the cloudy haze? We certainly hope so.

But this is just the beginning, and our door is always open for you to question, criticize, and wax philosophical with us when it comes to all things cloud. So get at us. You can chat with us live via our homepage, message us or post up on Facebook, or sling a tweet at a SLayer. We've got real, live people manning their stations. Consider the gauntlet thrown.

-Fayza

September 17, 2014

SoftLayer Asia Roadshow Kick-starts its 5 City Tour

To help developers understand the benefits of the cloud and how to make their business scalable with the Softlayer environment, SoftLayer, in partnership with e27, is excited to announce the SoftLayer Asia Roadshow. The roadshow will stop in five cities:

  • Kuala Lumpur, Malaysia — October 1, 2014
  • Jakarta, Indonesia — October 3, 2014
  • Hong Kong — October 8, 2014
  • Bangkok, Thailand — October 10, 2014
  • Singapore — October 15, 2014

Designed as a half-day workshop with SoftLayer product and technical mentors, attendees will interact with instructors on how SoftLayer solutions scale and perform the way they do. The team will also take you through real business cases of how technical teams improved their performances in industries such as e-commerce, social media, and mobile gaming.

What you can expect at the workshop:

  • Practical and technical advice that you can apply immediately to help resolve trouble spots and improve performance in your organization’s IT environment
  • Learn how SoftLayer servers are provisioned so that you can build your own public and private node virtual servers
  • Learn and leverage SoftLayer Application Programming Interface (API) to interact with your account, products, and services

Who you will meet:

SoftLayer Road Show

Interested?

If you are a startup, developer, or an entrepreneur looking to hone your cloud skills then this workshop is for you. Since there are limited seats in each location, visit www.e27.co/softlayer to register, and the team will get back to you.

-Namrata

September 16, 2014

CSS3 Tips and Tricks – Generated Content Without jQuery

If you guys have read any of my past blogs, you know how much I LOVE jQuery, but every good developer knows that if there’s an easier or more efficient way of doing something: DO IT. With all the new developments with CSS3, HTML5, etc. etc., sometimes we have to get back to basics to relearn how to do things more efficiently, so here it goes!

Nearly every website has some form of 2.0/dynamic/generated content nowadays, and if your site doesn’t… well, it probably should catch up! I’ll show you how with some new CSS tricks and how it can reduce a lot of overhead of including the entire jQuery library (which would save you approximately 84kb per page load, assuming you have no other asynchronous/client side functionality you need).

I’ll start off with an easy example, since I know most of you take these examples and let your creativity run wild for your own projects. (Note to self: start a “Code Gone Wild” series.)

Usually this is the part where I say “First, let’s include the jQuery library as always.” Not this time, let’s break the rules!

FIRST, start off your document like any other (with the basic structure, set your DOCTYPE appropriately, i.e. strict vs transitional):

<!DOCTYPE html>
<html>
<head>
</head>
<body>
</body>
</html>

Wow, you can already tell this generated content’s going to be a TON easier than using jQuery (for those of you whom aren’t already jQuery fans).

Now let’s add in a div there; every time we hover over that div, we’re going to display our generated content with CSS. Inside of our div, we’re going to place a simple span, like so:

<!DOCTYPE html>
<html>
<head>
</head>
<body>
     <div class=”slisawesome”>
          <span data-title="Hello Cassandra!">What’s my name?</span>
     </div>
</body>
</html>

As you can see, the span content contains a simple question and the data-title attribute contains the answer to that question.

Now let’s just make this div a little bit prettier before we get into the fancy stuff.

Add some style to the <head> section of our document:

<style>
     .slisawesome  {
          /* Will TOTALLY be making another blog about the cool CSS gradients soon */
          background:linear-gradient(to bottom, #8dd2d9 , #58c0c7);
          padding: 20px;  /* give the box some room to breathe */
          width: 125px;  /* give it a fixed width since we know how wide it should be  */
          margin: 100px auto;  /* move it away from the top of the screen AND center it */
          border: 1px solid black;  /* this is just a little border */
          position: relative;  /* this is to help with our generated content positioning */
     }
</style>

Now you should have something that looks like this:

This is good; this is what you should have. Now let’s make the magic happen and add the rest of our CSS3:

<style>
     .slisawesome  {
          /* Will TOTALLY be making another blog about the cool CSS gradients soon */
          background:linear-gradient(to bottom, #8dd2d9 , #58c0c7);
          padding: 20px;  /* give the box some room to breathe */
          width: 125px;  /* give it a fixed width since we know how wide it should be  */
          margin: 100px auto;  /* move it away from the top of the screen AND center it */
          border: 1px solid black;  /* this is just a little border */
          position: relative;  /* this is to help with our generated content positioning */
     }
     .slisawesome span::before {
          content:attr(data-title); /* assigning the data-title attribute value to the content */
          opacity: 0; /* hiding data-title until we hover over it */
          position: absolute; /* positioning our data-title content */
          margin-top: 50px; /* putting more space between our question and answer */
 
          /* Fancy transitions for our data-title when we hover over our question */
          /* which I’m TOTALLY going to write another blog for ;) If you guys want, of course */
          -webkit-transition:opacity 0.4s; /* determines the speed of the transition */
          transition:opacity 0.4s; /* determines the speed of the transition */
     }
</style>

Now, right now, your page should still look like this:

That’s okay! We still have ONE more step to go:

<style>
     .slisawesome  {
          /* Will TOTALLY be making another blog about the cool CSS gradients soon */
          background:linear-gradient(to bottom, #8dd2d9 , #58c0c7);
          padding: 20px;  /* give the box some room to breathe */
          width: 125px;  /* give it a fixed width since we know how wide it should be  */
          margin: 100px auto;  /* move it away from the top of the screen AND center it */
          border: 1px solid black;  /* this is just a little border */
          position: relative;  /* this is to help with our generated content positioning */
     }
     .slisawesome span::before {
          content:attr(data-title); /* assigning the data-title attribute value to the content */
          opacity: 0; /* hiding data-title until we hover over it */
          position: absolute; /* positioning our data-title content */
          margin-top: 50px; /* putting more space between our question and answer */
 
          /* Fancy transitions for our data-title when we hover over our question */
          /* which I’m TOTALLY going to write another blog for ;) If you guys want, of course */
          -webkit-transition:opacity 0.4s; /* determines the speed of the transition */
          transition:opacity 0.4s; /* determines the speed of the transition */
     }
     /* Drum Roll --------- Here’s our hover magic */
     .slisawesome span:hover::before{
          opacity:1;
     }
     /* Okay… that was a little anticlimactic… losing cool points */
</style>

Despite my anticlimactic adding of “the magic,” we just added a :hover that will show full opacity when we hover, so refresh your page and try it out! You should see something like this when you hover over THE QUESTION:

Of course you could REALLY start getting fancy with this by adding some php variables for the logged in user, or perhaps make it dynamic to location, time, etc. The possibilities are endless, so go… go and expand on this awesome generated content technique!

-Cassandra

September 11, 2014

The Cloud Doesn't Bite, Part II

Why it's OK to be a server hugger—a cloud server hugger.

(This is the second post in a three-part series. Read the first post here.)

By now, you probably understand the cloud enough to know what it is and does. Maybe it's something you've even considered for your own business. But you're still not sold. You still have nagging concerns. You still have questions that you wish you could ask, but you're pretty sure no cloud company would dignify those questions with an honest, legitimate response.

Well we’re a cloud company, and we’ll answer those questions.

Inspired by a highly illuminating (!) thread on Slashdot about the video embedded below, we've noticed that some of you aren't ready to get your head caught up in the cloud just yet. And that's cool. But let's see if maybe we can put a few of those fears to rest right now.

"[With the cloud], someone you don't know manages [your cloud servers], and they can get really unaccountable at times."

Hmm. Sounds like somebody's had a bad experience. (We're sorry to hear that.) But in truth, cloud computing companies are nothing without reputation, integrity, and, well, security upon security upon security measures. Accountability is the name of the game when it comes to you trusting us with your critical information. Research, research, research the company you choose before you hand anything over. If the measures that a potential cloud provider take don't cut the mustard with you, jump ship immediately—your business is way too important! But you're bound to find one that has all the necessary safeguards in place to provide you with plenty of peace of mind.

Oh, and by the way, have we mentioned that some cloud infrastructure providers put the deployment, management, and control in the hands of their customers? Yup. They just hand the reins right over and give you complete access to easy-to-use management tools, so you can automate your cloud solution to fit your unique needs. So there's that.

"The nickel-and-dime billing that adds up awfully damned quickly. Overall, if you're not careful you can rack upwards of $4k/mo just to host a handful of servers with hot backups and a fair amount of data and traffic on them."

You're right. That's why it's important to plan your cloud architecture before you go jumping in. Moving to the cloud isn't something you do with your eyes closed and with a lack of information. Know your company's business needs and find the best solution that fits those needs—every single one of those needs. Be realistic. Assess intelligently. Know your potential provider's add-on costs (if any) ahead of time so that you can anticipate them. Sure, add-ons can pile up if you're caught off-guard. But we know you're too smart for that to be a problem.

Play around with your possibilities before you sign on that dotted line. If you can't, search for a provider who'll let you play before you pay.

"Many cloud services break many privacy laws. The service provider can see/use the data too. Some of us are even bound by law to maintain the integrity of certain classes of information (personal, medical, financial). Yielding physical control to another organization, no matter what their reputation, removes your ability to perform due diligence. How do I know that what I legally have to keep private really is private?"

Sigh. Okay, we hear this fear; we really do, but it's just not true. Not for any reputable cloud solutions provider that wants to stay in business, anyway. We, grown-ups of cloud computing, take the security of your data very, very seriously. There are hackers. There are malicious attacks. There are legal compliance issues. And for those, we have Intrusion Protection Software, firewalls, SSL certificates, and compliance standards, just to name a few. We can handle what you throw at us, and we respect and honor the boundaries of your data.

So let's talk nitty gritty details. You're probably most familiar with the public cloud, or virtual servers. Yes, infrastructure platforms are shared, but that doesn't mean they're pooled—and it certainly doesn't mean universal accessibility. Your virtual server is effectively siloed from the virtual servers of every other client on that public server, and your data is accessible by you and only you. If you think about it like an apartment complex, it makes a lot of sense. The building itself is multi-tenant, but only you have the key to the contents of your individual unit.

On the other hand, bare metal servers are mansions. You're the only one taking up residence on that dedicated server. That big bad house is yours, and the shiny key belongs to you, and you only. (Check you out, Mr. Big Stuff.) You have complete and utter control of this server, and you can log, monitor, and sic the dogs on any and all activity occurring on it. Bare metal servers do share racks and other network gear with other bare metal servers, but you actually need that equipment to ensure complete isolation for your traffic and access. If we use the real estate analogy again and bare metal servers are mansions, then anything shared between bare metal servers are access roads in gated communities and exist only to make sure the mailman, newspaper delivery boy, and milkman can deliver the essential items you need to function. But no one's coming through that front door without your say so.

We cloud folk love our clients, and we love housing and protecting their data—not sneaking peeks at it and farming it out. Your security means as much to us as it means to you. And those who don't need access don't have it. Plain and simple.

"I don't want [my data] examined, copied, or accidentally Googled."

You don't say? Neither do we.

"What happens to my systems when all of your CxOs decide that they need more yachts so they jack up the pricing?"

They stay put, silly. No one takes systems on the boat while yachting. Besides, we don't do yachts here at SoftLayer—we prefer helicopters.

Stay tuned for the last post in this series, where we discuss your inner control freak, invisible software, and real, live people.

-Fayza

September 9, 2014

Building a Secure Cloud-based Solution: Part I

When you begin a household project, you must first understand what you will need to complete the task. Before you begin, you check your basement or garage to make sure you have the tools to do the work. Building a secure cloud-based solution requires similar planning. You’re in luck—SoftLayer has all the tools needed, including a rapidly maturing set of security products and services to help you build, deploy, and manage your cloud solution. Over the next couple of months, we will take a look at how businesses leverage cloud technologies to deliver new value to their employees and customers, and we’ll discuss how SoftLayer provides the tools necessary to deliver your solutions securely.

Hurricane plan of action: Water: Check. Food: Check. Cloud: Check?

Let’s set the scene here: A hurricane is set to make landfall on the United States’ Gulf Coast, and the IT team at an insurance company must elastically scale its new claim application to accommodate the customers and field agents who will need it in the storm’s aftermath. The team needs to fulfill short-term computing needs and long-term hosting of additional images from the claims application, thereby creating a hybrid cloud environment. The insurance company’s IT staff meet to discuss their security requirements, and together, they identify several high-level needs:

  1. Provide secure connectivity, authentication, access control, and audit capabilities for IT administrators and users.

    SoftLayer provides VPNs, multifactor authentication, audit control logs, API keys, and fine-grained access control. This allows insurance agents to securely access claim forms and supporting documentation and connect to the application via https, using the wide range of SSL certificates (Symantec, Geotrust, and more). Plus, agents can authenticate using identity and access management solutions such as IWS Go Cloud ID and IBM Security Access Manager.
  2. Ensure that stringent data security measures are enforced.

    Data cannot be shifted across borders, and data at rest or in use must be encrypted. SoftLayer leaves data where customers place it, and will never transfer customers’ data. IBM Cloud Marketplace partners like Vormetric offer encryption solutions to ensure sensitive data-at-rest is not stored in clear text, and that customers maintain complete control of the encryption keys. Additionally, the IT team in our example would have the ability to encrypt all sensitive PHI data in database using data-in-use solutions from Eperi.
  3. Ensure multi-layered security for network zone segmentation.

    Users and administrators in the confidential area of insurance need confidence that their network is securely partitioned. SoftLayer native and vendor solutions such as SoftLayer VLANs, Vyatta Gateway, Fortigate firewall, and Citrix Netscaler allow administrators to securely partition a network, creating segmentation according to organizational needs, and providing the routing and filtering needed to isolate users, workloads, and domains.
  4. Enforce host security using anti-virus software, host intrusion prevention systems, and other solutions.

    The IT team can apply best-of-breed third-party solutions, such as Nessus Vulnerability Scanner, McAfee Antivirus, and McAfee Host Intrusion Protection. These capabilities give administrators the means to ensure that infrastructure is protected from malware and other host attacks, enhancing both system availability and performance.
  5. Define and enforce security policies for the hybrid cloud environment, and audit any policy changes.

    Administrators can manage overall policies for the combined public-private environment using IBM solutions like QRadar, Hosted Security Event and Log Management Service, and xForce Threat Analysis Service. Admins can use solutions from vendors like CloudPassage, Sumo Logic, and ObserveIT to automatically define policies around firewall rules, file integrity, security configuration, and access control, and to audit adherence to such policies.

The insurance company’s IT department already knew from SoftLayer’s reputation that it is one of the highest performing cloud infrastructures available, with a wide range of integrated and automated cloud computing options, all through a private network and advanced management system, but now it knows from experience that SoftLayer offers the security solutions needed to get the job done.

When business needs spike and companies need additional capacity, SoftLayer delivers quickly and securely. Stay tuned for Part 2 where we will talk secure development and test activities.

- Rick Hamilton, IBM Cloud Offering Evangelist

September 4, 2014

Keeping your private parts private.

Even with the knowledge that images can live on forever to haunt you, people continue to snap self-portraits in compromising positions (it’s your prerogative). Heck, before smart phones came along, people were using Polaroids to capture the moment. And, if history teaches us anything, people will continue the trend—instead of a smart phone, it’ll be a holodeck (a la Star Trek). Ugh, can you imagine that?

The recent high-profile hack of nude celebrity photos came from private phones. They weren’t posted to Facebook or Instagram. These celebrities didn’t hashtag.

#birthdaysuit #emperorsnewclothes #whoneedsdesignerthreads #shegotitfromhermama

Their sensitive data was compromised.

After speculation the hack stemmed from an iCloud® security vulnerability, Apple released a statement saying, “We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.” The cloud platform was secure. The users’ security credentials weren’t.

These were private photos intended for private use, so how did they get out there? How can you protect your data; your images; your privacy?

You’ve heard it once; twice; probably every time you create a new account online (and in this day in age, we all have dozens of user accounts online):

  1. Use a strong password. This SoftLayer Blog is an oldie but a goodie where the author gives the top three ways to make a password: 1) use a random generator like random.org; 2) use numbers in place of letters—for example, “minivan” becomes “m1n1v4n”; 3) write your passwords down in plain sight using “Hippocampy Encryption” (named in honor of the part of the brain that does memory type activities). Or take the XKCD approach to password security.
  2. And for heaven’s sake, don’t use the same password for every account. If you duplicate usernames and passwords across sites, a hacker just needs to access one account, and he or she will be able to get into all of your accounts!
  3. Craft little-known answers to security questions. Don’t post a childhood photo of you and your dog on Facebook with the description, “Max, the best pup ever” and then use Max as a security validation answer for “What’s the name of your favorite pet?” It’s like you’re giving the hackers the biggest hint ever.
  4. If available, use a two-factor authentication security enhancement. The government (FISMA), banks (PCI) and the healthcare industry are huge proponents of two-factor authentication—a security measure that requires two different kinds of evidence to prove that you are who you say you are and that you should have access to what you're trying to access. Read our blog or KnowledgeLayer Article for more details.
  5. Remember passwords are like underwear—don’t share them with friends and change them often. When it comes to passwords, at least once a year should suffice. For underwear, we recommend changing more regularly.

We won’t tell you what to do with your sensitive selfies. But do yourself a favor, and be smart about protecting them.

-JRL

September 3, 2014

The Cloud Doesn’t Bite, Part I

Why it's OK to be a server hugger—a cloud server hugger.

By now, you probably understand the cloud enough to know what it is and does. Maybe it's something you've even considered for your own business. But you're still not sold. You still have nagging concerns. You still have questions that you wish you could ask, but you're pretty sure no cloud company would dignify those questions with an honest, legitimate response.

Well we’re a cloud company, and we’ll answer those questions.

Inspired by a highly illuminating (!) thread on Slashdot about the video embedded below, we've noticed that some of you aren't ready to get your head caught up in the cloud just yet. And that's cool. But let's see if maybe we can put a few of those fears to rest right now.

"I'm worried about cloud services going down or disappearing, and there’s nothing anyone can do about it."

Let's just get one thing straight here: we're human, and the devices and infrastructures and networks we create are fallible. They're intelligent and groundbreaking and mind-boggling, but they are—like us—susceptible to bad things and prone to error at any given time.

But it's not the end of the world if or when it happens. Your cloud service provider has solutions. And so do you.

First, be smart about who you choose to work with. The larger, more reputable a company you select, the less likely you are to experience outages or outright disappearances. It's the nature of the beast—the big guys aren't going out of business any time soon. And if the worst should happen, they're not going down without a fight for your precious data.

Most outages end up being mere temporary blips that generally don’t last long. It'd take a major disaster (think hurricane or zombie apocalypse) to take any cloud-based platform out for more than a few hours. Which, of course, sounds like a long time, but we're talking worst case scenario here. And in the event of a zombie apocalypse, you probably have bigger fish to fry anyway.

But the buck doesn't stop there. Moving data to the cloud doesn't mean you get to kick up your heels, and set cruise control. (You don't really want that anyway, and you know it.) Be proactive. Know your service-level agreements, and make sure your system structures are built in a way that you're not losing out when it comes to outages and downtime. Know your provider's plan for redundancy. Know what monitoring systems are in place. Identify which applications and data are critical and should be treated differently in the event of a worst case scenario. Have a plan in the event of doomsday. You wouldn't go head first into sharknado season without a strategy for what to do if disaster hits, right? Why would the (unlikely) downfall of your data be any different?

Remember when we backed things up to external hard drives; before we'd ever heard of that network in the sky (a quaint concept, we know)? Well, we think it would behoove you to have a backup of what's essential to you and your business.

In fact, being realistic about technology these days is paramount. We can't prevent failure because we know better. According to Microsoft's chief reliability strategist, David Bills, "It's about designing resilient services in which inevitable failures have a minimal effect on service availability and functionality."

In any event, don't panic. You think you're freaking out about the cloud going down? Chances are, your provider is one step ahead of you already.

"Most of the time you don't find out about the cloud host's deficiencies until far too late." "One cloud company I had a personal Linux server with got hit with a DOS attack, and their response was to ignore their customer service email and phone for almost a week while trying to clean it up.”

Uh. Call us crazy, but we're guessing that company's no longer around—just a hunch.

We cloud infrastructure providers don't exactly pride ourselves on hoarding your data and then being completely inaccessible to you. Do your research on potential providers. Find out how easy it is (or difficult as the case may be) to get a hold of your customer service team. Make sure your potential provider's customer support meets your business needs. Make sure there's extra expertise available to you if you need personal attention or a little TLC. Make sure those response times are to your liking. Make sure those methods of contact are diverse enough and align with the way you do work.

We know you don't want to need us, but when you do need us, we are here for you.

"Of course, you have to either provide backup yourself, or routinely hard-verify the cloud provider's backup scheme. And you'd better have a backup-backup offsite recovery contract for when the cloud provider announces it can't really recover (e.g. Hurricane Sandy). And a super-backup-backup plan in case the cloud provider disappears with no forwarding address or has all its servers confiscated by DHS."

Hey, you don't have to have any of these things if your data's not that important to you. But if you'd have backups of your local servers, why wouldn't you have backups of anything you put in the cloud?

We thought so.

Nota bene: Sounds like you might want to take up some of this beef with Hurricane Sandy.

Stay tuned for part two where we tackle accountability, security, and buying ourselves new yachts.

- Fayza

August 28, 2014

Dude, how do I get into the cloud?

I know you may think that’s just a catchy title to get you to read my blog, but it’s not. I’ve actually had someone ask me that at a party. In fact, that’s the first thing anyone asks me when they find out I work for SoftLayer. The funny thing is, everyone is already in the cloud—they just don’t realize it! To make my point, I pick up their smart phone and tell them they already are in the cloud, and walk away. That, of course, sparks more conversation and the opportunity to educate my friends and family on the magic and mystery that is the cloud. But truthfully, it really is a very simple concept:

  • On demand
  • Compute
  • Consumption-based billing

That’s it. At its core. But if you want more detail, check out this document: NIST.

And, just to shed light on the backend of what the cloud is, well, it’s nothing but servers. I know, you were expecting something more exciting—maybe unicorns and fairy dust. But it’s not. We house the servers. We care for them daily. We store them and protect them. All from our data center.

What makes SoftLayer stand out from others in the cloud space is that we offer more than one-size-fits-all servers. We offer both public and private virtual servers like other cloud providers, but we also offer highly customizable and high performance bare metal, servers. And as with any good infrastructure, we offer all the ancillary services such as load balancing, firewalls, attached storage, DNS, etc…

There’s no magic involved here. We’ve simply taken your infrastructure and removed your capex and headache. You’re welcome.

So when you hear “The Cloud,” don’t be mystified, and don’t feel inadequate. Now you too can be the cloud genius at your next party. When they talk cloud, just say things like, “Oh yeah, it’s totally on demand computing that bills based on consumption.” Chicks dig that, trust me.

-Cheeku

August 26, 2014

Bare Metal Power. By the Hour.

Think quickly. You hear that your new app will be featured on the front page of TechCrunch in less than two hours. Because it’s a resource-intensive application you know that a flood of new users will bog down its current cloud infrastructure and you’ll need to scale out.

What do you do? Choose virtual servers to guarantee quick deployment and more flexibility? Opt for bare metal servers to deliver the best user experience (while crossing your fingers that the servers are online in time for the flood of traffic)? In times like these, you shouldn’t have to choose between flexibility and power.

You need hourly bare metal servers.

We’ve streamlined the deployment of four of our most popular bare metal configurations, and with that speed, we’re able to offer them with hourly billing! With the hardware pre-configured, you tell us where you want the server to be provisioned—Dallas, San Jose, Washington D.C., London, Toronto, Amsterdam, Singapore, and Hong Kong—and which operating system you’d like us to install— CentOS, Red Hat, FreeBSD, or Ubuntu. And in less than 30 minutes, your server will be online, fully integrated with your other SoftLayer servers and services, and ready for you.

Use the server for as long as you need it. Spin it down when you’re done. Pay for the hours you had it on your account. It’s that easy. No virtualization. No noisy neighbors. Just your computing-intensive workload, the hardware configuration you need, and a phobia-proof commitment.

Why you need hourly bare metal servers in your cloud life?

  • Processing Power: You have short-term workloads that require significant amounts of processing power. To get the same performance from virtual servers, you might have to provision twice as many nodes or run them for twice as long.
    • Example: a business intelligence ELT (Extract/Load/Transform) application.
  • Schedule-based Workloads: You have a number of applications that require compute and storage resources on a set schedule (i.e., once every month), and you don’t want to deploy (and pay for) high-end machines that will sit idle at all other times.
    • Example: payroll processing or claims payment processing.
  • Performance Testing: Certify or validate how an application performs on a specific hardware configuration.
    • Example: Software or mobile application companies can validate performance on specific hardware platforms.

With bare metal performance available on demand and on hourly terms, you don’t have to compromise performance for flexibility. When TechCrunch comes calling, you have peace of mind that your app’s success and popularity won’t bring it down.

-RJ

Pages

Subscribe to startup-series