Nokia will drop Symbian

Not a big  surprise for readers of my previous appliances vs software posts . Developing code for Symbian kernel was even worst than developing code for Apple kernel.

Symbian is an incongruous business concept . The company is supposed to make money selling an operating system, while the owners of Symbian ( Nokia ) really need people to get the operating System for free. Talk about catch 22. It was supposed to be independent and vendor free , while Nokia actually controlled it. It was supposed to attract developers, but you could not get your app on the phone easily.

Which MBA Genius ever came up with this plan? Don’t even get me going on horrible certification, licensing, white rooms, reference boards and 3500 Euros for developer for the pleasure of working in this non standard OS. The only good thing about it was C++.

Go Linux

 

The unique requirements of cloud-based enterprise applications

We just published on IT Structures web site the white paper I was working on.

Not So Virtual Cloud, But Virtually Nice

Here is the abstract and the full paper can be found here. If you want to get to the technical part, jump to the requirements section below.

• The unique requirements of cloud-based on-demand multi-tenant applications
• Limitations of existing building blocks in virtualization and enterprise software technologies
• Introducing an intelligent technology layer to provide automation of environment setup & provisioning, elasticity, resource allocation and scalability

The Challenge: Virtual Labs for Sales and Training

The days of “blind” purchasing of enterprise software and hardware solutions based on vendor promises alone are a thing of the past.

Customers have universally adopted a “try before you buy” approach, demanding not only a generic evaluation of the solution prior to purchase, but also a proof-of-concept (POC) implementation using their own data, integrated with their own applications and in their own environment. Equally, customers
want to invest the minimum effort in such POCs, whose setup is often more time- and resource-consuming than the actual evaluation process.

Vendors consequently find themselves providing POCs and pilot projects with a significant increase in cost of sales and a lengthened sales cycle: tying up hardware inventory, wasting sales engineers’ time at customer premises and inflating travel costs. The same often applies to post-sales training, where the vendor must provide staff for training and the cost is borne by either the vendor or the buyer, or both.

Thankfully, the convergence of virtualization and cloud computing is making POCs, interactive demos and postsale training easier and more accessible, at least in theory.

Since any network environment, server or application can run as a VM, and since cloud infrastructure can run such VMs (as well as real hardware) on demand as a service, it is logical that the two can be combined to deliver scalable, multi-tenant, on-demand provisioning and management of virtualized POCs, demos and training. Such a solution would deliver “virtual engagement” of customers during pre- and post-sales stages and reduce the expensive, lengthy real-world sales processes.

Unfortunately, although the base infrastructure and building-block components are available, assembling them to deliver virtual sales engagement and training is not at all straightforward. This is where IT Structures steps in.

This white paper explains the complex requirements for on-demand virtual engagement delivered as a cloud based service, and how IT Structures developed its ground-breaking orchestration technology in order provide it in a scalable, flexible model.

The Requirements

Cloud-based solutions must fulfill at least all the requirements expected from traditional data center management tools, software-as–a-service solutions and modern virtualization environments.

The core requirements are:
1. Complexity and Realism – The ability to build and run any enterprise application or appliance in a multi server
environment, with a complex networking topology that can be connected to the internet and to on premise
data centers.

2. Instant Gratification – Trying out a new environment should be fast and easy. As a result, the performance of the system must be excellent and it must not require any dedicated client installation. In an elastic production environment it is critical to have a frictionless solution because of the extremely frequent changes.

3. Multi-Tenant and Tiered – the system must support multiple software vendors working at the same time;
it must allow multiple enterprise customers to work at the same time on an identical but separate copy of the environment. The system must ensure the complete privacy and security for each user. The service must ensure that failures are confined to a specific environment and do not propagate across the system.

4. Replication – The system must be able to replicate a template of an IT environment and create hundreds of new customized running instances on the fly. This is critical for production, training and demo solutions and is at the core of the cloud concept.

5. Internet Enabled – All functionality must be available over the internet. The service must allow secure access to environments over the web on the one hand, and simulate private networks on the other hand. All instances should run concurrently and be accessible in the cloud.

6.Self Service – The service is geared towards both non-technical as well as technical users. It must abstract complex, composite IT operations into simple, web-based, single-click business operations.

7. Availability - The service must be able to recover from failures automatically, maintain exceptional uptime and provide self-healing and recovery functionality across all its components. Even when certain tasks fail, the service should optimize its resources to provide the highest service levels to the maximal number of
customers.

To read the way we achieve the implementation you can get the full paper or just send me an email.

Hardware, Software and (Virtual) Appliances Myths – Part Three

In Part One I examined some myths about hardware and software appliances and showed appliances are mainly packaged software components.In  Part Two I described why hardware appliances became so successful in the last years and where.

In this part I’ll try to show how virtual appliances combine the best of both worlds.They combine the benefits of both software and hardware appliances with the extreme flexibility of virtualized computing.

Looking back to 2002, Check Point released SecurePlatform – an appliance on a CD, also known internally by the cool name “Black CD”. At the time, Check Point “real” hardware offering was not very successful and it relied on Nokia appliances to compete with Cisco and NetScreen appliances.

NetScreen appliances and appliances in general became more and more successful . Nokia produced excellent appliances as well, but they were typcalliy sold at a very high premium , chiefly for the brand.

SecurePlatform was invented  in order to offer the customers a cheaper option. SecurePaltform is a basically a bootable CD that one inserts into any x86 servers that formats the hard drive and installs a secure, shrunk down, Linux operating system with all of Check Point software products pre-installed.

The idea is to get most of the “real” appliance advantages (ease of install, drivers, secure OS, fast boot time,optimized performance) with the advantages of sofwatre ( flexibility, modularity, familiar shell and interfaces) at a very cheap hardware price (customer can choose his box and use x86 agreements and discounts).It also allows the customer to grow capcity easily without complex upgrades.

Overtime SecurePlatform became very successful and turned in to the customers’ favorite deployment choice. While in 2003 it still lacked a lot of appliance features ( image management, backup and recovery, web based interface), those were added along the years.

It is important to note that SecurePlatform based appliances, like other CD appliances,  still had some gaps from other appliances.

1. The form factor is still of a standard PC. With 1U servers becoming the norm it was less of an issue, but the number of network interfaces was still a problem in some cases.

2. Keeping up with driver computability with all the x86 vendors was very hard. When Dell\HP\Lenovo release a new firmware\driver they don’t bother to update anyone and back porting Linux based device drivers is not fun at all. The implications are that the appliance is not as generic as would seem.

3. There is no single point of support for hardware+software.

4. There is no “real” hardware acceleration, if it is really needed.

To overcome some of these, in 2005, Check Point started selling hardware appliances, based on SecurePlatform as another alternative.

Virtual Appliances are the next generation in the same concept.

Because the hypervisor presents a standard “hardware” API to the operating system, most of the compatibility issues are solved by the hypervisor manufacturers. Because the appliance is packed as a standard virtual machines, there is no need for the reboot\format\install procedure.

Ducati Motorcycle

Of course, since the appliane is a virtual machine the customer enjoys great flexibility, not found in regular appliances or even “CD Appliances”

• High Availability and load balancing across physical server (e.g Vmotion)
• Full control over memory and CPU allocation in real time
• Easy provisioning , tracking and backup which are appliance independent
• Consolidating many appliances to one physical server while maintaining modular design and software independence
• The appliance can be used “inside” hypervisors, so there is no need to move traffic from the bus to the network
• Form factor and port density are less of an issue , since the switches and routers are virtual as well

To make the creation of virtual appliances easier, companies like Rpath, are providing an easy to use software to handle a lot of the work Check Point, NetScreen and other vendors and to redo to create their own appliances.

Some problems still remain open, mainly the lack of standard central management to control appliances from different vendors. I’m guessing one start-up or another is working on the problem.Hardware acceleration is lacking, but it would be probably be solved by future developments in the core virtualization companies.And no one needs hardware acceleration anyway

To summarize, it seems that virtual appliances turn software into the king again.They combine software advantages and overcome its shortcomings.

In a cloud based world, there is a good chance it will become the favorite deployment vehicle.

Hardware, Software and (Virtual) Appliances Myths – Part Two

In Part One I examined some myths about hardware and software appliance. Today I’ll try to describe why hardware appliances became so successful in last years and where.

The basics ideas come from a great NetApp pitch I heard in 1994, when they were very small.Their example at the time was “Routing was done by generic Sun\IBM\HP\Digitital Computers and Cisco turned it into Appliance”. The analogy was “File Serving is done by generic Sun servers and NetApp is going to be the Filer Appliance”, which they did.

Appliances can be great because:

• Appliances can be cheaper than PC – creating a 60$ Small office router is just not possible using  PC hardware components. Even $1000 enterprise branch office is better of using cheap CPU and low memory to achieve a great margin.
• Appliances are much easier to install – this is probably still true. Having someone else tie together all the software , do the hardening, remove extra bits and having no drivers to deal with is a great win. Installing the right RAID driver for a generic Linux system can still be quite challenging.
• Appliances can have better performance for dedicated tasks- NetApp favorite example was trying to list 2000 files in a big directory .It could take several minutes in a generic Unix file system. Since NetApp designed the operating system  just for file serving it was done amazingly fast.
• Appliances can have a much better form factor - It is quite hard to put 12 Network cards in a single PC.To populate it with 40 is just impossible. Moreover, the network cards on x86 servers are in the wrong side ! Network equipment makers place the cards in the front , while generic servers have them in the back. Again, it seems like a small thing, but try to get Dell,HP or IBM to change that for your appliance.
• 

  The right side of the cable

• Appliances are not managed by the server group - one of the biggest selling points for network departments is that the server group can not touch dedicated operating systems. If a Firewall admin buys a Linux server she has to conform to the Linux guidance and dictatorship of the server admins.If it PimiPimiOS , they have no say about it.
• Appliances are more secure - this is true to some extent just because the functionality is limited and no extra services are installed. However, in many cases it may boil down to security by obscurity. Nobody bothers to update their appliances with latest security patches and the proprietary operating system are not inspected by the community. Furthermore, security applications can not be run on these unique environments.
• Appliances boot faster - seems like a small thing, but waiting  ten minutes for windows to load is not really acceptable for an enterprise grade router or file server. It is also quite annoying in your home DSL modem. Actually it is quite annoying on my $2000  ThinkPad. Anyway, having a very small ,optimized OS and no hard disk allows a very fast boot time, along with dedicated thinking about boot and reboot length.
• Appliances are more reliable because they have no hard disk (“moving parts”) -  maybe , not so sure about this one. Anyway , in few years no server will have any moving part ( although it seems fans are moving all the time … )
• Appliance have  a superior , dedicated management console - this is commonly true. Good appliances have a a great unified web and command line management that bundles all management aspects from image management to application configuration. The problem is once you have 30 different appliances from different vendors  each with its own dedicated ChuChuOs. On a side note, it tends to be quite hard to script and program these beasts , for the same reason.

To make the discussion more interactive till i post the third piece here is a small poll to get your feedback.

Hardware, Software and (Virtual) Appliances Myths

For years software engineers and real engineers   have been fighting over the crown for most-important-hard-to-do-only-real-men-can-do-it-award. In the last ten years appliances started to enter the debate and in the last few years virtual appliances are changing the map.

In this multiple piece post I’ll try to review some of the historical myths,  their relevance today and what the future holds.

A lot like a Belle and Sebastian song there can be many interpretations on the subject. This is mine.Just a trail for the devil to erase.

1. Hardware is faster than software.

Unfortunately for developers, no software can run without hardware so the argument is false by nature.

What people usually mean is “software the runs on a dedicated hardware runs faster than software that runs on a general purpose hardware (Intel\AMD x86)”.

I think in 2008 everyone agrees the case is quite the opposite. The economics of building new chips plants are so huge that only Intel\AMD can afford them. Dedicated ASIC\FPGA\DSP cannot compete in most cases with the price performance of X86. Even in raw performance they can only keep a two year initial gap which fades their development cycles are much longer than Intel\AMD.

At some period many start-ups offered interesting hardware acceleration techniques for security.In many cases their network processors\ASIC\FPGA  were really great and innovative. The problem was that most customer needed 10mbps Firewall, Enterprise Customers needed 20-100 Mbps  firewall and $4000 Intel box could perform at 2Gbps. The claim these vendors had is that they can do 4-10Gbps for the toughest scenarios. This was partially true with three important reservations.

• Almost Nobody needed a 4Gbps Firewall
• They would charge 20K$ for a single card
• They could not do a lot of the really hard new problem ( Deep Packet Inspection , Anti Virus )

With such numbers, these companies didn’t do very well, AFAIK.

2. Appliances run faster than software.

Maybe, but this is not because of the dedicated hardware. Most appliances are just dressed up x86 server, painted in industrial Grey ,nice reboot buttons and LEDs in the front. They don’t have any FPGA\Network Processor or ASIC that can accelerate performance.

Actually because of inventory and QA problems, the appliance is usually running an older CPU than the one in the open market from IBM\Dell\HP.

3. Appliances have a dedicated Superior operating system

Here is a partial list of dedicated Operating Systems : Cisco PIX, NetApp Data ONTAP,Juniper JunOS, Check Point SecurePlatform, Cisco IOS, Nokia IPSO

This might have been true in the past. Today everyone is using a stripped down Linux or FreeBSD.

This is not a bad thing, but it does not always create superiority.Done in the right way it delivers : performance optimizations, increased security due to hardening, faster boot time, no worries about drivers compatibility, smaller memory foot print and enhanced image management.

Done in the wrong way it  delivers : limited operating system, legacy capabilities, support contract that are broken if you try to extend the OS, limited scripting and API’s, learning a new management interface and shell for every new appliance and medium security that lacks latest patches and updates.

Some of the worlds most common appliances are using proprietary operating system that do not support multi-threading, multiple CPU’s or even simple inter process memory protection. They are better off switching to Linux.

In the next blogs :

• When do appliances make sense ?
• When is a real specialized hardware needed ?
• The myth of no-moving-parts
• What’s an appliance-on-a-cd ?
• Why do Virtual Appliances combine some the best of both worlds?