Posts Tagged 'IBM'

October 24, 2014

SoftLayer at IBM Insight 2014

IBM will be lighting up Las Vegas next week with Insight 2014, the conference for big data and analytics. Starting this Sunday and running through Thursday, October 30 at the Mandalay Bay, this show will offer amazing opportunities to learn more about the advantages of delivering big data and analytics services, and many of those advantages involve the SoftLayer cloud platform.

To guide you through the 700+ sessions and streams easier, we’ve compiled a list of must-attend SoftLayer- and cloud-based sessions.

Business Partner Summit

Breakout Session 7157: Partner with SoftLayer for Your Big Data and Analytics Workloads
Sunday, October 26 @ 2:00 p.m. – Tradewinds A (For Business Partners only)
Featured Speakers: Anand Mahurkar, founder and CEO Findability Sciences, and Guy Kurtz, IBM North America Channel Sales Leader

General Conference Sessions

BPM-6838A: Experience Faster Time to Value with IBM Cognos TM1 on Cloud
Monday, October 27 @ 10:15 a.m. – Mandalay Bay J
Learn how the SoftLayer infrastructure with IBM Cognos TM1 can help you gain better performance, operational savings, reliability, and scalability.

IIS-5758A: How Joy Global is Using Big Data as a Differentiator in the Mining Industry
Monday, October 27 @ 10:15 a.m. – Jasmine B
We’ll dig deep to learn how Joy Global runs one of the most sophisticated big data platforms in the industry hosted by a combination of SoftLayer and IBM Global Business Services.

IDB-4741C: Accelerate Social Media Analytics for Big Insight with IBM DB2 BLU and IBM InfoSphere Optim Database Tools
Monday, October 27 @ 3:30 p.m. – Jasmine F
Can the right combination of technologies help accelerate a social media analytics application hosted on SoftLayer? Yes.

EEP-5498A: Industry Leaders, IBM ECM and SoftLayer Deliver Trusted Content Anywhere with IBM Navigator on Cloud
Tuesday, October 28 @ 1:45 p.m. – Lagoon H
Extend ECM to the SoftLayer cloud platform by leveraging IBM’s pervasive ECM experience platform, IBM Content Navigator.

FTC-4285A: Data Warehousing and Analytics in the Cloud: IBM's New Data Warehousing Service
Tuesday, October 28 @ 3:00 p.m. – Islander E
Combining the best of BLU Acceleration, Netezza Technology, and SoftLayer, come see how Data Warehousing Service can be used to provide analytics for existing cloud-based data stores.

LCE-5575A: Building a Robust ECM Solution Step-by-Step
Wednesday, October 29 @ 2:00 p.m. – Shorelines B Lab Room 11
A step-by-step guide to building an ECM solution on a SoftLayer platform.

EEP-7001A: Expert Exchange: ECM in the Cloud
Wednesday, October 29 @ 4:30 p.m. – Breakers E
Meet the ECM development team and learn how they designed and deployed Navigator Cloud Edition on SoftLayer.

III-5198A: Using IBM Bluemix and SoftLayer to Run IBM InfoSphere Information Server on an Intel Technology-Powered Cloud
Thursday, October 30 @ 10:00 a.m. – Jasmine E
Learn how InfoSphere Information Server works in the cloud, and how SoftLayer bare metal and virtualization options contribute to the scaling performance.

LCI-5234A: On-Demand Data Archiving with Cloud-based Data Warehousing Services
Thursday, October 30 @ 10:00 a.m. – Shorelines B Lab Room 2
This lab will showcase the entire BLU Acceleration as a Cloud solution using SoftLayer.

If you’re a registered attendee and haven’t already done so, visit the IBM Insight 2014 website for complete descriptions of all sessions, and start building your agenda.

And don’t forget to stop by the SoftLayer pedestal in the IBM Cloud booth #515. We look forward to seeing you.

-Ted

October 6, 2014

G’day, Melbourne! SoftLayer’s LIVE in Australia.

Today, we’re excited to announce the launch of the newest SoftLayer data center in Melbourne, Australia! This facility is our first on the continent (with Sydney planned for later in the year), and it delivers that trademark SoftLayer service to our clients Down Under.

Our Aussie Mates

Over the years, our customer base has grown phenomenally in Australia, and it should come as no surprise that customers in the region have been clamoring for a SoftLayer data center Down Under to bring high performance cloud infrastructure even closer to them. These customers have grown to immense proportions with ahead-of-their-time value propositions and innovative ideas that have turned heads around the world.

A perfect example of that kind of success is HotelsCombined.com, an online travel platform designed to streamline the process of searching for and reserving hotel rooms around the world. Their story is nothing short of brilliant. A startup in 2005, they today serve more than 25 million visitors a month, has more than 20,000 affiliates, and a database of 800,000+ properties worldwide.

HotelsCombined.com partnered with SoftLayer to provision bare metal servers, virtual servers, load balancers, and redundant iSCSI storage around the world to best serve their global customer base. Additionally, they implemented data warehouse and predictive analytics capabilities on SoftLayer for their real-time predictive models and business intelligence tools.

Another great story is that of The Loft Group. I wrote about how they chose our cloud platform to roll out their Digital Learning Platform in a previous blog. They needed performance, analytics, monitoring, and scalability to accommodate their massive growth, and we were able to help.

Benefiting Down Under

Many of you have seen news about IBM’s plans to expand SoftLayer into Australia for a few months now. In fact, at the recent IBM Cloud Pre-Launch event (view the full event on demand here), Lance Crosby shared our vision for the region and the synergy that we are looking to create in the market.

Our expansion into Melbourne means that our customers have even more choice and flexibility when building their cloud infrastructure on our platform. With Australian data residency, many of our customers in Australia with location-sensitive workloads or regulatory/compliance data requirements immediately benefit from the new location. Additionally, with network points of presence in Sydney and Melbourne, users in Australia will see even better network performance when connecting to servers in any SoftLayer data center around the world. Users looking for additional redundancy in APAC have another location for their data, and customers who want to replicate data as though they are in the same rack can do so between Australia and one of our other locations.

Let the Bash Commence

To celebrate this exciting milestone, we have quite a few things lined up for the region. First up, a special promotion for all those who would like to check out the performance of this facility—new customers and our existing loyalists. You can get US$500 off on your first month's order (bare metal, private virtual, public virtual—anything and everything listed in our store!) for the Melbourne data center. More details on the promo, features, and services are available here.

Next up—parties! We have a couple of networking events planned. SoftLayer customers, partners, enthusiasts, and friends are invited to join us in Melbourne on October 9, and Auckland, New Zealand, on October 15 for a fun evening with SLayers and peers. If you’re in the area and want more details, email us at marketingAP@softlayer.com with the following information:

  • Subject: I Would Like to Attend SoftLayer Night: Celebrating Data Centre Go-Live
  • Body: Your Name, contact phone number, city where you would like to attend, and one line about why you would like to attend.

Space is limited, and you don’t have much time to reserve your spot, so let us know as soon as possible.

These are exciting times. I’m extremely eager to see how Australian businesses leverage these new in-country facilities and capabilities. Stay tuned for new stories as we hear from other happy customers.

Cheers.
@namrata_kapur

September 9, 2014

Building a Secure Cloud-based Solution: Part I

When you begin a household project, you must first understand what you will need to complete the task. Before you begin, you check your basement or garage to make sure you have the tools to do the work. Building a secure cloud-based solution requires similar planning. You’re in luck—SoftLayer has all the tools needed, including a rapidly maturing set of security products and services to help you build, deploy, and manage your cloud solution. Over the next couple of months, we will take a look at how businesses leverage cloud technologies to deliver new value to their employees and customers, and we’ll discuss how SoftLayer provides the tools necessary to deliver your solutions securely.

Hurricane plan of action: Water: Check. Food: Check. Cloud: Check?

Let’s set the scene here: A hurricane is set to make landfall on the United States’ Gulf Coast, and the IT team at an insurance company must elastically scale its new claim application to accommodate the customers and field agents who will need it in the storm’s aftermath. The team needs to fulfill short-term computing needs and long-term hosting of additional images from the claims application, thereby creating a hybrid cloud environment. The insurance company’s IT staff meet to discuss their security requirements, and together, they identify several high-level needs:

  1. Provide secure connectivity, authentication, access control, and audit capabilities for IT administrators and users.

    SoftLayer provides VPNs, multifactor authentication, audit control logs, API keys, and fine-grained access control. This allows insurance agents to securely access claim forms and supporting documentation and connect to the application via https, using the wide range of SSL certificates (Symantec, Geotrust, and more). Plus, agents can authenticate using identity and access management solutions such as IWS Go Cloud ID and IBM Security Access Manager.
  2. Ensure that stringent data security measures are enforced.

    Data cannot be shifted across borders, and data at rest or in use must be encrypted. SoftLayer leaves data where customers place it, and will never transfer customers’ data. IBM Cloud Marketplace partners like Vormetric offer encryption solutions to ensure sensitive data-at-rest is not stored in clear text, and that customers maintain complete control of the encryption keys. Additionally, the IT team in our example would have the ability to encrypt all sensitive PHI data in database using data-in-use solutions from Eperi.
  3. Ensure multi-layered security for network zone segmentation.

    Users and administrators in the confidential area of insurance need confidence that their network is securely partitioned. SoftLayer native and vendor solutions such as SoftLayer VLANs, Vyatta Gateway, Fortigate firewall, and Citrix Netscaler allow administrators to securely partition a network, creating segmentation according to organizational needs, and providing the routing and filtering needed to isolate users, workloads, and domains.
  4. Enforce host security using anti-virus software, host intrusion prevention systems, and other solutions.

    The IT team can apply best-of-breed third-party solutions, such as Nessus Vulnerability Scanner, McAfee Antivirus, and McAfee Host Intrusion Protection. These capabilities give administrators the means to ensure that infrastructure is protected from malware and other host attacks, enhancing both system availability and performance.
  5. Define and enforce security policies for the hybrid cloud environment, and audit any policy changes.

    Administrators can manage overall policies for the combined public-private environment using IBM solutions like QRadar, Hosted Security Event and Log Management Service, and xForce Threat Analysis Service. Admins can use solutions from vendors like CloudPassage, Sumo Logic, and ObserveIT to automatically define policies around firewall rules, file integrity, security configuration, and access control, and to audit adherence to such policies.

The insurance company’s IT department already knew from SoftLayer’s reputation that it is one of the highest performing cloud infrastructures available, with a wide range of integrated and automated cloud computing options, all through a private network and advanced management system, but now it knows from experience that SoftLayer offers the security solutions needed to get the job done.

When business needs spike and companies need additional capacity, SoftLayer delivers quickly and securely. Stay tuned for Part 2 where we will talk secure development and test activities.

- Rick Hamilton, IBM Cloud Offering Evangelist

August 20, 2014

SoftLayer is in Canada, eh?

Last week, we celebrated the official launch of our Toronto (TOR01) data center—the fourth new SoftLayer data center to go live in 2014, and our first in Canada! To catch you up on our progress this year, we unveiled a data center in Hong Kong in June to provide regional redundancy in Asia. In July, we added similar redundancy in Europe with the grand opening of our London data center, and we cut the ribbon on a SoftLayer data center designed specifically for federal workloads in Richardson, TX. The new Toronto location joins our data center pods in Washington, D.C., as our second location in the northeast region of North America.

As you can imagine, our development and operations teams have been working around the clock to get these new facilities built, so they were fortunate to have Tim Hortons in Toronto to keep them going. Fueled by countless double-doubles and Timbits, they officially brought TOR01 online August 11! This data center launch is part of IBM’s massive $1.2 billion commitment to in expanding our global cloud footprint. A countless number of customers have asked us when we were going to open a facility in Canada, so we prioritized Toronto to meet that demand. And because the queue had been building for so long, as soon as the doors were opened, we had a flood of new orders to fulfill. Many of these customers expressed a need for data residency in Canada to handle location-sensitive workloads, and expanding our private network into Canada means in the region will see even better network performance to SoftLayer facilities around the world.

Here are what a few of our customer had to say about the Toronto launch:

Brenda Crainic, CTO and co-founder of Maegan said, “We are very excited to see SoftLayer open a data center in Toronto, as we are now expanding our customer base in Canada. We are looking forward to host all our data in Canada, in addition to their easy-to-use services and great customer service."

Frederic Bastien, CEO at mnubo says, “We are very pleased to have a data center in Canada. Our customers value analytics performance, data residency and privacy, and deployment flexibility—and with SoftLayer we get all that and a lot more! SoftLayer is a great technology partner for our infrastructure needs.”

With our new data center, we’re able to handle Canadian infrastructure needs from A to Zed.

While we’d like to stick around and celebrate with a Molson Canadian or two, our teams are off to the next location to get it online and ready. Where will it be? You won’t have to wait very long to find out.

I’d like to welcome the new Canucks (both employees and customers) to SoftLayer. If you’re interested in getting started with a bare metal or virtual server in Canada, we’re running a limited-time launch promotion that’ll save up to $500 on your first order in Toronto: Order Now!

-John

P.S. I included a few Canadianisms in this post. If you need help deciphering them, check out this link.

July 14, 2014

London Just Got Cloudier—LON02 is LIVE!

Summer at SoftLayer is off to a great start. As of today, customers can order SoftLayer servers in our new London data center! This facility is SoftLayer's second data center in Europe (joining Amsterdam in the region), and it's one of the most anticipated facilities we've ever opened.

London is the second SoftLayer data center to go live this year, following last month's data center launch in Hong Kong. In January, IBM committed to investing $1.2 billion to expand our cloud footprint, and it's been humbling and thrilling at the same time to prepare for all of this growth. And this is just the beginning.

When it comes to the Europe, Middle East, and Africa region (EMEA), SoftLayer's largest customer base is in the U.K. For the last two and a half years I’ve been visiting London quite frequently, and I've met hundreds of customers who are ecstatic to finally have a SoftLayer data center in their own backyard. As such, I'm especially excited about this launch. With this data center launch, they get our global platform with a local address.

The SoftLayer Network

Customers with location-sensitive workloads can have their data reside within the U.K. Customers with infrastructure in Amsterdam can use London to add in-region redundancy to their environments. And businesses that target London's hyper-competitive markets can deliver unbelievable performance to their users. LON02 is fully integrated with the entire SoftLayer platform, so bare metal and virtual servers in the new data center are seamlessly connected to servers in every other SoftLayer data center around the world. As an example of what that means in practice, you can replicate or integrate data between servers in London and Amsterdam data centers with stunning transfer speeds. For free. You can run your databases on bare metal in London, keep backups in Amsterdam, spin up virtual servers in Asia and the U.S. And your end users get consistent, reliable performance—as though the servers were in the same rack. Try beating that!

London is a vibrant, dynamic, and invigorating city. It's consistently voted one of the best places for business in the region. It's considered a springboard for Europe, attracting more foreign investors than any other location in the region. A third of world’s largest companies are headquartered in London, and with our new data center, we're able to serve them even more directly. London is also the biggest tech hub in-region and the biggest incubator for technology startups and entrepreneurs in Europe. These cloud-native organizations have been pushing the frontiers of technology, building their businesses on our Internet-scale platform for years, so we're giving them an even bigger sandbox to play in. My colleagues from Catalyst, our startup program, have established solid partnerships with organizations such as Techstars, Seedcamp and Wayra UK, so (as you can imagine) this news is already making waves in the U.K. startup universe.

For me, London will always be the European capitol of marketing and advertising (and a strong contender for the top spot in the global market). In fact, two thirds of international advertising agencies have their European headquarters in London, and the city boasts the highest density of creative firms of any other city or region in the world. Because digital marketing and advertising use cases are some of the most demanding technological workloads, we're focused on meeting the needs of this market. These customers require speed, performance, and global reach, and we deliver. Can you imagine RTB (real-time-bidding) with network lag? An ad pool for multinationals that is accessible in one region, but not so much in another? A live HD digital broadcast to run on shared, low-I/O machines? Or a 3D graphic rendering based on a purely virtualized environment? Just thinking about those scenarios makes me cringe, and it reinforces my excitement for our new data center in London.

MobFox, a customer who happens to be the largest mobile ad platform in Europe and in the top five globally, shares my enthusiasm. MobFox operates more than 150 billion impressions per month for clients including Nike, Heineken, EA, eBay, BMW, Netflix, Expedia, and McDonalds (as a comparison I was told that Twitter does about 7 billion+ a month). Julian Zehetmayr, the brilliant 23-year-old CEO of MobFox, agreed that London is a key location for businesses operating in digital advertising space and expressed his excitement about the opportunity we’re bringing his company.

I could go on and on about why this news is soooo good. But instead, I'll let you experience it yourself. Order bare metal or virtual servers in London, and save $500 on your first month service.

Celebrate a cloudy summer in London!

-Michalina

July 1, 2014

The Cloud in 100 Years

Today’s cloud is still in its infancy, with less than 10 years under its belt, yet it has produced some of the most advanced products and solutions known to date. Cloud, in fact, has helped change how the world connects by making information, current events, and communication available globally, at the speed of light.

The Internet itself was born in the 1960s and in just 44 years, look at what it has accomplished! Websites like Google, Bing, and Yahoo provide up-to-the-second information that is reinventing and replacing the role dictionaries and encyclopedias once played. Facebook, Twitter, and Instagram are revolutionizing how most of the world communicates. WordPress, Tumblr, and bloggers give voices to many journalist and writers who were once only heard by few, if any. It is truly a new landscape today. Do you think when Herman Hollerith thought he invented the punch card in the 1890s that it would evolve data processing to “the cloud” in just 100 years? IBM 100 explains:

One could argue that the information age began with the punch card, and that data processing as a transformational technology began with its 1928 redesign by IBM. This thin piece of cardboard, with 80 columns of tiny rectangular holes made the world quantifiable. It allowed data to be recorded, stored, and analyzed. For nearly 50 years, it remained the primary vehicle for processing the essential facts and figures that comprised countless industries, in every corner of the globe. (IBM 100)

What about the future?

It’s obvious that predicting 10 decades into the future is a difficult task, but one thing is for sure, this cloud thing is just getting started.

  • What will we call it? The Internet/World Wide Web is now almost synonymous with the term cloud. I predict that in the next 20 years it will take on another name. Something even more nebulous than the cloud … maybe even “The Nebula.” Or … quite possibly, Skynet!
  • How will it be accessed? In 100 years, I think the more fitting question will be, “how will you hide from it?” Today, we are voluntarily connected with our smart phones. You can be found and contacted using varying mediums from a single, handheld device. FaceTime, WhatsApp, Skype, Tango … you name it. You can make video calls to people halfway around the world in seconds. If Moore’s law still applies in 100 years, our devices could potentially be 50 times smaller than what they are today.
  • Ultimate Control: Nanotechnology will have the ability to control the weather and not only determine if we will have rain but regulate it. Weather control could rid the world of drought and make uninhabitable areas of the world flourish.
  • Medicine: The term “antibiotics” will take on a whole new meaning for medicine in 100 years. Imagine instead of getting a shot of penicillin, you receive 50mL of microscopic robots that can attack the virus directly, from within. The robots then send a push notification to your ‘iPhone 47S’ notifying you that your flu bug has been located and irradiated and that you can press “OK” to send the final report to your physician. The Magic School Bus finally becomes a reality!

Without a doubt, cloud services will be everywhere in the future. The change is already taking place with early adopters and businesses. In the 10 years since the industry coined the term cloud, it’s become a birthplace for technology and industry disruptive behavior. This has caught the attention of the traditional IT organizations as a way to save capital, lower time to market, and increase research and development on their own products and services.

SoftLayer is dedicated to helping the transformation of mid-market and enterprise companies alike. We understand that the cloud is virtually making this world smaller as companies reach into markets that were once out of reach; which is why we’re in the process of doubling our data center footprint to reach those unreachable areas of the world. Don’t be surprised when we announce our first data center on the moon!

-Harold

Categories: 
June 9, 2014

Visualizing a SoftLayer Billing Order

In my time spent as a data and object modeler, I’ve dealt with both good and bad examples of model visualization. As an IBMer through the Rational acquisition, I have been using modeling tools for a long time. I can appreciate a nice diagram shining a ray of light on an object structure, and abhor a behemoth spaghetti diagram.

When I started studying SoftLayer’s API documentation, I saw both the relational and hierarchical nature of SoftLayer’s concept model. The naming convention of API services and data types embodies their hierarchical structure. While reading about “relational properties” in data types, I thought it would be helpful to see diagrams showing relationships between services and data types versus clicking through reference pages. After all, diagramming data models is a valuable complement to verbal descriptions.

One way people can deal with complex data models is to digest them a little at a time. I can’t imagine a complete data model diagram of SoftLayer’s cloud offering, but I can try to visualize small portions of it. In this spirit, after reviewing article and blog entries on creating product orders using SoftLayer’s API, I drew an E-R diagram, using IBM Rational Software Architect, of basic order elements.

The diagram, Figure 1, should help people understand data entities involved in creating SoftLayer product orders and the relationships among the entities. In particular, IBM Business Partners implementing custom re-branded portals to support the ordering of SoftLayer resources will benefit from visualization of the data model. Picture this!

Figure 1. Diagram of the SoftLayer Billing Order

A user account can have many associated billing orders, which are composed of billing order items. Billing order items can contain multiple order containers that hold a product package. Each package can have several configurations including product item categories. They can be composed of product items with each item having several possible prices.

-Andrew

Andrew Hoppe, Ph.D., is a Worldwide Channel Solutions Architect for SoftLayer, an IBM Company.

May 8, 2014

SoftLayer Security: Questions and Answers

When I talk to IBM Business Partners about SoftLayer, one of the most important topics of discussion is security. We ask businesses to trust SoftLayer with their business-critical data, so it’s important that SoftLayer’s physical and network security is as transparent and understandable as possible.

After going through the notes I’ve taken in many of these client meetings, I pulled out the ten most frequently asked questions about security, and I’ve compiled answers.

Q1: How is SoftLayer secured? What security measures does SoftLayer have in place to ensure my workloads are safe?

A: This “big picture” question is the most common security-related question I’ve heard. SoftLayer’s approach to security involves several distinct layers, so it’s tough to generalize every aspect in a single response. Here are some of the highlights:

  • SoftLayer’s security management is aligned with U.S. government standards based on NIST 800-53 framework, a catalog of security and privacy controls defined for U.S. federal government information systems. SoftLayer maintains SOC 2 Type II reporting compliance for every data center. SOC 2 reports are audits against controls covering security, availability, and process integrity. SoftLayer’s data centers are also monitored 24x7 for both network and on-site security.
  • Security is maintained through automation (less likely for human error) and audit controls. Server room access is limited to authorized employees only, and every location is protected against physical intrusion.
  • Customers can create a multi-layer security architecture to suit their needs. SoftLayer offers several on-demand server and network security devices, such as firewalls and gateway appliances.
  • SoftLayer integrates three distinct network topologies for each physical or virtual server and offers security solutions for systems, applications, and data as well. Each customer has one or many VLANs in each data center facility, and only users and servers the customer authorizes can access servers in those VLANs.
  • SoftLayer offers single-tenant resources, so customers have complete control and transparency into their servers.

Q2: Does SoftLayer destroy my data when I’ve de-provisioned a compute resource?

A: Yes. When a customer cancels any physical or virtual server, all data is erased using Department of Defense (DoD) 5220.22-m standards.

Q3: How does SoftLayer protect my servers against distributed denial of service (DDoS) attacks?

A: A SoftLayer Network Operations Center (NOC) team monitors network performance and security 24x7. Automated DDoS mitigation controls are in place should a DDoS attack occur.

It’s important to clarify here that the primary objective of this DDoS mitigation is to maintain performance integrity of the overall cloud infrastructure. With that in mind, SoftLayer can’t stop a customer from being attacked, but it can shield the customer (and any other customers in the same network) from the effects of the attack. If necessary, SoftLayer will remove the target from the public network for periods of time and null-routes incoming connections. Because of SoftLayer’s three-tiered network architecture, a customer would still have access to the targeted system via the private network.

Q4: How is communication segmented from other tenants using SoftLayer?

A: SoftLayer utilizes industry standard VLANs and switch access control lists (ACLs) to segment customer environments. Customers have the ability to add and manage their own VLANs, providing additional security even inside their own accounts. ACLs are configured to permit or deny any specified network packet (data) to be directed along a switch.

Q5: How is my data kept private? How can I confirm that SoftLayer can’t read my confidential data?

A: This question is common customers who deal with sensitive workloads such as HIPAA-protected documentation, employee records, case files, and so on.

SoftLayer customers are encouraged to deploy a gateway device (e.g. Vyatta appliance) on which they can configure encryption protocols. Because the gateway device is the first hop into SoftLayer’s network, it provides an encrypted tunnel to traverse the VLANs that reside on SoftLayer. When securing compute and storage resources, customers can deploy single tenant dedicated storage devices to establish isolated workloads, and they can even encrypt their hard drives from the OS level to protect data at rest. Encrypting the hard drive helps safeguard data even if SoftLayer were to replace a drive or something similar.

Q6: Does SoftLayer track and log customer environments?

A: Yes. SoftLayer audits and tracks all user activity in our customer portal. Some examples of what is tracked include:

  • User access, both failed and authenticated attempts (destination IP is shown on a report)
  • Compute resources users deploy or cancel
  • APIs for each call (who called the API, the API call and function, etc.)
  • Intrusion Protection and Detection services that observe traffic to customer hosts
  • Additionally, customers have root access to operating systems on their servers, so they can implement additional logging of their own.

Q7: Can I disable access to some of my users through the customer portal?

A: Yes. SoftLayer has very granular ACLs. User entitlements are segmented into different categories, including Support, Security, and Hardware. SoftLayer also gives customers the ability to limit access to public and private networks. Customers can even limit user access to specific bare metal or virtual server.

Q8: Does SoftLayer patch my operating system?

A: For unmanaged cloud servers, no. Once the updated operating system is deployed on a customer’s server, SoftLayer doesn’t touch it.

If you want help with that hands-on server administration, SoftLayer offers managed hosting. In a managed hosting environment, Technical Account Managers (TAMs) are assigned as focal points for customer requests and issues. TAMs help with reports and trending data that provide recommendations to mitigate potential issues (including OS patching).

Q9: Is SoftLayer suited to run HIPAA workloads?

A: Yes. SoftLayer has a number of customers running HIPAA workloads on both bare metal and single-tenant virtual servers. A Business Associate Agreement (BAA), signed by SoftLayer and the customers, clearly define the shared responsibilities for data security: SoftLayer is solely responsible for the security of the physical data center, along with the SoftLayer-provided infrastructure.

Q10: Can SoftLayer run government workloads? Does SoftLayer use the FISMA standards?

A: The Federal Information Security Management Act (FISMA) defines a framework for managing information security that must be followed for all federal information systems. Some state institutions don’t require FISMA, but look to cloud hosting companies to be aligned to the FIMSA guidelines.

Today, two SoftLayer data centers are audited to the FISMA standards – Dallas (DAL05) and Washington, D.C. (WDC01). Customers looking for the FISMA standard can deploy their workloads in those data centers. Future plans include having data centers that comply with more stringent FedRAMP requests.

For additional information, I highly recommend the on-demand SoftLayer Fundamentals session, “Keep safe – securing your SoftLayer virtual instance.” Also, check out Allan Tate’s Thoughts on Cloud blog, “HIPAA and cloud computing: What you need to know” for more on how SoftLayer handles HIPPA-related workloads.

-Darrel Haswell

Darrel Haswell is a Worldwide Channel Solutions Architect for SoftLayer, an IBM Company.

April 23, 2014

Security: 10 Tips for Hardening a Linux Server

In light of all the complex and specialized attacks on Internet-facing servers, it’s very important to protect your cloud assets from malicious assailants whose sole purpose is to leach, alter, expose, siphon sensitive data, or even to shut you down. From someone who does a lot of Linux deployments, I like to have handy a Linux template with some extra security policies configured.

Securing your environment starts during the ordering process when you are deploying server resources. Sometimes you want to deploy a quick server without putting it behind an extra hardware firewall layer or deploying it with an APF (Advance Policy Firewall). Here are a couple of security hardening tips I have set on my Linux template to have a solid base level of security when I deploy a Linux system.

Note: The following instructions assume that you are using CentOS or Red Hat Enterprise Linux.

1. Change the Root Password
Log in to your server and change the root password if you didn’t use a SSH key to gain access to your Linux system.

  • passwd - Make sure it’s strong.
  • Don't intend on using root.

2. Create a New User
The root user is the only user created on a new Linux install. You should add a new user for your own access and use of the server.

  • useradd <username>
  • passwd <username> (Make sure this is a strong password that’s different from your root password.)

3. Change the Password Age Requirements
Change the password age so you’ll be forced to change your password in a given period of time:

  • chage –M 60 –m 7 –w 7 <username>
    • M: Minimum of days required between password changes
    • m: Maximum days the password is valid
    • w: The number of days before password will warn of expiration

4. Disable Root Login
As Lee suggested in the last blog, you should Stop Using Root!

  • When you need super-user permissions, use sudo instead of su. Sudo is more secure than using su: When a user uses sudo to execute root-level commands, all commands are tracked by default in /var/log/secure. Furthermore, users will have to authenticate themselves to run sudo commands for a short period of time.

5. Use Secure Shell (SSH)
rlogin and telnet protocols don’t use an encrypted format, just plain text. I recommend using SSH protocol for remote log in and file transfers. SSH allows you to use encryption technology while communicating with your sever. SSH is still open to many different types of attacks, though. I suggest using the following to lock SSH down a little bit more:

  • Remove the ability to SSH as root:
    1. vi /etc/ssh/sshd_config.
    2. Find #PermitRootLogin yes and change to PermitRootLogin no.
    3. Run service sshd restart.
  • Change the default SSH 22 port. You can even utilize RSA keys instead of passwords for extra protection.

6. Update Kernel and Software
Ensure your kernel and software patches are up to date. I like to make sure my Linux kernel and software are always up to date because patches are constantly being released with corrected security flaws and exploits. Remember you have access to SoftLayer’s private network for updates and patches, so you don’t have to expose your server to the public network to get updates. Run this with sudo to get updates in RedHat or CentOS: yum update.

7. Strip Your System
Clean your system of unwanted packages. I strip my system to avoid installing unnecessary software to avoid vulnerabilities. This is called “reducing the attack surface.” Packages like NFS, Samba, even the X Windows desktops (i.e., Gnome or KDE) contain vulnerabilities. Here’s how reduce the attack surface:

  • List what is installed: yum list installed
  • List the package name: yum list <package-name>
  • Remove the package: yum remove <package-name>

8. Use Security Extensions
Use a security extension such as SELinux on RHEL or CentOS when you’re able. SELinux provides a flexible Mandatory Access Control (MAC); running a MAC kernel protects the system from malicious or flawed applications that can damage or destroy the system. You’ll have to explore the official Red Hat documentation, which explains SELinux configuration. To check if SELinux is running, run sestatus.

9. Add a Welcome/Warning
Add a welcome or warning display for when users remote into your system. The message can be created using MOTD (message of the day). MOTD’s sole purpose is to display messages on console or SSH session logins. I like for my MOTDs to read “Welcome to <hostname>. All connections are being monitored and recorded.”

  • I recommend vi /etc/motd

10. Monitor Your Logs
Monitor logs whenever you can. Some example logs that you can audit:

  • System boot log: /var/log/boot.log
  • Authentication log: /var/log/secure
  • Log in records file: /var/log/utmp or /var/log/wtmp:
  • Where whole system logs or current activity are available: /var/log/message
  • Authentication logs: /var/log/auth.log
  • Kernel logs: /var/log/kern.log
  • Crond logs (cron job): /var/log/cron.log
  • Mail server logs: /var/log/maillog

You can even move these logs to a bare metal server to prevent intruders from easily modifying them.

This is just the tip of the iceberg when securing your Linux server. While not the most secure system, it gives you breathing room if you have to deploy quick servers for short duration tests, and so on. You can build more security into your server later for longer, more permanent-type servers.

- Darrel Haswell

Darrel Haswell is an advisory SoftLayer Business Partner Solution Architect.

Categories: 
March 19, 2014

An Inside Look at IBM Cloud Event 2014 in Hong Kong

On March 17 in Hong Kong, IBM and SoftLayer successfully concluded the first of many intimate cloud events. IBM Cloud Event 2014 marked the beginning of the $1.2 billion investment committed towards our global expansion plans.

Growing from 13 to 40 data centers is no mean feat, and Hong Kong is the starting point. Not only does this give our customers data redundancy in Asia-Pacific, but also provides data residency to our Hong Kong-based customers. Quite simply, we are growing where you want to grow.

For me, there were three key takeaways from the event.

We’re seeing overwhelming support from our customers.
Not only did we have an opportunity to host our Hong Kong clientele, but many also traveled from cities in Greater China to be a part of this milestone. It was immensely gratifying to see them being vocal advocates of SoftLayer services. Natali Ardianto from Tiket.com, Chris Chun from 6waves and Larry Zhang representing ePRO all shared their brilliant stories with the audience.

Tiket.com’s co-founder, Natali, is especially proud of the fact that the company sold out 6,000 tickets for the K-Pop Big Bang Alive concert in 10 minutes, while their competitor’s site was unable to meet the huge demand and shut down for four hours during the peak period. Tiket.com, founded in 2011, faced TCP, DoS and DDoS attacks and tried hosting unsuccessfully on two different IaaS providers before moving to SoftLayer’s infrastructure services in 2012.

6Waves, a gaming publisher, was started in 2008. Today, built on SoftLayer, 6waves has grown to the #1 third-party publisher on Facebook. 6waves manages 14 million monthly active users and 2 million daily active users. Chris, 6waves’ CTO and co-founder, shared that since 2009 6waves has launched more than 200 games on SoftLayer.

Larry Zhang, ePRO’s senior IT manager and architect, had a similar story to share. The B2C e-commerce platform, part of China-based DX Holdings, supports more than 200,000 items in 15 categories and saw a 66 percent increase in customers from October 2011 to September 2013. ePRO is now looking to cater to the US and Australian markets, and Larry believes that SoftLayer’s aggressive expansion plans will help them meet their goal.

SoftLayer in Hong Kong

There is a vested interest in the SoftLayer-IBM integration roadmap.
Large enterprises are moving towards the cloud. This is not a forward-looking statement, it's a fact. And from the feedback gathered and the questions put up by these organizations, it is clear that they are investing in leveraging cloud services for improving their internal processes and for bringing services to their end customers more quickly. Lance Crosby presented a SoftLayer-IBM integration roadmap. With SoftLayer forming the foundation of IBM's cloud offerings—SaaS, PaaS and BPaaS—there is no doubt that we are as invested in this partnership as our clientele.

The strong startup community in Hong Kong is committed to growing with Softlayer.
Catalyst, SoftLayer's startup incubator, has always had a strong presence in Hong Kong, and the startup spirit was evident on March 17 as well. The dedicated roundtable conducted for the community with Lance Crosby and Casey Lau, SoftLayer's Catalyst representative for APAC, was the highlight of the day. Lance left us with a powerful thought, "We are here to be an extension to your infrastructure... The question is what can you build on us."

All in all, this was a great start to our new journey!

- Namrata

Subscribe to ibm