Tag Archives: secure

Cloud’s high availability myth

Public Cloud services are normally located in Telco grade collocation, best near public exchange points and supplied with high bandwidth connectivity. It should help for resiliency and high-availability, if the cloud operator chose the right design for his network and keeps track of routing and security issues. We found some locations to be not sufficient, though. So always have a deep look at Telco and ISP technology and inspect their high-availability concept.

Furthermore, you have to be sure your location is “always on” from where You have got access the internet: If you don’t have any connectivity to the internet, you won’t be able to connect to your data in the cloud. This may happen to yourself and all employees of your company at same time by simple wire cut. Just imagine: All of the company’s employees can’t access their data because it’s located in the cloud: A nightmare!

There are only two ways to avoid this:

  1. Either you keep your data on your own premises (which is a private cloud in fact), or
  2. Be sure to be dual homed (which connects you to two Internet Service Providers at same time).

If you choose to be dual homed be sure that you use 2 separate ISPs and be sure as well to use two different transport media, otherwise a wire cut by a digger would put you out of service again!

Best is some combination of two connectivity inlets of opposite direction to your building. If all this is not possible use a wired connection (Fiber or DSL) and a mobile backup. But always keep in mind: wireless often has fewer throughputs and much more interference / overbooking than wired connections.

So, before you run into loss of connectivity and unavailability of your data and services: Do a risk analysis for a public cloud scenario first before you run into trouble! Connectivity and availability on ISP side AND on company side is the main point to start the analysis. If either side isn’t highly available, don’t consider public cloud computing for mission critical business data!

We have pointed out some more details about dual homing here (in German language).

It’s time for the next generation operating system

The cloud offers huge opportunities

Technically speaking, the cloud is the virtualization of hardware and network infrastructure and has the goal to supply users with software and services hosted at redundant datacenters. It is a big market with high growth rates and will evolve.

There are several cloud operating systems (OS) on the market, mainly as commercial distributions, which are not specialized in cloud computing and security. Most of them derive from standard Linux kernels.

But operating systems are prone to be attacked

The design of these operating systems is based on huge distributions, which carry along a lot of unnecessary and outdated software. In connection with Internet usage, this opens the doors to attackers and malicious threats. Due to the concept of an underlying operating system, which has always to be run as the system’s foundation, this is the Achilles heel of these systems: If a hacker can take over the underlying OS, he would be highly able to compromise the guest OSs above as well.

Furthermore, the commercial packages are no fast followers of the newest internet and technology trends, but bound to tight company’s strategy.

Therefore we will create an open source Linux cloud OS

Linux has been proven for high security and availability, but has to be hardened and optimized for its proper usage. So it is time for a new Linux distribution, which is open source and dedicated to cloud computing only. And it is time to discard the burden of old technology and workarounds to accelerate processes with a newly designed OS.

By reducing the amount of packages from tens of thousands to numbers below 500, it would be easier, faster and more secure than any cloud OS available today.

The well known and accepted open source mechanisms allow it to be freely distributed. For commercial customers, the wide basis of independent installations ensures the production grade and quality.

On top of the OS which we identified as the first milestone in cloud evolution , there could be many services (e.g. free / commercial).