For a while now Google has been trying to diversify its revenue by going into the enterprise space with Google Apps, the productivity suite that includes Gmail, Docs, Calendar, and more.  They’ve gained some traction so far, having signed some multi-million dollar contracts with large corporations, government entities and universities.  But to turn Google Apps into a multi-billion dollar revenue source, Google needs to address the fears organizations have about cloud security.  That’s why they released a Security white paper last week.  The main argument is that data is stored and replicated across several disparate data-centers with multiple security levels.  Google also has a security page for schools.  On it they say:

It’s your content, not ours. Your Apps content belongs to your school, or individual users at your school. Not Google.

We don’t look at your content. Google employees will only access content that you store on Apps when an administrator from your domain grants Google employees explicit permission to do so for troubleshooting.

We don’t share your content. Google does not share personal information with advertisers or other 3rd parties without your consent.

We sometimes scan content. And for very good reasons, like spam filtering, anti-virus protection, or malware detection. Our systems scan content to make Apps work better for users, enabling unique functionality like powerful search in Gmail and Google Docs. This is completely automated and involves no humans.

As a fellow cloud company we often face the same concerns over cloud security, so it’s nice to see how Google addresses them.  Monitis is actually at an advantage because we performance data, not sensitive personal data.  We share a similarly secure infrastructure, storing data on several disparate data-centers.  Given Google’s vast network of data-centers, there’s no reason why Google Apps should be any less secure than storing data in-house, and white-papers like this one will accelerate cloud migration.  You can see Monitis white papers here.

Last week I read an interesting article by Jabulani Leffall about the top IT security issues causing sleep-deprivation at University IT departments.    Among the top 10 were 1. Securing remote access, 3. Patching systems, 6. Network use monitoring, 8. Password management and administrative access, and 10. Monitoring system logs.

In all these case, using cloud-based monitoring has advantages over open source.  With Nagios or other open source products, you need to make frequent exceptions to your firewall to configure server monitors and also to make the Nagios dashboard accessible from outside your firewall.  With a SaaS like Monitis, you don’t need to touch your firewall because all data is pushed to the cloud via HTTPS and the dashboard is hosted on our servers, not yours.

Regarding patches, we echo the sentiment that they are a major downside of Nagios and software in general.  They reduce productivity and are a pain.  With Monitis, there are no patches or upgrades to worry about.  All product improvements are released seamlessly without your involvement, even for internal agents.

Password Management and administrative access are doable with open source, but not nearly as simple as in a SaaS, which lets you control user privileges from anywhere.

Monitoring of network use and system logs is possible with both solutions, but here’s where reliability makes a huge difference between cloud-based and open source.  Nagios usually runs on just one server within your firewall, making your entire system vulnerable to the problems of that one server.  If that server goes down you won’t receive critical notifications about your network use or system events. With Monitis, you have not just one server, but an entire monitoring network, so you can rest assured that we will notify you even when your entire network goes down.

There are often concerns about storing proprietary data on cloud servers.  These are legitimate concerns, especially for applications with confidential data like customers, students’ test scores, email, and health records.   Monitoring data shows the performance of servers, websites and applications like Moodle or Blackboard, which is far less confidential.  I think that explains why universities are showing increasing interest in cloud-based products, particularly in monitoring.

This week we rolled out a couple new updates to the Monitis dashboard.

When you’re monitoring more than 20 or 30 services you need a good way to view them in one place.  That’s what the newly improved Monitis Snapshot views are for.  Let’s take a look at the External and URL Snapshots.

Each row is now click-able, so when you click a URL a more detailed view of that monitor will appear.   You can have multiple External Snapshots on different tabs, each set with a different tag-name.  In the URL Snapshot you can view your most critical URLs (the ones with the slowest response time) or just the top 10, 20, or 30.  Each column in these tables can be sorted, so you can quickly rank by response time or by URL alphabetically.

Internal Snapshots are similar.

The Windows Agents Snapshot shows a list of your Windows servers being monitored and their basic performance metrics.  The CPU, Memory, Drive, and Load Snapshots show the servers that require the most urgent attention.  Using tag-names and the sorting feature, monitoring even hundreds of servers becomes possible.

We also added the Full Page Monitor this week.  It is essentially an advanced external monitor.  It not only shows the response time of a webpage, but also the HTTP response code, total download time, DNS and Connection time, time to the first and last byte, and the total size of objects (js, css, images, external scripts, flash) in the webpage.  This is a great way to identify bottlenecks to your webpages.  Remember, research shows that it only takes a couple seconds before your visitors give up on your site.

To try it out, go to Add Monitor>Full Page and fill in the necessary fields.  Then click Add.


This test loads Yahoo every 5 minutes.  Click the dot and a window containing the individual objects and a table will pop up.

It’s that easy.  And Full Page Monitors start at only $5/location/month for a 20 minute interval, so you can monitor all your webpages without breaking your wallet. More features coming soon, so stay tuned!

When designing the Reports module, we set out to do two things:

1) Eliminate the hassles and bottlenecks inherent in software-based monitoring systems and

2) Utilize the cloud to come up with innovative ways of creating and sharing reports.Our interactive Ajax dashboard makes it possible to add standard or custom reports in just a few clicks, without loading multiple pages.  Let’s walk through adding a report that shows daily performance for the previous month for a url’s uptime.

1) Go to Add Report>External at the top.

2) Select the monitor(s) to be included in the report and the time period.  You can select one, several, or all of your monitors.

3) The report will immediately appear on your dashboard.  You can view the data in a table, line chart, bar chart, or interactive calendar.  In settings you can set SLA thresholds and make the report public.  Public reports are under a separate url accessible by anyone you share the link with.  You can customize them with your own logo.  For this example we’ll use Fabio as our logo:

That’s not the only way to share reports.  You can also put several reports into a new tab and use the Share Page feature.  That will create a link to a read-only, interactive version of the tab, giving anyone in your organization a view of daily, weekly, or monthly data for the websites, servers or applications you want to share.  You can always destroy and recreate these links.

On top of all of that, we also email daily or weekly reports that summarize your IT infrastructure, including internal and external monitoring.  We’re working on some new report formats so stay tuned.

Hewlett-Packard on February 24^th opened an advanced collaborative research lab in Singapore to support its growing cloud business – what it calls its “Everything as a Service” vision.

“Our new lab in Singapore is a key component of the transformation strategy put in motion less than three years ago to accelerate our pace of technology transfer and bring a variety of advancements to market,” said Prith Banerjee, senior vice president, Research, and director, HP Labs, in a press release. “HP Labs Singapore aligns very closely with HP’s strategic growth areas and significantly expands the resources we bring to bear on our customers’ biggest opportunities and challenges.”

Officially known as HP Labs Singapore, the facility will focus on a range of projects that aim to re-examine data center and application design principles in order to explore how future cloud computing needs will be met, said the release.

HP plans for the lab to work closely with customers, partners, HP business divisions and schools to generate advancements that will drive research for cloud development. And HP expects its customers to capitalize on this shift to a service-based infrastructure model using developments from HP Labs Singapore.

The new lab will collaborate with other key cloud initiatives already underway at other HP Labs sites, including the Service Automation and Integration Lab (SAIL) in Palo Alto, CA., and the Automated Infrastructure Lab (AIL) in Bristol, UK.

HP’s intention is that, together, the three labs will work on its vision for creating an enterprise cloud software platform – dubbed Cirious. As part of that project, HP has partnered with:

– Intel, Yahoo! and the Infocomm Development Authority (IDA) of Singapore to create a global, multi-data center, open source test bed for the advancement of cloud computing research and education. IDA houses one of nine test bed locations worldwide.

– SingTel – to form Singapore’s largest commercial grid services platform. It’s called Alatum, and it offers a variety of computing power, storage and software applications on a pay-per-use, on-demand and online basis.

HP Labs Singapore is the company’s third research facility in the Asia/Pacific region and its seventh worldwide

Of course, HP isn’t the only one building data centers and research facilities around the world dedicated to cloud computing and development. It’s good to see that healthy competition in this area is further driving hunger and interest for cloud computing – and that, in turn, lifts all the cloud service provider boats in this giant industry.

With the increasing reliance on consolidated data centers, virtualization, and cloud computing, network management has become less concerned with the connections between individual network nodes and more concerned with overall application performance management. Network managers must manage not just network infrastructure, but also the performance of network applications.

CA Inc.’s acquisition of NetQoS Inc., a vendor of network and application performance tool, for $200 million clearly anticipates this trend.

Abner Germanow, IDC research director, says the CA aims to give enterprises a more holistic view of the network, something that traditionally hasn’t been handled by network management tools. A network manager’s toolset looks rather like a carpenter’s toolbox, Germanow says, with different tools for different users. NetQoS completes CA’s already respectable toolbox, he says, by adding more functionality such as the ability to manage WAN connections. This will make CA’s view of the network more application-centric, he says.

CA’s Wily family of application performance management tools has a solid reputation in the field. Unfortunately, CA’s products provide more data-oriented views of performance rather than application-oriented views. To best understand the performance of distributed and outsourced resources, such as cloud services, an organization requires both data-oriented and application-oriented views.

Federal agencies are excitedly ‘upgrading’ to cloud computing through today’s launch of Apps.gov. The new website brings the promise of cloud IT services to all federal agencies, and the hip new app service includes everything ranging from professional business applications, cloud IT services, productivity apps, to the ever so popular social media apps! With many of the services being offered by either Google or salesforce.com, the movement to cloud computing is expected to reduce government operational costs as well as increase productivity within Federal agencies.

Cloud computing, in which information and software are stored in centralized units that can be accessed by any number of devices simultaneously, is the next big thing in IT according to a blog authored by Kundra. He went on to state that the website Apps.gov is an all encompassing site for cloud services, due to the way it consolidates services which are currently available. This is set to revolutionize the operation of IT and save taxpayers money.

A whopping $75 billion is spent by the government each year on information technology, says Kundra at the Whitehouse bog post. Yet the procurement processes and security procedures prevalent in this time and age can use up a lot of time that could have been otherwise used in other endeavors, and are even redundant at times. Kundra writes that the practices of the past have often ended up in an inefficiency across the federal government of purchased IT capabilities. Kundra adds, ‘These barriers will be addressed – it is a priority. We will improve the methods employed by the government in leveraging new technology’.

Due to release in the year 2010, Google is working on a “government cloud”, also known as a “G Cloud“. The program will work in much the same way that Google Apps works, though will be made to suit the US federal state and local governments. FISMA (Federal Information Security Management Act – stating procedures on running federal government information applications) approval is currently being sought by Google for their Google Apps software. According to Matthew Glotzbach, director of product management for Google Enterprise, the process is close to done and soon we will know whether Google will be authorized to use FISMA.

Infrastructure as a Service, or IaaS, gives business access to vital web architecture, such as storage space, servers, and connections, without the business need of purchasing and managing this internet infrastructure themselves. Because of the economies of scale and specialization involved, this can be to the benefit of both the business providing the infrastructure and the one using it. In particular, IaaS allows an internet business a way to develop and grow on demand. Both PaaS and SaaS clouds are grounded in IaaS clouds, as the company providing the software as service is also providing the infrastructure to run the software. Choosing to use an IaaS cloud demands a willingness to put up with complexity, but with that complexity comes flexibility. Amazon EC2 and Rackspace Cloud are examples of IaaS.

Platform as a Service (PaaS) clouds are created, many times inside IaaS Clouds by specialists to render the scalability and deployment of any application trivial and to help make your expenses scalable and predictable. Some examples of a PaaS system include: Mosso, Google App Engine, and Force.com. The chief benefit of a service like this is that for as little as no money you can initiate your application with no stress more than basic development and maybe a little porting if you are dealing with an existing app. Furthermore, PaaS allows a lot of scalability by design because it is based on cloud computing as defined earlier in the article. If you want a lean operations staff, a PaaS can be very useful if your app will capitulate. The most important negative of using a PaaS Cloud provider is that these services may implement some restrictions or trade-offs that will not work with your product under any circumstances.

Software as a Service (SaaS) is relatively mature, and the phrase’s use predates that of cloud computing. Cloud applications allow the cloud to be leveraged for software architecture, reducing the burdens of maintenance, support, and operations by having the application run on computers belonging to the vendor. GMail and Salesforce are among examples of SaaS run as clouds, but not all SaaS has to be based in cloud computing.

See more about cloud computing/SaaS definitions at our Cleaning Up a SaaS Terminology Mess
post.

The packet analyzer is computer software, and sometimes hardware, that can intercept and also log digital network traffic. As data streams flow through the network, the packet analyzer captures each information packet and will decode and analyze the content (according to the appropriate RFC or other specifications). Packet analyzers are sometimes referred to as network analyzers, protocol analyzers, and sniffers.

Packet sniffers are versatile applications. For network maintenance, you can use packet sniffers to monitor network usage, gather and report network statistics, and debug client/ server communications and network protocol implementations. Security uses include the ability to analyze network problems and detect network intrusion attempt. In an offensive mode, packet sniffers allow you to gather information for effecting a network intrusion and spy on other network users. More controversial uses include the ability to collect sensitive information, such as passwords (depending on any content encryption methods which may be in use, and reverse engineer proprietary protocols used over the network.

Tcpdump is a popular packet analyzer with a command-line interface. It is used to capture and display TCP/IP packets (as well as other protocols) on the monitoring system’s network segment. This program is frequently used to troubleshoot network applications, but it can also be used to debug problems with the network itself, usually by detecting problems with the network routing configuration. Tcpdump can also be used to intercept network communications originating from another computer. By running tcpdump on a computer acting as a router or gateway, the user can display unencrypted information (such as that sent with TELNET or HTTP) including login IDs, passwords, URL requests, website content, and any other unencrypted data.

Wireshark, which was originally known as Ethereal, was renamed in May 2006 because of trademark issues. Wireshark is used for network troubleshooting, analysis, software and communications development and education. Even though Wireshark is similar to tcpdump, it has much more information sorting and filtering options as well as a graphical front end. The user is able to see all of the traffic that is being sent over the network, which is usually Ethernet, even though support is being added for other networks.

Ettercap is a network protocol analyzer and security auditing tool for Windows and UNIX. Ettercap can capture traffic, including passwords, on a network segment and it can be used to perform active eavesdropping. The software supports active and passive analysis of a number of common protocols, including encrypted protocols, and provides other network and host analysis features as well. Ettercap has four operating modes: 1) IP-based monitoring, in which packets are filtered by IP source and destination; 2) MAC-based monitoring, where packets are filtered by MAC address (this mode is useful for analyzing connections through a gateway); 3) ARP-based, which uses ARP poisoning to monitor a full-duplex switched LAN connection between two hosts; 4) PublicARP-based, which also uses ARP poisoning on a switched LAN, but is intended for monitoring half-duplex traffic between a victim host and other servers.

Red Hat announces the launch of the most recent edition of its benchmark open source operating system, RHEL (Red Hat Enterprise Linux) 5.4, with plenty of features to admire in this latest commercial Linux. A big plus is that virtualization is built right into this system. This RHEL version integrates KVM, Kernel-based Virtual Machine, which – in contrast to VMWare or XenServer – is built right into the operating system rather than as an add-on format. In fact, just as the name implies, it is incorporated directly within the Linux kernel.

Red Hats’ KVM can run up to sixteen virtual machines having up to 256 GB of RAM each. Because they function like a real machine would, you can use the normal RHEL management tools to make them work. Paravirtualized disk and network drivers have been incorporated into the LREL 5.4 for even better I/O performance. Even though Xen based virtualization is completely supported, the KVM hypervisor will only function correctly when used with the regular/non-Xen kernel.

RHEL’s also improved SystemTap toolset for performance monitoring will make it even easier for you to keep track of your C++ applications. With SystemTap, you can write instrumentation for a live running kernel with its simple command line interface and scripting language. A bigger library of internal “tapset” scripts, and newly published samples, are also available to assist with reuse and abstraction.