Infrastructure as Code: From Bottleneck to Test-Driven

agilecloudAs computing, storage and networking continues migrating from physical equipment to virtual environments, provisioning and managing them increasingly relies on software. One of the most important benefits of virtualization and cloud computing is the idea infrastructure as code, using code, automate the provisioning and managing of entire application environments and ecosystems (infrastructure) reliably on demand. This idea, in conjunction with the agile development practices, is what makes continuous delivery possible for leading companies like Facebook, Flickr, Etsy and others.

In agile teams today, developers writing applications partner with DevOps team members writing, testing, building and packaging infrastructure as code with tools including Puppet Labs, Chef and Cucumber. This is helping traditionally bottlenecked and silo-od infrastructure teams begin working more closely with the application teams and improve overall business agility. DevOps team members write infrastructure code alongside the application under development – all leveraging popular development practices including code managementcontinuous integration, release automation and test-driven development. Continue reading Infrastructure as Code: From Bottleneck to Test-Driven

Virtualizing Business Critical Applications – Managing Applications Performance

PerformanceManagementThe most frequently encountered barrier to virtualizing business critical applications is a “concern” on the part of the application owners that the applications will “not run as well”, or “not perform as well” in a shared and dynamic virtual environment as it does in a dedicated physical environment. Depending upon who has what political power, these concerns can stop the project to virtualize these applications dead in its tracks. Continue reading Virtualizing Business Critical Applications – Managing Applications Performance

Virtualizing Business Critical Applications – Integrity & Confidentiality

VirtualizationSecurityRecently I discussed Virtualizing Business Critical Applications and security, which includes availability, confidentiality, and integrity. However, that discussion was more about visibility into the environment for security operations. I purposely left off the discussion of gaining integrity and confidentiality of the data housed within those business critical applications.   Security encompasses a great number of technologies, and those that provide integrity and confidentiality often differ from those that provide visibility into an environment which differ from those that provide availability. Continue reading Virtualizing Business Critical Applications – Integrity & Confidentiality

SaaS Auditing: Knowing who did what

CloudComputingWe opened this years virtualization security podcast with Phil Cox, the “Security Guy” at Rightscale, who is working through a tangled problem to meet compliance and auditing goals within the cloud. Rightscale is a 100% cloud based company delivering a solution that is also SaaS based. As such they often run directly into SaaS related issues. Rightscale has been running into a problem with the simplest of auditing requirements: how to know when someone has logged in. This problem spans nearly all their 100s of SaaS providers used to run their business. Continue reading SaaS Auditing: Knowing who did what

News: CloudBolt Integrates Cloud Management with Nicira Network Virtualization

CloudBolt Software has announced that version 3.5 of CloudBolt Command and Control (C2) will integrate with VMware Nicira Network Virtualization Platform (NVP). CloudBolt C2 takes advantage of the NVP virtualization API’s to programatically create complex secure networks, entirely in softwarer, and completely independent of the underlying network hardware. Continue reading News: CloudBolt Integrates Cloud Management with Nicira Network Virtualization

Virtualizing Business Critical Applications – Security and Compliance

VirtualizationSecurityVirtualizing Business Critical Applications is often stopped either by the sudden involvement of security and compliance, a need to better understand, or a need to gain visibility into the underlying security of the virtual environment in order to build new security and compliance models. As we have commented on the Virtualization Security podcast many times, security and compliance teams need to be involved from the beginning. However, this is not a discussion about involvement but about the tools that will help security and compliance to gain the necessary visibility into the security of their virtual environments and therefore allow for the virtualizing of business critical applications. Continue reading Virtualizing Business Critical Applications – Security and Compliance