Vmware Hosted Environment

Can a Cloud Comply with PCI DSS?

Wednesday, January 6, 2010 by Matt Hunckler

Security and compliance are hot topics in the cloud computing industry. PCI DSS is a set of requirements that, when adhered to, increase the level of security for payment cards transactions.

To become compliant with the PCI DSS, an organization must meet all of the security requirements and maybe even go through a formal auditing process, depending on the number of transactions processed each year. While these requirements may seem inconvenient,

But, can organizations really become PCI-compliant in a cloud computing hosting environment?

In searching for an answer to this question it's importnat to ask, "What kind of cloud computing service?" Many security experts have discussed the topic on panels and in the blogs, like this one. Most of my experience is with infrastrucutre as a service.

Just in working on small business virtualization projects with clients, here at BlueLock, I've had get educated on PCI DSS. The tricky thing for cloud computing hosting companies is that with standards like PCI, there are both application-side and infrastructure-side requirements for compliance.

So with IaaS, where does the responsiblity reside?

Ultimately, it's the responsibility of the company that is doing the payment card processing. The scope of PCI DSS goes beyond what infrastructure as a service companies provide. So, if a cloud computing service provider claims that they are "PCI compliant," it's important to remember that you must still assess your own organization outside of what the service provider manages.

At BlueLock, we use tools from our partners at Shavlik to run regular compliance scans of our clients' environments. If it's important for your organization to be in compliance with PCI DSS, then it's important for you to audit yourself regularly.

To find out more about PCI DSS, visit the PCI Security Standards Council website.

BlueLock Launches BlueLock vCloud Express Beta II Program

Wednesday, December 2, 2009 by Alicia Gaba

New integrated solution enables users to take advantage of a high availability,
truly scalable storage solution in the Cloud

(Indianapolis, IN – December 1, 2009) - Indianapolis-based BlueLock, provider of cloud computing and managed IT services, announces its second round of Beta testing with BlueLock vCloud Express Beta II. BlueLock was one of only five cloud computing hosting providers chosen by VMware to provide VMware vCloud Express services since its launch in September 2009.

BlueLock vCloud Express Beta II is a Compute-as-a-Service solution designed to support transient workloads by providing a high level of elasticity for faster turnaround time and future workload federation. BlueLock vCloud Express will compete with services such as Amazon EC2 and Windows Azure.

“BlueLock vCloud Express Beta I was an instant success,” said Pat O’Day, CTO, BlueLock. “We filled up our Beta I slots in less than two months. With the feedback we garnered from those early users we’ve been able to make some major changes and the offering will continue to get better as we prepare to launch the public offering early in 2010.”

BlueLock vCloud Express Beta II is a reliable, on-demand infrastructure solution that ensures compatibility with internal VMware environments and with VMware Virtualized™ services worldwide. The technology allows users to create virtual machines as needed and add compute capacity via an online interface. The beta services are currently free, but the public offering in the future will include a pay-as-you-go payment structure where users pay only for the compute and storage space they use.

BlueLock vCloud Express Beta II is available immediately. For additional information, visit http://vcloudexpress.bluelock.com.

Test/Dev Clouds in High Demand

Friday, November 6, 2009 by Matt Hunckler

I love my job. As a client specialist at BlueLock, I get to spend the majority of my time working with the innovative companies that are producing the products and services of the future and, at the same time, pushing the limits of cloud computing hosting.

In all of my conversations with BlueLock clients, one thing is clear:

There is massive demand for a cloud computing platform, specifically for testing and development, that is cost-effective and integrates well with production environments.

Many businesses have data and processing that doesn't require a fully-managed cloud hosting service at four nines (99.99%) uptime.

Some companies offer services that seem like they could be a good answer for this problem. IBM recently released Smart Business Development and Test on the IBM Cloud, which seems like it might be a competitor of Amazon's EC2 cloud computing platform.

The problem with some of these test/dev clouds is that they can't support VMware hosted environments. This means that, with test/dev clouds like EC2 and IBM's new offering, a company that is running their production environment on VMware can't necessarily integrate their test and production environments seamlessly -- an important consideration when doing a cloud computing comparison.

Enter vCloud Express...

One of the cool tools that the BlueLock engineers are tinkering with is a VMware-based, pay-as-you-go option that will be ideal for companies that need an environment that is dedicated to test and development. We announced vCloud Express back at the start of September, and since then, have received an overwhelming number of signups for the beta-version. In fact, we acually completely filled up all of the beta test slots!

I'm excited for the public launch of BlueLock's vCloud Express, because we'll be able to offer clients the perfect solution for their test/dev needs. Until then, I'll keep you posted as we continue to progress.

BlueLock vCloud Express BETA is FULL

Wednesday, October 28, 2009 by Alicia Gaba

Sad news – BlueLock vCloud Express BETA has filled up! We are no longer taking sign-ups until we depart our BETA status. If you’d like to be notified when BlueLock vCloud Express is available again please send an email to vcloud_beta@bluelock.com.

Thanks again to our participating launch partners:

-    Scale Computing
-    Intel
-    HP
-    Shavlik
-    And of course, VMware

More information on BlueLock vCloud Express:

BlueLock’s vCloud Express (Beta) is an on-demand, pay-as-you-go virtual machine hosting service. Running on VMware, it ensures compatibility with internal VMware environments and with VMware Virtualized™ services worldwide.

BlueLock vCloud Express is specifically designed as an easy and affordable way to try a virtual cloud or host application. This solution is perfectly suited for test and development or a startup environment. Developers are able to use the BlueLock vCloud Express service to rapidly deploy application environments and get started quickly. The solution retains the robustness, interoperability and reliability that BlueLock and VMware virtualization technology is known for while delivering the easy access and cost effectiveness of the pay as you go model.

To stay up to date on BlueLock vCloud Express and our other offerings, join our newsletter.

BlueLock vCloud Express has Officially Launched!

Wednesday, September 2, 2009 by Alicia Gaba

After a long time of keeping quiet and silently preparing for the exciting launch of BlueLock vCloud Express, the product is now alive, running and available to developers!

BlueLock’s vCloud Express (Beta) is an on-demand, pay-as-you-go virtual machine hosting service. Running on VMware, it ensures compatibility with internal VMware environments and with VMware Virtualized™ services worldwide.

VMware announced the new product offering at VMworld during the keynote speech yesterday as one of their key initiatives. VMware chose 5 hosting providers internationally to provide vCloud Express services, and BlueLock is one of them.

For more information on the service or to sign up, click here.

To read about the launch on CNN Money, click here.

BlueLock CTO Excited for Sourcefire’s New Virtual 3D Partner Program

Tuesday, July 21, 2009 by Brian Wolff

Sourcefire, Inc., a leader in Cybersecurity, recently announced its Virtual 3D Partner Program, providing cloud computing companies and OEMs the ability to leverage the new Sourcefire Virtual 3D Sensor™ and Sourcefire Virtual Defense Center™ to efficiently and effectively increase customer protection.

The Sourcefire® Virtual 3D Partner Program is designed to provide hardware, software and services companies with virtual security solutions to address their customer’s critical requirements. The company is currently forging relationships with:

Cloud computing companies – Providing these companies with the ability to easily add a virtual security sensor into their existing cloud, allowing the vendor to monitor and manage the appliance to protect customer information residing in the cloud.
Virtual OEMs – Enabling companies that are already delivering virtual solutions or hardware with additional processing ability to add Sourcefire’s complementary security capabilities.
Traditional channel partners – Allowing them to easily add a Sourcefire virtual security appliance, pre-loaded onto an existing server from other vendors.

“We’re very excited about the capabilities of Sourcefire’s new Virtual 3D Sensor and their Virtual 3D Partner Program,” said Pat O'Day, Chief Technology Officer at BlueLock. “Sourcefire is making it very easy to integrate their security technology into our cloud-based offerings and provide our clients with an additional level of protection for their hosted VMware applications.”

The Sourcefire Virtual 3D Partners can utilize the recently announced Virtual 3D Sensor and Virtual Defense Center, which provide users with the flexibility to deploy the company’s leading security solutions within their virtual environments for increased protection of both physical and virtual assets. These new virtual appliances can inspect traffic between virtual machines, while also making it easier to deploy and manage sensors at remote sites where resource may be limited. They also enable partners to easily implement Sourcefire’s leading security solutions on existing customer hardware or within a cloud infrastructure for increased protection.

“While security is a top concern for every organization, many require solutions that can be placed on existing hardware or in the cloud,” said Matt McCormick, Vice President of Business Development at Sourcefire. “With the launch of Sourcefire’s new Virtual 3D Sensor and Virtual Defense Center, we are enabling partners to easily provide customers with value-added protection without requiring new hardware investments.”

To read other BlueLock posts on cloud security click here.

Projetech: Secure Infrastructure in BlueLock's Cloud

Monday, June 15, 2009 by Alicia Gaba

Interested in cloud computing Security? Watch our newest online video featuring our client, Projetech as they share their perspective on the benefits of cloud computing as a way of insuring data security for them and their clients. Projetech relies on BlueLocks VMware Hosted Environment to manage, monitor and secure their infrastructure .

US Federal Government Defines Cloud Computing

Monday, May 18, 2009 by Brian Wolff

As the various branches of the Federal government have begun investigating and adopting different “cloud computing” and cloud-like applications, they like the private sector have struggle with the definition of ‘what is cloud computing’. To provide clarity and a common platform for discussion, a draft definition by Peter Mell and Tim Grance at the National Institute of Standards and Technology (NIST) was presented at a federal CIO summit last week.

Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is comprised of five key characteristics, three delivery models, and four deployment models.

Key Characteristics:
On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed without requiring human interaction with each service’s provider.

Ubiquitous network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).

Location independent resource pooling. The provider’s computing resources are pooled to serve all consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The customer generally has no control or knowledge over the exact location of the provided resources. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.

Rapid elasticity. Capabilities can be rapidly and elastically provisioned to quickly scale up and rapidly released to quickly scale down. To the consumer, the capabilities available for rent often appear to be infinite and can be purchased in any quantity at any time.

Pay per use. Capabilities are charged using a metered, fee-for-service, or advertising based billing model to promote optimization of resource use. Examples are measuring the storage, bandwidth, and computing resources consumed and charging for the number of active user accounts per month. Clouds within an organization accrue cost between business units and may or may not use actual currency.

Note: Cloud software takes full advantage of the cloud paradigm by being service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.

Delivery Models:
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.

Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).

Deployment Models:
Private cloud. The cloud infrastructure is owned or leased by a single organization and is operated solely for that organization.

Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).

Public cloud. The cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group.

Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (internal, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting).

Each deployment model instance has one of two types: internal or external. Internal clouds reside within an organizations network security perimeter and external clouds reside outside the same perimeter.

IaaS Case Study - HP LeftHand SANs in VMware Environment

Monday, April 27, 2009 by Alicia Gaba

HP has recently published a BlueLock case study featuring our Infrastructure as a Service environment built with HP LeftHand SANs on VMware infrastructure.

"HP LeftHand SANs allow us to continuously scale. We've gone from 2 TB to more than 300 TB without incident. We just keep adding HP ProLiant DL320 Storage Servers as our business requires," said Pat O'Day, Chief Technology Officer at BlueLock.

BlueLock's objective was to create a flexible, high-performance architecture to meet the constantly changing needs of our virtual cloud clients. BlueLock engineers used HP LeftHand SANs working with VMware to create a scalable, cost-efficient, 100 percent virtual platform.

Some of the technology outcomes include:

Highly available and flexible technology environment
Improved recovery time - from hours to minutes
Disk failover without interruption
Decreased storage-management work cycles

and the business outcomes:

Performance on demand meets changing client infrastructure requirements
Ability to offer clients aggressive service level agreements (SLAs)
Reduced hardware footprint and energy and cooling consumption
Support for innovative product development

To read more on the case study and learn about BlueLock's fully virtualized cloud computing environment click here.

Cloud Vendors: Helping Data Centers Prep for Cloud Service Offerings

Thursday, March 19, 2009 by Brian Wolff

Data Center Pulse Global Summit (Feb 17 – 19) included a cloud computing track which discussed the best ways cloud computing vendors can help data center operators evaluate cloud offerings and prepare to offer or consume cloud services. The summary of this end-user focused discussion was presented by DCP track leader Jeremy Rodriguez, senior manager of Global Data Center Efficiencies at VMware.

Some of the key points:

• End users want burst capacity and variable performance. They want to be able to scale up or down to match their needs.

• Lower costs – Users are turning to the cloud to manage shrinking resources

• End users turn to the cloud to compensate for skill and resource gaps particularly in new start ups

• The cloud can address inefficiency in existing systems

• Combine resources from different providers

• And in many cases creating a cloud environment such as a VMware virtual hosted environment does not require going outside .

This video runs about 8 minutes.