Tag Archives: Cloud Computing

Posted on by

Application Protection: There’s Something Happening Here

Reply

There’s something happening here
What it is ain’t exactly clear
There’s a man with a gun over there
Telling me I got to beware

Yes, it’s blasphemy to simply change a classic like Buffalo Springfield’s “For What’s It Worth” – but I will anyway to prove my point.

There’s something happening here

If you haven’t noticed, IT is changing rapidly. Just search for IT transformation, IT as a Service, and converged infrastructure to see how far we’ve come in only the past few years.  This industry moves!

What it is ain’t exactly clear

We know a Cloud is built differently, operated differently, and consumed differently. So we know companies have begun re-architecting IT in order to offer more of a service in order to react faster to meet user needs. They know they must change their operational models and in many cases their organizational structure. They might also seek converged infrastructures to get moving faster.    But… has protection changed to keep pace with this transformation?

There’s a man with a gun over there
Telling me I got to beware

It’s been said that in the song the gun is more of a metaphor for the tension between groups within the US before Vietnam. And in a much less violent analogy, the tension between the IT team and the application owners has never been stronger.

The application teams want to have great performance and protection of their application. But they’ve never been empowered by the IT department to protect themselves with storage-level tools. The storage team wants to let them, but they fear they might create too many copies of their data. Instead, the app owners went out and used tools for their own application, creating their own protection strategy which might not deliver the best protection they can get.  To win back the hearts and minds of the application owners and DBA’s, the IT department and the storage teams need to get better at protecting applications as a service.

On the Road to Application Protection as a Service

Many companies have has attempted to do this in the past – with products that help you protect and restore your applications and critical virtual machines. They have tools that install on the server and can “freeze” and “thaw” the current transactions into the database, so that when a snapshot is taken, there is a clean copy that can be easily restored.  The major benefit of these tools is SPEED as the copy process is incremental and the restore process is also lightning fast.  Restoring a 1 TB database in minutes.

It needs to get easier. Like any “enterprise” tool, many of these products designed for snapshots and replication require a significant learning curve. We need something simple that integrates with the tools we know and love.

We should provide self-service capabilities. Instead of spending hours and hours making sure application owners are getting the protection they need, they should be empowered to simply protect and restore their own data.

We are driven by service levels. IT departments and storage teams need to offer “protection service catalogs” with various (e.g. Platinum, Gold, Silver, Bronze) levels of protection varied by RPO – from very low data loss (synchronous replication) to more sporadic application-consistent snapshots – all from one interface. This makes it easy for the app team and people with the checkbooks to really understand the value placed on the different applications in your catalog.

There truly is something happening here
And what is will be made clear at EMC World 2012!

Hope to see you there!
Brian

Posted on by

A New Year’s Wish List

Reply
Jim Shook

Jim Shook

Rather than trying to make predictions for 2012, which I tend to avoid, I thought it might be interesting to put together a short wish list of things that I hope for in 2012.  The usual suspects immediately sprang to mind:  that Legal and IT learn to effectively communicate; companies begin to defensibly delete their stale and legacy data, more eDiscovery moves in-house, etc.  Those all seemed to be a little much to absorb in January, so instead I put together a much more achievable “To Do” list with some additional resources to help.

Don’t Be Scared Of  “Archiving”

Despite surveys suggesting otherwise, our experience is that email remains the most important and painful eDiscovery repository in a company.  Email sprawl also creates operational costs and risks when it’s not properly managed.  Yet many legal departments either block or fail to assist the efforts of their IT counterparts when they decide to do something about email.  Many times, this failure is because they really do not understand email, or their understanding of an “archive” implies that they will be keeping everything forever.

In reality, modern archives enable companies to implement and enforce retention policies on email, which is a strong foundation to enable defensible deletion of email.  Better archives can also enable similar management of other content repositories, such as Sharepoint and fileshares.  A good archive, with associated policies, will improve and reduce the cost of operations, and make eDiscovery cheaper and easier.

Learn more:

Dive Into Machine Classification and Coding

Machine-based coding for document review is a hot topic.  We’re learning that in many cases, people just do not do a great job in reviewing and coding large volumes of information.  However, machines are built for this type of work because they are consistent, never tire and are cheaper than human review.  An open and shut case, right?

In reality, there remains a misunderstanding about how these technologies actually work, and how they can be successfully deployed and defended in a litigation matter.  Clearly they hold great promise, but there’s a lot of work to be done before they become mainstream.

Learn more:

Be Proactive With Social Media

Many companies are using different types of “social media” to more effectively and rapidly reach their customers, partners and even their own employees.  Technologies such as Twitter, Facebook, wikis and blogs are being used daily, and it’s likely we’ll see some even newer technologies develop in 2012.

Yet social media is not a free ride.  Gartner’s Debra Logan predicted a year ago that by YE 2013, half of all companies will have produced social media content in response to an eDiscovery request.  But today, most companies do not have policies to regulate social media content, nor do they have much of an idea on how they might preserve and collect that ESI in response to a regulatory or litigation matter.

Learn more:

Understand “The Cloud”

Ahhh, the Cloud.   Depending on your vantage point, Cloud Computing may be the answer to every issue you have or the most overhyped idea since push computing in the 90s.  The IT department is attracted to the cloud’s operational efficiencies and flexibility, and the business enjoys the rapid rate of deployment.

But don’t dive in without being informed.  “Cloud Computing” is actually an umbrella term representing a number of different deployment and service models.  Operational and cost benefits found with cloud computing should be weighed against the loss of control that comes with those deployments.  In some cases, that’s an easy trade-off.  In others, particularly where compliance is concerned, it can be more difficult.  Even in tougher cases, better informed teams might be able to get the best of both worlds by leveraging private or hybrid cloud deployments.

Posted on by

To The Cloud and Back Again! – SQL Saturday # 104

Reply

For those that are not aware, the Professional Association for SQL Server (PASS) has chapters throughout the world that put on one day events called “SQL Saturday”. As the name implies, these events take place on a Saturday and generally are a full day of targeted learning for those who want to know more about SQL Server and SQL Server technologies.

This year, the first US SQL Saturday event (There is also an event in Bangalore that same day, and given the time zones, I’d say they qualify as the “first” one of the year!)  is happening right here in Colorado Springs! SQL Saturday #104 has a very distinguished list of speakers, including people like Jason Horner, TJ Belt, Chris Shaw, Thomas LaRock, Karen Lopez and a whole host of very impressive speakers. There’s going to be 5 simultaneous tracks and somehow they even invited me to speak as well, so I’ll be speaking at 0830 in room #4 on “To the Cloud and Back Again!”.

Session Description

In this session, I’ll be introducing some basic Cloud Computing patterns and will talk about some specific cloud computing security concerns. I’ll then talk about some of the specific technologies that accompany the Windows Azure and SQL Azure platforms that enable a hybrid approach to cloud computing. I’ll demonstrate how Windows Azure roles can be “Domain Joined” that will then allow Azure-based applications to use SQL Server Trusted Connections to connect to on-premises SQL Server databases. All in all I hope it will be a very informative session on Cloud Computing technologies. Hope to see you there!

image

(c) 2011 Ted Malone, all rights reserved
Posted on by

Getting Exchange 2010 into the Private Cloud

Reply

Here’s the materials for my webcast on virtualizing Exchange.

EMCLive-Exchange 2010 Private Cloud-final-clean

On-Demand Webcast link

Hope you found it helpful!



Virtualization and Private Cloud Review
Industry Trends
Cloud Computing Comparison
Journey to Private Cloud
Exchange 2010 Virtualization and Cloud Best Practices
A 6-Step Process to Virtualize Exchange
Customer Story
Frequently Asked Questions
Storage
Replication
Backups

Posted on by

To Cloud or Not to Cloud…

Reply

[post by Dominick Dequarto]

When I was a data center manager, the questions for every application were:

  1. How critical is the application’s availability?
  2. How critical is application’s data?

There were layers of complexity, to be sure, but from those two questions, I would dole out resources to address both of those items for each application or dataset, according to the application’s criticality to the business.

Nonetheless, it was relatively simple.  I would use my best technical judgment to assure that the needs were met in accordance with the resources provided, and assure myself that because I had hire, fire, and motivational authority, I could assure that the plans were carried out.  I was assured at the corporate level that my employees were trustworthy, and because I worked largely in the federal business, I had security clearances for my employees on top of that.

So now there’s a sea change to the cloud model. Whether it’s public, private, a mix, or a hybrid, the game has changed.

But what, exactly, has changed?

Certainly not the two primary questions regarding application and data availability – those still should be first and foremost in my mind.  That’s not to say that I can’t NOT care about an application, of course.  Maybe there’s a necessary app, but doesn’t have much impact on my business, I’m not going to spend a lot of resources supporting it (there’s a term for that – it’s a craplication).

Things have changed.  Now we’re “hosting” or using “software as a service” or “leveraging the cloud.”

However you say it, things have changed – even for craplications.  Those SharePoint sites or messaging applications you’re hosting may have employee social security numbers,  or maybe company intellectual property you don’t know about.  Or maybe it’s tied into payroll in a way that people don’t get paid if SharePoint isn’t up…

These are the things of nightmares, right?

To my thinking you need to consider three more items when considering the Cloud:

  • What is the impact of data spillage?
    • How do I determine whether my data is even being compromised?
    • How much would I need to compensate my customers in the event of a public compromise?
    • How much would I need to compensate my employees in the event of a public compromise?
    • What is the value of the intellectual property I could lose, and how do I even go about measuring the impact?
  • Without the ability to hire, fire, and motivate, how do I ensure timely response to service or data availability issues?
  • How will I manage point to point serviceability issues outside of my Cloud Provider’s commitment for service?

This is all very interesting cocktail conversation (among those of us who are used to dull cocktail conversations).  But for the IT manager, who’s going from managing people to managing Service Level Agreements (SLAs), what does it mean?

The not-so-scary fact is that all the IT manager has to work with is the SLA with his or her cloud provider.  It’s scary in that we can no longer put specific people on the hot seat.  But it’s not so scary in the sense that we can:

(a)    Negotiate terms before the contract is executed

(b)    Enumerate those terms to the business owners

Namely, we can cover our collective asses.  For example, we can say “Yes, we can spend $10 less per mailbox per month, but these are the financial penalties we need to protect ourselves from.”  We can also say that “this is how we can mitigate those risks and costs and thereby reduce the cost of protection.”

The first step is to educate yourself on the particulars of the SLA.  Any provider not willing to provide you with a boilerplate or “default” SLA is not worth speaking to.  In Microsoft’s case, the BPOS SLA is out there and easy to read, even for those without a J.D.

The next step is to apply what you know about the application you’re thinking about moving to the cloud to the appropriate SLA.

  • What are the physical boundaries of my SLA?

Often acknowledged, but for a moment think outside the box.  So your Cloud Provider is touting 5 9’s uptime, you’re extremely comfortable and happier than a lark, but what are the real boundaries of that SLA?   Does it include accountability and serviceability to your organizations front door?    Most likely not.  Point here is do not discount the weakest link in the chain.   Get to know your ISP intimately and what their SLA means to your business, understand their technology as well as which networks you have to traverse in order to get to your Cloud Providers front door.  Be sure to close the gap on accountability from your organizations front door to, and into, your Cloud provider’s home.

  • How critical is the application’s availability?

What metrics are measured?  Is it just web access to mail, or is ActiveSync, MAPI, and BES part of the SLA (and can I define different levels of service for those)?  What is the cost to my business if email is out for 24 or 48 hours?  What is the cost to my provider?  Can I apply any leverage?

  • How critical is application’s data?

What is the cost to my business if the provider loses the data in my users’ mailboxes/sharepoint sites/data farm?  What is the cost to my provider?  Can I apply any leverage?

  • How do I assure the security of my data?

How do I determine whether my organization’s data is exposed to potential hostile parties?  What is the company’s cost if I determine that’s the case?  Is it dependent on the type of data (customer proprietary, employee proprietary, or company proprietary)?  What is the cost to the provider?  Can I apply any leverage?

I guess the answer to the question regarding “What am I giving up?” is resoundingly “Leverage,” and to some extent, “Security.”  Security is probably the easiest to address, but both can be mitigated with attention to the service level agreement that you negotiate.

My advice is to go into it with your eyes wide open.

- Dominick