Friday, October 29, 2010
The solution is to shrink the perimeter right down to the data itself. Assume the network (or the Cloud provider) is untrusted. As Gunnar Peterson writes: Don't trust. Mitigate the issue by assigning protection onto the data itself. It's all about "secure data", not assuming "secure pipes".
Thursday, October 28, 2010
Wednesday, October 27, 2010
Here at Vordel we first mentioned the "Cloud Onramp" meme back in the distant days of 2009 (eWeek: Vordel Offers On-Ramp to the Cloud). Now we see the Cloud Onramp meme in the context of storage in an interesting article last week by George Crump at InformationWeek. He recommends the usage of a Cloud Onramp to link link from local storage (and caching) to external storage-as-a-service: How To Get Data To The Cloud: Onramps
Tuesday, October 19, 2010
REST API's are increasingly popular, as recent posts like Royal Pingdom's "REST in Peace, SOAP" attest. But how can these API's be managed? What about security? Besides the obvious difference, how else do they differ from SOAP?
Here are the details:
New Architectures for next generation Web Technologies - Case study leveraging REST APIs to scale a service business quickly and cost-effectively
Connecting your SOA and Cloud Applications
Date: Wednesday, November 10, 2010
Time: 9:00 AM Pacific 12:00 PM Eastern 5.00PM UTC
Join Vordel and Safeway subsidiary, Blackhawk Network in the first of a series of educational webinars focusing on fast, safe, connectivity for SOA and Cloud services.
Find out how Facebook Marketplace scaled their online gift code offering for Apple iTunes, Home Depot, Nordstrom, Starbucks and others using a best practice API model best on Amazon Web Services' API.
Doug Birch, Chief Architect at Blackhawk will join Mark O'Neill in discussion to set out how his company implemented an innovative solution to govern their services-based offering across a hybrid SOA and Cloud environment and avoided heavy integration and development costs. In this webinar, we learn why Blackhawk Network chose to use a REST API to connect to Facebook Marketplace, and how Vordel enabled this connection. We see how the connection is managed, and how it has enabled business value.
You will Learn
- How Facebook Marketplace leveraged Blackhawk's retail services platform to generate gift codes for brands such as Apple, Barnes & Noble, Starbucks and many others.
- How Blackhawk implemented the Vordel Gateway to manage their REST API implementation.
- How to create a best-practice API model derived from the Amazon Web Services API.
- Why REST can offer a faster and more efficient solution than SOAP
- How to connect applications and systems across diverse platforms whilst ensuring that performance and security are not compromised.
Thursday, October 14, 2010
Recent additions include Arne Boettcher, director of sales, Vordel, responsible for overseeing sales within the German, Austrian and Swiss regions. Boettcher joins Vordel from Oracle. Additionally, Herve Aubin recently joined the company and is director of sales for Southern Europe. Aubin manages the company's office in Paris, France. Aubin previously worked with CA, Mainsoft and Parasoft.
Monday, October 11, 2010
However, the Flickr API uses (gasp) a POST to delete a photograph.
This is the example I always use as an illustration of the cavalier/practical (delete as applicable to your point of view) approach to REST in the real world. An XML Gateway and a Cloud Service Broker must support not only "ivory tower" REST found in, um, ivory towers, but also the practical REST found in the wild.
Friday, October 8, 2010
- Provisioning: Organizations using Cloud services do not want to manage a whole new set of user accounts at the Cloud side which mirror their own on-premises accounts. This would include (ugh) synchronizing passwords.
- User Experience: In a hybrid environment, users should not be aware that a part of their user experience is being provided by a Cloud-based provider. A pop-up effectively saying "Now you must log in for the Cloud-based service" is an automatic FAIL.
- Standards: Standards are now mature. This is a big difference between the current wave of Cloud SSO and the wave of Web SSO (Netegrity, Oblix, et al) ten years ago. Initially Web SSO didn't have any standards, and relied on proprietary cookies. These cookies still exist, but now we have SAML (thanks to people like Marc Chanliau who was an initiator of SAML when he was with Netegrity, now with Oracle also) and we have OpenID and OAuth.
The last point is very important. Here is a case study of a recent deployment we did at Vordel for Cloud SSO. It was part of the presentation by our CEO Vic Morris this week at the SOA and Cloud Symposium in Berlin (hat-tip to Peter Horsten).
We made use of signed SAMLResponse messages for Cloud SSO to Google Apps:
One of Vordel’s customers provides a portal for their users. They wished to use Google Mail (Gmail) to provide mailboxes to users. However, they did not want users to be forced to remember a second password, or to have to explicitly log into Gmail. Instead, they wanted single sign-on to Gmail.
Security is key. Single sign-on to Gmail makes use of keys which must be protected, otherwise an attacker could access any user’s email account. Performance is also a key consideration. Users do not want to experience any noticeable latency in accessing their email inboxes. Finally, the actual connectivity to Google Apps must be monitored. So, the three considerations are:
Vordel provides Cloud SSO to Google Mail (GMail). At a technical level, this is done by acting aas the Identity Provider (IdP) and creating a digitally signed SAMLResponse message. Performance is a key consideration: Many users log into GMail through the portal at peak times, and they must not experience any deal in reaching their inboxes. Vordel also protects the keys. The overall schematic is shown below, and there is more info on the Vordel website (where you can also get your hands on Vordel products).
Tuesday, October 5, 2010
Take the prediction by Ben Pring of Gartner in June that "We are seeing an acceleration of adoption of cloud computing and cloud services among enterprises and an explosion of supply-side activity as technology providers maneuver to exploit the growing commercial opportunity". Pring also notes the "serious security issues" (also noted by IDC here) related to Cloud Computing. However, vendors such as Vordel are addressing these with broker technology.
How big is this market? In the same CIO Update article, Larry Barrett quotes that Gartner is "projecting worldwide cloud services revenue will soar to more than $68.3 billion this year, a
16.6 percent improvement from an already-robust 2009 and a harbinger of things to come".
We are certainly seeing this here at Vordel. Today we announced revenue results for Q3 2010. This quarter has proved to be the most successful in the history of the company with a 90% increase on the same period last year. The year-on-year growth to date is over 50%. We're seeing the Cloud effects first hand: With customers using Vordel to connect to Google Apps in the Cloud and to expose Platform-as-a-Service services using Amazon Web Services authentication. In some cases the driver is performance (Vordel can issue, sign, and validate SAML tokens significantly faster than toolkit-based alternatives), in some cases it is security, but in all cases it is simply the connectivity: to connect systems to the Cloud. Connecting to the Cloud.
It is good to see predictions coming true :-)
Monday, October 4, 2010
REST is often compared unfavorably to SOAP, especially the fact that SOAP has many complex standards for security. Many of the criticisms are well founded. But fom a security point of view, however, the lack of security standards is not so appealing. Homer's facial expressions say it all:
Instead of a maze of complex WS-* style standards, REST has "industry standards" such as the authentication model used by Amazon Web Services. But this is different to the session-based model used by SalesForce.com, which is turn is different from vCloud's HTTP authentication for its REST services. All of this calls for brokering as a way to mediate between different authentication models. Many of the WS-* standards provide higher-level capabilities such as communicating policy or issuing tokens, something not covered by REST. But even so, it is possible to deploy REST in a trustworthy manner. You can also mediate between SOAP and REST.
But I won't give away more of Ian's talk. Check it out yourself, it's at 2.15pm on October 6 at the Berliner Congress Center in Berlin.