Friday, October 29, 2010

"We are all on a public network"

A striking and perceptive quote tweeted from this week's Americas Growth Capital event here in Boston:


The solution is to shrink the perimeter right down to the data itself. Assume the network (or the Cloud provider) is untrusted. As Gunnar Peterson writes: Don't trust. Mitigate the issue by assigning protection onto the data itself. It's all about "secure data", not assuming "secure pipes".

Thursday, October 28, 2010

Replacing the ACE - The Cisco ACE XML Gateway replacement program

Cisco recently announced the end-of-life for the Cisco ACE XML Gateway. Customers using this product now have to replace it with another XML Gateway, and Vordel has stepped into the breach with the Cisco ACE Gateway replacement program. Artifacts used by the Cisco ACE Gateway (WSDLs, Schemas, certificates, etc) can be imported into the Vordel Gateway, so that customers get up and running quickly with their replacement gateway. In addition, customers can take advantage of Web Service usage reporting which was not provided with the Cisco ACE Gateway.

Wednesday, October 27, 2010

The Cloud Onramp concept gains ground


Here at Vordel we first mentioned the "Cloud Onramp" meme back in the distant days of 2009 (eWeek: Vordel Offers On-Ramp to the Cloud). Now we see the Cloud Onramp meme in the context of storage in an interesting article last week by George Crump at InformationWeek. He recommends the usage of a Cloud Onramp to link link from local storage (and caching) to external storage-as-a-service: How To Get Data To The Cloud: Onramps

Tuesday, October 19, 2010

Upcoming Webinar - Connecting to Facebook Marketplace with REST API's

We're very excited about this upcoming Webinar on Vordel enabled REST API access from Facebook Marketplace to issuance services for online gift codes.

REST API's are increasingly popular, as recent posts like Royal Pingdom's "REST in Peace, SOAP" attest. But how can these API's be managed? What about security? Besides the obvious difference, how else do they differ from SOAP?

Here are the details:

New Architectures for next generation Web Technologies -
Connecting your SOA and Cloud Applications

Case study leveraging REST APIs to scale a service business quickly and cost-effectively
Date: Wednesday, November 10, 2010
Time: 9:00 AM Pacific 12:00 PM Eastern 5.00PM UTC

Join Vordel and Safeway subsidiary, Blackhawk Network in the first of a series of educational webinars focusing on fast, safe, connectivity for SOA and Cloud services.

Find out how Facebook Marketplace scaled their online gift code offering for Apple iTunes, Home Depot, Nordstrom, Starbucks and others using a best practice API model best on Amazon Web Services' API.

Overview
Doug Birch, Chief Architect at Blackhawk will join Mark O'Neill in discussion to set out how his company implemented an innovative solution to govern their services-based offering across a hybrid SOA and Cloud environment and avoided heavy integration and development costs. In this webinar, we learn why Blackhawk Network chose to use a REST API to connect to Facebook Marketplace, and how Vordel enabled this connection. We see how the connection is managed, and how it has enabled business value.

You will Learn

  • How Facebook Marketplace leveraged Blackhawk's retail services platform to generate gift codes for brands such as Apple, Barnes & Noble, Starbucks and many others.
  • How Blackhawk implemented the Vordel Gateway to manage their REST API implementation.
  • How to create a best-practice API model derived from the Amazon Web Services API.
  • Why REST can offer a faster and more efficient solution than SOAP
  • How to connect applications and systems across diverse platforms whilst ensuring that performance and security are not compromised.

Thursday, October 14, 2010

More Rising Clouds

Over at Silicon Republic, John Kennedy covers Vordel's growth, including recent additions to the company:

Recent additions include Arne Boettcher, director of sales, Vordel, responsible for overseeing sales within the German, Austrian and Swiss regions. Boettcher joins Vordel from Oracle. Additionally, Herve Aubin recently joined the company and is director of sales for Southern Europe. Aubin manages the company's office in Paris, France. Aubin previously worked with CA, Mainsoft and Parasoft.
http://www.siliconrepublic.com/strategy/item/18243-cloud-security-firm-vordel/

Monday, October 11, 2010

From Flickr: A screenshot to make any REST zealot scream

Flickr has one of the most successful REST API's in existence. However, it also must be something which makes REST zealots wince. To understand why, remember that the principles of REST involve using the HTTP verbs for their intended purpose. So, a POST is supposed to “Create a new entry in the collection. The new entry's URL is assigned automatically and is usually returned by the operation”. And DELETE is supposed to “Delete the addressed member of the collection.”

However, the Flickr API uses (gasp) a POST to delete a photograph.



This is the example I always use as an illustration of the cavalier/practical (delete as applicable to your point of view) approach to REST in the real world. An XML Gateway and a Cloud Service Broker must support not only "ivory tower" REST found in, um, ivory towers, but also the practical REST found in the wild.

Friday, October 8, 2010

Cloud SSO Rising

Vikas Jain of Oracle notes that Cloud SSO is hotting up. It certainly is. There are a number of drivers:

- Provisioning: Organizations using Cloud services do not want to manage a whole new set of user accounts at the Cloud side which mirror their own on-premises accounts. This would include (ugh) synchronizing passwords.

- User Experience: In a hybrid environment, users should not be aware that a part of their user experience is being provided by a Cloud-based provider. A pop-up effectively saying "Now you must log in for the Cloud-based service" is an automatic FAIL.

- Standards: Standards are now mature. This is a big difference between the current wave of Cloud SSO and the wave of Web SSO (Netegrity, Oblix, et al) ten years ago. Initially Web SSO didn't have any standards, and relied on proprietary cookies. These cookies still exist, but now we have SAML (thanks to people like Marc Chanliau who was an initiator of SAML when he was with Netegrity, now with Oracle also) and we have OpenID and OAuth.

The last point is very important. Here is a case study of a recent deployment we did at Vordel for Cloud SSO. It was part of the presentation by our CEO Vic Morris this week at the SOA and Cloud Symposium in Berlin (hat-tip to Peter Horsten).

We made use of signed SAMLResponse messages for Cloud SSO to Google Apps:

Case Study

One of Vordel’s customers provides a portal for their users. They wished to use Google Mail (Gmail) to provide mailboxes to users. However, they did not want users to be forced to remember a second password, or to have to explicitly log into Gmail. Instead, they wanted single sign-on to Gmail.

Considerations:


Security is key. Single sign-on to Gmail makes use of keys which must be protected, otherwise an attacker could access any user’s email account. Performance is also a key consideration. Users do not want to experience any noticeable latency in accessing their email inboxes. Finally, the actual connectivity to Google Apps must be monitored. So, the three considerations are:


- Security

- Performance

- Connectivity


Solution:


Vordel provides Cloud SSO to Google Mail (GMail). At a technical level, this is done by acting aas the Identity Provider (IdP) and creating a digitally signed SAMLResponse message. Performance is a key consideration: Many users log into GMail through the portal at peak times, and they must not experience any deal in reaching their inboxes. Vordel also protects the keys. The overall schematic is shown below, and there is more info on the Vordel website (where you can also get your hands on Vordel products).


Tuesday, October 5, 2010

Cloud Services Growth - sometimes predictions can come true

In the IT world we are desensitized to predictions which do not quite come true. Ten years ago it was PKI (anyone get a digital certificate from their local post office lately? Through not). In the case of SOA the growth really came with the second wave of REST, not with their first wave of heavyweight SOAP/WSDL/UDDI services. But in the case of Cloud services, the growth has been much more immediate.

Take the prediction by Ben Pring of Gartner in June that "We are seeing an acceleration of adoption of cloud computing and cloud services among enterprises and an explosion of supply-side activity as technology providers maneuver to exploit the growing commercial opportunity". Pring also notes the "serious security issues" (also noted by IDC here) related to Cloud Computing. However, vendors such as Vordel are addressing these with broker technology.

How big is this market? In the same CIO Update article, Larry Barrett quotes that Gartner is "projecting worldwide cloud services revenue will soar to more than $68.3 billion this year, a
16.6 percent improvement from an already-robust 2009 and a harbinger of things to come".


We are certainly seeing this here at Vordel. Today we announced revenue results for Q3 2010. This quarter has proved to be the most successful in the history of the company with a 90% increase on the same period last year. The year-on-year growth to date is over 50%. We're seeing the Cloud effects first hand: With customers using Vordel to connect to Google Apps in the Cloud and to expose Platform-as-a-Service services using Amazon Web Services authentication. In some cases the driver is performance (Vordel can issue, sign, and validate SAML tokens significantly faster than toolkit-based alternatives), in some cases it is security, but in all cases it is simply the connectivity: to connect systems to the Cloud. Connecting to the Cloud.

It is good to see predictions coming true :-)

Monday, October 4, 2010

Trusting REST

My colleague Ian Marsh is speaking on "Trusting REST in a hybrid SOA world" at the SOA and Cloud Symposium in Berlin this week. This session answers two questions: 1) Are REST Web Services inherently insecure? and 2) How can a security model apply to both SOAP and REST Web Services in order that organizations can safely adopt SOA and Cloud-based technologies?

REST is often compared unfavorably to SOAP, especially the fact that SOAP has many complex standards for security. Many of the criticisms are well founded. But fom a security point of view, however, the lack of security standards is not so appealing. Homer's facial expressions say it all:



Instead of a maze of complex WS-* style standards, REST has "industry standards" such as the authentication model used by Amazon Web Services. But this is different to the session-based model used by SalesForce.com, which is turn is different from vCloud's HTTP authentication for its REST services. All of this calls for brokering as a way to mediate between different authentication models. Many of the WS-* standards provide higher-level capabilities such as communicating policy or issuing tokens, something not covered by REST. But even so, it is possible to deploy REST in a trustworthy manner. You can also mediate between SOAP and REST.

But I won't give away more of Ian's talk. Check it out yourself, it's at 2.15pm on October 6 at the Berliner Congress Center in Berlin.