Partner Marketplace Posts

December 31, 2012

FatCloud: Tech Partner Spotlight

We invite each of our featured SoftLayer Tech Marketplace Partners to contribute a guest post to the SoftLayer Blog, and this week, we're happy to welcome Ian Miller, CEO of FatCloud. FatCloud is a cloud-enabled application platform that allows enterprises to build, deploy and manage next-generation .NET applications.

'The Cloud' and Agility

As the CEO of a cloud-enabled application platform for the .NET community, I get the same basic question all the time: "What is the cloud?" I'm a consumer of cloud services and a supplier of software that helps customers take advantage of the cloud, so my answer to that question has evolved over the years, and I've come to realize that the cloud is fundamentally about agility. The growth, evolution and adoption of cloud technology have been fueled by businesses that don't want to worry about infrastructure and need to pivot or scale quickly as their needs change.

Because FatCloud is a consumer of cloud infrastructure from Softlayer, we are much more nimble than we'd be if we had to worry about building data centers, provisioning hardware, patching software and doing all the other time-consuming tasks that are involved in managing a server farm. My team can focus on building innovative software with confidence that the infrastructure will be ready for us on-demand when we need it. That peace of mind also happens to be one of the biggest reasons developers turn to FatCloud ... They don't want to worry about configuring the fundamental components of the platform under their applications.

Fat Cloud

Our customers trust FatCloud's software platform to help them build and scale their .NET applications more efficiently. To do this, we provide a Core Foundation of .NET WCF services that effectively provides the "plumbing" for .NET cloud computing, and we offer premium features like a a distributed NoSQL database, work queue, file storage/management system, content caching and an easy-to-use administration tool that simplifies managing the cloud for our customers. FatCloud makes developing for hundreds of servers as easy as developing for one, and to prove it, we offer a free 3-node developer edition so that potential customers can see for themselves.

FatCloud Offering

The agility of the cloud has the clearest value for a company like ours. In one heavy-duty testing month, we needed 75 additional servers online, and after that testing was over, we needed the elasticity to scale that infrastructure back down. We're able to adjust our server footprint as we balance our computing needs and work within budget constraints. Ten years ago, that would have been overwhelmingly expensive (if not impossible). Today, we're able to do it economically and in real-time. SoftLayer is helping keep FatCloud agile, and FatCloud passes that agility on to our customers.

Companies developing custom software for the cloud, mobile or web using .NET want a reliable foundation to build from, and they want to be able to bring their applications to market faster. With FatCloud, those developers can complete their projects in about half the time it would take them if they were to develop conventionally, and that speed can be a huge competitive differentiator.

The expensive "scale up" approach of buying and upgrading powerful machines for something like SQL Server is out-of-date now. The new kid in town is the "scale out" approach of using low-cost servers to expand infrastructure horizontally. You'll never run into those "scale up" hardware limitations, and you can build a dynamic, scalable and elastic application much more economically. You can be agile.

If you have questions about how FatCloud and SoftLayer make cloud-enabled .NET development easier, send us an email: sales@fatcloud.com. Our team is always happy to share the easy (and free) steps you can take to start taking advantage of the agility the cloud provides.

-Ian Miller, CEO of FatCloud

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace. These partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New partners will be added to the Marketplace each month, so stay tuned for many more come.
October 5, 2012

Spark::red: Tech Partner Spotlight

This guest blog comes to us from Spark::red, a featured member of the SoftLayer Technology Partners Marketplace. Spark::red is a global PCI Level 1 compliant hosting provider specializing in Oracle ATG Commerce. With full-redundancy at every layer, powerful servers, and knowledgeable architects, Spark::red delivers exceptional environments in weeks, instead of months. In this video we talk to Spark::red co-founder Devon Hillard about what Spark::red does, how they help companies that are outgrowing current solutions, and why they chose SoftLayer.

The Three Most Common PCI Compliance Myths

As a hosting provider that specializes in Oracle ATG Commerce, Spark::red has extensive experience and expertise when it comes to the Payment Card Industry Data Security Standards (PCI DSS). If you're not familiar with PCI DSS, they are standards imposed on companies that process payment data, and they are designed to protect the company and its customers.

We've been helping online businesses maintain PCI Compliance for several years now, and in that time, we've encountered a great deal of confusion and misinformation when it comes to compliance. Despite numerous documents and articles available on this topic, we've found that three myths seem to persist when it comes to PCI DSS compliance. Consider us the PCI DSS compliance mythbusters.

Myth 1: Only large enterprise-level businesses are required to be PCI Compliant.

According to PCI DSS, every company involved in payment card processing online or offline should be PCI Compliant. The list of those companies includes e-commerce businesses of all sizes, banks and web hosting providers. It's important to note that I said, "should be PCI Compliant" here. There is no federal law that makes PCI compliance a legal requirement. However, a business IS required to be PCI compliant technically in order to take and process Visa or MasterCard payments. Failure to operate in with PCI compliance could mean huge fees if you're found in violation after a breach.

Payment card data security is the most significant concern for cardholders, and it should be a priority for your business, whether you have two hundred customers or two million customers. If you're processing ANY credit card payments, you should make sure you are PCI-compliant.

There are four levels of PCI compliance based on the number of credit card transactions your business processes a year, so the PCI compliance process is going to look different for small, medium-sized and large businesses. Visit the PCI Security Standards Council website to check which level of PCI compliance your business needs.

Myth 1: Busted.

Myth 2: A business that uses a PCI-compliant managed hosting provider automatically becomes PCI-compliant.

Multiple parties are involved in processing payment data, and each of them needs to meet certain standards to guarantee cardholders' data security. From a managed hosting provider perspective, we're responsible for things like proper firewall installation and maintenance, updating anti-virus programs of our servers, providing a unique ID for each person with computer access to restrict access to the most sensitive data, regular system scanning for vulnerabilities. Our customer — an online retailer, for example — would need to develop its software applications in accordance with PCI DSS, keep cardholders data storage to a minimum, and perform application-layer penetration tests that are out of their hosting provider's control.

If you're pursuing PCI compliance, you have a significant advantage if you start with a PCI-compliant managed hosting provider. Many security questions are already answered by your PCI-compliant host, so there is a shorter list of things for you to be worry about. You save money, time and effort in the process of completing PCI certification.

Myth 2: Busted.

Myth 3: A business that uses SSL certificates is PCI compliant.

Secure Sockets Layer (SSL) certificates allow secure data transmission to and from the server through data encryption that significantly decreases the network vulnerabilities from IP spoofing, IP source rooting, DNS spoofing, man-in-the-middle attacks and other threats from hackers. However, SSL cannot protect cardholder data from attacks using cross-site scripting or SQL injection, and they don't provide secure audit trails or event monitoring. SSL certificates are an important part of secure transactions, but they're only part of PCI DSS compliance.

Myth 3: Busted.

If you have questions about PCI compliance or you're interested in Oracle ATG Hosting, visit Spark::red, give us a call or send us an email, and we'll do what we can to help. When PCI compliance doesn't seem like a scary monster in your closet, it's easier to start the process and get it done quickly.

-Elena Rybalchenko, Spark::red

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
July 25, 2012

ServerDensity: Tech Partner Spotlight

We invite each of our featured SoftLayer Tech Marketplace Partners to contribute a guest post to the SoftLayer Blog, and this week, we're happy to welcome David Mytton, Founder of ServerDensity. Server Density is a hosted server and website monitoring service that alerts you when your website is slow, down or back up.

5 Ways to Minimize Downtime During Summer Vacation

It's a fact of life that everything runs smoothly until you're out of contact, away from the Internet or on holiday. However, you can't be available 24/7 on the chance that something breaks; instead, there are several things you can do to ensure that when things go wrong, the problem can be managed and resolved quickly. To help you set up your own "get back up" plan, we've come up with a checklist of the top five things you can do to prepare for an ill-timed issue.

1. Monitoring

How will you know when things break? Using a tool like Server Density — which combines availability monitoring from locations around the world with internal server metrics like disk usage, Apache and MySQL — means that you can be alerted if your site goes down, and have the data to find out why.

Surprisingly, the most common problems we see are some that are the easiest to fix. One problem that happens all too often is when a customer simply runs out of disk space in a volume! If you've ever had it happen to you, you know that running out of space will break things in strange ways — whether it prevents the database from accepting writes or fails to store web sessions on disk. By doing something as simple as setting an alert to monitor used disk space for all important volumes (not just root) at around 75%, you'll have proactive visibility into your server to avoid hitting volume capacity.

Additionally, you should define triggers for unusual values that will set off a red flag for you. For example, if your Apache requests per second suddenly drop significantly, that change could indicate a problem somewhere else in your infrastructure, and if you're not monitoring those indirect triggers, you may not learn about those other problems as quickly as you'd like. Find measurable direct and indirect relationships that can give you this kind of early warning, and find a way to measure them and alert yourself when something changes.

2. Dealing with Alerts

It's no good having alerts sent to someone who isn't responding (or who can't at a given time). Using a service like Pagerduty allows you to define on-call rotations for different types of alerts. Nobody wants to be on-call every hour of every day, so differentiating and channeling alerts in an automated way could save you a lot of hassle. Another huge benefit of a platform like Pagerduty is that it also handles escalations: If the first contact in the path doesn't wake up or is out of service, someone else gets notified quickly.

3. Tracking Incidents

Whether you're the only person responsible or you have a team of engineers, you'll want to track the status of alerts/issues, particularly if they require escalation to different vendors. If an incident lasts a long time, you'll want to be able to hand it off to another person in your organization with all of the information they need. By tracking incidents with detailed notes information, you can avoid fatigue and prevent unnecessary repetition of troubleshooting steps.

We use JIRA for this because it allows you to define workflows an issue can progress along as you work on it. It also includes easy access to custom fields (e.g. specifying a vendor ticket ID) and can be assigned to different people.

4. Understanding What Happened

After you have received an alert, acknowledged it and started tracking the incident, it's time to start investigating. Often, this involves looking at logs, and if you only have one or two servers, it's relatively easy, but as soon as you add more, the process can get exponentially more difficult.

We recommend piping them all into a log search tool like (fellow Tech Partners Marketplace participant) Papertrail or Loggly. Those platforms afford you access to all of your logs from a single interface with the ability to see incoming lines in real-time or the functionality to search back to when the incident began (since you've clearly monitored and tracked all of that information in the first three steps).

5. Getting Access to Your Servers

If you're traveling internationally, access to the Internet via a free hotspot like the ones you find in Starbucks isn't always possible. It's always a great idea to order a portable 3G hotspot in advance of a trip. You can usually pick one up from the airport to get basic Internet access without paying ridiculous roaming charges. Once you have your connection, the next step is to make sure you can access your servers.

Both iPhone and Android have SSH and remote desktop apps available which allow you to quickly log into your servers to fix easy problems. Having those tools often saves a lot of time if you don't have access to your laptop, but they also introduce a security concern: If you open server logins to the world so you can login from the dynamic IPs that change when you use mobile connectivity, then it's worth considering a multi-factor authentication layer. We use Duo Security for several reasons, with one major differentiator being the modules they have available for all major server operating systems to lock down our logins even further.

You're never going to escape the reality of system administration: If your server has a problem, you need to fix it. What you can get away from is the uncertainty of not having a clearly defined process for responding to issues when they arise.

-David Mytton, ServerDensity

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
July 11, 2012

Mandrill: Tech Partner Spotlight

This is a guest blog with Chad Morris from our partner Mandrill. Mandrill is an email delivery platform built on and managed by MailChimp. Created for developers to set up and manage with minimal coding effort, Mandrill offers advanced tracking, easy-to-understand reports and hundreds of template options. In this video interview, Chad goes into detail about the history of the company as well as the major differences between Mandrill and MailChimp. In the near future, you'll see a separate guest blog from the Mandrill team with best practices for managing your email systems.

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
July 4, 2012

Cedexis: Tech Partner Spotlight

This guest blog features Cedexis, a featured member of the SoftLayer Technology Partners Marketplace. Cedexis a content and application delivery system that offers strategies and solutions for multi-platform content and application delivery to companies focused on maximizing web performance. In this video we talk to Cedexis Co-Founder Julien Coulon.

Company Website: www.cedexis.com
Tech Partners Marketplace: http://www.softlayer.com/marketplace/cedexis

A Multi-Cloud Strategy - The Key to Expansion and Conversion

Web and mobile applications have collapsed geographic barriers to business, bringing brand and commerce experiences ever-closer to increasingly far-flung customers. While web-based business models are powerful enablers for global expansion, they also create new a new challenge in managing availability and performance across diverse and distributed markets: How do you ensure consistent web performance across all markets without investing in physical infrastructure in all of those markets?

Once a business gets its core business on a consistent and reliable provider like SoftLayer, we typically recommend that they consider a multi-cloud strategy that will spread availability and performance risk across a global infrastructure of public and private data centers, delivery networks and cloud providers. Regardless of how fantastic your core SoftLayer hosting is, the reality is that single-source dependency introduces significant business risk. Fortunately, much of that business risk can be mitigated by adding a layer of multi-cloud architecture to support the application.

Recent high-profile outages speak to the problem that multi-sourcing solves, but many web-based operations remain precariously dependent on individual hosting, CDN and cloud providers. It's a lot like having server backups: If you never need a backup that you have, that backup probably isn't worth much to you, but if you need a backup that you don't have, you'd probably pay anything to have it.

A multi-cloud strategy drives revenue and other conversions. Why? Because revenue and conversions online correlate closely with a site's availability and performance. High Scalability posted several big-name real-world examples in the article, "Latency is Everywhere and it Costs You Sales." When an alternative vendor is just one click away, performance often makes a difference measured in dollars.

How Cedexis Can Help

Cedexis was founded to help businesses see and take advantage of a multi-cloud strategy when that strategy can provide better uptime, faster page loads, reliable transactions, and the ability to optimize cost across a diverse network of platforms and providers. We built the Cedexis Radar to measure the comparative performance of major cloud and delivery network providers (demo), and with that data, we created Openmix to provide adaptive automation for cloud infrastructure based on local user demand.

In order to do that effectively, Cedexis was built to be provider-agnostic, community-driven, actionable and adaptive. We support over 100 public cloud providers. We collect performance data based on crowd-sourced user requests (which represent over 900 million measurements per day from 32,000 individual networks). We allow organizations to write custom scripts that automate traffic routing based on fine-grained policies and thresholds. And we go beyond rules-driven traffic routing, dynamically matching actual user requests with the most optimal cloud at a specific moment in time.

Getting Started with Cedexis

  1. Join the Community
    Get real-time visibility into your users' performance.
  2. Compare the Performance of Your Clouds and Devliery Network
    Make informed decisions to optimize your site performance with Radar
  3. Leverage Openmix to optimize global web performance
    Optimize web and mobile performance to serve global markets

The more you can learn about your site, the more you can make it better. We want to help our customers drive revenue, enter new markets, avoid outages and reduce costs. As a SoftLayer customer, you've already found a fantastic hosting provider, and if Openmix won't provide a provable significant change, we won't sell you something you don't need. Our simple goal is to make your life better, whether you're a geek or a suit.

-Julien Coulon, Cedexis

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
June 27, 2012

Cloudability: Tech Partner Spotlight

This guest blog comes to us from Cloudability, a featured member of the SoftLayer Technology Partners Marketplace. Cloudability is a cloud budget management service that helps companies manage their cloud spending, prevent overages, reduce waste and save money. In this video we talk to Cloudability Founder and CEO Mat Ellis about how the company developed, and we hear examples of how Cloudability is supporting and businesses money.

5 Things You Need to Know to Control Variable Infrastructure Costs

If you have on premise equipment, then your costs are fixed — you paid your money and now you own a fixed amount of hardware and software. The cloud, on the other hand, has variable costs due to two important features — you only pay for the services you use and it's scalable, providing the resources you need at any given time. By using a cloud infrastructure, you end up with what we call Variable Infrastructure Costs (VICs).

Most of SoftLayer's services meet the criteria for a VIC. You need an extra cloud server for a few hours? No problem. More disk? Done.

With great power, comes great responsibility, and the biggest problem with VICs is that they are just like a faucet: Leave it running, and the water bill can add up fast ... Not to mention all that waste! Unless you keep a close eye on VICs, you could find yourself in front of your CFO, pleading for your budget's life.

Cloudability was created to keep those costs under control, and in the course of working with our customers, we've come up with a simple five-point checklist of best practices:

1. Collation

Make sure you have insight to all your costs, create a single contract database, and review it regularly. Don't forget to include total cloud spending alongside your fixed contracts. Talk to your finance department, then drill your employees and tech teams to make sure you REALLY know the whole truth. There can be — and usually is — a disconnect in the organization about how much cloud is really being used.

2. Analysis

Get into the weeds to see why each project is spending what they are spending. Try to calculate some tangible metrics like cost per thousand web pages served or cost per new customer, and benchmark these against public data and common sense.

3. Organization and Rebalancing

Put each of your projects into one of four quadrants:

  1. High Spend/Low Efficiency
  2. High Spend/High Efficiency
  3. Low Spend/Low Efficiency
  4. Low Spend/High Efficiency.

Focus on the High Spend/Low Efficiency quadrant first. That's where you will find the easiest wins. Then, move onto the High Spend/High Efficiency quadrant where you'll find best practices to use for other projects. Then, if you have the time/resources, focus on the low spend projects and repeat.

4. Renegotiation

Contact your colleagues outside your department and compare unit prices, especially for things like bandwidth, co-lo and staff costs. Make sure you're in the top quartile for value (i.e. lowest costs). Renegotiate with vendors if you aren't, and plan to change vendors and staff when you can't the best value with your current resources.

5. Alignment

Understand your business objectives and get your roadmap tightly aligned. If you need some CAPEX to reduce operational expenses, then ask for it as part of the planning. You've got to spend money to make money right?

VICs can be easily manage once you understand where they're all coming from. After applying these five best practices into the way your business approaches cloud spending, you'll be well on your way. Cloudability's business was built to make the process a little easier and more automated for you, so if you want to use our tool to help you "cover your *aas," we'd love for you to try it out for free: https://app.cloudability.com/signup

-Mat Ellis, Cloudability

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
May 9, 2012

Nexmo: Tech Partner Spotlight

This guest blog comes to us from Nexmo, a featured member of the SoftLayer Technology Partners Marketplace. Nexmo is the wholesale messaging API that lets you send and receive high volumes of SMS at a global level. In this video we talk to Nexmo CEO Tony Jamous about the benefits of Nexmo, how it came to be and the problem it solves for you.

Cutting out the Middleman with Nexmo

These days, optimizing mobile messaging deliverability comes at a price. Businesses must connect to multiple carriers, operate heavy infrastructure, and build their own data analytics. On top of that, many third-party SMS solutions require contracts, price negotiations and significant up-front costs.

Nexmo was created to eliminate the need for a business to connect to carriers or complex third party protocols through simple, powerful RESTful and SMPP APIs. Our scalable infrastructure allows you to send and receive SMS in high volumes to over 5 billion users around the world. This is a market need that hasn't been addressed, and we approached it with a few ideas in mind. If you were going to replicate the functionality of Nexmo on your own, these are the key areas you'd have to look at:

Direct to Carrier Model

With every hop, the quality of a connection has the potential to degrade, and cost inflates. Adding intermediaries in the chain also impact the granularity of collected data, such as delivery reports and reasons of failure. By reducing the number of hops to the final subscriber you'll see:

  • An improved delivery ratio and lower latency
  • Enhanced security
  • Fewer single points of failure
  • Reduced cost, less fat in the chain

With a closer position to the final carrier, a business can access more "Telco" data like phone status, whether it is ported to another network, or if it's roaming abroad. With that information, you can also make better routing decisions and ultimately see higher delivery ratios.

Get Your own SMS-Enabled Phone Numbers

We've seen in the last two years the emergence of "Over the Top" (OTT) messaging apps such as Google Voice and TextPlus. Those apps provide a virtual phone number to each user, and Nexmo behaves similarly by enabling apps to behave like a "super virtual carrier" without the need for heavy Telco infrastructure. North America is the most mature market with OTT players generating significant SMS traffic, and now these models are going abroad. We pinpointed a unique need in the value chain:

  • Source virtual phone numbers from global carriers
  • Build the business models that protect carriers' interests without eliminating the opportunity for innovative apps
  • Provide the elastic and scalable cloud infrastructure for high volume two-way transactions

Nexmo approached those needs with APIs that enabled app developers to search for available phone numbers, provision new numbers and cancel numbers they weren't using any more. It doesn't take days or weeks to launch in a new market ... Apps can launch in a new market in a matter of hours with minimal upfront investment!

Improve and Track Deliverability

Enterprises and developers have shifted the focus in the buying process. They are looking for more transparency and accountability, so tracking and monitoring hundreds, thousands or even millions of messages can be of utmost importance.

For every SMS sent, the Nexmo API provides a detailed report of delivery. We push this data into the cloud in real time, displayed in two ratios:

  • The Success Ratio: The percentage of message received by the phone. This ratio measures how well traffic is performing.
  • The DLR Ratio: The percentage of messages with a delivery receipt. This ratio tracks infrastructure and route performance.

Follow the Life of a Message from the Cloud

Most B2C services and resellers that send millions of SMS for things like alerts, phone verifications and access codes can get swarmed when it comes to user support. We know that's an intimidating prospect for any business looking to add SMS functionality to their app or platform, so we let our customers follow the life of a message from the cloud and gather more information about it. Some of the information we've found most helpful to track:

  • How fast was the message was delivered?
  • Was the phone available for receiving SMS?
  • Did the user enter the correct phone number?

Keeping an eye on these basic kinds of stats reduces the pain of supporting a large user base and enables your support staff to answer questions quickly because they have a good foundation of information.

Receive Outstanding Support

Building a customer centric culture is a sustainable competitive advantage. It is even more meaningful in a commoditized, price-driven industry like wholesale telecom. If you're going to approach the world of SMS messaging and deliverability, the need for outstanding support is even more urgent because, given the nature of SMS messaging, results are expected immediately.

When we started Nexmo, we knew that, and I'm proud to report that we constantly score over 95% in customer satisfaction, and we've noticed a few tricks that have helped us maintain that level of support:

  • Hire the right people: Empathy and service mindset are more important than technical skills
  • Provide self-help tools and open knowledge bases: Customers appreciate finding solutions by themselves
  • Measure help-desk performance and constantly improve: KPI includes first meaningful reply time, resolution time and satisfaction ratio.

We hope these tips can help you build on your existing support or give you a jumping-off point if you're just getting started.

There is so much more I could tell you about our experience in building Nexmo into the platform it is today, but it's a lot easier for you to just see for yourself. If you're interested in learning more about Nexmo, visit http://nexmo.com, sign up, and be ready to go live with us in a matter of minutes ... And to make it even easier, you can use the free credits we provide to give the platform a test drive.

If you've been intimidated by the daunting task of knocking on the doors of telcos and carriers to get easy-to-use and easy-to-track SMS functionality in your app, Nexmo can save you a lot of headaches.

-Tony Jamous, Nexmo

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
April 18, 2012

Dome9: Tech Partner Spotlight

This guest blog comes to us from Dave Meizlik, Dome9 VP of marketing and business development. Dome9 is a featured member of the SoftLayer Technology Partners Marketplace. With Dome9, you get secure, on-demand access to all your servers by automating and centralizing firewall management and making your servers virtually invisible to hackers.

Three Tips to Securing Your Cloud Servers

By now everyone knows that security is the number one concern among cloud adopters. But lesser known is why and what to do to mitigate some of the security risks ... I hope to shed a little light on those points in this blog post, so let's get to it.

One of the greatest threats to cloud servers is unsecured access. Administrators leave ports (like RDP and SSH) open so they can connect to and manage their machines ... After all, they can't just walk down the hall to gain access to them like with an on-premise network. The trouble with this practice is that it leaves these and other service ports open to attack from hackers who need only guess the credentials or exploit a vulnerability in the application or OS. Many admins don't think about this because for years they've had a hardened perimeter around their data center. In the cloud, however, the perimeter collapses down to each individual server, and so too must your security.

Tip #1: Close Service Ports by Default

Instead of leaving ports — from SSH to phpMyAdmin — open and vulnerable to attack, close them by default and open them only when, for whom, and as long as is needed. You can do this manually — just be careful not to lock yourself out of your server — or you can automate the process with Dome9 for free.

Dome9 provides a patent-pending technology called Secure Access Leasing, which enables you to open a port on your server with just one click from within Dome9 Central, our SaaS management console, or as an extension in your browser. With just one click, you get time-based secure access and the ability to empower a third party (e.g., a developer) with access easily and securely.

When your service ports are closed by default, your server is virtually invisible to hackers because the server will not respond to an attacker's port scans or exploits.

Tip #2: Make Your Security as Elastic as Your Cloud

Another key security challenge to cloud security is management. In a traditional enterprise you have a semi-defined perimeter with a firewall and a strong, front-line defense. In the cloud, however, that perimeter collapses down to the individual server and is therefore multiplied by the number of servers you have in your environment. Thus, the number of perimeters and policies you have to manage increases exponentially, adding complexity and cost. Remember, if you can't manage it, you can't secure it.

As you re-architect your infrastructure, take the opportunity to re-architect your security, keeping in mind that you need to be able to scale instantaneously without adding management overhead. To do so, create group-based policies for similar types of services, with role-based controls for users that need access to your cloud servers.

With Dome9, for example, you can create an unlimited number of security groups — umbrella policies applied to one or more servers and for which you can create user-based self-service access. So, for example, you can set one policy for your web servers and another for your SQL database servers, then you can enable your web developers to self-grant access to the web servers while the DBAs have access to the database servers. Neither, however, may be able to access the others' servers, but you — the super admin — can. Any new servers you add on-the-fly as you scale up your infrastructure are automatically paired with your Dome9 account and attached to the relevant security group, so your security is truly elastic.

Tip #3: Make Security Your Responsibility

The last key security challenge is understanding who's responsible for securing your cloud. It's here that there's a lot of debate and folks get confused. According to a recent Ponemon Institute study, IT pros point fingers equally at the cloud provider and cloud user.

When everyone is responsible, no one is responsible. It's best to pick up the reigns and be your best champion. Great cloud and hosted providers like SoftLayer are going to provide an abundance of controls — some their own, and some from great security providers such as Dome9 (shameless, I know) — but how you them is up to you.

I liken this to a car: Whoever made your car built it with safety in mind, adding seat belts and air bags and lots of other safeguards to protect you. But if you go speeding down the freeway at 140 MPH without a seatbelt on, you're asking for trouble. When you apply this concept to the cloud, I think it helps us better define where to draw the lines.

At the end of the day, consider all your options and how you can use the tools available to most effectively secure your cloud servers. It's going to be different for just about everyone, since your needs and use cases are all different. But tools like Dome9 let you self-manage your security at the host layer and allow you to apply security controls for how you use a cloud platform (i.e., helping you be a safe driver).

Security is a huge topic, and I didn't even scratch the surface here, but I hope you've learned a few things about how to secure your cloud servers. If the prospect of scaling out security policies across your infrastructure isn't particularly appealing, I invite you to try out Dome9 (for free) to see how easily you can manage automated cloud security on your SoftLayer server. It's quick, easy, and (it's worth repeating a few times...) free:

  1. Create a Dome9 account at https://secure.dome9.com/Account/Register?code=SoftLayer
  2. Add the Dome9 agent to your SoftLayer server
  3. Configure your policy in Dome9 Central, our SaaS management console

SoftLayer customers that sign up for Dome9 enjoy all the capabilities of Dome9 free for 30 days. After that trial period, you can opt to use either our free Lite Cloud, which provides security for an unlimited number of servers, or our Business Cloud for automated cloud security.

-Dave Meizlik, Dome9

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
April 17, 2012

High Performance Computing for Everyone

This guest blog was submitted by Sumit Gupta, senior director of NVIDIA's Tesla High Performance Computing business.

The demand for greater levels of computational performance remains insatiable in the high performance computing (HPC) and technical computing industries, as researchers, geophysicists, biochemists, and financial quants continue to seek out and solve the world's most challenging computational problems.

However, access to high-powered HPC systems has been a constant problem. Researchers must compete for supercomputing time at popular open labs like Oak Ridge National Labs in Tennessee. And, small and medium-size businesses, even large companies, cannot afford to constantly build out larger computing infrastructures for their engineers.

Imagine the new discoveries that could happen if every researcher had access to an HPC system. Imagine how dramatically the quality and durability of products would improve if every engineer could simulate product designs 20, 50 or 100 more times.

This is where NVIDIA and SoftLayer come in. Together, we are bringing accessible and affordable HPC computing to a much broader universe of researchers, engineers and software developers from around the world.

GPUs: Accelerating Research

High-performance NVIDIA Tesla GPUs (graphics processing units) are quickly becoming the go-to solution for HPC users because of their ability to accelerate all types of commercial and scientific applications.

From the Beijing to Silicon Valley — and just about everywhere in between — GPUs are enabling breakthroughs and discoveries in biology, chemistry, genomics, geophysics, data analytics, finance, and many other fields. They are also driving computationally intensive applications, like data mining and numerical analysis, to much higher levels of performance — as much as 100x faster.

The GPU's "secret sauce" is its unique ability to provide power-efficient HPC performance while working in conjunction with a system's CPU. With this "hybrid architecture" approach, each processor is free to do what it does best: GPUs accelerate the parallel research application work, while CPUs process the sequential work.

The result is an often dramatic increase in application performance.

SoftLayer: Affordable, On-demand HPC for the Masses

Now, we're coupling GPUs with easy, real-time access to computing resources that don't break the bank. SoftLayer has created exactly that with a new GPU-accelerated hosted HPC solution. The service uses the same technology that powers some of the world's fastest HPC systems, including dual-processor Intel E5-2600 (Sandy Bridge) based servers with one or two NVIDIA Tesla M2090 GPUs:

NVIDIA Tesla

SoftLayer also offers an on-demand, consumption-based billing model that allows users to access HPC resources when and how they need to. And, because SoftLayer is managing the systems, users can keep their own IT costs in check.

You can get more system details and pricing information here: SoftLayer HPC Servers

I'm thrilled that we are able to bring the value of hybrid HPC computing to larger numbers of users. And, I can't wait to see the amazing engineering and scientific advances they'll achieve.

-Sumit Gupta, NVIDIA - Tesla

February 29, 2012

Fruition: Tech Partner Spotlight

This guest blog features Fruition, a featured member of the SoftLayer Technology Partners Marketplace. Fruition's SEO and SEM reporting web app provides highly accurate reports on search engine rankings and onsite signals that impact your Google and Bing rankings. In the video below, learn a little more about Fruition (and a few key SEO/SEM tips for small businesses) from Fruition's Brad Anderson, and scroll down to read about SEO Goals and Key Indicators.

Company Website: http://fruition.net/
Tech Partners Marketplace: http://www.softlayer.com/marketplace/fruition

SEO Goals and Key Indicators

Google's Feb 2012 Update

Between February 25-28th Google rolled out another big set of changes to their algorithm. These changes knocked down a lot of short cuts that SEO companies were using, including blog networks. The red flags have been there for a long time. Blog networks are easy to uncover simply because of the complexity of trying to setup a truly diverse hosting environment. It is not just separate C-class IP addresses it is also registrars, DNS, admin login IP addresses, plug-in profiles, etc. There are so many easy ways to group sites as being related or identical that it is not worth the effort of trying to take short cuts with your linking. Instead focus on what is going to have a lasting impact on your SEO:

  • Page Speed – Improve your code, increase your hardware, etc.
  • Better Onsite Content
  • Usability

These three factors will have a lasting impact on your SEO during 2012 and beyond.

Get Your Strategy Together

Successful internet marketing campaigns have one thing in common: Comprehensive strategies. Today's marketplace makes it extremely difficult to compete in one area of internet marketing without complimenting that work in several other areas. For example, why invest in search engine optimization if you don't have a quality website to convert the traffic to leads or sales? Why invest in a mobile app if you aren't going to optimize the listing to generate a high volume of downloads? These examples show how a comprehensive strategy to internet marketing is the best approach for future success.

Fruition.net has been successful in this comprehensive approach by staying at the forefront of each individual strategy. At the core of these strategies is a collection of goals and key indicators we use to monitor, adjust, and track performance. Below you will find a few of the most important goals for each area of internet marketing.

Comprehensive Internet Marketing Strategies

Search Engine Optimization
Search Engine Optimization (SEO) is the process of optimizing your website with the end goal of improving your ranking on the major search engines. Here are the goals and key indicators you should be tracking to evaluate the success of your SEO campaign:

  • Keyword Rankings — This one is easy! Determine which keywords you think will generate more business, write them down, and track your rankings for each of them every month. Side note: Make sure you aren't logged in to your Google account in order to receive unbiased results.
  • Non-Branded Search Traffic — This is the traffic that has come to your website via the search engines, but the visitor did not use your brand name in their search. Your website should already be capturing the branded searches, so the real test is how much non-branded traffic your website is generating and increasing each month.
  • Conversions — This is where the rubber meets the road. Increases in rankings and traffic are great, but ultimately these campaigns are all about generating new leads or revenue. We track phone calls, email inquiries, and revenue numbers for our clients to give them instant feedback on their marketing investment. Some clients take it a step further and track the leads via a CRM to produce a tangible return on investment.

Pay Per Click (PPC)
PPC is a quick method of generating an increase of traffic to your website. You are literally paying for each click, but watch out because your budget can quickly get away from you if you don't know what you are doing. Here are the metrics you should be following to ensure a quality PPC campaign:

  • Quality Score — When someone clicks on your PPC ad, you can direct them to any page on your website. It might be the home page or a specific landing page, but whichever page is chosen will be given a Quality Score (scale 1-10) by Google. This quality score measures the relevancy of the page as it relates to the PPC ad. The lower the relevancy, the higher the cost per click. Therefore, you want to make your landing page as relevant as possible and don't advertise unless your landing page Quality Score is 5 or higher.
  • Cost Per Conversion — This should be your #1 key indicator for tracking purposes. The cost per conversion measures the total cost it takes to generate a lead or sale. The beauty of this key indicator is that it encapsulates all of the moving parts of a paid search campaign: ad design, ad bidding, quality score, landing page design, landing page quality, landing page calls to action, etc.

Social Media
Social media has been a big buzz word for the past couple of years and for good reason. People are spending A LOT of time on Facebook, Twitter, Tumblr and the like. If you are going to compete online, then you need to at least have a presence with the major channels. Here are a couple ways to measure your effectiveness:

  • Likes/Fans — This is an easy one to track. How many people like your business on Facebook or are following you on Twitter? The larger the number, the better. Search engines like to see a large following because they feel it represents authority and a leader of the industry.
  • Shares/Retweets — There are free tools available that can provide you with the number of times your content has been shared or retweeted. Another case of bigger is better because it shows the people who are following you are engaged with your content.
  • Google +1 — So far we have not seen a correlation between getting +1s and higher organic rankings. That has to change or it seems +1 will be considered a failure.

Website and Application Development
Building a new website or mobile application is a very detail oriented project that requires a well defined process. The best way to track the success of your campaign is make sure your process is well documented with dates attached to each of your deliverables of the project. The time spent up front in the planning stages will bring clarity to the project for all involved and help the project stay on task. Below is a platform that can be built into a very detailed list of deliverables for a development project:

  • Define the Scope of the Project
  1. Project Management
  2. Calendar of the project
  3. Resources needed (human capital, scheduling, technical proficiency, etc)
  4. Wireframes for the user interface (mapping the visitor flow)
  5. Approvals
  • Creative – Design Work
    1. Logos and branding
    2. Image and video content
    3. Clear calls to action
    4. Concepts presented to clients
    5. Revisions as necessary
    6. Client Approvals
  • Coding and Development
    1. Hosting environment
    2. Platform development
    3. Installation of all scripts, APIs, tracking, etc
  • Testing
    1. Cross browser testing
    2. Bug fixing
  • Optimization
    1. Titles
    2. Headers
    3. Descriptions
    4. Alt Tags
    5. Content

    Internet marketing is a rapidly changing marketplace. Employing several complimentary strategies and monitoring the performance will provide you with the greatest opportunity for success. Good luck in 2012 and may all of your internet marketing strategies come to Fruition!

    -Jonathan Mills, Fruition

    This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
    These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
    Subscribe to partner-marketplace