Cloud explained through Pizza Delivery Services

There is much said and written about cloud service offering. As we do a simple Google on cloud we get Millions of answer around it. All answers and articles will have one thing in common. That cloud services are offered as IaaS or PaaS or SaaS. And much have been talked about each of them, as well. 

Cloud application services, or Software as a Service (SaaS), represent the largest cloud market and are still growing quickly. SaaS uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the clients’. 

In the PaaS models, cloud providers deliver a computing platform, typically including operating system, programming language execution environment, database, and web server. Application developers can develop and run their software solutions on a cloud portfolio.

Cloud Service Offerings VS Pizza Service Offerings
Cloud infrastructure services, known as Infrastructure as a Service (IaaS), are self-service models for accessing, monitoring, and managing remote data center infrastructures, such as compute (virtualized or bare mental), storage, networking, and networking.

Although many simplified variations of the above explanations exists, i found above info-graphic one of the better way of explaining what it is all about. This graphic tries to explain the concept of the same terms through Pizza Delivery Service Models!

The analogy used fits the cloud concept so nicely and maps to the concept of various cloud services. 

The concept of "You Manage" is what we used to do in the earlier days. Once ownership of a machine (computer) was given to us, we had to manage all of it. But as the concept of Internet Data Center (IDC) evolved, some portion of the management was taken away from us and was managed by the IDC folks. 

As the concept of cloud evolved, we have the options of choosing what we want to manage and what vendor (the cloud service provider - in case of cloud computing) should manage. 

And that is what is explained in the graphic. As we move from IaaS to SaaS or Take and Bake to Dinning Out, our job of managing things reduces. Just as we go out to a hotel and dine out for Pizza, we go to web site and email through services like GMAIL or HOTMAIL. In both the cases, we don't bother about what is happening behind the doors. We just order and enjoy our service!

Friday, August 29, 2014
Posted by Amber Marfatia

Difference between cloud computing and distributed computing?

So, we have been hearing the coined term of cloud computing a lot - isn't? But then isn't it similar to distributed computing - which has been around many years?

So lets try to figure out what is the difference between both and figure out where the difference ends! 

What defines cloud computing is that the underlying compute resources (storage, processors, RAM, load balancers, etc) of cloud-based services and software are entirely abstracted from the consumer of the software / services. This means that the vendor of cloud based resources is taking responsibility for the performance / reliability / scalability of the computing environment.

From an application developers point of view, this can be a tremendous advantage, as procuring, maintaining, tuning, monitoring and scaling hardware to meet the demands of growth is both difficult and expensive.
For smaller ISV's, cloud computing offers the ability to prototype, test and deploy software without any capital expense.

For larger applications, the benefit is generally unlimited scalability and what amounts to the outsourcing of IT / application hosting responsibilities, as well as instant access to new servers / storage / whatever on demand. Often cloud providers will offer levels of redundancy, reliability and even security all but the largest in-house 

IT shops could never achieve for the sheer cost of it all.The main disadvantage to application developers is loss of control. Not only is the hardware externally hosted in a cloud environment, but abstracted, so if your application needs direct control over hardware, you're out of luck. And you need to trust the cloud provider. 

They all offer 99.9% repeating up time and SLA's, but I doubt those stats are actually realized. But you have to ask yourself, could I do better? The answer is often no. But control of hardware isn't the only place control is lost - integration with cloud based systems can also be more difficult than on premise or self-managed software for obvious reasons. However, it seems to me that this roadblock is evaporating as new technologies and robust API's eliminate many integration difficulties created when running applications outside the LAN/WAN. 

Another disadvantage can be performance. Running an application on your local LAN will probably provide a somewhat snappier experience to local users than running from the cloud. But if your audience is distributed, that benefit may only apply to a subset of your application's audience.

Distributed computing, as has been said already a few times, is just computing orchestrated between two or more computers. Cloud Computing is, by definition, distributed computing, but a specialized form.

Saturday, July 13, 2013
Posted by Amber Marfatia

How to Evaluate an Outsourcing Partnership?

Large number of companies today are turning to service providers for enterprise application management.  And Outsourcing promotes innovation and optimization of the application environment…but only if you work with the right partner and you streamline internal IT processes.

Organizations must maintain effective project management and internal process consistency.  Without these things, outsourcing relationships will be difficult at best.

The key to a successful outsourcing relationship starts with improving internal processes, then selecting the right enterprise application management provider.  To determine if you’ve found the best fit and to identify any provider or internal weaknesses before you commit to a long-term contract, Forrester recommends you collect the following information:
  • Project management track record. When considering outsourcing enterprise application management, companies need to evaluate how a provider performs project management functions.  In other words, you need to ask what percentage of complex IT projects were delivered within established time and cost parameters. A high percentage indicates a competent provider that can accurately manage project scope.  If the outsourcing provider’s record isn’t as strong as it should be,  you may have to spend time and money reworking projects.
  • Project management expertise.  You want to evaluate the backgrounds of the enterprise application management provider’s staff.  For example, you should find out what percentage of the staff is PMI-certified.  Expert project management is necessary to successfully manage IT projects and resources. You also want to know the percentage of projects managed through a central program management office, or PMO.  PMOs ensure consistency and quality.
  • Communication and collaboration tools.  Distributed projects rely on content sharing tools, real-time communications and advanced workflows.  If the provider relies on manual processes, you risk decreased efficiency in enterprise application management.  To promote the best possible working relationship, you should carefully evaluate how a service provider will work with your staff.
  • Standardized internal processes.  A service provider has to understand and accommodate your company’s numerous processes.  You may be in for a rough ride if they do not have experience or a process for conducting this knowledge transfer.  It’s much easier if your organization follows a single standardized development and maintenance process that the outsourcer already has established.  Check out the audit report for confirmation that they create and follow appropriate processes and procedures.
  • Managing to SLAs.  Service-level agreements (SLAs) ensure outsourcing providers meet their obligations and service commitments.  They establish mutual responsibility.  Companies currently using SLAs, or that have experience with them, will be better positioned to establish meaningful parameters with the enterprise application management provider.
  • User acceptance testing. An organization should have a formal internal approval process for delivery of projects.  Prior to approval, users typically participate in acceptance testing.  This type of process is essential to outsourcing relationships. When working with a service provider, a company must be able to accept systems or changes prior to production.  Any delays on the company’s side will add unnecessary costs.
As indicated above, it’s not just the outsourcing provider’s qualifications that must be carefully measured.  Companies must evaluate their own internal processes and improve them as needed to help an enterprise application management partnership succeed.

Too often organizations focus only on the service provider’s capabilities.  Although this is a critical component of the overall analysis, you can’t forget to look inward.  Maximum value can be derived from an outsourcing partnership when companies improve their internal IT processes.

It has to be a win win working for both the parties involved. If one of the side plays like a big brother to the other and tries to squeeze things - no matter how well things were evaluated, critical parameters will change on the fly and friends can become foe in no time and it may head to lot of heart burn, stress and failure.
Monday, July 1, 2013
Posted by Amber Marfatia

What is Enterprise Architecture?

EA, as the name states, is the architecture that is the integrated blueprint of the enterprise. It, simply put, describes the enterprise from the many angles that serve its various stakeholders.

Hence, EA, as an architecture, is to be employed to
 * simplify the enterprise
 * operation improvement,
 * cost reduction
 * align of technology operation to the business wants
 * align of the enterprise components evolution to strategy
 * analyse business models
 * create an an enterprise wide transformation project portfolio
 * guide decisions and investment

In more general terms, EA is employed to ease complexity and change management.  The EA may be asked to do strategy but only for IT but this not necessarily an EA task.

The purpose of an EA framework is to enable the delivery of the EA, that is the architecture of the enterprise, rather than solving the problems of the enterprise.

The EA itself, once created, would be employed by stakeholders (clients) to achieve their specific goals such as fixing process issues, enterprise standardisation, integration, technology alignment to business operation, investment decisions, strategy implementation... in which activities, the EA architect may not be called to assist at all.

Once the architect delivers a proper EA framework and EA, he succeeds, more or less, to make own self redundant.

EA is successful if it delivers the integrated EA architecture with views for most of its stakeholders (for example top management, finance, IT development, Quality improvement etc) enabling them to achieve their own work objectives in alignment with the enterprise strategy.

If the EA team engages only in policing efforts around the enterprise, without delivering a reference EA, then the EA team failed. The EA blueprint should be used by stakeholders, as much as possible, without the engagement of the architects. The architects are not the factotum of the enterprise.

But the definition of the EA states more than its purpose. It has to answer the What then other W like questions such as Why, Who, How...

It denotes the EA practice that should collaborate and coordinate the many other activities in an enterprise to discover, design and implement the EA and the enterprise target state.
EA also means the EA team that manages the enterprise.
Monday, June 24, 2013
Posted by Amber Marfatia

Why is Azure AD Important?

Windows Azure AD Access Control

Why do we need Azure Access control?
It helps us to easily manage access to your applications based on centralized policy and rules. Ensure consistent and appropriate access to your organizations applications is maintained to meet critical internal security and compliance needs. Windows Azure AD Access Control provides developers centralized authentication and authorization for applications in Windows Azure using either consumer identity providers or your on-premises Windows Server Active Directory.

Consider the following security knobs in Windows Azure AD Access Control deployment. The information below is a digest from ACS Security Guidelines and Certificates and Keys Management Guidelines.
  • STS tokens expiration. Use Windows Azure AD Access Control management portal to set aggressive token expiration.
  • Data validation when using the Error URL feature. Windows Azure AD Access Control Error URL feature requires anonymous access to the app’s page where it sends error messages. Assume all data coming to this page as dangerous from untrusted source.
  • Encrypting tokens for highly sensitive scenarios. To mitigate threat of information disclosure that available in the token consider encrypting the tokens.
  • Encrypting cookies using RSA when deploying to Windows Azure. WIF encrypts cookies using DPAPI by default. It creates server affinity and may result in exceptions when deployed to web farm and Windows Azure environments. Use RSA instead in web farm and Windows Azure scenarios.
  • Token signing certificates. Renew token signing certificates periodically to avoid denial of service. Windows Azure AD Access Control signs all security tokens it issues. X.509 certificates are used for signing when you build an application that consumes SAML tokens issued by ACS. When signing certificates expire you will receive errors when trying to request a token.
  • Token signing keys. Renew token signing keys periodically to avoid denial of service. Windows Azure AD Access Control signs all security tokens it issues. 256-bit symmetric signing keys are used when you build an application that consumes SWT tokens issued by ACS. When signing keys expire you will receive errors when trying to request a token.
  • Token encryption certificates. Renew token encryption certificates periodically to avoid denial of service. Token encryption is required if a relying party application is a web service using proof-of-possession tokens over the WS-Trust protocol, in other cases token encryption is optional. When encryption certificates expire you will receive errors when trying to request a token.
  • Token decryption certificates. Renew token decryption certificates periodically to avoid denial of service. Windows Azure AD Access Control can accept encrypted tokens from WS-Federation identity providers (for example, AD FS 2.0). An X.509 certificate hosted in Windows Azure AD Access Control is used for decryption. When decryption certificates expire you will receive errors when trying to request a token.
  • Service identity credentials. Renew Service Identity credentials periodically to avoid denial of service. Service identities use credentials that are configured globally for your Windows Azure AD Access Control namespace that allow applications or clients to authenticate directly with Windows Azure AD Access Control and receive a token. There are three credential types that Windows Azure AD Access Control service identity can be associated with: Symmetric key, Password, and X.509 certificate. You will start receiving exception when the credentials are expired.
  • Windows Azure AD Access Control Management Service account credentials. Renew Management service credentials periodically to avoid denial of service. The Windows Azure AD Access Control Management Service is a key component that allows you to programmatically manage and configure settings for your Windows Azure AD Access Control namespace. There are three credential types that the Management service account can be associated with. These are symmetric key, password, and an X.509 certificate. You will start receiving exception when the credentials are expired.
  • WS-Federation identity provider signing and encryption certificates. Query for WS-Federation identity provider’s certificate validity to avoid denial of service. WS-Federation identity provider certificate is available through its metadata. When configuring WS-Federation identity provider, such as AD FS, the WS-Federation signing certificate is configured through WS-Federation metadata available via URL or as a file. After the WS-Federation identity provider configured use Windows Azure AD Access Control management service to query it for its certificates validness. When the certificate expires you will start receiving exceptions.
Posted by Amber Marfatia

Lets get started with Microsoft Windows Azure....

A simple search on 'google' on what is windows azure will tell you that Windows Azure is a cloud computing platform and infrastructure, created by Microsoft, for building, deploying and managing applications and services through a global network of Microsoft-managed datacenters. It provides both platform as a service (PaaS) and infrastructure as a service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. And it looks like following diagram....

In a quick span shot :

  • cloud service role: A cloud service role is comprised of application files and a configuration. A cloud service can have two types of role:
  • web role:A web role provides a dedicated Internet Information Services (IIS) web-server used for hosting front-end web applications.
  • worker role: Applications hosted within worker roles can run asynchronous, long-running or perpetual tasks independent of user interaction or input.
  • role instance: A role instance is a virtual machine on which the application code and role configuration run. A role can have multiple instances, defined in the service configuration file.
  • guest operating system: The guest operating system for a cloud service is the operating system installed on the role instances (virtual machines) on which your application code runs.
  • cloud service components: Three components are required in order to deploy an application as a cloud service in Windows Azure:
  • service definition file: The cloud service definition file (.csdef) defines the service model, including the number of roles.
  • service configuration file: The cloud service configuration file (.cscfg) provides configuration settings for the cloud service and individual roles, including the number of role instances.
  • service package: The service package (.cspkg) contains the application code and the service definition file.
  • cloud service deployment: A cloud service deployment is an instance of a cloud service deployed to the Windows Azure staging or production environment. You can maintain deployments in both staging and production.
  • deployment environments: Windows Azure offers two deployment environments for cloud services: a staging environment in which you can test your deployment before you promote it to the production environment. The two environments are distinguished only by the virtual IP addresses (VIPs) by which the cloud service is accessed. In the staging environment, the cloud service's globally unique identifier (GUID) identifies it in URLs ( In the production environment, the URL is based on the friendlier DNS prefix assigned to the cloud service (for example,
  • swap deployments: To promote a deployment in the Windows Azure staging environment to the production environment, you can "swap" the deployments by switching the VIPs by which the two deployments are accessed. After the deployment, the DNS name for the cloud service points to the deployment that had been in the staging environment.
  • minimal vs. verbose monitoring: Minimal monitoring, which is configured by default for a cloud service, uses performance counters gathered from the host operating systems for role instances (virtual machines). Verbose monitoring gathers additional metrics based on performance data within the role instances to enable closer analysis of issues that occur during application processing. For more information, see How to Monitor Cloud Services.
  • Windows Azure Diagnostics: Windows Azure Diagnostics is the API that enables you to collect diagnostic data from applications running in Windows Azure. Windows Azure Diagnostics must be enabled for cloud service roles in order for verbose monitoring to be turned on.
  • link a resource: To show your cloud service's dependencies on other resources, such as a Windows Azure SQL Database instance, you can "link" the resource to the cloud service. In the Preview Management Portal, you can view linked resources on the Linked Resources page, view their status on the dashboard, and scale a linked SQL Database instance along with the service roles on the Scale page. Linking a resource in this sense does not connect the resource to the application; you must configure the connections in the application code.
  • scale a cloud service: A cloud service is scaled out by increasing the number of role instances (virtual machines) deployed for a role. A cloud service is scaled in by decreasing role instances. In the Preview Management Portal, you can also scale a linked SQL Database instance, by changing the SQL Database edition and the maximum database size, when you scale your service roles.
  • Windows Azure Service Level Agreement (SLA): The Windows Azure Compute SLA guarantees that, when you deploy two or more role instances for every role, access to your cloud service will be maintained at least 99.95 percent of the time.
Sunday, June 23, 2013
Posted by Amber Marfatia

Enter Thy Cloud = Enter Your Cloud = Enterprise Your Cloud & ETC.....

This is the first post on my latest blog named as Enter Thy Cloud.  As per - thy translates into your and hence picking up the name was relatively simpler task for me.

The name talks much about the content and scope of this blog. Let us break up the name then.....

Enter - It means more than one thing....enter in the simplest form means to get in. And that is for sure one of the objective. I want my viewers to get in to the cloud. What is happening around it and what all it matters to us is something I plan to cover in each
post to come. Apart from the simplest form give to it - It can be also attached to Enterprise! Enterprise is all everything will end up, isn't it? So, idea is to give cloud the meaning of enterprise. What does it takes for us to make an enterprise a cloud ready and what does it takes for us to make a cloud enterprise class? Posts to follow shall talk about it.

Thy = Yours! I will put my best attempt to figure out what are routine and not so routine problems, challenges and scenarios faced all! Not only me, but your as well.....

Cloud = Not lot to talk about cloud these days, isn't? Cloud computing is a colloquial expression used to describe a variety of different computing concepts that involve a large number of computers that are connected through a real-time communication network (typically the Internet). So, let us try to take a deep dive in to the mist of cloud and get best out of it.

Blog plans to cover deep implementations in Azure (Microsoft Cloud) which shall also include code spinets, architectural and design decisions require for azure and other cloud implementations and so on.

But with the birth of this blog, my older blogs specially Tech Hanger aren't going to go silent. They shall grow if not at the same rate then much faster rate for sure! 

So happy reading and commenting...
Posted by Amber Marfatia

Toons from Toon Story

Toons from Toon Story
Impact of iron deficiency on others


Powered by Blogger.

Total Pageviews

- Copyright © Enter Thy Cloud -Metrominimalist- Powered by Blogger - Designed by Johanes Djogan -