Cloud Security: Putting IT in Control

by Thomas Orozco on Jun 30, 2014 7:30:00 AM

Cloud adoption is driven by enterprise business users looking to increase their agility and the business’s competitiveness. Often, out of frustration with slow or inefficient IT processes, they bypass IT entirely, getting their resources from external providers that haven’t been vetted by IT at all. Welcome to Shadow IT.

Whether or not business users turn to Shadow IT, it’s no wonder that security is consistently ranked as a chief concern that enterprises face when adopting cloud. A defining characteristic of cloud is the transfer of control over data and resources (i.e. self-service access) from IT professionals to business users, who are not as experienced or trained in information security. Yet IT remains responsible for the overall information security of the enterprise.

In order to regain control and remain relevant to the business, IT has to revise its processes to deliver agility and restore security. It must ensure the business has access to the cloud resources it needs to remain competitive in the short term, and yet ensure that these resources are secure so as to not compromise the business’s long term viability.

Read More

Topics: Cloud Management, Security, Tips, enterprise cloud, cloud adoption

Cloud-Native Is to Infrastructure What DevOps Is to Organizations

by Thomas Orozco on May 29, 2014 2:50:00 PM

We’ve often posted about it on this very blog: cloud warrants new “cloud-native” architectures, which are fully automated, and where every single resource is considered disposable because it is so easily replaceable.

What we haven’t posted about (until now!) is why cloud native is a good design paradigm in the first place. But before we get to that, let’s look at how exactly cloud native architectures are different from traditional infrastructure.

Lifecycle Management, from Infrastructure to Application

The defining characteristic of cloud native architectures is thorough lifecycle management automation. Thanks to that automation, cloud native applications are able to autonomously handle scaling needs, and withstand failures.

In more detail:

  • Cloud-native applications are scaled by dynamically adding and configuring hosts when needed, instead of relying on more powerful or resized hosts. In other words, cloud-native applications autoscale horizontally, instead of vertically. Therefore, cloud native applications can scale regardless of whether the underlying infrastructure can.

  • Cloud-native applications handle failures by automatically provisioning replacement nodes, instead of relying on hardware-level or hypervisor-level high-availability. Therefore, cloud native applications are highly-available regardless of whether the underlying infrastructure is.

To summarize: cloud-native applications largely provide for their own lifecycle management, and do not rely on the underlying infrastructure to provide it.

Read More

Topics: Opinion, Cloud Native, DevOps, Autoscaling, enterprise cloud, Lifecycle Management, Automation

OpenStack and the Top 5 Reasons for Enterprise Private Cloud Adoption

by Sebastian Stadil on May 22, 2014 6:30:00 AM

Scalr has just returned from a week in Atlanta for the OpenStack Summit, and as I pack away the pinstripe suit and once again don my faithful red Scalr hoodie, I’m reflecting on what we learned. We love to debrief at Scalr.

It was a great week to be an OpenStack vendor. This was a breakthrough Summit in terms of customers and market adoption. While previous Summits were community and vendor-fests, this Summit was a full-on trade show.  We were both surprised and encouraged by the surprising dominance at the Summit of traditional companies, as opposed to web/tech like before.

Scalr loves its early adopters, but it was also exciting to see the plethora of traditional retail, media, banking, and finance companies and hear their OpenStack stories. Some are evaluating and planning their architecture and we’re excited to be joining them on their journey. Others have already adopted OpenStack and are just realizing they need a management layer to make their multi-cloud environments more productive and scalable.

This validates what our marketing team has been experiencing in the private cloud market: more enterprises are able to relate to the management pains that we are solving. This indicates market maturation.

Read More

Topics: Community, OpenStack, Multi-Cloud, Opinion, Conference, Cloud Management, Private Cloud, enterprise cloud, cloud adoption

Where's the Ops in DevOps?

by Thomas Orozco on May 20, 2014 6:30:00 AM

DevOps, “Development and Operations”, is the idea that your company would be significantly more efficient if developers (those that are building your applications) and operators (those that are running your applications) were working hand-in-hand.

This is of course a valuable goal: breaking down the walls (sometimes literally!) between organizational units that work towards a shared goal is management consulting 101. Naturally, in this case, the shared goal is delivering functional applications.

But since the term has existed, DevOps has been repeatedly misinterpreted as meaning “Devs taking over Ops”, which is more NoOps than DevOps. One good example of NoOps is of course public PaaS: if you are using Heroku (or Google App Engine), there really is no Ops left.

However, while the NoOps model is certainly a good option for startups that can’t afford an operations team, it does not scale very well. In fact, the Heroku / Rap Genius “routing layer incident” demonstrated very well what happens at scale when you separate Dev and Ops: you lose efficiency. A lot of it.

So, if NoOps isn’t the ultimate form of DevOps, what is?

Read More

Topics: Strategy, Opinion, Cloud Management, DevOps

Building your own Cloud Management Platform? Here are a few tips.

by Igor Savchenko on May 1, 2014 1:17:45 PM

Here at Scalr, we’re building an open source Cloud Management Platform (CMP). For those that aren’t familiar with what a CMP is, it’s an higher-level interface to your cloud resources than the APIs or UIs provided by your Cloud Platform (think OpenStack Horizon or the AWS Console, and even more advanced tools such as Heat and CloudFormation).

If you’d appreciate an in-depth look at what a CMP does, and the problems it solves, we suggest you take a look at our whitepaper “Architecting the Right Stack for Your Enterprise”. If you don’t have the time, here’s a quick rundown. A CMP usually allows you to:

  • Configure, provision, and visualize entire infrastructure clusters (e.g. a set of instances, their associated volumes, elastic IPs, and load balancers), instead of individual resources.

  • Manage the lifecycle of the infrastructure. This includes monitoring and restarting failed servers, autoscaling, and coordinating different services.

  • Track resources and enforce security, cost-control, and compliance policies.

Numerous enterprises and smaller companies have taken up the challenge of building their own CMP. As an example, HubSpot showcased theirs at the 2013 Portland OpenStack summit.

The process usually starts out with a DevOps team implementing a subset of the CMP’s features to scratch a particular itch they have (this is usually provisioning and autoscaling). Then, to ease management, they’ll put up a web-based GUI, or even an API.

This first iteration of the in-house CMP is generally really only a few open source components glued together with a bit of custom code. But as the company’s cloud usage increases, new requirements arise.

At that point, we’ve seen one of two things happen:

  • The original developers press on and deliver more custom code. If cloud is valued by the company as a core competency, they may succeed; this was notably the case for Netflix Asgard. However, when it isn’t, success is infrequent. More on why below.

  • The company adopts an external CMP. Sometimes it’s an open-source one like Scalr, and sometimes it’s not. This post however isn’t about choosing the right CMP for your business, so I won’t say more about that.

In this post, we wanted to give a few pointers — and maybe a few words of caution — to the adventurous types that set out to build their own CMP against the odds. Mind you, this isn’t going to be a list of programming tips. Even if you’re the business type, you can read on.

This isn’t a build vs. buy discussion. All of the usual discussion points for both sides of that argument apply here such as cost of customization, time to market, ongoing support and bug fixes.

There are indeed some additional technical concerns that those choosing to build their own CMP should be aware of. We’d like to cover those in this post. We’re here to help you on your journey. After all, we’ve been building a CMP for almost as long as there has been a cloud to manage.

Read More

Topics: API, Technical, Multi-Cloud, Ux, Cloud Management, Tips, DevOps

Welcome to the Scalr blog!

We build a Cloud Management tool that helps businesses efficiently design and manage infrastructure across multiple clouds.

Here, we post about our experience working with the Cloud, and building Scalr. On average, we do that twice a week.

Sometimes, we'll also cover Cloud-related news.

Subscribe to Email Updates