This morning at VMworld in San Francisco, BlueLock officially released our newest cloud technology, the BlueLock CloudConnector, a hybrid cloud enabler. We are also announcing our selection as one of three North American vCloud Datacenter providers.

With BlueLock CloudConnector VMware customers can immediately realize the benefits of the next generation of cloud capabilities provided by VMware’s vCloud Director, the cloud delivery platform for vCloud Datacenter (also introduced this morning). vCloud Director adds new capabilities such as the ability to move workloads between VMware-compatible clouds (public and/or private) in a secure environment.

BlueLock CloudConnector for vCloud Director allows current VMware customers to view and manage their existing VMware environment (their private cloud) and BlueLock’s VMware-based public cloud resources in the vSphere Client control panel they already have, making the transition to a hybrid cloud even easier for existing VMware administrators. 

vCloud Datacenter
As one of only three North American VMware vCloud Datacenter providers selected by VMware, BlueLock provides enterprise-class public cloud infrastructure with compatible management, security, application portability and business agility to businesses of all sizes.  Use of the same VMware technology provides common management and security model enabling workloads to move between internal datacenters and the BlueLock Public Cloud.

vCloud Datacenter is an enterprise-class cloud built on VMware’s cloud infrastructure technology including VMware vSphere, vCloud Director, and vShield security. vCloud Datacenter delivers consistent and auditable security and performance through SAS-70-Type-II certifications as well as technical capabilities such as network isolation, role-based access control and directory services integration.

Read the full release.

I saw an interesting article on multi-tenancy last week concerning this from Lori MacVittie.  In the article she writes, "Tenancy becomes more granular and, at the very bottom layer, at IaaS, you’ll find that the tenant is actually an application and that each one has its own unique set of operational and infrastructure needs. Two applications, even though deployed by the same organization, may have a completely different – and sometimes image conflicting – set of parameters under which it must be deployed, secured, delivered, and managed."

Many times multi-tenancy is tied in the cloud computing world is tied more closely with technical architecture considerations than it is the business drivers behind how applications are deployed.  In order to reap the advantages of cloud computing, though, it's important to understand not just the technical complexity of deploying an application in a cloud hosting environment but also what the potential benefits and/or challenges of that deployment will be as it relates to the business impact.  When choosing candidates for the cloud, you must understand and base your decision on both.

As the evolution of software continues to evolve towards the Software as a Service (SaaS) model, I regularly get asked questions during my conversations with software executives that further tells me that companies want and need help in this time of evolution. 

Some examples of those regularly asked questions are:

• How are people licensing the software in the SaaS model?
• How are companies structuring their pricing in the SaaS world?
• Should I charge for new enhancements or is that included in the service?
• How do I ensure my client’s data is protected in a hosted environment?
• How can I get better performance in the cloud?

While some companies have this figured out well (at least for today), others continue to struggle and constantly feel like they are reinventing the wheel.  To this end, an organization and newsletter called SoftLetter started a quarterly conference called SaaS University. 
SaaS University is a multi-day conference that focuses on helping top executives (C, E, and VP level) of software companies to be educated around an array of topics concerning SaaS. 

The event focuses on topics such as:  

• What is SaaS?
• What does Cloud mean & what options are best for me?
• Pricing
• Fund Raising
• Development Methodologies
• Hosting Options
• Licensing Options
• Trends, and more. 

Various industry experts lead congruent sessions allowing attendees to focus on the subjects that mean the most to them.  My experience is that SaaS University has found some of the most quality experts to lead the discussions and sessions.  The feedback I received from other attendees supports those sentiments as well.

Thought leaders are asked to speak about industry subject matter and various offerings to support a SaaS company.  They use this stage to speak consultatively on various industry trends and decision factors.

The goal of the event is that top executives can walk away knowing that there are real answers to their questions and that they do not have to re-invent the wheel to be a successful SaaS company.  The networking of software executives and industry leaders jointly make the multi-day educational process a great way to learn fresh and new ideas, as well as the basics of being successful as a SaaS company. 

The next SaaS University Event is July 20-22nd in Washington DC.  Use the code BLUELOCK100 for $100 off. Register & learn more today.

The vCloud API is an emerging but already very useful standard for managing virtual infrastructure within a hosted environment. The API itself isn't VMware-centric (although VMware is obviously a huge fan), but instead it was submitted to the Distributed Management Task Force for adoption as an industry standard. The plan is that a single, consistent, platform-independent API could allow a myriad of cloud technologies to effective talk to each other without much fuss or massive message transformation.

The API implementation itself is REST-based, meaning that transactions are stateless and submitted with XML over HTTP. The benefits of using a REST API isn't that it is cutting-edge tech, but instead that it leverages well-established methods for communicating over the Internet. Since REST keeps communication between components simple, poking holes in firewalls and hand-crafting messages can be done very easily.

Let's walk through an example to see just how easy this can be, using only the command line utility curl. Assuming you have a BlueLock vCloud Express account (and, let's face it, all the cool people have vCloud Express accounts) you can simply type:

 curl -u 'your_username:your_password' -v -d "" https://express.bluelock.com/api/v0.8/login 

And voila! The command line parameters you passed along simply tell curl to send your username and password as parameters to a HTTP POST at a given URL.

With the above command you are not only logged in to your vCloud Express account, you also get some advice on what URLs you can try out next:

< Content-Type: application/vnd.vmware.vcloud.orgsList+xml
< set-cookie: vcloud-token=1234567890abcdef; Domain=.bluelock.com; Path=/
< Via: 1.1 express.bluelock.com
< Transfer-Encoding: chunked
<?xml version="1.0" encoding="UTF-8"?>
<OrgList xmlns="http://www.vmware.com/vcloud/v0.8" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.vmware.com/vcloud/v0.8
    https://express3.bluelock.com/api/v0.8/schemas/vcloud/organizationList.xsd">
    <Org type="application/vnd.vmware.vcloud.org+xml" 
        name="your_username" 
        href="https://express3.bluelock.com/api/v0.8/org/31415"/>
</OrgList>

Let's follow one of those links and see what we get. We can use curl to perform an HTTP GET on the link referred to as part of the Org element:

curl https://express3.bluelock.com/api/v0.8/org/824

<error message="Session Key is not found" 
    majorerrorcode="403" 
    minorerrorcode="Bad Request">
</error>

We encountered an error... basically vCloud Express doesn't know who you are. That's where the "stateless" aspect of REST comes into play... subsequent vCloud API calls don't remember who you are.

In the earlier login call we received an HTTP Cookie as part of the response. That "cookie" is a value that reminds the vCloud API of who we are and that we are actually legit, logged-in users. With every subsequent request we send we must also send along the cookie, as in:

curl --cookie "vcloud-token=1234567890abcdef" https://express3.bluelock.com/api/v0.8/org/31415

And now we receive back the response:

<?xml version="1.0" encoding="UTF-8"?>
<Org href="https://express3.bluelock.com/api/v0.8/org/31415" 
    name="your_username" 
    xsi:schemaLocation="http://www.vmware.com/vcloud/v0.8 
    https://express3.bluelock.com/api/v0.8/schemas/vcloud/organization.xsd"
    xmlns="http://www.vmware.com/vcloud/v0.8" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <Link rel="down" 
        href="https://express3.bluelock.com/api/v0.8/catalog/0" 
        type="application/vnd.vmware.vcloud.catalog+xml"  
        name="System Catalog"/>
    <Link rel="down" 
        href="https://express3.bluelock.com/api/v0.8/catalog/51413" 
        type="application/vnd.vmware.vcloud.catalog+xml"  
        name="your_username Private Catalog"/>
    <Link rel="down" 
        href="https://express3.bluelock.com/api/v0.8/tasksList/123" 
        type="application/vnd.vmware.vcloud.tasksList+xml"/>
    <Link rel="down" 
        href="https://express3.bluelock.com/api/v0.8/vdc/456" 
        type="application/vnd.vmware.vcloud.vdc+xml"  
        name="testvdc"/>
    <Description></Description>
    <FullName></FullName>
</Org>

More links for us to follow! Awesome!

The full vCloud API specification is available on VMware's site, and the 0.8 version of this API is available on BlueLock vCloud Express. REST easy!

In a previous post, I talked about the challenges of sizing a cloud computing infrastructure, specifically one for running Microsoft SQL Server.  Because it's the back-end for many corporate IT systems and also serves as part of a lot of internet-facing applications, Microsoft SQL Server is certainly one of the more popular candidates for consideration when looking to leverage Infrastructure As A Service.  It's not the only one, however, so understanding how to properly size a managed cloud hosting VM is important regardless of the application being considered.  Luckily, it's easier than one might think.  

The key is almost always completely understanding how the application is performing today and what hardware (physical -or- virtual) it's running on currently.

There are a ton of great tools out there to assist with these assessments.  Commercial tools such as Lanamark VReady, Novell Platespin Recon and Vizioncore vFoglight are popular candidates and there are many more where those came from.  VMware partners like BlueLock can even provide this information as a service offering using the VMware Capacity Planner tool which is an IT capacity planning tool that collects comprehensive resource utilization and compares it to industry standard reference data to provide analysis about what how much capacity is needed in a virtualized environment using Vmware Virtualization Technology.

One hidden gem that is often overlooked, though, is the VMware Guided Consolidation tool included as a feature of VMware vCenter.  Now a module within vCenter Server, it walks you step by step through the consolidation process  including automatic discovery of up to 500 servers, performance analysis, conversion and intelligent placement on the right host.  Even if you aren't planning on building your own private cloud and, instead, are looking to Cloud Computing Companies to run your virtualized workloads, the VMware Guided Consolidation tool can at least help you assess your current environment if you are a small or mid-sized business.  It has an easy to use interface and a more simplified approach than using hte full VMware Capacity Planner tool.

The BlueLock vCloud Express Cloud Monkeys Use Case contest begins today!

Former, current and new BlueLock vCloud Express Beta users will compete for these prizes:

• The first ten submissions will receive a stuffed cloud monkey
  
• The top five finalists will receive a FlipCam which they will use (and keep!) to create a recognition video for the application to compete for the Grand Prize - an Apple iPad!
  
• The Grand Prize winner will receive the engraved Apple iPad!

Open for submissions by current, former and new Beta users, the contest runs from June 16 – September 6 and looks to surface the most innovative use cases of BlueLock’s vCloud Express.

During the 12-week contest, BlueLock vCloud Express developers enter by filling out a simple questionnaire on the BlueLock Web site between June 16 and July 7 2010 that includes a description of the BlueLock vCloud Express use case and why it deserves to win. Participants can promote their own use case through Twitter and other social media outlets. Submissions will be voted on by an open community of voters and judged by BlueLock and VMware on cloud applicability, creativity/innovation, time savings and cost savings to select the top five use cases. The first ten submissions will receive a BlueLock “Cloud Monkey” stuffed animal and the five finalists will receive FlipCams with the option to document their use cases in a two minute “Recognition Video.” Finalists who submit Recognition Videos will then be judged by BlueLock and VMware for the Grand Prize, with the winner receiving an engraved Apple iPad.

“The functionality of BlueLock vCloud Express has proven to be unique and of value to our clients, driving us to design some of the same features into our other solutions within BlueLock CloudSuite,” said Kim Graham Lee, Chief Marketing Officer, BlueLock. “We are excited to not only learn more about how developers have been using vCloud Express, but to also highlight the most unique and interesting use cases.”

“As a top VMware vCloud service provider partner, BlueLock has been able to help shape vCloud Express as it continues to demonstrate that they are ahead of the curve in understanding their clients’ needs in the evolving cloud computing space,” said Mathew Lodge, Senior Director-Cloud Product Marketing, VMware. “We are looking forward to learning about how beta users have taken advantage of the dynamic combination of the industry-leading VMware platform and BlueLock’s secure and reliable cloud hosting and infrastructure expertise.”

BlueLock vCloud Express is a reliable, on-demand, pay-as-you-go infrastructure solution that ensures compatibility with internal VMware environments and with VMware Virtualized™ services worldwide. The technology allows users to create virtual machines as needed and add compute capacity via an online interface. Users pay only for the compute and storage space they use. Since being selected by VMware as one of only five companies worldwide to offer vCloud Express and launching in September 2009, BlueLock has reached 1,100 beta users of the product.

Participants can be past, current or new BlueLock vCloud Express beta users and can submit more than one application. For additional contest details, visit www.bluelock.com.

BlueLock's healthcare-related client base seems to continue to grow - and they each have one specific need in common: security.

Recently, BlueLock produced a case study with Pathagility in regards to their Software-as-a-Service (SaaS) application which facilitates the generation, management and reporting of clinical data between healthcare providers and healthcare institutions.  Early on in the company's life, they realized that it made more business sense to forge a relationship with a provider who could secure and manage their IT infrastructure environment rather than spending capital on purchasing, implementing and managing their own.  At BlueLock, they were especially happy with the ability to scale and pay as they grew in a secure and SAS 70 compliant cloud hosting environment.  Pathagility's success was dependent on their ability to focus on the development of their SaaS solution and get to market quickly rather than directing their talent towards the day-to-day IT operations.

A very similar story unfolds with a new client, AmeriVeri CR. AmeriVeri CR is an in-depth , fully automated method for verifying the coding accuracy of healthcare claims. The company saves their clients an average of 4% in healthcare claims simply by identifying coding errors. They also needed a highly secure and SAS 70 compliant cloud hosting solution. The company just got its official start in January of 2010, but after quickly receiving funding and attracting great interest from clients and prospects, the comany needed to be able to expand its offering quickly.  Enter BlueLock.

These are just two of many healthcare-related clients BlueLock currently has running in its Enterprise Cloud platform, but each tells a similar story and proves that yes, the cloud is secure.

In my last post, I tackled tips 1-5.  This week I’d like to take a look at the next five tips Adam Stone referred to in regards to "Making sense of the cloud: 15 tips for software CEOs" and provide you with the BlueLock perspective on what companies looking to migrate to cloud computing should be thinking about.

Tip #6:  To Avoid vendor Lock-in, stick to open standards. 
This one makes a lot of sense to me – in the end, you need to make sure that whatever you put in the cloud you can get back easily and intact.  While some may argue that deploying VMware technology locks you into VMware’s virtualization platform, I would argue that VMware is the defacto standard for virtualization technology for the enterprise, by virtue of their large market share.  Deploying VMware gives clients a lot of flexibility to move that server to another VMware host if they wish to move.  We even have cases where companies wish to protect themselves from something happening to BlueLock as a cloud provider.  In that instance, we’re replicating the entire virtual machines to a neutral third party, Iron Mountain.  If a triggering event were to occur, the company simply contacts Iron Mountain and receives immediate access to the virtual machines, which can immediately be loaded on servers running VMware.  That’s just one straight-forward example of how “portable” the environment is as a result of running in a VM ware-based virtualization platform.

Tip #7:  Location, Location, Location. 
Yes, indeed, it’s difficult to bend the laws of physics and the speed of light.  This tip talks about two real issues – the first is latency and the second deals with the laws that govern the location where the data center sits, in both cases, BlueLock has engineered solutions to address our client’s specific challenges.   We have clients that need to have the data closer to them than our data centers in Indianapolis, IN or in Salt Lake City, UT for speed or data privacy issues.  For these clients, we introduced our version of a private data center called The BlueLock Box in October 2007.  This private cloud solution entails installing an HP C3000 blade chassis with redundant SAN shelves behind the client’s firewall.  This solution provides them with the same benefits of BlueLock’s public cloud such as fault tolerance and scalability, but puts the data closer to them for speed and/or privacy issues. 

Tip #8:  Consider using a middleman. 
I agree with Adam – there is a huge opportunity for cloud brokers or companies that have expertise in helping clients make thoughtful decisions about what can and/or should go into the cloud and then to actually help architect and deliver the cloud solution.  We’ve worked closely with several partners who have trusted advisor relationships with large fortune 1000 clients that have chosen BlueLock as their cloud solution.  In fact, we’ve been asked to present next week in VMware’s Partner Exchange keynote on the topic of how partners can work with a cloud providers to deliver real value to their clients.  I will be sharing the stage with Carl Eschenbach, EVP of Worldwide Field Operations and Casey Watson, VP Business Development for Apparatus to talk about how BlueLock and Apparatus have built a sizable business delivering cloud integration services for large clients.

Tip #9:  Monitoring uptime isn’t enough, you need an action plan. 
We couldn’t agree more with Adam on this point.  From day one, we’ve had a resolution-based 99.99% uptime SLA in place for our clients.  This means that not only will we respond quickly to the issue, but we’ll promise resolution of that issue.  On top of that, we’ve also patented a portal that we call “the VITAL signs portal” that provides our clients with an overall view of the health of their environment, as well as an ability to drill into each aspect of their environment, to see what’s actually happening.  Finally, we have also built capabilities in the portal to send alerts and alarms when something goes wrong or when the environment has reached a pre-determined limit on things like CPU, RAM and storage.   If those measures aren’t enough, we’ve also built tailored metrics for some clients that wish to monitor additional key metrics in their environment.

Tip #10:  A clause may look good in the contract, but be useless in the real World.  Adam’s tip in this area covered a “useless” escrow agreement.  In tip number six, I shared how we’ve put an escrow agreement in place that can be tested and actually works.  Having said that, I agree that empty legal promises are not the way to make sure you’re protected.  Testing the system is the best way to insure what’s being set aside actually works.  In addition to the escrow agreement, we also have numerous disaster recovery clients that have performed successful tests of our geographic failover disaster recovery service.  In the end, you want the “promise” in writing, but then you want to do a test to make sure it performs as expected.  Reminds me of an old Reaganism – “trust but verify”.

Next week, I’ll take us down the homestretch and walk through the final five tips for migrating successfully to the cloud. 

Tip #11:  Set financial penalties for downtime
Tip #12:  It takes time to see ROI on SaaS development
Tip #13:  Savings are not in the cloud, but in headcount
Tip #14:  Follow the cloud into new markets
Tip #15:  Let the cloud lead you to new innovations

If you'd like to read the original post by Adam Stone, go here.

  Support - Done Well

The word 'support' has become cringe-worthy, much like 'Vista' or 'Millennium Edition.' Opinions seem to fall on one side or the other of a distinct dividing line - no vendor's 'support' is merely adequate these days. It's either phenomenal or terrible.

It's crazy to think that vendors strive for an utter lack of excellence. Still, many end users report just such an attitude in their communications with support personnel. Too often, customer support calls are considered unavoidable nuisances in an otherwise productive day. Of course, no one would ever admit they feel that way. But the attitude is pervasive, and it is all too easy for customers to detect, whether in voice inflection during phone calls or while reading hastily prepared e-mail responses. Worse still is getting no response at all.

BlueLock works very diligently to avoid falling into that trap. Working the front lines for a VMware hosting provider is a unique opportunity. Customers can contact us via e-mail or by telephone and all sorts of queries come in which keeps things interesting. Much of our work is generated automatically by our monitoring system. It's important for BlueLock Support personnel to be able to juggle several roles each day and we employ several tools that make it easier to provide top-level service. 

Don't Hesitate, Educate!

We understand that Cloud Computing is a fairly new concept, so one of the primary roles that we perform on the support desk is education. It takes time to become familiar with virtual servers, online disk expansions, and balloon drivers. At BlueLock, we can help make such concepts more clear - and it's as easy as calling the Support Desk.

The most popular topic for education at the BlueLock Support Desk is snapshots. Proper use of snapshots can make an administrator's job much easier. In a nutshell, each virtual machine on our environment is comprised of a file - that's right, the entire server is essentially a file running on a host system. Snapshots serve basically as restore points for those files. This is useful mainly when making major configuration changes or installing new software. When a snapshot is created, what really happens is that a 'change file' is generated. All subsequents changes to the virtual server are written to the change file. When testing is complete, the snapshot must be either committed or reverted. Committing the snapshot merges it with the original server file. This happens on the fly with no interruptions to service. Reverting essentially destroys the change file and returns the server to its state before the snapshot was taken.

The primary drawback of snapshots is that they tend to grow very quickly. Thus, BlueLock has a retention policy of 24-48 hours during which the snapshot must be committed or reverted.

VMware virtual servers are unique entities, especially when backing them up. Backups at BlueLock work much differently than with standard, physical hardware. We perform a combination of snapshots, disk-to-disk and tape backups to protect customer data. The current system is complex enough for its own blog posting, so I'll cover that in more detail at a later date.

So what is enterprise cloud computing?  How is it so different from (regular) cloud computing?

Jill Tummler Singer explains that enterprise cloud computing is "a behind-the-firewalls use of commercial, Internet-based cloud technologies specifically focused on one company’s or one business environment’s computing needs." 

It's a "a controlled, internal place that offers the rapid and flexible provisioning of compute power, storage, software, and security services to meet your mission’s demands.  It combines the processes of a best in class ITIL organization with the agility of managed, global infrastructure to make your IT faster, better, cheaper, and safer. Enterprise cloud computing gives your business agility, survivability, sustainability, and security."

Many enterprises with highly secure data and strict up-time and performance needs feel that cloud computing is out of the question.  Most of these companies questioning the abilities of cloud computing services are companies in the government, life sciences and financial services industries.  Enterprise cloud computing is the answer for them.  They need tailored, dedicated high performance environments to provide the benefits of cloud computing with the security and assurance of enterprise-class platforms.

BlueLock is a top VMware hosting provider - we use proven enterprise-class VMware virtualization technology to serve our clients no matter what industry or need level, but we are able to tailor and architect high performance, secure and compliant cloud computing environments specifically for our enterprise-level clients.  BlueLock has been extremely successful serving clients in the government, life sciences and financial services, helping them to realize the advantages of cloud computing.

To learn more about BlueLock's enterprise cloud computing services contact us here.

Security and compliance are hot topics in the cloud computing industry. PCI DSS is a set of requirements that, when adhered to, increase the level of security for payment cards transactions.

To become compliant with the PCI DSS, an organization must meet all of the security requirements and maybe even go through a formal auditing process, depending on the number of transactions processed each year. While these requirements may seem inconvenient,

But, can organizations really become PCI-compliant in a cloud computing hosting environment?

In searching for an answer to this question it's importnat to ask, "What kind of cloud computing service?" Many security experts have discussed the topic on panels and in the blogs, like this one. Most of my experience is with infrastrucutre as a service.

Just in working on small business virtualization projects with clients, here at BlueLock, I've had get educated on PCI DSS. The tricky thing for cloud computing hosting companies is that with standards like PCI, there are both application-side and infrastructure-side requirements for compliance.

So with IaaS, where does the responsiblity reside?

Ultimately, it's the responsibility of the company that is doing the payment card processing. The scope of PCI DSS goes beyond what infrastructure as a service companies provide. So, if a cloud computing service provider claims that they are "PCI compliant," it's important to remember that you must still assess your own organization outside of what the service provider manages.

At BlueLock, we use tools from our partners at Shavlik to run regular compliance scans of our clients' environments. If it's important for your organization to be in compliance with PCI DSS, then it's important for you to audit yourself regularly.

To find out more about PCI DSS, visit the PCI Security Standards Council website.

(Indianapolis, IN – December 1, 2009) - Indianapolis-based BlueLock, provider of cloud computing and managed IT services, announces its second round of Beta testing with BlueLock vCloud Express Beta II.  BlueLock was one of only five cloud computing hosting providers chosen by VMware to provide VMware vCloud Express services since its launch in September 2009.

BlueLock vCloud Express Beta II is a Compute-as-a-Service solution designed to support transient workloads by providing a high level of elasticity for faster turnaround time and future workload federation.  BlueLock vCloud Express will compete with services such as Amazon EC2 and Windows Azure.

“BlueLock vCloud Express Beta I was an instant success,” said Pat O’Day, CTO, BlueLock. “We filled up our Beta I slots in less than two months.  With the feedback we garnered from those early users we’ve been able to make some major changes and the offering will continue to get better as we prepare to launch the public offering early in 2010.”

BlueLock vCloud Express Beta II is a reliable, on-demand infrastructure solution that ensures compatibility with internal VMware environments and with VMware Virtualized™ services worldwide. The technology allows users to create virtual machines as needed and add compute capacity via an online interface. The beta services are currently free, but the public offering in the future will include a pay-as-you-go payment structure where users pay only for the compute and storage space they use.

BlueLock vCloud Express Beta II is available immediately. For additional information, visit http://vcloudexpress.bluelock.com.

I love my job. As a client specialist at BlueLock, I get to spend the majority of my time working with the innovative companies that are producing the products and services of the future and, at the same time, pushing the limits of cloud computing hosting.

In all of my conversations with BlueLock clients, one thing is clear:

There is massive demand for a cloud computing platform, specifically for testing and development, that is cost-effective and integrates well with production environments.

Many businesses have data and processing that doesn't require a fully-managed cloud hosting service at four nines (99.99%) uptime.

Some companies offer services that seem like they could be a good answer for this problem. IBM recently released Smart Business Development and Test on the IBM Cloud, which seems like it might be a competitor of Amazon's EC2 cloud computing platform.

The problem with some of these test/dev clouds is that they can't support VMware hosted environments. This means that, with test/dev clouds like EC2 and IBM's new offering, a company that is running their production environment on VMware can't necessarily integrate their test and production environments seamlessly -- an important consideration when doing a cloud computing comparison.

Enter vCloud Express...

One of the cool tools that the BlueLock engineers are tinkering with is a VMware-based, pay-as-you-go option that will be ideal for companies that need an environment that is dedicated to test and development. We announced vCloud Express back at the start of September, and since then, have received an overwhelming number of signups for the beta-version. In fact, we acually completely filled up all of the beta test slots!

I'm excited for the public launch of BlueLock's vCloud Express, because we'll be able to offer clients the perfect solution for their test/dev needs. Until then, I'll keep you posted as we continue to progress. 

Sad news – BlueLock vCloud Express BETA  has filled up!  We are no longer taking sign-ups until we depart our BETA status.   If you’d like to be notified when BlueLock vCloud Express is available again please send an email to vcloud_beta@bluelock.com.

Thanks again to our participating launch partners:

More information on BlueLock vCloud Express:

BlueLock’s vCloud Express (Beta) is an on-demand, pay-as-you-go virtual machine hosting service.  Running on VMware, it ensures compatibility with internal VMware environments and with VMware Virtualized™ services worldwide.

BlueLock vCloud Express is specifically designed as an easy and affordable way to try a virtual cloud or host application.  This solution is perfectly suited for test and development or a startup environment.  Developers are able to use the BlueLock vCloud Express service to rapidly deploy application environments and get started quickly.  The solution retains the robustness, interoperability and reliability that BlueLock and VMware virtualization technology is known for while delivering the easy access and cost effectiveness of the pay as you go model.

To stay up to date on BlueLock vCloud Express and our other offerings, join our newsletter.

In order to continue the conversation about getting started in the cloud, let’s move on to step number two: comparing cloud computing vendors (to determine which best fits your needs based on the infrastructure and expertise inventory you took).

Getting Ready to Compare Cloud Computing Providers:
After looking into the amount of IT infrastructure you currently house and run as well as the people and expertise you need to manage it you should have a pretty good idea of what it takes to keep your company up and running.  From there you need to decide what kind of cloud computing solution you’re looking to use.  Is it something simple like an additional software-as-a-service account?  Or are you hoping to use PaaS to access some infrastructure?  Or better yet, does your company want to outsource its entire infrastructure to the cloud?

There are many options when it comes to “moving to the cloud.”  For this post we’ll focus on the migration to an infrastructure-as-a-Service (IaaS) cloud.  One easy first step is test and development.  This is a low-risk way to test out cloud providers and their capabilities while also making a decision around the type of infrastructure you prefer.  Do you want enterprise-level VMware hosting or is Amazon EC2 for you?  Do you want to be able to migrate between clouds and providers and if so, what might that look like and what additional platforms would that require?

While engaging in a test/dev environment, developers should focus on testing their application’s functions, performance and scalability.  Keep in mind that most applications can be tested in a public cloud, but that some for technical or cultural reasons should be kept in-house, unless you are able to secure the type of SLA that would allow you to migrate those “special” applications.

Now let’s say that you’re ready to make that infrastructure move to the cloud (sometimes this may mean you skip the whole test/dev show).  There are four main items to consider when comparing cloud computing vendors.


The SLA is the most important item you need to compare vendors against.  If you have sensitive data or applications that require high uptime capabilities, you would be wasting your time to look at any vendor with and SLA below 99.99%. But if you just need a test and development environment it wouldn’t make sense to pay the premium for such high availability (higher availability = higher price).  Find out your uptime needs and then locate the vendors who offer the SLA you need.

Technical offerings are the next determining factor.  Depending on which kind of infrastructure you prefer (if you have a preference) you would need to figure out which providers use which technologies.  For instance, do you need enterprise-level VMware hosting technology or does your organization want to use something more along the lines of Microsoft Hyper-V?  If you have a preference work around that, and if not, let’s move straight to #3 – Control.

How much control do you want of the infrastructure?  Do you have your own people to manage your infrastructure or are you on a hiring freeze and need your cloud provider to manage the infrastructure.  There are a number of options in the cloud – some vendors provide managed cloud hosting services (like BlueLock) and others just provide the infrastructure while you manage it.  Whatever your preference, there is a vendor for you.

Lastly, and most obviously – once you’ve compiled a list of vendors who provide the SLA, technical specs, and right amount of control, you’re left to look at pricing.  By now, you may only have a couple cloud vendors left, but you should be in a great place to compare and make the right choice.

After a long time of keeping quiet and silently preparing for the exciting launch of BlueLock vCloud Express, the product is now alive, running and available to developers!

BlueLock’s vCloud Express (Beta) is an on-demand, pay-as-you-go virtual machine hosting service.  Running on VMware, it ensures compatibility with internal VMware environments and with VMware Virtualized™ services worldwide.

VMware announced the new product offering at VMworld during the keynote speech yesterday as one of their key initiatives.  VMware chose 5 hosting providers internationally to provide vCloud Express services, and BlueLock is one of them.

For more information on the service or to sign up, click here.

To read about the launch on CNN Money, click here.

Sourcefire, Inc., a leader in Cybersecurity, recently announced its Virtual 3D Partner Program, providing cloud computing companies and OEMs the ability to leverage the new Sourcefire Virtual 3D Sensor™ and Sourcefire Virtual Defense Center™ to efficiently and effectively increase customer protection.

The Sourcefire® Virtual 3D Partner Program is designed to provide hardware, software and services companies with virtual security solutions to address their customer’s critical requirements. The company is currently forging relationships with:

• Cloud computing companies – Providing these companies with the ability to easily add a virtual security sensor into their existing cloud, allowing the vendor to monitor and manage the appliance to protect customer information residing in the cloud.
• Virtual OEMs – Enabling companies that are already delivering virtual solutions or hardware with additional processing ability to add Sourcefire’s complementary security capabilities.
• Traditional channel partners – Allowing them to easily add a Sourcefire virtual security appliance, pre-loaded onto an existing server from other vendors.

“We’re very excited about the capabilities of Sourcefire’s new Virtual 3D Sensor and their Virtual 3D Partner Program,” said Pat O'Day, Chief Technology Officer at BlueLock. “Sourcefire is making it very easy to integrate their security technology into our cloud-based offerings and provide our clients with an additional level of protection for their hosted VMware applications.”

The Sourcefire Virtual 3D Partners can utilize the recently announced Virtual 3D Sensor and Virtual Defense Center, which provide users with the flexibility to deploy the company’s leading security solutions within their virtual environments for increased protection of both physical and virtual assets. These new virtual appliances can inspect traffic between virtual machines, while also making it easier to deploy and manage sensors at remote sites where resource may be limited. They also enable partners to easily implement Sourcefire’s leading security solutions on existing customer hardware or within a cloud infrastructure for increased protection.

“While security is a top concern for every organization, many require solutions that can be placed on existing hardware or in the cloud,” said Matt McCormick, Vice President of Business Development at Sourcefire. “With the launch of Sourcefire’s new Virtual 3D Sensor and Virtual Defense Center, we are enabling partners to easily provide customers with value-added protection without requiring new hardware investments.”

To read other BlueLock posts on cloud security click here.

Interested in cloud computing Security?  Watch our newest online video featuring our client, Projetech as they share their perspective on the benefits of cloud computing as a way of insuring data security for them and their clients.  Projetech relies on BlueLocks VMware Hosted Environment to manage, monitor and secure their infrastructure .

As the various branches of the Federal government have begun investigating and adopting different “cloud computing” and cloud-like applications, they like the private sector have struggle with the definition of ‘what is cloud computing’.  To provide clarity and a common platform for discussion, a draft definition by Peter Mell and Tim Grance at the National Institute of Standards and Technology (NIST) was presented at a federal CIO summit last week. 


Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is comprised of five key characteristics, three delivery models, and four deployment models.

Key Characteristics:
On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed without requiring human interaction with each service’s provider.

Ubiquitous network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Location independent resource pooling. The provider’s computing resources are pooled to serve all consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The customer generally has no control or knowledge over the exact location of the provided resources. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.

Rapid elasticity. Capabilities can be rapidly and elastically provisioned to quickly scale up and rapidly released to quickly scale down. To the consumer, the capabilities available for rent often appear to be infinite and can be purchased in any quantity at any time.

Pay per use. Capabilities are charged using a metered, fee-for-service, or advertising based billing model to promote optimization of resource use. Examples are measuring the storage, bandwidth, and computing resources consumed and charging for the number of active user accounts per month. Clouds within an organization accrue cost between business units and may or may not use actual currency.

Note: Cloud software takes full advantage of the cloud paradigm by being service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.

Delivery Models:
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.

Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).

Deployment Models:
Private cloud. The cloud infrastructure is owned or leased by a single organization and is operated solely for that organization.

Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).

Public cloud. The cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group.

Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (internal, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting).

Each deployment model instance has one of two types: internal or external. Internal clouds reside within an organizations network security perimeter and external clouds reside outside the same perimeter.

SearchSecurity.com just released an article about a recent Forrester report.  The report advises a cautious approach to cloud computing or cloud-based services.  The study found that early adopters ran into some roadblocks such as not knowing where their data is located or what happens to the data if they want to change services and even not knowing specifically how the service provider protects customer privacy.

Forrester advises that companies who are considering cloud-based services gain a clear understanding of security, privacy and legal consequences of contracting with a service provider.  At BlueLock, we like to make it as easy for you as possible to learn about our practices and procedures and match those up against other cloud computing providers.  In our opinion, the last thing we want is to have clients come in and sign on unaware of how their security, privacy and data will be handled.

In regards to security, Forrester recommends that organizations create a checklist of data security and compliance priorities.  This is great advice.  The more you can elaborate on your needs, the better able BlueLock is to provide you exactly what you need.

We’ve had lots of requests for highly compliant IT environments.  The beauty of cloud computing is that BlueLock is able to build your company a compliant environment at a fraction of the cost of building an entire IT system and infrastructure on your own.  Right On Interactive chose BlueLock as their SaaS hosting provider for that precise reason.  Their 5Buckets solution (integrated marketing automation software) needed to be highly compliant in order to be able to integrate with companies such as ExactTarget (email marketing) and SalesForce.com. 

They turned to BlueLock, laid out their needs and wants in regards to security and compliance, decided where they wanted their data stored (Indianapolis facility) and off BlueLock went designing a VMware virtualized IT environment.  They now pay for IT infrastructure as a monthly operational expense; their compliant and secure environment can scale on demand and its environment if fully managed by virtualization experts 24/7/365.  What more could a growing software company ask for?