As a Cloud CTO, I am always busy either cheering our team on who is busy creating new innovation out of the sheer void of space and time or finding complimentary technologies to augment what we have or where our vision is taking us. However, in many instances it is more important how one does something than merely the raw ability to do it. That will become clearer as you read on, but it’s an important concept and also the reason that dinCloud has over 40+ significant differentiators from Microsoft Azure, Amazon, IBM, Rackspace or any of our competitors.
What’s old is new. This trend is back with a bang with Microsoft, Amazon and just about every Cloud Provider having announced or working on offerings for customers to “extend the Cloud to an on premise environment.” Private Cloud is a way to alleviate CIO fears and lead to faster Cloud adoption, but it’s also a stark jab intended to knock off a few “hyper convergence” players like Nutanix. Private Cloud is still a buzz word in part because many CIO’s lack trust in areas where Cloud Provider’s offerings have proven weak, incomplete or inflexible particularly in areas concerning security, audit transparency, details around infrastructure architecture, vertical performance scaling of cpu, memory, disk IOPS as well as limitations in data handling (migration tools in/out of the Cloud, replication, failover, block data movement vs. mere file/archival use cases & more).
In the future there won’t be any private/public Clouds – there will just be THE CLOUD. This will be a function of both software defined datacenters (“SDDC”). Distributed storage architectures that will keep multiple copies of data everywhere (onsite and offsite), fast inexpensive high speed Internet (1g+ is the required breakaway point to move big data quickly – we’ve moved as much as 500TB for a single customer in 6 weeks with circuits this size followed by data deltas pushed every 1hr or 4hrs thereafter to stay synchronized), and increasingly modular, granular, over-arching cloud orchestration systems that can lay down intricate policies around how we want all this utilized (i.e. 1 copy of data always in my building but the other 2 copies up in the Cloud preferably 1 in Europe 1 in Asia or wherever I need them). Increasingly, policy driven cloud orchestration systems will allow users to make complex decisions simple around things like levels of data protection, data availability to a geographic area worldwide, encryption (user is the sole key holder), level of logging level/auditing transparency, security rules, and much more! Factors influencing those decisions may be regulatory, minimizing latency via geographic data placement, insuring ownership of data (keep 1 copy at HQ at all times of all our Cloud data), privacy (if I pull the encryption key then all data worldwide held in a 3rd party cloud becomes instantly inaccessible), legal (inclusion or avoidance of a particular regime), and sometimes just personal design preferences or taste. As a result? Hyper convergence vendors will simply die because everything they offer (unified infrastructure, unified support, lower price point) is something Cloud Providers already have.
SDE: Software Defined Everything — sorta!
Back in 1999 I and others on the dinCloud team worked for Broadcom. In case you’re curious — or you happened to read the outlandish stories in the Orange County Register newspaper about Henry Nicholas III (whose personal wealth was about $10B at the time) — “yes” as music artist Prince would say, we partied like it was 1999! That aside, back then Broadcom had invented as well as acquired companies with intellectual property for “network processors”. Network processors are software programmable devices with generic characteristics similar to general purpose central processing units that are commonly deployed in many different types of network equipment and other products. Companies would later come along like Palo Alto Network’s firewalls to utilize these advances. Prior to this, ASICs were used which were chips with a highly specialized function on a chip that couldn’t be changed. Once manufactured an ASIC’s logic remained static, requiring a forklift upgrade to enhance functionality. With network processors, software could be downloaded to the chip and change its entire functionality. This trend has expanded and continues today. On December 28, 2105, the $16.7 billion acquisition of Altera was completed by Intel. Altera Corporation was an American manufacturer of programmable logic devices (PLDs) which are reconfigurable complex digital circuits. So, while Marc Andreessen once pointed out that “software is eating the world”, it is dining on top of some significant hardware advances. Venture Capital firms are starting to take notice, and after more than a decade of mostly software-centric investments, hardware is back in the buzz. And this leads to my next point…
SDN: Software Defined Networking – Hype or Help?
As a Cisco CCIE and someone who has done a ton of networking all over the world, I am very happy to see software defined networking maturing but it still has a long way to go. Unfortunately, SDN allows people to create bad networks even faster than ever and link them all together in a network within a network which obfuscates troubleshooting, traffic analysis, operational metrics/monitoring unless offered by the vendor itself. Like the movie Inception, a dream within a dream can quickly become a nightmare! So how exactly did network angst turn into SDN anyway? Simple! Too many failover technologies today rely on layer2 networking that was complex or impossible to extend at any real distance. Too much time wasted waiting for carriers to deliver mediocre circuits at over-inflated prices. Too many vendors offering too many boxes that all want to be installed “in-line” with your Internet router (firewalls, load balancers, intrusion prevention, web filtering, etc.). The rise of virtualization where much of the infrastructure doesn’t even sit on the physical wire anymore and forklift upgrades of an individual box are happily avoided by merely editing the resource allocations of a particular virtual machine (“VM”). And last but not least: the 24/7/365 operation of even smallest businesses and the requirement to rollout, upgrade, patch, configure and maintain entire infrastructures across the wire, remotely. SDN saves the day, but never discount the proper blend of hardware with it. Don’t get so virtualized that you’re spending hours in a failure situation trying to re-establish basic virtual / software defined connectivity before you can get to the real issues lurking in the virtual compute and storage farms. It’s best to have a unified hardware based network with the latest gear (i.e. 10g CAT6 copper based ultra-low latency Ethernet) and leverage SDN on top then to make SDN the base. Adhere to known best practices of networking. These fundamentals don’t change just because the task is now done via the click of the keyboard instead of the click of an RJ45 modular plug sliding into a jack. Look for vendors who can do both a h/w and s/w play while keeping an eye out for RESTful API’s as automation is always key. At a new employee orientation at Broadcom, where 75% of the staff were PHD’s and no one had less than $5M in stock, the Q&A session came around and a new engineer stood up and asked, “if Broadcom is the greatest digital chip in the world, then why are we still making analog chips!?”. Silence filled the room. People tried not to snicker. Then the host coolly replied “how exactly do you plan on plugging into that digital world with that brain of yours anyway? Humans, are analog. ”The moral of story is we analog creatures live in a digital world. Craft your ergonomics and sensibility of designs accordingly. 😉
Security: Major Breakthroughs in 2016 — DDoS Repellent & Impervious Immunity
Today, dinCloud is the only Cloud Provider anywhere in the world I know of that enables a wide array of security by default. So whether you spend $5 or $5M a month in the Cloud with us, you’re protected from a wide array of evil. A few of these items include but are not limited to: default encryption for data in-flight and at-rest with AES256, mandatory 2-factor authentication for all logins, free daily snapshots of the entire Cloud held in a rolling 10-day window with fee-based restores, and automatic IP Reputation Filtering of all inbound/outbound Internet traffic which has zero false positives and stops over 100k attacks per month, per datacenter.
Adding to dinCloud’s free yet impressive security portfolio in 2016, we have optional paid features that customers can now request such as DDoS protection and another we’ve dubbed “Impervious Immunity”.
DDoS — Regular, Ddistributed, and All It’s Ugly Deviations!
In 2015, we saw Internet distributed denial of service (DDoS) attacks on the scale of 500gbps! How big is your Internet pipe?! Smaller non-distributed/regular DoS attacks are usually < 1gbps. When dinCloud spots those coming from a particular BGP ASN (routing domain) in the Internet, we can poison our routes with a special BGP community tag which essentially tells our upstream carriers NOT to advertise any of dinCloud’s IPv4/IPv6 address ranges (down to /24 granularity) to the offending provider. That usually stops all or at least the bulk of a basic non-distributed/regular DoS attack. We also use this “poison” technique to remove under-performing ISP’s from the Internet path between dinCloud and customers when either our team or a customer sees such anomalies via traceroute and other tools. For large DDoS, we prepend our ASN to the PATH variable in BGP so a given range of IP’s in our Cloud that is being attacked “falls back” to our 1.5 terabyte per second Internet pipe of our 3rd party filtering network which absorbs the attack, cleans out the bad traffic (DDOS) and forwards us the good traffic over a back channel-link and/or tunnel. This happens in seconds and customers don’t skip a beat. Ask your dinCloud account representative for details.
Impervious Immunity – No more Viruses, Malware, or Threats of Any Kind – EVER!
I was starting to think that protecting endpoints (servers, laptops, desktops, etc.) from malware, viruses, etc. was a never ending zero sum game! Fortunately, we have a new optional fee based offering called “Impervious Immunity” that works from the bare metal on up and converts a host platform (VMware, KVM or bare OS) and subsequent guest operating systems from being “allow all” platforms to “deny all” platforms by nature. Impervious Immunity doesn’t interfere with legitimate updates & patches. Installing new software is easy too, you just have to let the system know what you’re doing by enabling “learning mode”. In 2015, we saw hackers break into platforms via the lights out management, re-program the BIOS, infiltrate hardware level drivers, operating systems, you name it. Impervious Immunity blocks ALL of that. But wait, there’s MORE! Once installed, you also get a very granular set of controls. For example, you can setup the kind of security policies that were previously impossible like: “this application on this user’s desktop is NOT allowed to have ANY Internet communication but ALL other apps can” or “files in the c:\secret directory may NEVER leave there… not via file copy, usb stick or removable drive, network share, wired network, wireless network, out through an app written to transfer the data surreptitiously etc.” Impervious Immunity means you don’t need windows firewall, anti-virus, malware protection, or even to patch anything (at least not out of security concerns) if you don’t want to anymore. I heard the chaps at the puzzle palace (NSA) are installing this. Not that they’d admit it, but that’s what a little bird told me. 😉
Storage —The Bane of Cloud!
I always laugh when someone mentions Cloud Storage. The bulk of Cloud Storage offered today by various providers is merely dedicated to file and/or object based services. I’m not saying file/object services are trivial, they’re not. Great applications like Dropbox run entirely on Cloud Storage. Many marketing emails you get have embedded images source from links residing on Cloud Storage. Backup applications galore use Cloud Storage. Individuals and corporations alike love Cloud Storage, especially with prices dropping all the time and extending access to this data on their mobile devices.
But here’s my rant: Do you know if your Cloud Storage is encrypted? How many copies are kept? Where are the copies of the data kept? So if you found out that all of your data is unencrypted with only 2 minimal copies kept, 1 of which was offshore in a country you absolutely loathe, would it surprise you? Do you care or is price the only driver? That’s why dinStorage D3 is unique. All of it is encrypted, we keep 3 or MORE copies and in 2 different datacenters in the USA by default. Although we have 110+ datacenters for you to choose from worldwide, unless you ask to be there we don’t keep you guessing where your data lives, in fact, unlike other Cloud Providers we give tours. dinCloud has nothing to hide. Meanwhile, we’re busy working on the next big thing that Cloud Storage offerings today miss entirely: offering block storage to customers so they can synchronize their onsite array to the Cloud, their entire Cloud to their onsite array, and the ability to directly provision and control block storage via NFS and/or iSCSI from the Cloud. Most Cloud Providers started off with hosted virtual servers. dinCloud started off with hosted virtual desktops. Looking back, we all should have started with storage. Virtualization, a VM itself, is just a file on top of block storage. Deciding how/what/when/where that data will live via policies customers can create in a friendly Cloud orchestration system that shatters the lines between public/private Cloud making it all just “the Cloud” is where it should have all started. But fear not, it’s where Cloud is going to end up – and soon!
dinApp – Boldly Going Where VMware and Citrix Tried and Died!
The dozens of certifications (including VMware and Citrix) I’ve racked up over the years often taught me – not to use those technologies! Ironic, I know! Taking everything we’ve learned as a team about application virtualization, dinApp is ridiculously simple yet powerful. Here’s how it works: Install your apps into a hosted dinServer at dinCloud; we then are able to integrate that app with our system and deliver it securely via the Internet to any physical/virtual desktop or mobile device based on your own Windows Active Directory users/groups. This means user profile settings are retained as well, plus if you have to update the app you do it in one spot and you’re done. It’s about 1/5 the cost and none of the hassle our competitors put you through to deliver their own solutions which may not solve your problem anyway. Use cases range from providing Microsoft Internet Explorer 8 and 11 simultaneously to your users to support legacy web based applications, or on a mobile device that doesn’t have a browser capable of flash, or the requirement to run multiple iterations of the same app (with different databases) on the same endpoint are but a few of the ways dinApp is used every single day by Fortune 500 customers in financial, healthcare and other industry verticals. If you’re stuck between an expensive, under-performing application virtualization strategy and the future elusive hope of applications deployed in Docker containers for Windows and other non-Linux platforms, dinApp fills the gap!
Mike L. Chase, J.D., CCIE# 7226 (firstname.lastname@example.org) is the EVP/Chief Technology Officer for dinCloud, a cloud service provider and transformation company that helps businesses and public/private organizations rapidly migrate to the cloud through the hosting of servers, desktops, storage, and other cloud services via its strong channel base of VARs and MSPs. Visit dinCloud on LinkedIn: www.linkedin.com/company/dincloud.