Using Amazon Elastic Block Storage (EBS) to secure data

Amazon EBSAmazon Elastic Block Store (EBS) provides raw block-level storage that can be attached to Amazon EC2 instances. These block devices can then be used like any raw block device.

There are two ways that data can be protected when using EBS:

  1. Use the Amazon Identity Management Service to control access Elastic Block Store Volumes. This can be complimented with policy options that enforce policies such as multi-factor authentication, SSL links etc in addition to controlling or locking down originating IP addresses.
  1. Encrypted EBS volumes can be created.These encrypt data at rest.Note that once set an encrypted volume cannot later be unencrypted (the same as an unencrypted volume cannot be later encrypted).

How to use Linux instances on EC2 with Active Directory

AWS Linux AD Linux instances running on Amazon EC2 can now be joined to Simple AD directories from the AWS Directory Service.

This enables users to log in to all of their EC2 instances with a single set of domain credentials (no key pair needed) and set access controls, allowing domain admins to control which users can access particular instances.

Simple AD is a managed directory powered by a Samba 4, Active Directory Compatible Server. It supports commonly used features such as user accounts, group memberships, domain-joining Amazon EC2 instances running Linux and Microsoft Windows, as well as Kerberos based single sign-on (SSO), and Group Policies.

This makes it very easy for companies to be able to manage Amazon EC2 instances in the Amazon Web Services cloud.

Amazon have more details on their blog.

Amazon EBS Provisioned IOPS volumes can now store up to 16 TB

Amazon EVS 16TBFrom  today, users of Amazon Web Services can create Amazon EBS Provisioned IOPS volumes that can store up to 16 TB, and process up to 20,000 input/output operations per second (IOPS).

Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes for use with Amazon EC2 (Elastic Compute) instances in the AWS Cloud.

Users can also create Amazon EBS General Purpose (SSD) volumes that can store up to 16 TB, and process up to 10,000 IOPS. These volumes are designed for five 9s of availability and up to 320 megabytes per second of throughput when attached to EBS optimized instances.

These performance improvements make it even easier to run applications requiring high performance or high amounts of storage, such as large transactional databases, big data analytics, and log processing systems. Users can now run large-scale, high performance workloads on a single volume, without needing to stripe together several smaller volumes.

Larger and faster volumes are available now in all commercial AWS regions and in AWS GovCloud (US). To learn more please check out the Amazon EBS details page.

DropBox is just a frontend to Amazon S3 with a killer sync feature

Musing about iCloud, the forthcoming SkyDrive integration into Windows 8, and Google Drive  got me thinking about DropBox, the company whose business model is built on charging when everyone else is starting to give large amounts of storage away for free. DropBox killer feature is their sync replication. It just works, and consumers have shown they love the simplicity of it. However Apple have replicated the simplicity of the sync, albeit only for iOS users, and Microsoft are now close to the same with Live Mesh.

DropBox store the files you give them on Amazon S3. This surprises many people who had assumed that they are stored on DropBox Servers. This means that the entire DropBox business model is beholden to Amazon Web Services. Amazing when you think about it, and highly illustrative that what DropBox really brings to the table is great software with a killer feature, but what is going to happen when every one else has that killer feature, with 10x to 20x more storage for free?

recent article had DropBox valued at 4 billion dollars . This is a valuation on a company doing revenues between 100-200 million dollars per year in which investors have poured in 257 million dollars in funding. Perhaps it’s me, but I just don’t see it. Yes, they have a gazillion subscribers but so what? In a commodised industry that struggles to convert more than 2% of the user base, why should that get me excited? But there is DropBox Teams for businesses right? Ever used it? Then try it and you won’t need me to draw a conclusion.

So what for DropBox if there is no mega IPO coming along? They turned down Mr Jobs (a mistake), so who else would be interested? What about Amazon? After all DropBox really is the ultimate sync client for Amazon S3. With Amazon now looking twards  private cloud it would same a match made in heaven. As with all good things, time will tell……

Amazon Cloud is now FISMA certified: Joins Google and Microsoft

The Amazon Cloud has now classed as being FISMA certified. FISMA is an acronym for Federal Information Security Management Act. FISMA sets security requirements for federal IT systems. and is a required certification for US federal government projects.

This is the third set of certifications Amazon has recently announced coming on top of VPC ISO 27001 certification and SAS 70 Type II certification.

The accreditation covers EC2 (Amazon Elastic Compute Cloud), S3 (Simple Storage Service), VPC (Virtual Private Cloud), and includes Amazon’s underlying infrastructure.

AWS’ accreditation covers FISMA’s low and moderate levels. This level of accreditation requires a set of security configurations and controls that includes documenting the management, operational and technical processes used in securing physical and virtual infrastructure, and a requirement for third-party audits.

Other vendors who recently announced FISMA certification recently where Google with Google Apps for Government and Microsoft with the Microsoft’s Business Productivity Online Suite among cloud services (although there was a spat between Microsoft and Google regarding these claims).

Expect to see further certifications as these are a pre-requisite of expansion into lucrative government and private sector contracts as vendors feels more comfortable choosing Cloud resources as commoditisation marches on.

Amazon enables easy website hosting with S3 – competes with RackSpace

In a move that has put it into direct competition with competitors such as RackSpace. Amazon has announced that you can now host your website using an Amazon S3 Account. With these new features, Amazon S3 now provides a simple and inexpensive way to host your website in one place at a very cheap price.

To get started, open the Amazon S3 Management Console, and follow these steps:

1) Right-click on your Amazon S3 bucket and open the Properties pane

2) Configure your root and error documents in the Website tab

3) Click Save

Amazon provide more information on hosting a static website on Amazon S3 here.

This is part of a trend that Amazon obviously want to encourage. They recently started an add placement from JumpBox on their free Web Services developers page to offer one click WordPress deployments, amongst other JumpBox offerings.

The rise of the Cloud Data Aggregators

As storing data in the cloud becomes increasingly more normal users will increasingly find themselves in the position of needing to access different types of data regularly.  To this end we are starting to see a new breed of applications and services which themselves provide a service that interacts with data stored on the cloud. The challenge is  that services that sell their products or service based on data access are in the position of having to choose which data services to support.

This is further exacerbated in the cloud storage space as their is no ubiquitous API (see our prior post on Amazon S3 becoming a de facto standard interface).

To this end we are starting to see services an applications that themselves are offering interesting aggregations of access to data clouds. We look at a few of these below:

GoodReader, Office2 HDQuickOfficeDocuments to Go, iSMEStorage, iWork:

The iPad,  iPhone, Android have some interesting applications which function on top of existing data clouds. All the aforementioned application work in this way, either letting you view the files (in the case of GoodReader) or letting you view and edit the files (in the case of Office2, QuickOffice, Documents to Go, iWork, and iSMEStorage). The premise is that if you have data stored in an existing cloud then you can load and view or edit it in this tools and store it locally.

Tools such as iWork (which encompasses iPages, iNumbers, and iKeynote) only work with MobileMe or the WebDav standard, although the iSMEStorage App gets around this by enabling you to use iWork as an editor for files accessed through it’s cloud gateway , that can be stored on any number of clouds, using WebDav, even if the underlying cloud does not support WebDav.

In fact some companies are making data access a feature in pricing, for example,  charging extra for increased connectivity.

Gladinet.com and StorageMadeEasy.com :

Both Gladinet and SMES are unique amongst the current Cloud vendors in that they enable aggregated access to multiple file clouds. They essentially enable you to access cloud files from multiple different providers from a single file system.

Gladinet is inherently a windows only solution with many different offerings whereas Storage Made Easy also has windows software but also has cloud drives for Linux, Mac and also mobile clients for iOS, Android and BlackBerry. Gladinet is  a client side service whereas SME is a server-based service using it’s Cloud Gateway Appliance ,which is also available as a virtual appliance for VMWAre, XEN etc.

Both offering support a dizzying array of Cloud, such as, Amazon S3, Windows Azure Blob Storage, Google Storage, Google Docs, RackSpace Cloud Files etc, plus many more.

Such solutions don’t just aggregate cloud services but bring the cloud into the desktop and onto the Mobile / Tablet, making the use of cloud data much more transparent.

As data become more outsourced (to the cloud) for all types of different applications and services I expect we will see more such innovative solutions, and applications that give access to aggregated cloud data, and extend the services and tools that are provided by the native data provider.

Is Amazon S3 becoming a de facto standard interface ?

I don’t think anyone would argue that Amazon S3 is the big bear of the Cloud market, both on the virtual cloud infrastructure and the cloud storage side of things. Amazon S3 has more than 102 billion objects stored on it as of March 2010.

As befits a dominant player the interface that Amazon exposes for Amazon S3 is becoming so widely used that it almost becoming a standard with regards to how to connect into Cloud Storage. Many new or existing players in this space already support the interface as an entry point into their Storage infrastructure. For example Google Storage supports the S3 interface, as does the private cloud vendor Eucalyptus with its Walrus offering. Also the on-premise cloud appliance vendor Mezeo recently announced support for accessing their cloud using Amazon S3, as did TierraCloud. There are other Open Source implementations as well such as ParkPlace which is an Amazon S3 clone and bittorrent service that is written in ruby.

Additional to this, the multi-cloud vendor, Storage Made Easy has implemented an S3 entry point into it’s gateway so that you can use it with normal clouds even where they do not natively support Amazon S3, such as RackSpace, Google Docs, DropBox etc.

So as far as S3 goes it seems you can pretty much access a multitude of  storage back-end’s using this API, which is not surprising as vendors want to make it easy for you to move from S3 to their proposition or they want their proposition to work with existing toolsets and program code. So is it good for cloud in general ? I guess the answer to that is both ‘yes’ and ‘no’.

‘Yes’ from the point of view that standardisation can be a good thing for customers as it gives stability and promotes interoperability. ‘No’ from the point of view that standardisation can easily stifle innovation. I’m happy to say that this is not what is occurring in the cloud storage space as the work around OpenStack and Swift demonstrates.

I think right now, S3 is as close as you will get to a de facto standard for cloud storage API interactions. It probably suits Amazon that this is the case, and it certainly suits consumers / developers. Time will tell how quickly this situations lasts.

GigaSpaces take e-Gaming to the Cloud with Yazino

New York & London, December 7, 2010GigaSpaces Technologies, a leading provider of a new generation of application platforms for Java and .Net environments, has provided Yazino, a massively multiplayer online casino, the application infrastructure used to build the first cloud-based, social casino platform. Yazino is using GigaSpaces’ eXtreme Application Platform (XAP) to scale on demand while reducing costs and speeding time to market.

As a social gaming online casino, we knew from the beginning that scalability was critical to our success,” says Hussein Chahine, Yazino’s Founder and CEO. “With XAP, we have the flexibility to meet constantly changing business volumes, with linear, real-time dynamic scalability using a cloud-data center hybrid model.

Yazino fuses social interaction and multiplayer functionality, building a bridge between traditional online gambling and social gaming sites. Yazino has already registered more than 500,000 players, with more than 10,000 new players joining daily.

XAP provides a unique enterprise-grade, end-to-end application scalability platform, which can handle extremely large volumes, be scaled out (or in) in real-time, and is governed by preset business SLAs, and which is ultra-fast due to the whole platform running in memory. A strategic solution enhancing IT efficiency and agility, it guarantees performance under peak demand while improving hardware utilization by up to 500%. It allows developers to build, deploy, and operate their infrastructures in any environment without a single code change.

Yazino benefits from our long experience with cloud development,” says Adi Paz, GigaSpaces Executive Vice President of Marketing and Business Development. “With XAP as the underlying infrastructure, our clients like Yazino can focus on the business logic and speed time to market without concern for where the application will actually run.

By using XAP, Yazino now has a massively multiplayer/multi-game online casino platform optimized for extremely high throughput, with hundreds of thousands of concurrent, interactive players, while giving each player excellent response time.

GigaSpaces technology helped us build a hybrid infrastructure, where we can leverage the best of the cloud’s economies of scale while ensuring our data center can manage all of the regulatory-related processing,” continued Hussein. “This provides Yazino a valuable competitive edge as we use more costly hosting only for what is required by regulation, while other services sit entirely on the cloud.

About GigaSpaces

GigaSpaces Technologies is a leading provider of a new generation of virtualized application platforms. Our flagship product, eXtreme Application Platform (XAP), delivers end-to-end scalability across the entire stack, from the data all the way to the application. XAP is the only product that provides a complete in-memory solution on a single platform, enabling high-speed processing of extreme transactional loads, while scaling to meet any requirement – dynamically and linearly. XAP was designed from the ground up to support any cloud environment – private, public, or hybrid – and offers a pain-free, evolutionary path from today’s data center to the technologies of tomorrow.

More than 350 organizations worldwide are leveraging XAP to enhance IT efficiency and performance. Among our customers are Fortune Global 500 companies, including top financial services enterprises, telecom carriers, online gaming providers, and e-commerce companies, such as Dow Jones, NYSE, Société Générale, Virgin Mobile, and Sears.

About Yazino
Yazino, the world’s first social casino (www.yazino.com) was conceived by three friends who wanted to reinvent the social gaming and online casino worlds by connecting the two together. Yazino has built a bridge between traditional online gambling and social gaming sites, creating a whole new hybrid category. The entire brand and in-game experience is entertaining and social to its core. Yazino offers a uniquely fun and competitive environment to connect the world around casino games, such as Blackjack, Roulette, Texas Hold’em and Slots.  Constantly refreshed multiplayer content, tournaments and the engaging challenge of levels and achievements allow Yazino to define the next generation of online gambling.

Yazino, a wholly owned subsidiary of Yazino Group AG (Switzerland), was founded by Hussein Chahine, Bijan Khezri and Gojko Adzic in 2008.

Amazon S3, EC2 and VPC ISO 27001 certified

As well as being SAS 70 Type II-certified Amazon is now ISO 27001 certified. ISO/IEC 27001 formally outlines a management system that brings information security under management control, and mandates requirements that have to be met. Organisations that have adopted ISO/IEC 27001 may be formally audited to maintain compliance with the standard.

As stated on WikiPedia:

SO/IEC 27001 requires that management:

Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts;

Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and

Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.

“Amazon Web Services is continuing its commitment to provide further assurance of AWS security controls and practices through third-party audits and certifications such as SAS 70 Type II and ISO 27001,” said Stephen Schmidt, Chief Information Security Officer for Amazon Web Services.

“Via ISO 27001 and other certifications, we continue to provide our customers with confidence that our security controls and practices follow internationally-recognized security standards.”

You can learn more about Amazon and it’s compliance and security provisions here.