Virtualization is a buzzword that is living up to its hype as it takes hold
in IT. It has spawned magazine covers, conferences, and analyst reports, and
all with good reason. Virtualization allows applications to be deployed in a
highly efficient manner. By taking the physical servers out of the equation,
virtualization allows applications to be deployed across a number of servers,
or for multiple operating systems to run simultaneously on one server. In
this way, an organization can scale its applications by seamlessly adding
hardware, or by adding more instances of operating systems to its servers.
In the world of Web Services, in a "service-oriented architecture" (SOA),
applications are deployed as services over the network. This means that if an
application wants to use components of another application, it simply
accesses this other application over the network.... (more)
Cloud Computing Journal
Following the translations in Japanese and Spanish, the Connecting to the
Cloud series of articles, which I wrote for IBM DeveloperWorks, is now
available in Chinese. The series introduces cloud platforms such as Force.com
and Amazon SQS, including code samples in Java, and governance and policy,
again including code samples (an Amazon policy expressed in JSON). The
Gateway "onramp" model is described.
Part 1: 连接到云，第 1 部分: 在应用程序中使用云
Part 2: 连接到云，第 2 部分: 实现混合云模型
Part 3: 连接到云，第 3 部分: 云治理和安全性
I saw this tweet this morning and I thought "+1" (I guess I am a geek if I am
thinking in Digg/Slashdot shorthand).
The problem is that in Information Security, "security" is all-too-often used
to mean only encryption. A line is considered "secure" if it's encrypted. But
often, the real "security" requirements are much broader and include
management (as in access management, identity management), business
continuity defense against denial-of-service, and privacy.
I think language is a big issue here. I've always found it interesting that
in German, the words for "security" and "ce... (more)
Tom Raftery at Greenmonk (the green shoot from Redmonk) has a great analysis
of the disastrous use of smart meters by PG&E in Bakersfield, California.
He quotes SmartMeters.com that:
Bakersfield residents believe their new smart meters are malfunctioning
because their bills are much higher than before. PG&E claims higher bills are
due to rate hikes, an unusually warm summer, and customers not shifting
demand to off-peak times when rates are lower.
In the same story on smartmeters.com, S... (more)
Signed SAML tokens are often used to propagate identity information in an API
request. Although we're increasingly people using OAuth with the Vordel
Gateway, SAML remains the established technology and is not going away
anytime soon. Here is an overview of how you can create a signed SAML
Assertion at the IdP (Identity Provider) then send this in an API request to
a SP (Service Provider). As an extra architectural detail, I am issuing the
SAML Assertion using a REST STS interface.
You'll notice below that I'm using the snazzy new Vordel 6.2 release, because
of the new re-arrange... (more)