Tag Archives: rackspace.com

The connection between application performance and security in the cloud

I met with Avner Algom last week in his office in Herzliya. Avner is the director of the Israeli Cloud and Grid Technology Consortium – IGT – The IGT is a non-profit organization of leading industry companies, vendors, ISVs, customers, VCs and academia, focused on knowledge sharing and networking for developing Cloud computing/SaaS, Virtualization and SmartGrid solutions. It is open, independent and vendor-neutral.

It is significant that discussions of cloud security and performance focus almost exclusively on infrastructure issues such as virtualization or procedural issues such as infrastructure compliance with various security standards and frameworks.

I remarked to Avner in the course of our chat, that there is a close correlation between performance and security issues for Web applications running in the cloud.  Avner  asked me how I came to that conclusion.

Here is why cloud performance and cloud security have common issues.

Virtually all applications deployed in the cloud are either Web-based applications or smartphone apps for Android or IOS that use http/https as their application transport.

The current rich Web 2.0 application model is broken and it has nothing to do with the  serious and fundamental issues with Microsoft monoculture, Windows operating systems vulnerabilities and Internet Explorer non-compliance with IETF  standards.

It will not help if you use Ruby on Rails or CakePHP or Zend Framework either. The debate between the Ruby on Rails, ASP.NET and PHP camps is mildly interesting but irrelevant from a cloud security and performance perspective.

A deeper look at Web applications reveals that the current rich Web 2.0 application development and execution model suffers from a broken architecture that cannot be fixed by tweaking languages.

Further examination shows that data typing, message passing, redundant code, data and multiple tier issues that are security vulnerabilities for Web applications in the cloud are also root causes of application performance issues and latency that result in a poor user experience and high cost of operation for the application operator. Note that in a utility model where you pay for CPU cycles,  you pay more for inefficient applications. That is the dark side of the externally vivacious cloud service model.

The attached presentation examines some of the root causes of the currently broken Web 2.0 application development and execution model and shows that the same security vulnerabilities born out of Web 2.0 client/server architecture result in 10x poorer performance than a traditional client-server model based on stateful, TCP unicast socket communications.

See Web application security in the cloud

Tell your friends and colleagues about us. Thanks!
Share this

Host your own SaaS with Open Source – the potential of Mosso

Show me a profitable business application-as-a-Service (SaaS) company.

There is a lot of trade talk about the success of Salesforce.com. Here is a company with a $3.2BN market cap as of Oct 26, 2008 currently trading at 24 down from 72, 5 months ago.

In 2007 – SF.com  posted a net income of $480K on revenue of $497M. Compare this to BMC Software,  a software vendor that provides system and service management solutions for the enterprise. BMC has a current market cap of $4.2BN, trading at 23 down from 39, 3 months ago. In 2007 – BMC Software posted $215M net income on $1.5BN in sales.

In plain language – Salesforce.com does not or cannot charge high enough prices for their services to sustain long-term profitability and growth.   At low price points; Free Open Source on inexpensive hosting becomes a highly-competitive alternative, especially for an SME.

Five years ago – the barrier to entry was application functionality but today, Free Open Source line of business applications like Sugar CRM Community edition are mature, full-featured applications with very little, if any, missing features and some unique advantages that Open Source offers.  Salesforce.com imposes a unique IP address/user constraint which can be very annoying. In SugarCRM, if you get User logged out when IP dynamically changed, just change 1 line in config.php

‘verify_client_ip’ => true, to false

Suppose you need a CRM system (if you’re a large shop, you already have one – like Siebel). We’re a small group of 5 guys – and we were using Salesforce.com with one of our business partners and wanted to use SF.com for our own business. The cost is $325/month or almost $4,000/year for 5 users. You can get 90% of the functionality from Sugar CRM for the cost of a onetime installation (which will take less than an hour of your time or about $150 if you pay someone) and $15/month for the hosting (if you use dreamhost.com, like we do). That’s a net savings of $3,000 / year.  dreamhost give us 700GB – more than SF.com, and the response/time is at least as good.

I know you’re saying that dreamhost.com at $15/month can’t compete with the scalability, reliability and service levels of SF.com. Maybe,  maybe not – but if you want muscle – consider Mosso.

For $100 per month, Mosso will sell you 80 GB of SAN storage, 2000 GB of bandwidth, a control panel to create sites, email accounts, databases, etc. and customer support.

Mosso says it takes radically different approach to Web hosting, using enterprise-level architecture. It deploys each website across clusters of servers, so when a server crashes or a hard drive fails, the other servers in the cluster pick up the slack without downtime. Their promise: for every 1 hour of downtime, they will reimburse you for 1 day off your bill.

Tell your friends and colleagues about us. Thanks!
Share this