Posts Tagged 'Executive Blog'

March 18, 2015

SoftLayer, Bluemix and OpenStack: A Powerful Combination

Building and deploying applications on SoftLayer with Bluemix, IBM’s Platform as a Service (PaaS), just got a whole lot more powerful. At IBM’s Interconnect, we announced a beta service for deploying OpenStack-based virtual servers within Bluemix. Obviously, the new service is exciting because it brings together the scalable, secure, high-performance infrastructure from SoftLayer with the open, standards-based cloud management platform of OpenStack. But making the new service available via Bluemix presents a particularly unique set of opportunities.

Now Bluemix developers can deploy OpenStack-based virtual servers on SoftLayer or their own private OpenStack cloud in a consistent, developer-friendly manner. Without changing your code, your configuration, or your deployment method, you can launch your application to a local OpenStack cloud on your premises, a private OpenStack cloud you have deployed on SoftLayer bare metal servers, or to SoftLayer virtual servers within Bluemix. For instance, you could instantly fire up a few OpenStack-based virtual servers on SoftLayer to test out your new application. After you have impressed your clients and fully tested everything, you could deploy that application to a local OpenStack cloud in your own data center ̶all from within Bluemix. With Bluemix providing the ability to deploy applications across cloud deployment models, developers can create an infrastructure configuration once and deploy consistently, regardless of the stage of their application development life cycle.

OpenStack-based virtual servers on SoftLayer enable you to manage all of your virtual servers through standard OpenStack APIs and user interfaces, and leverage the tooling, knowledge and process you or your organization have already built out. So the choice is yours: you may fully manage your virtual servers directly from within the Bluemix user interface or choose standard OpenStack interface options such as the Horizon management portal, the OpenStack API or the OpenStack command line interface. For clients who are looking for enterprise-class infrastructure as a service but also wish to avoid getting locked in a vendor’s proprietary interface, our new OpenStack standard access provides clients a new choice.

Providing OpenStack-based virtual servers is just one more (albeit major) step toward our goal of providing even more OpenStack integration with SoftLayer services. For clients looking for enterprise-class Infrastructure as a Service (IaaS) available globally and accessible via standard OpenStack interfaces, OpenStack-based virtual servers on SoftLayer provide just what they are looking for.

The beta is open now for you to test deploying and running servers on the new SoftLayer OpenStack public cloud service through Bluemix. You can sign up for a Bluemix 30-day free trial.

- @marcalanjones

January 15, 2015

Hot in 2015: Trends and Predictions

As cloud technology moves into 2015, the pace of innovation in the cloud space continues to accelerate faster and faster. Being no stranger to innovation ourselves, we’ve got our collective finger on the pulse of what’s up and coming. Here are some trends we see on the horizon for cloud in 2015.

Hybrid cloud
As more and more workloads move to the cloud, many companies are looking for a way to leverage all of the value and economies of scale that the cloud provides while still being able to keep sensitive data secure. Hybrid cloud solutions, which can mean an environment that employs both private and public cloud services, on- and off-prem resources, or a service that combines both bare metal and virtual servers, will continue to grow in popularity. With 70 percent of CIOs planning to change their company’s sourcing and technology relationship within the next three years, Gartner notes that hybrid IT environments will dominate the space as they offer many of the benefits of legacy, old-world environments but still operate within the new-world as-a-service model.

Read more:
+IBM Hybrid Clouds

Bare metal
In 2015, the term bare metal will be officially mainstream. Early on, bare metal servers were seen as a necessity for only a few users, but now it has become the ideal solution for processor-intensive and disk I/O-intensive workloads like big data and analytics. We’ve been in the business of bare metal (formerly called dedicated servers) for 10 years now, and we’re happy to see the term become a standard part of the cloud dialogue. As cloud workloads get tougher and more complex in 2015, companies will continue to turn to bare metal for its raw performance.
Security has been a hot topic in the news. In 2014, major retailers were hacked, certain celebrity photos were leaked, and issues surrounding government surveillance were in the spotlight. More than ever, these incidents have reminded everyone that the underlying architectures of the Internet are not secure, and without protections like firewalls, private networks, encryption, and other security features, private data isn’t truly private. In response to these concerns, tech companies will offer even higher levels of security in order to protect consumers’ and merchants’ sensitive data.

Read more:
+SoftLayer Cloud Security

Big data
Big data moves from hype and buzzword status to mainstream. The cloud industry has seen a change in the way big data is being put to work. It’s becoming more widely adopted by organizations of all types and sizes, in both the public and private sectors. One such organization is the Chicago Department of Public Health, which is using predictive analytics and data to experiment and improve food inspection and sanitation work. The city’s team has developed a machine-learning program to mine Twitter for tweets that use words related to food poisoning so that they can reply directly to posters, encouraging them to file a formal report. We’ll see much more of this kind of smart application of big data analytics to real-life problems in the year to come.

Read more:
+ In Chicago, Food Inspectors are Guided by Big Data

Docker is an open platform for developers and system administrators to build, ship, and run distributed applications. It enables apps to be quickly assembled from components and eliminates the friction between development, QA, and production environments. Streamlining workflow, the Docker software container allows developers to work on the exact same deployment stack that programmers use and contains all the dependencies within it. It can also be moved from bare metal to hybrid cloud environments—positioning it to be the next big thing on the cloud scene in 2015. IBM has already capitalized on Docker’s simplicity and portability by launching its IBM Containers service, part of Bluemix, last month. IBM Containers will help enterprises launch Docker containers directly onto the IBM Cloud via bare metal servers from SoftLayer.

Read more:
+At DockerCon Amsterdam, an Under Fire Docker Makes a Raft of Announcements

Health care
The medical and health care industries will continue to adopt cloud in 2015 to store, compute, and analyze medical data as well as address public concerns about modernizing record-keeping and file-sharing practices. The challenge will be keeping patients’ sensitive medical data secure so that it can be shared among health care providers, but kept safely away from hackers.

Read more:
+Coriell Life Sciences

Data sovereignty
In order to comply with local data residency laws in certain regions, many global companies are finding it necessary to host data in country. As new data centers are established worldwide, it’s becoming easier to meet data sovereignty requirements. As a result of launching new data centers, cloud providers are increasing the size and power of their network—creating even lower latency connections—and creating an even more competitive cloud marketplace. As a result, smaller players might be left in the dust in 2015.

Read more:
+ Cloud Security Remains a Barrier for CIOs Across Europe

Last, but certainly not least, 2015 will see an aggressive move to the cloud by enterprise organizations. The cost- and timing-saving benefits of cloud adoption will continue to win over large companies.

Read more:
+IBM Enterprise Cloud System

Looking Ahead
Martin Schroeter, senior vice president and CFO, finance and enterprise at IBM has projected approximately $7 billion in total cloud-related sales in 2015, with $3 billion of that coming from new offerings and the rest from older products shifted to be delivered via the cloud.

SoftLayer will continue to match the pace of cloud adoption by providing innovative services and products, signing new customers, and launching new data centers worldwide. In Q1, our network of data centers will expand into Sydney, Australia, with more to come in 2015.

Read more:
+IBM’s Cloud-Based Future Rides on Newcomer Crosby
+InterConnect 2015


August 11, 2014

I PLEB Allegiance to My Data!

As a "techy turned marketing turned social media turned compliance turned security turned management" guy, I have had the pleasure of talking to many different customers over the years and have heard horror stories about data loss, data destruction, and data availability. I have also heard great stories about how to protect data and the differing ways to approach data protection.

On a daily basis, I deal with NIST 800-53 rev.4, PCI, HIPAA, CSA, FFIEC, and SOC controls among many others. I also deal with specific customer security worksheets that ask for information about how we (SoftLayer) protect their data in the cloud.

My first response is always, WE DON’T!

The looks I’ve seen on faces in reaction to that response over the years have been priceless. Not just from customers but from auditors’ faces as well.

  • They ask how we back up customer data. We don’t.
  • They ask how we make it redundant. We don’t.
  • They ask how we make it available 99.99 percent of the time. We don’t.

I have to explain to them that SoftLayer is simply infrastructure as a service (IaaS), and we stop there. All other data planning should be done by the customer. OK, you busted me, we do offer managed services as an additional option. We help the customer using that service to configure and protect their data.

We hear from people about Personal Health Information (PHI), credit card data, government data, banking data, insurance data, proprietary information related to code and data structure, and APIs that should be protected with their lives, etc. What is the one running theme? It’s data. And data is data folks, plain and simple!

Photographers want to protect their pictures, chefs want to protect their recipes, grandparents want to protect the pictures of their grandkids, and the Dallas Cowboys want to protect their playbook (not that it is exciting or anything). Data is data, and it should be protected.

So how do you go about doing that? That's where PLEB, the weird acronym in the title of this post, comes in!

PLEB stands for Physical, Logical, Encryption, Backups.

If you take those four topics into consideration when dealing with any type of data, you can limit the risk associated with data loss, destruction, and availability. Let’s look at the details of the four topics:

  • Physical Security—In a cloud model it is on the shoulders of the cloud service provider (CSP) to meet strict requirements of a regulated workload. Your CSP should have robust physical controls in place. They should be SOC2 audited, and you should request the SOC2 report showing little or no exceptions. Think cameras, guards, key card access, bio access, glass alarms, motion detectors, etc. Some, if not all, of these should make your list of must-haves.
  • Logical Access—This is likely a shared control family when dealing with cloud. If the CSP has a portal that can make changes to your systems and the portal has a permissions engine allowing you to add users, then that portion of logical access is a shared control. First, the CSP should protect its portal permission system, while the customer should protect admin access to the portal by creating new privileged users who can make changes to systems. Second, and just as important, when provisioning you must remove the initial credentials setup and add new, private credentials and restrict access accordingly. Note, that it’s strictly a customer control.
  • Encryption—There are many ways to achieve encryption, both at rest and in transit. For data at rest you can use full disk encryption, virtual disk encryption, file or folder encryption, and/or volume encryption. This is required for many regulated workloads and is a great idea for any type of data with personal value. For public data in transit, you should consider SSL or TLS, depending on your needs. For backend connectivity from your place of business, office, or home into your cloud infrastructure, you should consider a secure VPN tunnel for encryption.
  • Backups—I can’t stress enough that backups are not just the right thing to do, they are essential, especially when using IaaS. You want a copy at the CSP you can use if you need to restore quickly. But, you want another copy in a different location upon the chance of a disaster that WILL be out of your control.

So take the PLEB and mitigate risk related to data loss, data destruction, and data availability. Trust me—you will be glad you did.


Subscribe to executive-blog