Archive for 2013
Difference between cloud computing and distributed computing?
So, we have been hearing the coined term of cloud computing a lot - isn't? But then isn't it similar to distributed computing - which has been around many years?
So lets try to figure out what is the difference between both and figure out where the difference ends!
What defines cloud computing is that the underlying compute resources
(storage, processors, RAM, load balancers, etc) of cloud-based services
and software are entirely abstracted from the consumer of the software /
services. This means that the vendor of cloud based resources is taking
responsibility for the performance / reliability / scalability of the
computing environment.
From an application developers point of view, this can be a
tremendous advantage, as procuring, maintaining, tuning, monitoring and
scaling hardware to meet the demands of growth is both difficult and
expensive.
For smaller ISV's, cloud computing offers the ability to prototype, test and deploy software without any capital expense.
For larger applications, the benefit is generally unlimited
scalability and what amounts to the outsourcing of IT / application
hosting responsibilities, as well as instant access to new servers /
storage / whatever on demand. Often cloud providers will offer levels of
redundancy, reliability and even security all but the largest in-house
IT shops could never achieve for the sheer cost of it all.The main disadvantage to application developers is loss of control.
Not only is the hardware externally hosted in a cloud environment, but
abstracted, so if your application needs direct control over hardware,
you're out of luck. And you need to trust the cloud provider.
They all
offer 99.9% repeating up time and SLA's, but I doubt those stats are
actually realized. But you have to ask yourself, could I do better? The
answer is often no. But control of hardware isn't the only place control
is lost - integration with cloud based systems can also be more
difficult than on premise or self-managed software for obvious reasons.
However, it seems to me that this roadblock is evaporating as new
technologies and robust API's eliminate many integration difficulties
created when running applications outside the LAN/WAN.
Another disadvantage can be performance. Running an application on
your local LAN will probably provide a somewhat snappier experience to
local users than running from the cloud. But if your audience is
distributed, that benefit may only apply to a subset of your
application's audience.
Distributed computing, as has been said already a few times, is just
computing orchestrated between two or more computers. Cloud Computing
is, by definition, distributed computing, but a specialized form.
How to Evaluate an Outsourcing Partnership?
Large number of companies today are turning to service providers for enterprise application management.
And Outsourcing promotes innovation and optimization of the
application environment…but only if you work with the right partner and
you streamline internal IT processes.
Organizations
must maintain effective project management and internal process
consistency. Without these things, outsourcing relationships will be
difficult at best.
The key to a successful outsourcing relationship starts with
improving internal processes, then selecting the right enterprise
application management provider. To determine if you’ve found the best
fit and to identify any provider or internal weaknesses before you
commit to a long-term contract, Forrester recommends you collect the
following information:
- Project management track record. When considering outsourcing enterprise application management, companies need to evaluate how a provider performs project management functions. In other words, you need to ask what percentage of complex IT projects were delivered within established time and cost parameters. A high percentage indicates a competent provider that can accurately manage project scope. If the outsourcing provider’s record isn’t as strong as it should be, you may have to spend time and money reworking projects.
- Project management expertise. You want to evaluate the backgrounds of the enterprise application management provider’s staff. For example, you should find out what percentage of the staff is PMI-certified. Expert project management is necessary to successfully manage IT projects and resources. You also want to know the percentage of projects managed through a central program management office, or PMO. PMOs ensure consistency and quality.
- Communication and collaboration tools. Distributed projects rely on content sharing tools, real-time communications and advanced workflows. If the provider relies on manual processes, you risk decreased efficiency in enterprise application management. To promote the best possible working relationship, you should carefully evaluate how a service provider will work with your staff.
- Standardized internal processes. A service provider has to understand and accommodate your company’s numerous processes. You may be in for a rough ride if they do not have experience or a process for conducting this knowledge transfer. It’s much easier if your organization follows a single standardized development and maintenance process that the outsourcer already has established. Check out the audit report for confirmation that they create and follow appropriate processes and procedures.
- Managing to SLAs. Service-level agreements (SLAs) ensure outsourcing providers meet their obligations and service commitments. They establish mutual responsibility. Companies currently using SLAs, or that have experience with them, will be better positioned to establish meaningful parameters with the enterprise application management provider.
- User acceptance testing. An organization should have a formal internal approval process for delivery of projects. Prior to approval, users typically participate in acceptance testing. This type of process is essential to outsourcing relationships. When working with a service provider, a company must be able to accept systems or changes prior to production. Any delays on the company’s side will add unnecessary costs.
As indicated above, it’s not just the outsourcing provider’s
qualifications that must be carefully measured. Companies must evaluate
their own internal processes and improve them as needed to help an
enterprise application management partnership succeed.
Too often organizations focus only on the service provider’s
capabilities. Although this is a critical component of the overall
analysis, you can’t forget to look inward. Maximum value can be derived
from an outsourcing partnership when companies improve their internal
IT processes.
It has to be a win win working for both the parties involved. If one of the side plays like a big brother to the other and tries to squeeze things - no matter how well things were evaluated, critical parameters will change on the fly and friends can become foe in no time and it may head to lot of heart burn, stress and failure.
What is Enterprise Architecture?
EA, as the name states, is the architecture that is the integrated
blueprint of the enterprise. It, simply put, describes the enterprise
from the many angles that serve its various stakeholders.
Hence, EA, as an architecture, is to be employed to
* simplify the enterprise
* operation improvement,
* cost reduction
* align of technology operation to the business wants
* align of the enterprise components evolution to strategy
* analyse business models
* create an an enterprise wide transformation project portfolio
* guide decisions and investment
In more general terms, EA is employed to ease complexity and change management. The EA may be asked to do strategy but only for IT but this not necessarily an EA task.
The purpose of an EA framework is to enable the delivery of the EA, that is the architecture of the enterprise, rather than solving the problems of the enterprise.
The EA itself, once created, would be employed by stakeholders (clients) to achieve their specific goals such as fixing process issues, enterprise standardisation, integration, technology alignment to business operation, investment decisions, strategy implementation... in which activities, the EA architect may not be called to assist at all.
Once the architect delivers a proper EA framework and EA, he succeeds, more or less, to make own self redundant.
EA is successful if it delivers the integrated EA architecture with views for most of its stakeholders (for example top management, finance, IT development, Quality improvement etc) enabling them to achieve their own work objectives in alignment with the enterprise strategy.
If the EA team engages only in policing efforts around the enterprise, without delivering a reference EA, then the EA team failed. The EA blueprint should be used by stakeholders, as much as possible, without the engagement of the architects. The architects are not the factotum of the enterprise.
But the definition of the EA states more than its purpose. It has to answer the What then other W like questions such as Why, Who, How...
It denotes the EA practice that should collaborate and coordinate the many other activities in an enterprise to discover, design and implement the EA and the enterprise target state.
EA also means the EA team that manages the enterprise.
Hence, EA, as an architecture, is to be employed to
* simplify the enterprise
* operation improvement,
* cost reduction
* align of technology operation to the business wants
* align of the enterprise components evolution to strategy
* analyse business models
* create an an enterprise wide transformation project portfolio
* guide decisions and investment
In more general terms, EA is employed to ease complexity and change management. The EA may be asked to do strategy but only for IT but this not necessarily an EA task.
The purpose of an EA framework is to enable the delivery of the EA, that is the architecture of the enterprise, rather than solving the problems of the enterprise.
The EA itself, once created, would be employed by stakeholders (clients) to achieve their specific goals such as fixing process issues, enterprise standardisation, integration, technology alignment to business operation, investment decisions, strategy implementation... in which activities, the EA architect may not be called to assist at all.
Once the architect delivers a proper EA framework and EA, he succeeds, more or less, to make own self redundant.
EA is successful if it delivers the integrated EA architecture with views for most of its stakeholders (for example top management, finance, IT development, Quality improvement etc) enabling them to achieve their own work objectives in alignment with the enterprise strategy.
If the EA team engages only in policing efforts around the enterprise, without delivering a reference EA, then the EA team failed. The EA blueprint should be used by stakeholders, as much as possible, without the engagement of the architects. The architects are not the factotum of the enterprise.
But the definition of the EA states more than its purpose. It has to answer the What then other W like questions such as Why, Who, How...
It denotes the EA practice that should collaborate and coordinate the many other activities in an enterprise to discover, design and implement the EA and the enterprise target state.
EA also means the EA team that manages the enterprise.
Why is Azure AD Important?
Windows Azure AD Access Control
Why do we need Azure Access control?
It helps us to easily manage access to your applications based on centralized policy and rules. Ensure consistent and appropriate access to your organizations applications is maintained to meet critical internal security and compliance needs. Windows Azure AD Access Control provides developers centralized authentication and authorization for applications in Windows Azure using either consumer identity providers or your on-premises Windows Server Active Directory.
Consider the following security knobs in Windows Azure AD Access Control deployment. The information below is a digest from ACS Security Guidelines and Certificates and Keys Management Guidelines.
- STS tokens expiration. Use Windows Azure AD Access Control management portal to set aggressive token expiration.
- Data validation when using the Error URL feature. Windows Azure AD Access Control Error URL feature requires anonymous access to the app’s page where it sends error messages. Assume all data coming to this page as dangerous from untrusted source.
- Encrypting tokens for highly sensitive scenarios. To mitigate threat of information disclosure that available in the token consider encrypting the tokens.
- Encrypting cookies using RSA when deploying to Windows Azure. WIF encrypts cookies using DPAPI by default. It creates server affinity and may result in exceptions when deployed to web farm and Windows Azure environments. Use RSA instead in web farm and Windows Azure scenarios.
- Token signing certificates. Renew token signing certificates periodically to avoid denial of service. Windows Azure AD Access Control signs all security tokens it issues. X.509 certificates are used for signing when you build an application that consumes SAML tokens issued by ACS. When signing certificates expire you will receive errors when trying to request a token.
- Token signing keys. Renew token signing keys periodically to avoid denial of service. Windows Azure AD Access Control signs all security tokens it issues. 256-bit symmetric signing keys are used when you build an application that consumes SWT tokens issued by ACS. When signing keys expire you will receive errors when trying to request a token.
- Token encryption certificates. Renew token encryption certificates periodically to avoid denial of service. Token encryption is required if a relying party application is a web service using proof-of-possession tokens over the WS-Trust protocol, in other cases token encryption is optional. When encryption certificates expire you will receive errors when trying to request a token.
- Token decryption certificates. Renew token decryption certificates periodically to avoid denial of service. Windows Azure AD Access Control can accept encrypted tokens from WS-Federation identity providers (for example, AD FS 2.0). An X.509 certificate hosted in Windows Azure AD Access Control is used for decryption. When decryption certificates expire you will receive errors when trying to request a token.
- Service identity credentials. Renew Service Identity credentials periodically to avoid denial of service. Service identities use credentials that are configured globally for your Windows Azure AD Access Control namespace that allow applications or clients to authenticate directly with Windows Azure AD Access Control and receive a token. There are three credential types that Windows Azure AD Access Control service identity can be associated with: Symmetric key, Password, and X.509 certificate. You will start receiving exception when the credentials are expired.
- Windows Azure AD Access Control Management Service account credentials. Renew Management service credentials periodically to avoid denial of service. The Windows Azure AD Access Control Management Service is a key component that allows you to programmatically manage and configure settings for your Windows Azure AD Access Control namespace. There are three credential types that the Management service account can be associated with. These are symmetric key, password, and an X.509 certificate. You will start receiving exception when the credentials are expired.
- WS-Federation identity provider signing and encryption certificates. Query for WS-Federation identity provider’s certificate validity to avoid denial of service. WS-Federation identity provider certificate is available through its metadata. When configuring WS-Federation identity provider, such as AD FS, the WS-Federation signing certificate is configured through WS-Federation metadata available via URL or as a file. After the WS-Federation identity provider configured use Windows Azure AD Access Control management service to query it for its certificates validness. When the certificate expires you will start receiving exceptions.
Lets get started with Microsoft Windows Azure....
A simple search on 'google' on what is windows azure will tell you that Windows Azure is a cloud computing platform and infrastructure, created by Microsoft, for building, deploying and managing applications and services through a global network of Microsoft-managed datacenters. It provides both platform as a service (PaaS) and infrastructure as a service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. And it looks like following diagram....
In a quick span shot :
In a quick span shot :
- cloud service role: A cloud service role is comprised of application files and a configuration. A cloud service can have two types of role:
- web role:A web role provides a dedicated Internet Information Services (IIS) web-server used for hosting front-end web applications.
- worker role: Applications hosted within worker roles can run asynchronous, long-running or perpetual tasks independent of user interaction or input.
- role instance: A role
instance is a virtual machine on which the application code and role
configuration run. A role can have multiple instances, defined in the
service configuration file.
- guest operating system:
The guest operating system for a cloud service is the operating system
installed on the role instances (virtual machines) on which your
application code runs.
- cloud service components: Three components are required in order to deploy an application as a cloud service in Windows Azure:
- service definition file: The cloud service definition file (.csdef) defines the service model, including the number of roles.
- service configuration file: The cloud service configuration file (.cscfg) provides configuration settings for the cloud service and individual roles, including the number of role instances.
- service package: The service package (.cspkg) contains the application code and the service definition file.
- cloud service deployment: A
cloud service deployment is an instance of a cloud service deployed to
the Windows Azure staging or production environment. You can maintain
deployments in both staging and production.
- deployment environments: Windows Azure offers two deployment environments for cloud services: a staging environment in which you can test your deployment before you promote it to the production environment.
The two environments are distinguished only by the virtual IP addresses
(VIPs) by which the cloud service is accessed. In the staging
environment, the cloud service's globally unique identifier (GUID)
identifies it in URLs (GUID.cloudapp.net). In the production
environment, the URL is based on the friendlier DNS prefix assigned to
the cloud service (for example, myservice.cloudapp.net).
- swap deployments:
To promote a deployment in the Windows Azure staging environment to the
production environment, you can "swap" the deployments by switching the
VIPs by which the two deployments are accessed. After the deployment,
the DNS name for the cloud service points to the deployment that had
been in the staging environment.
- minimal vs. verbose monitoring: Minimal monitoring,
which is configured by default for a cloud service, uses performance
counters gathered from the host operating systems for role instances
(virtual machines). Verbose monitoring gathers additional
metrics based on performance data within the role instances to enable
closer analysis of issues that occur during application processing. For
more information, see How to Monitor Cloud Services.
- Windows Azure Diagnostics:
Windows Azure Diagnostics is the API that enables you to collect
diagnostic data from applications running in Windows Azure. Windows
Azure Diagnostics must be enabled for cloud service roles in order for
verbose monitoring to be turned on.
- link a resource:
To show your cloud service's dependencies on other resources, such as a
Windows Azure SQL Database instance, you can "link" the resource to the
cloud service. In the Preview Management Portal, you can view linked
resources on the Linked Resources page, view their status on the dashboard, and scale a linked SQL Database instance along with the service roles on the Scale
page. Linking a resource in this sense does not connect the resource to
the application; you must configure the connections in the application
code.
- scale a cloud service: A cloud
service is scaled out by increasing the number of role instances
(virtual machines) deployed for a role. A cloud service is scaled in by
decreasing role instances. In the Preview Management Portal, you can
also scale a linked SQL Database instance, by changing the SQL Database
edition and the maximum database size, when you scale your service
roles.
- Windows Azure Service Level Agreement (SLA): The Windows Azure Compute SLA guarantees that, when you deploy two or more role instances for every role, access to your cloud service will be maintained at least 99.95 percent of the time.
Enter Thy Cloud = Enter Your Cloud = Enterprise Your Cloud & ETC.....
This is the first post on my latest blog named as Enter Thy Cloud. As per http://www.thefreedictionary.com/thy - thy translates into your and hence picking up the name was relatively simpler task for me.
The name talks much about the content and scope of this blog. Let us break up the name then.....
Enter - It means more than one thing....enter in the simplest form means to get in. And that is for sure one of the objective. I want my viewers to get in to the cloud. What is happening around it and what all it matters to us is something I plan to cover in each
post to come. Apart from the simplest form give to it - It can be also attached to Enterprise! Enterprise is all everything will end up, isn't it? So, idea is to give cloud the meaning of enterprise. What does it takes for us to make an enterprise a cloud ready and what does it takes for us to make a cloud enterprise class? Posts to follow shall talk about it.
post to come. Apart from the simplest form give to it - It can be also attached to Enterprise! Enterprise is all everything will end up, isn't it? So, idea is to give cloud the meaning of enterprise. What does it takes for us to make an enterprise a cloud ready and what does it takes for us to make a cloud enterprise class? Posts to follow shall talk about it.
Thy = Yours! I will put my best attempt to figure out what are routine and not so routine problems, challenges and scenarios faced all! Not only me, but your as well.....
Cloud = Not lot to talk about cloud these days, isn't? Cloud computing is a colloquial expression used to describe a variety of different computing concepts that involve a large number of computers that are connected through a real-time communication network (typically the Internet). So, let us try to take a deep dive in to the mist of cloud and get best out of it.
Blog plans to cover deep implementations in Azure (Microsoft Cloud) which shall also include code spinets, architectural and design decisions require for azure and other cloud implementations and so on.
But with the birth of this blog, my older blogs specially Tech Hanger aren't going to go silent. They shall grow if not at the same rate then much faster rate for sure!
So happy reading and commenting...