TIBCO Software is expanding its governance solutions for service-oriented architecture (SOA) and will now provide support for Hewlett-Packard (HP) SOA Systinet lifecycle governance software.
ActiveMatrix Policy Manager and Service Performance Manager from TIBCO combined with HP SOA Systinet are designed to reduce risk and improve management of SOA environments, including identifying and defining appropriate services, managing the lifecycle of service assets, and measuring effectiveness. [Disclosure: TIBCO and HP are sponsors of BriefingsDirect podcasts.]
Governance has proved important when adopting SOA solutions by preventing delays in software delivery from compliance interoperability, security risks, and poor service quality. The topic has been a hot one at this week's Open Group conference in Toronto.
Companies that have been early adopters of end-to-end governance have seen significant results. One global telcom company saw a 327 percent return on investment (ROI) over three years, something they attributed to well-managed SOA governance, according to TIBCO.
We should expect to see more governance ecology cooperation like this one. And these same vendors should support standards and collaboration efforts like the Jericho Forum and Cloud Security Alliance, if the promise of cloud computing is to be realized. Vendors and/or cloud providers that try to provide it all their own way will only delay or sabotage the benefits that cloud can provide.
Tuesday, July 21, 2009
Open Group conference shows how security standards and governance hold keys to enterprise cloud adoption
This BriefingsDirect guest post comes courtesy of Jim Hietala, vice president of security, The Open Group. You can reach him here.
By Jim Hietala
Spending the early part of this week in The Open Group Security Forum meetings, I have been struck by the commonality of governance, risk, compliance, and audit issues between physical IT infrastructure today, and virtual and cloud environments in the (very) near future. Issues such as:
The Automated Compliance Expert Markup Language standards initiative will address issues of security configuration and compliance alerting and reporting across physical, virtual, and cloud environments. The revised XDAS standard from The Open Group will address audit incompatibility issues. Both of these standards efforts are work-in-progress at the present time, and our standards process is truly and open one. If your organization is a customer organization grappling with these issues, or a vendor whose product might benefit from implementing these standards, we invite you to learn more.
This BriefingsDirect guest post comes courtesy of Jim Hietala, vice president of security, The Open Group. You can reach him here.
By Jim Hietala
Spending the early part of this week in The Open Group Security Forum meetings, I have been struck by the commonality of governance, risk, compliance, and audit issues between physical IT infrastructure today, and virtual and cloud environments in the (very) near future. Issues such as:
- Moving away from manual compliance processes, toward automated test, measurement, and reporting on compliance status for large IT infrastructure. When you are talking about physical infrastructure, manual compliance is difficult, expensive in labor co
st, and sub-optimal -- given that many organizations choose to sample just a few representative systems for compliance, rather than actually testing the entire environment. When you are talking about virtual environments and cloud services, manual compliance processes just won’t work, automation will be key. - Incompatible log formats output by physical devices continues to be a problem for the industry that manifests itself in problems for security information and event management systems, log management systems, and auditors. Ditto for virtual and cloud environments, at much larger scale.
- Managing security configurations across physical versus virtual and cloud environments provides similar challenges. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]
The Automated Compliance Expert Markup Language standards initiative will address issues of security configuration and compliance alerting and reporting across physical, virtual, and cloud environments. The revised XDAS standard from The Open Group will address audit incompatibility issues. Both of these standards efforts are work-in-progress at the present time, and our standards process is truly and open one. If your organization is a customer organization grappling with these issues, or a vendor whose product might benefit from implementing these standards, we invite you to learn more.
This BriefingsDirect guest post comes courtesy of Jim Hietala, vice president of security, The Open Group. You can reach him here.
SOA and security: Are services the problem or the solution?
This guest post comes courtesy of Dr. Chris Harding, Forum Director for SOA and Semantic Interoperability at The Open Group. You can reach him here.
By Dr. Chris Harding
I’m with the SOA Work Group at The Open Group conference in Toronto this week (see http://www.opengroup.org/toronto2009-apc).
The Work Group has been busy recently, completing its Governance Framework, helping to complete The Open Group’s Service Integration Maturity Model, and working with members of OASIS an
d the OMG to finish the joint paper “Navigating the SOA Open Standards Landscape Around Architecture,” which explains how the architecture-focused SOA standards of these bodies relate to each other.
There was so much to do that we started our discussions last weekend, and we made good progress on our Practical Guide to Using TOGAF for SOA, and on our SOA Reference Architecture. Today we moved on to the thorny question of SOA and Security, which we discussed in a joint session with The Open Group's Security Forum. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]
Security is often seen as a major problem for SOA but – and this was the thread we pursued in today’s discussion – perhaps this is looking at the problem the wrong way round.
Certainly, there are security problems associated with service chains, where some of the services in the chain may be outside the control of – or even not known to – the consumer, and where the identity of the consumer may not be known to all the services in the chain.
But really these problems are due, not to the use of services, but to the use of distributed software modules with multiple owners. They would arise whether the underlying facilities were provided as services or in some other form – as object methods that can be invoked remotely, for example. They have become associated with SOA because that is the form that cross-domain distributed computing usually takes these days.
In fact, SOA gives us a way of addressing these security problems. Security is a matter of
The consumer can ask questions that help establish the levels of risk.
“What services am I using?” “Who provides them?” “What level of security are they contracted to provide?” “How far do I believe that they can and will meet their contractual obligation?” The answers to such questions enable the consumer to decide what security mechanisms to deploy.
And, where the consumer is in turn providing services to others, the analysis can help determine the contractual level of security that can reasonably be offered for those services.
This is not to say that SOA solves the security problems of cross-domain distributed computing. These problems are difficult, and there are aspects – such as the lack of a commonly-accepted standard identity framework – that SOA does not address. But, looked at in the right way, it is a positive, rather than a negative, factor. And that’s something!
Harding is Forum Director for SOA and Semantic Interoperability at The Open Group. He has been with The Open Group for over ten years, and is currently responsible for managing and supporting its work on semantic interoperability, SOA, and cloud computing. Chris can be contacted at c.harding@opengroup.org.
By Dr. Chris Harding
I’m with the SOA Work Group at The Open Group conference in Toronto this week (see http://www.opengroup.org/toronto2009-apc).
The Work Group has been busy recently, completing its Governance Framework, helping to complete The Open Group’s Service Integration Maturity Model, and working with members of OASIS an
d the OMG to finish the joint paper “Navigating the SOA Open Standards Landscape Around Architecture,” which explains how the architecture-focused SOA standards of these bodies relate to each other.There was so much to do that we started our discussions last weekend, and we made good progress on our Practical Guide to Using TOGAF for SOA, and on our SOA Reference Architecture. Today we moved on to the thorny question of SOA and Security, which we discussed in a joint session with The Open Group's Security Forum. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]
Security is often seen as a major problem for SOA but – and this was the thread we pursued in today’s discussion – perhaps this is looking at the problem the wrong way round.
Certainly, there are security problems associated with service chains, where some of the services in the chain may be outside the control of – or even not known to – the consumer, and where the identity of the consumer may not be known to all the services in the chain.
But really these problems are due, not to the use of services, but to the use of distributed software modules with multiple owners. They would arise whether the underlying facilities were provided as services or in some other form – as object methods that can be invoked remotely, for example. They have become associated with SOA because that is the form that cross-domain distributed computing usually takes these days.
In fact, SOA gives us a way of addressing these security problems. Security is a matter of
And, where the consumer is in turn providing services to others, the analysis can help determine the contractual level of security that can reasonably be offered for those services.
assessing and mitigating risks. The service principle provides an excellent basis for doing this.The consumer can ask questions that help establish the levels of risk.
“What services am I using?” “Who provides them?” “What level of security are they contracted to provide?” “How far do I believe that they can and will meet their contractual obligation?” The answers to such questions enable the consumer to decide what security mechanisms to deploy.
And, where the consumer is in turn providing services to others, the analysis can help determine the contractual level of security that can reasonably be offered for those services.
This is not to say that SOA solves the security problems of cross-domain distributed computing. These problems are difficult, and there are aspects – such as the lack of a commonly-accepted standard identity framework – that SOA does not address. But, looked at in the right way, it is a positive, rather than a negative, factor. And that’s something!
Harding is Forum Director for SOA and Semantic Interoperability at The Open Group. He has been with The Open Group for over ten years, and is currently responsible for managing and supporting its work on semantic interoperability, SOA, and cloud computing. Chris can be contacted at c.harding@opengroup.org.
Engine Yard launches robust Ruby cloud-based deployment platform service
Engine Yard is working to make life easier for Ruby on Rails developers. The San Francisco-based application automation and management start-up rolled out two new products on Monday with an eye toward the cloud.
Ruby on Rails is a Web programming framework that's rapidly emerging as one of the most popular ways to develop Web sites and Web applications. Popular Web 2.0 applications like Twitter, Hulu and Scribd are built using Ruby on Rails, and Ruby usage has increased by 40 percent in 2009 alone, according to Evans Data. Even though only 14 percent of developers are using Ruby, Evans predicts 20 percent will adopt the technology by 2010.
Engine Yard is preparing for Ruby growth in the next 12 months and beyond with its latest
offerings: Engine Yard Cloud and Flex. Engine Yard Cloud is a services platform that leverages 100 man-years of experience deploying, managing and scaling some of the world's largest Rail sites and makes that know-how accessible to companies looking to run Rails in the cloud. Meanwhile, Flex is a cloud service plan for production-level Rails applications.
Tackling Tough Issues
What Engine Yard is, in effect, taking Ruby a step beyond application development. These new tools tackle tougher issues like deployment, maintenance, scalability, uptime and performance -- skills most developers either don't have or don't want to acquire. Cloud management solutions abound, but Engine Yard charging forward with a platform to specifically address the needs of developers building applications in Rails.
Unlike an infrastructure cloud, Engine Yard Cloud provides application-aware auto-scaling, auto-healing and monitoring and a highly optimized, pre-integrated Rails runtime stack. Engine Yard Cloud is also backed by 24x7 Premium Support from Engine Yard. It runs on Amazon EC2 infrastructure cloud.
Pricing for the Flex Plan starts at $349 per month. Pricing for Engine Yard Premium Support starts at $475 per month. Engine Yard Cloud will be generally available in August.
"Companies like Amazon and Rackspace are doing a good job at the hardware resource provisioning level," said Tom Mornini, CTO of Engine Yard. "But they don't actually help you with assembling your raw virtual machines, storage, object stores and file systems into an application architecture. Engine Yard Cloud is the layer on top of the hardware that helps you get from raw resources to functioning application architecture."
Under the Hood
With its Flex plan, Engine Yard Cloud serves customers running production applications that want to leverage the on-demand flexibility of a cloud but also need application-level scaling, reliability and support. With developer features like automated deployment from source check-ins, handling rapid application changes driven by agile development is easier for developers.
Behind the scenes, Engine Yard Cloud is automatically scaling applications. Engine Yard can
Engine Yard Cloud also offers reliability features to make sure sites don't go down, such as an automatic database replica and an auto-healing capacity in case a server fails in the application tier. Engine Yard Cloud even offers what it calls "one-click cloning" that lets developers duplicate production sites -- even if they are running 15 or 20 or more servers -- in order to perform testing or stage new code.
This is all coming together for integrated app-stack in one cloud automation. I expect this will also be of interest for private clouds. And I'm hip to the notion of personal cloud as a means to ease the deployment of robust apps.
Competing in the Cloud
On the Ruby front, Engine Yard has a strong position in the market. Engine Yard's competitors are Joyent, Rails Machine, Devunity and RailsCluster, among others.
But Engine Yard isn't just competing with vendors in the Ruby space. It's competing with other platforms. Google App Engine is doing something similar for Java. Microsoft is shipping Azure in November. Even if Engine Yard dominates on the Ruby front, there's still a battle for market share in cloud platforms.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached here and here.
Ruby on Rails is a Web programming framework that's rapidly emerging as one of the most popular ways to develop Web sites and Web applications. Popular Web 2.0 applications like Twitter, Hulu and Scribd are built using Ruby on Rails, and Ruby usage has increased by 40 percent in 2009 alone, according to Evans Data. Even though only 14 percent of developers are using Ruby, Evans predicts 20 percent will adopt the technology by 2010.
Engine Yard is preparing for Ruby growth in the next 12 months and beyond with its latest
offerings: Engine Yard Cloud and Flex. Engine Yard Cloud is a services platform that leverages 100 man-years of experience deploying, managing and scaling some of the world's largest Rail sites and makes that know-how accessible to companies looking to run Rails in the cloud. Meanwhile, Flex is a cloud service plan for production-level Rails applications.Tackling Tough Issues
What Engine Yard is, in effect, taking Ruby a step beyond application development. These new tools tackle tougher issues like deployment, maintenance, scalability, uptime and performance -- skills most developers either don't have or don't want to acquire. Cloud management solutions abound, but Engine Yard charging forward with a platform to specifically address the needs of developers building applications in Rails.
Unlike an infrastructure cloud, Engine Yard Cloud provides application-aware auto-scaling, auto-healing and monitoring and a highly optimized, pre-integrated Rails runtime stack. Engine Yard Cloud is also backed by 24x7 Premium Support from Engine Yard. It runs on Amazon EC2 infrastructure cloud.
Pricing for the Flex Plan starts at $349 per month. Pricing for Engine Yard Premium Support starts at $475 per month. Engine Yard Cloud will be generally available in August.
"Companies like Amazon and Rackspace are doing a good job at the hardware resource provisioning level," said Tom Mornini, CTO of Engine Yard. "But they don't actually help you with assembling your raw virtual machines, storage, object stores and file systems into an application architecture. Engine Yard Cloud is the layer on top of the hardware that helps you get from raw resources to functioning application architecture."
Under the Hood
With its Flex plan, Engine Yard Cloud serves customers running production applications that want to leverage the on-demand flexibility of a cloud but also need application-level scaling, reliability and support. With developer features like automated deployment from source check-ins, handling rapid application changes driven by agile development is easier for developers.
Behind the scenes, Engine Yard Cloud is automatically scaling applications. Engine Yard can
Engine Yard Cloud is the layer on top of the hardware that helps you get from raw resources to functioning application architecture.
come to the rescue of a site that's under stress or low in memory by adding more application capacity on the fly. Here's how it works: Essentially, the technology provisions a new Amazon virtual machine, lays down the operating system, lays down Ruby on Rails, lays down the source code, hooks it up with a load balancer, and assembles the monitoring so the developer -- who is not a systems administrator -- doesn't have to.Engine Yard Cloud also offers reliability features to make sure sites don't go down, such as an automatic database replica and an auto-healing capacity in case a server fails in the application tier. Engine Yard Cloud even offers what it calls "one-click cloning" that lets developers duplicate production sites -- even if they are running 15 or 20 or more servers -- in order to perform testing or stage new code.
This is all coming together for integrated app-stack in one cloud automation. I expect this will also be of interest for private clouds. And I'm hip to the notion of personal cloud as a means to ease the deployment of robust apps.
Competing in the Cloud
On the Ruby front, Engine Yard has a strong position in the market. Engine Yard's competitors are Joyent, Rails Machine, Devunity and RailsCluster, among others.
But Engine Yard isn't just competing with vendors in the Ruby space. It's competing with other platforms. Google App Engine is doing something similar for Java. Microsoft is shipping Azure in November. Even if Engine Yard dominates on the Ruby front, there's still a battle for market share in cloud platforms.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached here and here.
Friday, July 17, 2009
HP wraps up virtual event series with sessions on IT challenges and solutions
Hewlett-Packard (HP) is wrapping up it’s series of virtual conferences designed to give IT professionals online access to briefings on business and technology trends from HP executives and outside experts.
On July 28, HP will offer the HP Solutions Virtual Event for The Americas. The three-day session will feature 30 breakout sessions, seminars, presentations and demo theater presentations. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]
Registration for the even is free and, because it's presented entirely online, there are no travel expenses or out-of-office time involved. Also, the full conference will be available on replay.
Next week's breakouts will include four main IT themes -- application transformation, cloud services, services management, and improving data-center economics -- as well as two leadership themes -- green IT and cloud computing. The virtual presentation will also include chat sessions with the many prominent speakers.
The topic focus for each day will include:
The speakers include a who's who of HP technology thought leaders, including many who are familiar to BriefingsDirect readers and listeners. These include John Bennett, Bob Meyer, Rebecca Lawson, Russ Daniels, Lance Knowlton, and Paul Evans, all of whom have appeared in BriefingsDirect podcasts.
For those interested, HP is providing an online demo that can be accessed prior to the event. The demo is available at: http://tsgdemo.veplatform.com/uc/registration-short-form.php
Registration for the event itself is at:
http://hpsolutionsforneweconomyvirtualevent.veplatform.com/uc/registration-short-form.php?mcc=ESYR
On July 28, HP will offer the HP Solutions Virtual Event for The Americas. The three-day session will feature 30 breakout sessions, seminars, presentations and demo theater presentations. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]
Registration for the even is free and, because it's presented entirely online, there are no travel expenses or out-of-office time involved. Also, the full conference will be available on replay.
Next week's breakouts will include four main IT themes -- application transformation, cloud services, services management, and improving data-center economics -- as well as two leadership themes -- green IT and cloud computing. The virtual presentation will also include chat sessions with the many prominent speakers.
The topic focus for each day will include:
- July 28: Application Transformation
- July 29: Service oriented IT: Service management, Cloud
- July 30: Data Center Transformation: Virtualization, Green IT, Information Explosion
The speakers include a who's who of HP technology thought leaders, including many who are familiar to BriefingsDirect readers and listeners. These include John Bennett, Bob Meyer, Rebecca Lawson, Russ Daniels, Lance Knowlton, and Paul Evans, all of whom have appeared in BriefingsDirect podcasts.
For those interested, HP is providing an online demo that can be accessed prior to the event. The demo is available at: http://tsgdemo.veplatform.com/uc/registration-short-form.php
Registration for the event itself is at:
http://hpsolutionsforneweconomyvirtualevent.veplatform.com/uc/registration-short-form.php?mcc=ESYR
Subscribe to:
Comments (Atom)
