In addition to PaaS there is a class of vendors who provide external services to PaaS through “marketplaces” that the vendor sets up. We refer to these generically as Application Services as a Service (ASaaS). The stakes are potentially huge – the PaaS takes over from the Operating System as the dominant factor in the purchasing decision for server-side technology. We’re not saying it definitely will happen, but it might.
Intelligence gathering is an oft overlooked aspect of system and data defense in depth. On the 7/12 Virtualization Security podcast we discussed new and old sources of such intelligence. We were joined by Urvish Vashi, VP of marketing, Alert Logic. Alert Logic has updated their report on cloud based security attacks. Add to this the yearly Verizon Breach and other reports, and we start to have a good handle on intelligence of past and possibly future attacks.
At this point in the evolution of PaaS, we are starting to see an enormous diversity of innovation around CloudFoundry, as multiple vendors come to market with differentiated PaaS offerings. Uhuru Software, based in Seattle, is entering its second Beta phase with the Uhuru PaaS, with a major focus on .NET support.
As mentioned in a number of posts, there is a clear trend away from Platform-specific PaaS (where you write your application to the platform) and Language-Specific PaaS (which provide support to one or possibly a couple of languages) to Universal PaaS, which is capable of supporting any language and any platform. There’s a little bit of a gray area, but we would include ActiveState Stackato, AppFog, dotCloud, GigaSpaces Cloudify, Red Hat OpenShift, Salesforce Heroku, Uhuru Software AppCloud and VMWare CloudFoundry in this category. These vendors differentiate themselves by providing a broad range of Application Services or Application Lifecycle Services.
Cloud based security is about securing the data, yet compliance requirements are often about securing the environment, such as PCI’s requirement for web application firewalls, which protect web servers and perhaps applications and imply protection of data. But they do not directly protect data. How can a Software Defined Data Center implement a form of Software Defined Security automatically to meet not only compliance requirements, but security around a particular mote of data?
We recently wrote about Microsoft’s Three Pronged Windows Azure Strategy – particularly with reference to the Service Provider offering. I’ve now had a certain amount of time to reflect on the announcement and try and work out what is going on and it doesn’t seem to constitute a wholehearted strategy to put resellers on a level playing field with Microsoft.
Taking your cloud from a dev/test/pilot/training use case to an enterprise cloud introduces significant new requirements that first generation cloud management platforms were not designed to meet. Elasticity and self-service are nice features, but these features alone fall far short of what is needed to provision and run enterprise applications in clouds. With the acquisition of DynamicOps, VMware has signaled that it understands this, and now has a product that is fully capable of supporting heterogeneous enterprise class clouds. We will likely now see a divergence in Cloud Management offerings with some (the list above) focusing upon these demanding use cases, and others (like Embotics) focusing upon addressing elasticity and self-service with the highest possible level of convenience and fastest time to value for the customer.