The new open compute servers are here

bad_neighboursThe PC server market has been a fairly boring one for the past several decades. Sure, they contained things like specialized Xeon CPUs and lots of memory modules and could attach to big storage arrays. But the for most part, buying a server meant having just something bigger than you had on your desktop. Those days are about to change with the new servers available from Rackspace and the Open Compute Project.

To show you that this is far from a new idea, do you remember the Tricord? I am not talking about the thing carried around on Star Trek. Instead, this was a server unit made in the middle 1990s. It came with eight CPUs, could hold 3 GB of RAM and nine half-height drives, along with lots of redundant power supplies, controller boards and other high-end features. All this went for $70,000. That’s right, they weren’t cheap either.

Nowadays the notion of a 3 GB PC is what you would find as a minimum desktop configuration to run Windows, and most servers have hundreds of GB of RAM installed. But again, the design of a PC server hasn’t really seen much change. Until now.

Facebook started the Open Compute project several years ago, in the hopes that they could encourage some innovation for the kinds of hardware that they were building for their own data centers. These customized servers were stripped down models that were designed to run in the cloud, not on your desktop or even in your own data center.

The project saw some major milestones this week with several announcements at the Gigaom structure show. There is an opportunity for anyone to have their own cloud-oriented server, as announced from Rackspace this week at the event.

Why is this important? It represents a big moment for servers, taking steps to finally move beyond the original PC architecture that began in the early 1980s. It is a way for Rackspace to offer an entire server that previously was only available as a compute or storage instance for cloud customers. It is also a way to get around the “bad neighbor” problem that faces many cloud apps, where another greedy server instance can hog server resources and make life miserable for your own app.

The servers are from Quanta and called OnMetal and come in three different version that are focused on CPU, storage or RAM. If you have to build an Internet service that is going to need a lot of firepower, you might want to take a closer look.

The self-actualized cloud

One of my favorite moments from Psych 101 (apart from playing with my lab rat in the Skinner box) was learning about Maslow’s level of needs hierarchy. 

Maslow came up with the idea that all of us start out with needing basic things, like food and shelter. As those needs get satisfied, we move on to others, until we get to the top of the scale, which he calls self-actualization. This is the ability to accomplish whatever one can, like the US Army says where you can be all that you can be.

I started to think what that would mean for cloud computing (I know, I am a total nerd). What would a completely actualized cloud look like?

There is a great analogy if you think about it. As IT departments move into the cloud, they start off with basic services, such as file transfer, email, and simple storage. As these needs get satisfied, they realize that they can put more and more stuff into the cloud, and start running applications, doing offsite backups, handling more hybrid situations between cloud and on-premises servers, and so forth.

Of course, psych 101 breaks down here a little bit. Not every IT department goes through the hierarchy the same way. Some stop at one level or another, because they have saved enough money with their cloud, or have other obstacles that they can’t necessarily remove to go further. Some have heavy legacy data center investments that they can’t rid themselves from. You get the picture.

But then there are some organizations who are born straight to the cloud, without having ever run their own data centers and can design a more actualized environment for their clouds. In a report that I am working on for Gigaom, I am talking to quite a few of these enterprises. They span the gamut from the smallest startups to multi-billion dollar corporations. Some are 100% “cloudy’ while others are moving quickly in that direction.

With one IT manager that I spoke to, he referred to the people espousing the old way of doing business as “server huggers,” which I thought was a great characterization, recalling certain environmentalists of my past. When I was toiling in the IT fields back in the olden days, we referred to the mainframe-centric folks as “mfers” which I am sure is going to move this essay right into numerous spam filters but I couldn’t resist.

The point, and this goes back to psych 101, that just because you are actualized doesn’t mean all your friends (or work colleagues) are, and you have to deal with the fact that their needs are most basic.

But my other point from my research is that I don’t know of too many companies that are reducing their cloud footprints or building bigger data centers to recapture some of their cloud servers. The cloud just makes sense on so many levels, and lights up so many places on the Maslow cloud pyramid.

Webinar: Moving to PCI DSS 3.0 compliance in the cloud

Today I moderated a panel for Redmond Media on this topic, with experts including Ryan Holland from Amazon Web Services, Kenneth Westby from CoalFire and Rana Singh of Vormetric. Whether you are running PCI compliant workloads in the cloud today or if you are considering moving your Card Holder Data to the cloud, you need to know about the changing regulatory and compliance structure that the new DSS v3 standards will bring about.

 

Network World: Virtual machine security still a work in progress

Trying to protect your expanding virtual machine (VM) empire will require a security product that can enforce policies, prevent VMs from being terminated or infected, and deliver the virtual equivalents of firewalls, IPS and anti-virus solutions.

CaptureWe last looked at this product category nearly three years ago, testing five products. At that time, we said that no single product delivered all the features we desired. That’s still true today even though the market matured some. This time around we tested three vendors who were in our previous test — Catbird, Hytrust and Trend Micro – plus a newcomer, Dome9. All represent solid approaches to improving your VM security, but coming from different places.

Sadly, I wasn’t able to test lots of other VM security technologies, which I have listed here.

You can read my review of these VM security products for Network World here. And you can view a series of screenshots of the four products here.

Continuum blog: Is OpenStack Ready for the Enterprise? Maybe.

A lot has happened in the past year with the open-source cloud computing initiative OpenStack: The builds are more sophisticated with more mature components, there are more distributions available, better VMware integration and training programs have also blossomed. But does this mean that OpenStack is completely enterprise-ready? Perhaps, or perhaps not, depending on what you are trying to accomplish.

You can hear more about OpenStack and read my article, posted in the Continuum blog, here.

 

 

ITworld: Virtual storage roadmap

Tintri-per-VM-latency-end-to-endWhen you have a lot of virtual machines, managing your storage needs and ensuring that your environment is optimized to deliver sufficient performance and reliability is a challenge. VMs can greatly increase storage by several orders of magnitude, and specialized VM storage repositories (such as this one from Tintri, the console shown at left) are needed to keep things under control and increase productivity. There are several interesting directions and technology advances in this market, including so-called storage hypervisor software tools, new storage appliances that are VM-centric, and better storage management features from the traditional ecosystem vendors.

Here is the paper that I wrote on the topic.

Ricoh blog: Is the Hybrid Cloud Right for Your Business?

The hybrid cloud is gaining traction for various business computing situations, but it still remains an unfamiliar technology for many business decision makers. They know it’s an option to improve their business, but are not sure exactly how it works, or where to begin.Here are a few questions to help you decide if the hybrid cloud is right for your business.

Why bother? A few reasons: First, hybrid cloud apps can quickly scale up and scale downas your needs change and without you having to buy and provision your own servers. Companies such as Boeing and Varian use these clouds to perform complex mathematical calculations when they need to have a lot of computing horsepower at their disposal, and then shut everything down when the work is finished.

Second, you can spread your risk across multiple data centers effortlessly, and these data centers can span the globe without you having to invest in your own infrastructure to connect them. This can make it easier to be seen as a global business, at the same time providing for a more reliable network too. Hybrid clouds are also more secure than pure public clouds, since they are protected by your own firewalls and other network security apparatus. For example, Amazon Web Services offers its Direct Connect, GoGrid offers its CloudBridge andMicrosoft Azure has its Virtual Network — all three allow you to have dedicated and secure connections from their cloud servers to your data center.

And the cost can be pretty compelling too. Amazon’s Web Services offers a special “free tier” to any new customer with a wide variety of offerings to help you get started. For most situations, you only pay for time the equipment is online and being used.

The cloud platform players are making it easier to deploy hybrid clouds and are putting more infrastructure services into their product lines, such as network management or the ability to automatically balance application loads across multiple servers. Joyent’s private cloud offering and zScaler’s cloud are two such examples. The platform players are also expanding the kinds of servers, protocols and applications they support, such as Amazon adding Hadoop servers, VMware’s vCloud line and Rackspace getting behind CloudStack.

What makes the most sense for your first hybrid cloud app? Consider those that place peak demands on your existing data center, such as compute-heavy tasks or seasonal spikes. Look for Internet-facing apps such as eCommerce that are already using a great deal of cloud-ready infrastructure, or apps that will be accessed from a variety of geographically-dispersed locations. Apps that depend on particular latency or bandwidth levels aren’t good candidates, because these will be harder to deliver across a hybrid cloud infrastructure.

Finally, set the right expectations. “It all starts with design,” says Bryan Doerr, the CTO of Town and Country, Mo. cloud provider Savvis. “Make sure you understand the performance and security characteristics of the cloud, so that you can achieve the levels you expect.”

VM Protective Technologies

A more or less comprehensive list of products that can provide additional security to virtual machines.

Vendor Product Name, Link Supported environments
BeyondTrust PowerBroker (1) ESX
Brocade Vyatta Firewall ESX, Xen, Hyper-V, KVM
Bromium vSentry Xen
CA ControlMinder ESX
Catbird vSecurity (1) (3) ESX, Hyper-V (2)
CheckPoint Virtual Systems ESX
CloudPassage Halo ESX, Xen, AWS
Cisco Sourcefire Virtual FireSIGHT ESX
Dome9 SecOps for AWS (3) AWS
Enterays Extreme Networks XNV ESX, Xen
Fortinet Fortigate VM ESX
HP Tipping Point vController ESX
Illumio Appliance AWS, Azure, OpenStack, Google, others
Hytrust Appliance (1) (3) ESX, KVM (2)
Juniper Firefly ESX
Palo Alto Networks Firewall ESX
Reflex Systems  vTrust (1) ESX
Sophos Server Security ESX, Hyper-V, Xen
Symantec Critical System Protection ESX
Trend Micro Deep Security (1) (3) AWS, ESX
VMware vCloud,vShield Endpoint ESX

Notes:

1. Product was part of my 2011 Network World test.

2. Promised for later this year

3. A new Network World test published this spring here.

Major Security Efforts

—  Cisco and VMware

You can read this article by Ethan Banks that was written in early January here about the different software defined networking strategies from Cisco called ACI and from VMware called NSX. More documentation on ACI can be found here.

VMware announced NSX with a budding partner ecosystem, listing Arista, Brocade, Cumulus, Palo Alto Networks, Citrix, F5, Symantec, and several other vendors. None of their products yet incorporating NSX are available, but you can read this blog post about its features here and see a walkthrough demo of NSX here.

—  AWS Security Groups

To learn more about Amazon’s security groups in EC2 and VPN services, check out the documentation here.

ITworld: Your Strategic Guide to VDI

If you have not looked at VDI technology in a while, you will find that its changed. Faster, cheaper technology has made it an interesting option for some companies seeking a way to support flexible, work-from-anywhere environments. In fact, some CIOs say BYOD is driving new interest given that virtualized desktops can help keep corporate data on corporate servers, not on client devices.

In this PDF download (registration required) for ITworld, I wrote several of the articles talking about how to become more effective with deploying virtual desktops.

Time to join the DevOps Movement

CA Technologies says, “For DevOps to work correctly, it must be treated as a movement, not a market for a specific vendor’s products.”

As Arlo Guthrie once sang, with three people it is an organization. But if we can find 50 people who can sing the praises of DevOps, it can become a movement! Trouble is, many software developers are stuck in the past. In a 2012 service virtualization survey of IT executives and managers by analyst firm voke, only 6% of the group responded they were completely confident that new IT applications would be delivered to market on time.

But maybe its high time DevOps becomes a movement. You can read more about this idea in my post last week on CA’s blog here.