HyTrust published its VMworld 2017 Cloud Adoption Survey
HyTrust, an IT company in the security sector, published a report on the enterprise cloud world made during last VMworld 2017.
323 companies were surveyed, and these are the results. 21% of them are concerned about GDPR and have a plan in place and 52% are not concerned about GDPR or are unaware of its relevance for their business and 27% are concerned about GDPR, yet have no plan in place.
Among the other results of the survey, although the hybrid cloud infrastructures are more and more used, 22% don’t use a public cloud, 44% don’t have an hybrid cloud and 28% entrust a single hybrid cloud vendor. The percentage of those who don’t use any form of encryption in a public cloud thankfully lowers from 28% of last year to 10% of this year. The biggest fears in terms of security are about uncontrolled or unmonitored access by admins (32%) and a malicious or accidental exposure of workload data (30%).
Containers are an appealing topic but it’s seldom used in production: just 12% of participants use it a production environment.
Software keeps going towards SaaS
DataCenter Knowledge wrote a recap of a speech called “Is Cloud Computing Building or Destroying Your Infrastructure and Operations?” by Milind Govenkar, Gartner VP Research, held during the annual conference by Gartner.
Govenkar says that within two years at least a third of the biggest software producers will complete the transition of their products from a cloud-first to a cloud-only mode, thus making them available on a SaaS basis only.
In this scenario, the risk of a lock-in is high as companies that use enterprise software like SAP, Oracle and Salesforce generally integrate them quite tightly in their operations, and switching from a vendor to another is complex. The client risks to remain caught in a situation where vendors can rise the price of subscriptions at their will, as it has been actually noted: during the last 3 years the cost of a subscription rose about 8% annually.
OVH, here’s the details of the incident in November
On Thursday, November 9, at 07:04, the Strasbourg site, hosting 4 datacenters, experienced an electrical power cut. The power outage spread to the other datacenters and caused an electrical shutdown of the 40,386 servers hosted on the site. At 10:39 electrical power was restored on the site and the services gradually restarted. By 6:00 pm, 71% of the servers were functional again, and on Friday, November 10th at 11:00 pm, 99% of the servers were functional. A minority of services remained impacted until Sunday, November 12th.
The entire site is powered by one 20MVA power supply via two 20kV cables. The cause of the power failure is linked to an alteration of one of the 2 underground cables, which ESR repaired quickly. The causes of the alteration of this cable are not yet determined. Investigations are ongoing by ESR.
The Strasbourg site is powered by two cables delivering 20MVA and therefore connected to the same circuit breaker. The tripping of the circuit breaker caused the two lines to break. At 22:00 on Thursday, 97% of the servers (hardware) were back up and running and 91% of the services (software) were running again. By midnight on Friday, 99% of the servers were operational again as well as 96.2% of the services.
The technology based on maritime containers will no longer be used by OVH. Indeed, this setup has only been used to build SBG1 and SBG4 and it thus inherited all the design flaws related to the initial low ambitions we had for this site. This setup is no longer adapted to the requirements of the business and does not align with OVH standards. SBG1 and SBG4 are to be dismantled.
In order to do this, OVH will migrate all customers' services hosted on SBG1 and SBG4, moving them either to SBG2 and SBG3 or to other OVH datacentres.
Complete details of the incident are available at this address.
AWS: from Xen to KVM, new region in China and S3 more secure
AWS launched a new region in China in Ningxia, its 17th worldwide and the 2nd in China The region is operated by Ningxia Western Cloud Data Technology Co. Ltd. in order to respect the chinese regulation in terms of presence of foreign companies in the Country; Sinnet managed the other region in Beijing.
Services provided in the new region include EC2 (C4, D2, M4, T2, R4, I3 and X1 instances), Elastic Load Balancing, Glacier, IAM, RDS, S3 and VPC.
In a blog post, AWS introduces the new c5 Compute Intensive EC2 instances (available in the US East, US West and EU regions): in a previous version of the post, which has been edited, they made references to the use of KVM instead of Xen, which is the hypervisor used by ASW. The phrase “In order to remain compatible with instances that use the Xen hypervisor” rings another bell.
Lastly, AWS upgraded its S3 storage service with an improve security level: the dashboard includes warnings about buckets exposed on the Internet (Skyhigh discovered that 14% of analyzed buckets can be accessed without any authorization from the outside because of a wrong configuration, called “GhostWriter”), data encryption can be enabled by default without a specific policy (a detailed report of the inventory is available, and encrypted objects can be replicated between Regions with keys managed by the AWS Key Management Service) and, when cloning an object between different accounts, one can set a new ACL policy for the object on the new destination.
Equinix launches Cloud Exchange Fabric and announces a new datacenter in Milan
Equinix, one of the biggest datacenter providers in the world, launches Equinix Cloud Exchange Fabric (ECX Fabric).
ECX Fabric is the software-defined networking (SDN) solution that allows clients to create networks inside Equinix datacenters with their own infrastructures or with the ones of their client regardless of the geographical location and in “as-a-service” mode with real time provisioning (with APIs or dedicated portal and “pay-as-you-go” billing). All of that without relying on third-party actors or long waits.
ECX Fabric is available in alla ECX Locations (ie datacenters) of North America and EMEA, like Amsterdam, Atlanta, Chicago, Dallas, Dubli, Frankfurt, London, Los Angeles, Manchester, New York Paris, Seattle, Silicon Valley, Stockholm, Toronto, Washington D.C. and Zurich.
Equinix also announces new datacenters in cities including Denver, Dusseldorf, Geneve, Helsinki, Miami, Munchen and, most importantly for us, Milan in 2018.
Further details on ECX Fabric are available at this address.
Facebook open sources Open/R
Open/R is the platform developed and used by Facebook to route its internal network, and it’s now open sourced with a dedicated Github repo.
Open/R supports some network topologies (WAN, data center fabric, network Mesh) and is compatible with several hardware and software (FBOSS, Arista EOS, Juniper JunOS, Linux routing, etc.); further details are available in this blog post.
Facebook will also expand its Prineville, Oregon, datacenter with two buildings; the one in Papillion, Nebraska, will be powered by energy from renewable sources (wind) bought from a local consortium.
Mesosphere DC/OS Enterprise and SAP HANA Enterprise Cloud are available on Azure
Mesosphere DC/OS Enterprise is the enterprise version of Mesosphere, the containerized and data-intensive app platform built on Apache Mesos, and it’s now available on Azure MarketPlace, which allows the creation of an hybrid Mesosphere cloud on Azure.
SAP HANA Enterprise Cloud, a managed private cloud service, is now available on Azure.
The process that will eventually bring VMware on Azure continues, as explained in this Microsoft blog post.
Google opens its first datacenters in India
Google continues the penetration into the asian market by opening its first datacenters in India.
The new Region in Mumbai is composed by 3 different sites, each with a separate Availability Zone. The region is called asia-south1.
Now clients in India can connect directly to this region instead to Singapore’s (the closest) and experience a reduced latency between 20% and 90%. Provided services include computing (App Engine, Compute Engine, Container Engine), Big Data (Cloud Dataflow, Cloud Dataproc, Cloud Datalab), storage (Cloud Datastore, Cloud Storage, Cloud SQL, Persistent Disk) and networking (Autoscaler, Cloud DNS, Cloud Load Balancer, Cloud Virtual Network, Cloud VPN, Cloud Virtual Router).
AWS and Azure have a Region in India, as well.
Alibaba Cloud to open a second datacenter in Dubai?
Alibaba Cloud celebrates the first year of its Dubai datacenter and hints about a possible second datacenter in the city to fulfill the requests of clients.
“With growing service capability over the past year, we are proud to have become a major driver of the local digital economy and innovation,” said Simon Hu, Alibaba Group SVP. “As it continues to evolve, we believe that inclusive cloud technology will play an important role across all of the region’s industry sectors.”
“We see great potential here, and hope we can continue to bring our successful experiences that we have learnt in China to the UAE to make it a benchmark for digital transformation in the future,” he added.
Alibaba also enforced its partnership with the Khalifa University in terms Big Data, Internet of Things, robotics and cloud computing opportunities.
AWS opens a new euro region in Paris
Amazon AWS opened a new region in Europe, the 18th worldwide and the 4th on the continent, in the Paris suburbs area.
The region supports the most popular services like CloudFront, EC2, EBS, Glacier, Route 53, S3 and IAM and the C5, M5, R4, T2, D2, I3 and X1 instances.
Four additional edge sites for Route 53 and CloudFront are planned in Paris (3) and Marseille (1).
The AWS Data Processing Addendum (DPA) is now GDPR-Ready: DPA allows clients to transfer personal data to Countries outside the EU respecting the european regulation.
Gartner publishes the Magic Quadrant report for IDS systems
Gartner published its annual Magic Quadrant for Intrusion Detection and Security (IDS) systems.
By 2020, 70% of these systems will be cloud-based (both public and private) and used for internal uses instead behind the firewall as it is done now, and 60% of these systems will leverage data analysis methods like behavioural analysis and machine learning (today they are less than 10%). However the IDS systems market is going to decrease in favour of NGFW systems (Next-Generation Firewall) that will absorb most IDs.
McAfee, TrendMicro and Cisco are placed in the leaders magic quadrant.
AWS makes Linux 2 available on-premises
Amazon releases Linux 2, its own Linux distro available on the AWS Cloud and on-premises.
Linux 2 is developed by AWS developes to be totally compatible with EC2 instance and Amazon’s cloud service: LTS support (5 years), extra libraries (Amazon Linux Extras repo), fine-tuned kernel 4.9, systemd support and security hardening (SSH, installed packages and critical updates). Security updates and maintenance are provided by AWS.
Linux 2 is available on Docker Hub and for Hyper-V VirtualBox, VMware, KVM and Containers.
PowerShell Core 6.0 is the open-source and cross-platform version of PowerShell
Microsoft announces the general availability of PowerShell Core 6.0, the open-source and cross-platform (available for macOS and Linux in addition to Windows) of PowerShell; PowerShell Core is developed with .NET Core, which is available on different platforms instead of .NET Framework, which is Windows-only. Previous releases of PowerShell (3.0, 4.0 and 5.1 but not 2.0, which is officially obsolete) are still supported in Windows, but they won’t have any backport of the new features introduced in PowerShell Core 6.0
In order to make PowerShell Core 6.0 available on different operating systems, the support for certain technologies (specifically, the ones used by PowerShell on Windows) has been removed: PowerShell Workflows, PowerShell Snap-in, cmdlet WMI v1 and Desired State Configuration (DSC) resources.
PowerShell Core 6.0 is available at the official Github repo.
cURL, tar and Unix sockets are now available on Windows
Windows continues its journey into the world of Unix with Windows 10 build 17063 (insider preview) with the introduction, after Windows Subsystem for Linux (to use any Linux version) and the beta version of the OpenSSH suite (see the January Security Bulletin), of the support to Unix sockets (AF_UNIX) and to tar and cURL.
Unix sockets have long been supported in BSD and Linux, but not on Windows, which has an alternative socket called “named pipes”. But pipes and sockets are not the same thing and developing cross-platform applications for both standards is not easy. The afunix.sys driver provided by build 17063 enables Unix sockets on Windows, despite some limitations as indicated by the MSDN reference page.
tar and cURL are two powerful command line tools that allow, respectively, to create and extract .tar archives (tarballs) and to transfer data to and from a server.
Both are ready to be used exactly as you would do in a Unix environment. An interesting use case is about container: before, when creating nanoserver-based containers, you had to rely on an external container with PowerShell capabilities to download and extract packages, while now you can do that within a single container with tar and curl.