Thursday, December 3, 2009

Cloud to Cloud Integration

After having hosted a Cloud Computing event in November and hearing how companies are dipping their feet in the cloud, the next logical step we discussed was inter cloud communication. As a small company I may buy into for CRM, Workday for HR/Financials and Google AppEngine for custom apps. How do I tie these solutions together for data synchronization? What if the data to be exchanged is extremely large? What solutions can I use to do the heavy lifting?

Service Bus solutions either deployed locally or in the cloud provide a composition medium to support such interactions. Cloud platforms expose public APIs via REST or SOAP for near-real time communication.

Large data sets and exchange of this for processing is being investigated by a interesting consortium called Open Cloud Consortium.

Another interesting area may be the creation of middleware in the cloud. Grand Central tried to support this in the early 2000 timeframe. It was a little ahead of its time but now we are seeing Amazon SQS, Microsoft Azure w/Biztalk and other similar platforms.

QCon, Security and Musings

I was fortunate to speak at QCon San Francisco, CA on November 20 discussing Service Security and my own journey on understanding security but more importantly how services can be hacked. It was interesting when examining the audience to see a mixture of participants but the lack of questions was a little disconcerning. I could take three things from that:

1) Everyone in the audience was familiar with service hacking / security.
2) People are not very familiar and were afraid to ask questions or didn't understand the content.
3) People were not interested.

Since the audience stayed for the entire presentation and questions were basic, I think the majority of the audience was in category 2.

With the increasing discussion on Cloud Computing (QCON was loaded with Cloud presentations as was SOA / Cloud Symposium 2.0/1.0) security had very little presence. In understanding security, my own education was due to a client requirement. With just a couple months of effort, I was able to better understand the security technology. The harder part has been in understanding the hacking culture, finding helpful material and approaches and how that impacts services I create. Here is the link to the QCon presentation.