Welcome to GlobalLogic Blogs

Cloud computing is dramatically changing the way applications will be developed, delivered and deployed by everyone from Fortune 500 enterprises to small businesses and start-ups.

Users will need to understand the various Cloud options and providers available to them. So it is time to jump in with pilots and in most cases you have already tried some things. As with any pilot, the goal is to enter wisely, learn fast and then move forward. Given the iterative and incremental method of Agile, we’ll argue how taking a scientific, set-based, learning first approach to your Cloud efforts can help you avoid the risks of vendor lock-in, IP security and a spectacular failure.

Link to this Webinar

http://www.globallogic.com/Webinar/GL-Webinar-Cloud/

Where is the link the last webinar on   Demystifying Cloud, The Next Generation Architecture: What can Cloud do for you?

http://globallogic.com/Media/Events_2009.shtml#apr15

Question: If there a standard method for computing capacity on demand, that is, expand computing capacity automatically during peak hours and reduce capacity after peak hours?

Mac Devine: Capacity on demand was one of our research projects which fed into RC2. This is going to be available as a services offering from GTS as part of our IBM cloud roll-out this year

Sachin Saxena: Lack of standards/ interoperability is one of the hurdles which forces vendor lock-in in the public cloud space. if you use vendor specific tools, you will get more advantages, but it further deepens your dependency on a specific cloud vendor. Lack of standards, will also be a hurdle in the adoption of the hybrid cloud.

Question: What security steps were used for IBMs dev Cloud? Was the cloud actually on the internet or a private cloud. Was enterprise automation used? Enterprise Authorization i.e Active Directory

Mac Devine: The Research Compute Cloud (RC²) has multiple zones. Some of these are for internal use only but others are for joint collaboration with business partners. The security for the internal cloud was different than the internet based one (the external facing one had much more stringent controls in place). For both security models we harvested security assets for our TAP (internal) and ISV partnerworld (external) environments. We used virtualization, automation and authorization services.

Question: Suppose a combination of private/public cloud, where the public portion is for handling “spill over”. How do you handle such spill over?

Mac Devine: There are 2 ways which we plan to support this. One approach is to “fork-lift” the virtual image for moving from one cloud to another (private to public and visa versa). The other is to “capture” the images/patterns of the landscape in one cloud and then “re-spin” the images/patterns into the other cloud. This is work we are doing with our WebSphere CloudBurst appliance.

Question: Along the lines of security, are EC2 and the ilk PCI compliant to hold personal and credit card information?

Sachin Saxena: the application we built for IBM did not handle credit card data. However, the general approach taken by a lot of cloud “infrastructure” vendors is that they want to provide fairly dumb clouds. Functions such as Compute, storage, network, power… think utilities. As the industry matures, leader in the space will have to add this capability or their will be 3^rd party products that can do this. So in the meantime, either you have to build this capability by architecting your products differently or by building this capability in the applications.

Question: what approach is needed to implementing security in the spikes and integrating agile cycles in VM Ware Hybrid

Mac Devine: I believe this is asking how we handle security differences during the transition from private to public cloud (peak off-load). If this is the question then we will have a common security architecture which allows this transition with the associated security scripts being invoked.