Author: bob

Categories
cloud

What is a Private Cloud?

Private Clouds – Overview

IaaS or Infrastructure as a Service enables the provision of Infrastructure at the click of a button.  When most people talk about cloud they mean public cloud, and they mean Infrastructure as a Service.  However this doesn’t just need to be done by a cloud service provider like Amazon or Microsoft.  You can replicate the same service on the infrastructure in your data centre by building your own private cloud.

You can get the cloud definitions in the NIST document.  This is what Azure, Openstack, etc are offering with their cloud platforms

openstack-software-diagram

With a platform like this you can create applications that understand the infrastructure.  You can use API’s to custom write applications to use the computing nodes, object storage, etc. in a way that wasn’t previously available.  The decision on cloud platform is critical here because for the most part the API’s aren’t portable.  (not strictly true but more or less true)

Exciting stuff.  But lets take a breather and a reality check.  Most enterprises aren’t doing this.  Whizzy media companies or organisations on the bleeding edge of technology are trying this.  Most organisations are provisioning standard VM’s in the cloud with their existing legacy software.  It isn’t the new technology that gets them excited.  It’s the speed of infrastructure provision and the ability to move to a pay per use model that gets people interested.

 

 

What does a Private Cloud look like?

Lets take a look at how IaaS works within the Enterprise Datacentre

cloudy stuff

You can see in the image that everything is performed using Orchestration software.  There are lots of options available; HP’s Cloud Service Automation, Microsoft’s System Center 2012 Orchestrator or vCloud Director from VMWare.  The Orchestration tool (also known as Automation software) will use standard API’s to run scripts that allocate physical or virtual hardware, and then provision an operating system.  And part of that build will also provision the right agents into the OS for backup, monitoring, etc.

Standardisation is a must for IaaS

The key to technology delivery is not just the technology but the people as well.  For automation software to be effective then your organisation will need to agree a few standard builds.  If there is a different OS build for every application or system then there’s no point trying to automate it.  You’ll spend more time orchestrating the different components than it would take to provision things by hand.  Amazon’s AWS public cloud provides a specific set of template builds –

 

Model

vCPU

Mem (GiB)

SSD Storage  (GB)
c3.large 2 3.75 2 x 16
c3.xlarge 4 7.5 2 x 40
c3.2xlarge 8 15 2 x 80
c3.4xlarge 16 30 2 x 160
c3.8xlarge 32 60 2 x 320

 

You will need to do the same if you are trying to provide a private cloud for IaaS in your organisation.

To move from IaaS to PaaS then you’ll want to start overlaying software on top.  This becomes more difficult because the server guys are asking the software admins (DBA’s, etc.) to relinquish control of their installations and decide on a standard build.

People are much harder to change than technology.

What sort of service are you offering?

The “as a Service” terms gets bandied about a lot without thought about what the description actually means.

When a customer pays for a service, they don’t care about this bits and bogs, the cogs in the machine, they are just paying for the outcome.  Also consider that when you pay for any kind of service you are sacrificing choice for convenience.  For example if you choose a company car instead of taking the car allowance you get free insurance, free tax, free servicing, free consumable parts (like tyres), etc.  But you are constrained by the cars that are available.  You usually can’t choose any kind of make / model and customise your car.  You have to choose the specific cars that have been made available through the service.  The same happens in IaaS – you will make some specific operating system builds and they will always be used.  Choice is sacrificed for convenience.

In building a private cloud, the IT team is also changing what they do for the business.  In the old model you are keeping a server up and running.  When you move to an “as a Service” model, you are now offering a service.  What does that mean?  How quick / responsive will the service be?  What does it offer – High Availability / DR/ etc?  How much downtime will happen with this service?  Descriptions of things are important because the infer meaning.  By calling something a service, the IT department needs to have a good think about what they are actually offering.

How will people use your service?

Part of the sales pitch around Private Cloud / IaaS is the self service automation and chargeback.  The idea is your “customers” (i.e. people in other departments) will log into a portal and request a new operating system

This approval then gets routed through to an IT person or a finance person for approval and once approved then the software will provision the infrastructure.  Part of that build process will also have a duration on it.  Development environments are notorious for never getting removed once they are provisioned.  By provisioning items through a portal, the request can have a time limit on it which comes in as part of the approval.  Once the environment isn’t used anymore then it will get torn down.  In the mean time the project or department is getting billed appropriately for the IT resources they are using

Sounds neat.

In reality what a lot of IT departments are doing is making the portal only available to themselves.  Capacity planning is typically an immature process in many organisations.  So there’s a nervousness around letting anyone in the organisation request infrastructure willy nilly without IT oversight.

The second fly in the ointment is that many organisations are able to cross charge departments.  So the chargeback just becomes a line item on a report where IT is able to show who is using what, even if they aren’t actually billing for it.

Private Cloud – Summary

To recap then, to build a private cloud in your data centre you need

  • Orchestration Software to build your physical or virtual hardware
  • Standard builds to reduce the amount of work required to automate the environment
  • Define what your services are and who you’re going to offer them to.

The two biggest problems that enterprises face when trying to build a cloud is thinking it’s a technology project and trying to boil the ocean in the first go.  If you don’t bring the people and the organisation with you then your project is doomed to failure.  Automation and Orchestration is a tricky and complicated beast.  Take baby steps and learn as you go along.  That’s a tried and tested method for success

 

Good luck ;-P

Categories
watercooler

Google+ isn’t Facebook, it’s something else and it’s good at it

Google+ has been much maligned recently for it’s failure to duplicate Facebook and following the departure of Vic Gundotra it’s been on a long and slow decline.  Google+ is no longer integrated as a single sign on for Google products including YouTube.  Some of the interesting functionality in Google+ such as photo management from mobile phones has now been moved to separate products.

As a social network I liked Google+.  As much as facebook offers different groups, it’s a pain to manage.  The app always posts to the last selected group instead of to the default.  On Google+ I had a friends group, nerds group, UNIX group, etc. etc. and posted different stories to each group.  On Facebook family members aren’t interested in lost of Star Wars posts, but a small group of friends are very interested.  Google+ allowed that tidy split between different social groups in a way that’s totally broken on Facebook.

Now that most people have abandoned Google+ as a social media platform, what is left.  For me I think it’s become a great platform for groups and informal forums.  Taking a look at the overview of Google Groups:

groups

Speed matters is kind of irrelevant.  Mobile friendly is a given in 2015.  The first three points though are exactly how I use Google+ these days.  A good working example is Watchmaker for Android Wear.  This app lets people develop animated watch faces for Android Wear smartwatches.  The app itself purports to having “Featured Watches” – a new watchface every day.  The selection is a bit rubbish.  However if you follow the Google+ pages on Watchmaker there are new and cool faces posted daily.  There are developer conversations announcing new features.  Good and helpful discussions on how to implement functionality in the app.

watchmaker

It’s a lively and well used community.  Social media you might describe it as.  Google+ describes them as communities.  It will be interesting to see how long it is before either Groups or Google+ merges into the other.   Whilst Google+ has failed to replace Facebook as the defacto place to share the days events with people you kind of / sort of know, it has developed into something more interesting and in certain definitions more of a social platform.  In addition, one of the major benefits is a lack of minion jpegs every 3 posts – and that has to be a good thing

Categories
projects

How To Set Up an Internet Email Server

There’s a number of howto’s on the web about how to configure an open-source email server.  What I struggled to find is something that told me WHAT  it was I was trying to configure, as opposed to HOW I should configure it.

If you have something working, and you break it – it’s easy to undo your change, work out what part of the change broke it, and then decide what you need to do to fix it.  However what if I’ve never had something working in the first place? Have I misconfigured the software?  Or is the software configured correctly but I’m expecting the software to do something it isn’t supposed to do?  Both end up with it not working, but the solutions are drastically different.

In my view it’s important to understand not only the nuts and bolts of how to configure something, but be clear about what you are configuring it to do.  That makes the whole process a lot easier

Assumptions here are that you have your own server, on the public internet, and you’re trying to set it up so you can send and receive email from it.  I’m also assuming you own and manage your own DNS records.  My server is running Ubuntu Linux, so I’ll refer to their instructions.  If you’ve chosen something else then there’s actually an awful lot of configuration guides out there.  This article is to try and help you work out what you’re trying to configure, not how to do it.

To start with then, here’s a baffling diagram illustrating how the different components interact:

overview-email-setup

The 10,000 mile high view:

Email comes in to the server via SMTP (Postfix) and stored on a filesystem.  That email can be accessed by the user with a client talking to the IMAP server (Dovecot) which looks in the folders Postfix is delivering emails to.  At a really high level that’s how it works.

Before delving into more detail, lets take a look at what the system needs to do

What before how

Lost of other places will show you the configuration options to setup the software components I’m going to talk about here.  But before I talk about HOW to do something (and even then I’m only going to talk at a high level and leave configuration for the other HOWTO’s out there) – I want to talk about the WHAT.  What was it I wanted to create?  What would I have at the end of the exercise?

I wanted to replicate (well replace actually) my Gmail experience. To do that I needed to:

  1. Have a domain name people can email me at,
  2. Install Email Server Software that can receive email,
  3. Install Email Server Software that can receive email,
  4. Install Web Server Software that can show me my email through a web interface,,
  5. Configure the system so I can only see my email and not email for other users
  6. Configure the system so I can have pretend users (that’s kind of complicated and confused me for a while.  Take it as read for the minute and I’ll explain it later),
  7. Make the system secure.  I wanted the system to use encryption where possible so my information can’t be easily be read over a network connection.  I also wanted the system locked down so it can only be used for the purpose it was designed and not as a SPAM relay.

Some of that requirement is iterative.  Specifically point 6 wasn’t something I realised I wanted until I started learning about how to set the system up. I did however get completely bogged down in the configuration of the point 2 and point 3 – mainly because I hadn’t properly thought out what I was trying to setup.  The errors in the logs didn’t make sense.  I just dived straight into a “how to configure Dovecot / Postfix / SASL” HOWTO without thinking about what the end thing was going to look like.

Your requirements may differ (well probably will differ tbh).  If some of this helps someone then great.  The biggest thing I think will help is reminding people to have a plan before they start configuring.

SMTP – Sending Email

1. Have a domain name people can email me at

Email is delivered using the SMTP protocol. First off you need your DNS configuring. Every domain name has a number of attributes;

  • A Records – the names of real servers
  • CNAME’s – aliases to A Records
  • NS Records – the DNS server that has the details about your domain
  • MX records – Mail eXchanger.  This is the email server for your domain

MX is what we are interested here.  For PressedonTech a DNS search will tell you the MX record for pressedontech.com is mail.pressedontech.com.

2. Install Email Server Software that can receive email

I selected Postfix for this tool (partly because it was already installed, partly because there was a lot of related documentation, partly because I hate SendMail).

smtp1

Postfix is a Mail Transfer Agent (MTA) and it’s doing two jobs.

  1. Inbound email;
  • Postfix listens on TCP Port 25, using the SMTP protocol, to receive email ,
  • Postfix is checking it’s the right server for the email it’s being asked to process (i.e. it is configured to process email for pressedontech.com)
  • Postfix is checking it is configured to send the email to the place it’s being asked to?  For pressedontech.com it’s storing email on the server filesystem.  Other configurations will tell Postfix to pass on the email to someone else.  If that’s not what you want then make sure you aren’t telling Postfix to do that.  Potentially you’re allowing your server to be a spam relay.
  • After it’s passed these checks it puts the email where it’s told to (or errors if the checks fail 🙂 )

These things are important because spam is an issue on the internet.  Postfix is making sure the SMTP client isn’t trying to use my installation to send email pressedontech.com isn’t authorised to .

2. Outbound email

  • Postfix is sending email on your behalf to MTA’s running on other computers using SMTP.
  • Postfix is looking for outbox messages, for your user, (on the unix filesystem in my case) and then trying to deliver them

To recap – Postfix is the Mail Transfer Agent that controls the delivering of email in and out of my server.  The next step is something that can show that email to a user.  Read on to find out more…..

IMAP – Reading Email

3. Install Email Server Software that can receive email

Email has been delivered to you server using SMTP.  How do you read it?

IMAP1

IMAP is the Internet Message Access Protocol.  IMAP client software talk to IMAP server software to access messages in mailboxes on the server.

You can use the POP3 – the Post Office Protocol if you like.  For a massive oversimplification – IMAP is better for accessing email on a server. POP3 is better for downloading email to a computer.  For my use case I can imagine multiple IMAP clients talking to my server so it makes more sense for me to use IMAP and not POP3.

From the search I did, there were two options for a Linux / Open Source based IMAP Server.  Cyrus or Dovecot.  Cyrus is a much older and more mature project.  However Dovecot seemed to have much more recent documentation available, and more howto’s and forum threads that seemed related to what I was trying to do.  So I picked Dovecot.

Next is second part of reading email, the web interface….

IMAP – Reading Email – part 2

4. Install Web Server Software that can show me my email through a web interface

For my use case, I expected to want to read email on my phone, and read email in a web browser interface from my PC.  I could have just set up another desktop IMAP client but webmail seemed to be the way to go (I suspect this is Gmail brainwashing but it was something else to learn so I went with it.  For this I selected Roundcube.

IMAP2

Roundcube is a PHP application.  In your web browser you log in to the Roundube application.  Roundcube then talks to Dovecot and shows you your emails. Roundcube stores it’s own configuration in MySQL (hence the database requirement).

But how does Dovecot know how to show Roundcube just my email and no-one elses?  Follow through to the next page to find out…..

Each User has their own email

5. Configure the system so I can only see my email and not email for other users

Dovecot is acting as the authentication process for everything.

  • When Postfix receives an email to process it asks Dovecot “does user@pressedontech.com” exist?  If it has a valid user it lets Postfix know.  It took me ages to get this bit right.  If enough people want it I can post my final config but there’s plenty of technical documentation to help you sort this out.
  • When a user on their smartphone connects through the mail app, it’s providing a username and password.  Dovecot checks and provides access to the appropriate mailbox, assuming that exists

If you look at the various DoveCot / Postfix forum posts, it’s the integration between these two software components (specifically getting Postfix to authenticate users using Dovecot’s authentication process) that seems to be the one thing that gives people the most headache.  First off I setup Dovecot to authenticate against real users

authentication

Dovecot can check against real system users (i.e. a UNIX user who can ssh onto a server, a separate file with email only users or data in a database such as MySQL).  This is where I came unstuck as well because many of the HOWTO’s talk about virtual users – description which makes sense in hindsight but I didn’t properly wrap my head around when trying to troubleshoot why Dovecot wasn’t talking to Postfix properly.  By configuring Dovecot against real users first, I got the basic system working before trying to do something clever.

A virtual email user means that I don’t need a real UNIX user to send email to someone.  Why is that important?  If I want a secure system, I don’t want the username’s and passwords of users that can log in via ssh spread across the internet.  By configuring virtual users I can send email to tom@pressedontech.com, dick@pressedontech.com or harry@pressedontech.com without needing those real users on the system. This can be implemented using encrypted flat files, or with a database backend.  I chose to use MySQL and the final configuration looked like this:

authentication 2

Next we learn about making the system secure

Security Security Security

7. Make the system secure.

There’s a few best practises to consider here.

The first is to expose as few services to the internet as possible.  Therefore

  • I don’t run a POP3 Server because I don’t see an immediate need to use POP3.  This is a key principle of only configuring the minimum set of services required. If you configure a service then you’d better make sure it’s configured properly.  If you aren’t going to use a service, then why waste time configuring it when you could just disable it and focus your efforts on doing a better job with the services you are going to use
  • I do use a firewall.  Belt and braces here.  I think I’ve disabled services I don’t need.  With a firewall configured then I’m making extra sure that I’m only exposing the services to the internet that I intend to.
  • As many of my services as possible are routed through the localhost / loopback / 127.0.0.1 IP address.  I’m not providing database services to the internet so why would my MySQL server need to be contacted by an internet IP address?  By using either local UNIX ports or non-routable IP Addresses you are limiting the amount of traffic you are sharing outside of the service and reducing the attack vectors for your server
  • Encrypt as much as possible.  For the services I do expose to the internet, then these are configured using TLS.  At the minute I’m self signed, mainly because it’s just me using it. But it gives me the confidence that I’m not passing my username and password details around in plaintext for all to see.

My secondary concern was around not turning my system into an open spam relay.  I don’t want other people using my SMTP server to send emails pretending to be from my domain because

a) because that’s not cool.

b) because that will get my domain and IP blacklisted so my own email won’t work

c) I’ll probably get moaned at and potentially switched off by my ISP.  and I don’t want that either

As part of configuring the system I spent a fair amount of time on this topic, making sure I understood how to lock the system down, how to prevent unauthorised users and how to only relay for my domain.

External checking

There were a number of tools I used once I had my system up and running.  The first was a portscan to check I was only exposing the services I thought I was exposing.  Secondly I used a number of different websites to check my server wasn’t acting as an open spam relay.  Notice here I said I used more than one service.  I did this for both the port scanning and the SMTP relay check.  Using more than one tool gives you the extra confidence in your results.  It’s one thing to think you’ve done it correctly.  It’s another to have someone else check your homework.  This was one of the key points in making sure I was happy with what I’d setup.

It took me several days of trial and error to get my system up and running.  During this period I made a point of switching things off whilst I wasn’t configuring them.  I would make some progress, hit a roadblock and leave the system to come back another day and try and make more progress.  It would be silly to leave a half configured or misconfigured service live on the internet so when I wasn’t configuring, the services were disabled.

Finally make sure you’re patched and up to date.  If you’re using a Linux system with a package manager, it’s a 5 second job.

I don’t think any of these make my server hack proof.  Nothing is invulnerable.  However by taking these options your making it less vulnerable and reducing any options potentially hackers may have.

In Summary

Hopefully that gives a good overview of how an internet email service can be setup.

overview-email-setup

There are lots of other websites out there giving instructions on how to configure the email software, which options to pick, how to generate self signed certificates, etc. What I wanted to do here was give a high level view of what you were trying to configure and not duplicate the other places that tell you how to configure it.

As per usual, any feedback or clarification on what I’ve written here is always welcome. I hope some of that info is useful to people

Categories
projects

What to consider when replacing free services like Google, Microsoft, etc

As per my previous posts around removing myself from Google’s clutches, I’ve setup my email server.  And it was hard.  Something that’s very common in open source howto’s are very detailed explanations of how to configure things.  What’s not very common are high level overviews of how technologies interlink.  Which makes troubleshooting things difficult.  Did I choose the right option in my IMAP server?  Have I misconfigured my authentication modules?  Or is it broken because what I’m trying to do is fundamentally wrong because I haven’t properly understood what I’m doing?

Running a service on the public internet is a dangerous thing.  Part of the logic behind moving my email to a personal server instead of using one of the free public services Google or Microsoft provide is for enhanced privacy and control over my own data.  As such setting up an email server full of security holes isn’t going to achieve that goal.

The upshot therefore is

  • Choose the right software.  Take a look at the product history.  Is it still frequently updated?  Is it well documented?  Does it have a history of being insecure or is it well patched?
  • Make sure you update that software.  No point running “secure” products if you’re running an old version of that software
  • Have a think about how you’re configuring that software.  For different server components that need to communicate (such as Apache talking to MySQL), configuring them to talk over localhost (127.0.0.1) instead of the internet facing IP address will limit the servers exposure to the internet.

That’s just a few ideas.  It’s not an exhaustive list but they illustrate that once you’ve worked out what software you want, and you’ve worked out how it should work you’ve then got an initial task of making sure the product is configured properly and securely and then an ongoing job making sure it’s still secure.  By taking on the job yourself you’re actually taking on a level of responsibility for your own security.  Something you currently take for granted.

I’ve written an email server overview here.  It’s not designed to be a configuration HOWTO.  There’s plenty of those out there written to a high quality. What I have tried to do is describe the different email server components so you can understand what you want to configure, before trying to delve into how you’re going to configure it.

It’s easy to see why getting all this stuff for free is so tempting

Categories
privacy projects

Bye Bye GMail, see you later OneDrive

Here’s my project to extricate myself from free services.  I’ve got an Android phone.  I use gmail.  And Hangouts.  And Google Maps.  And Google News

Google Now watches where I go to frequently and it thinks it knows where I work.  It sees the purchases I make and gmail tells it when they are being delivered.  It sees the places I go and makes suggestions on where to go.  It’s a little creepy

As such I feel motivated to do something about it.

Following in the footsteps of Bryan at Bad Voltage, I’m taking steps to extricate the “free” services from my technology life.  Starting today I’m moving away from GMail.  It’ll be a slow transition because it’s not a 5 minute job.  iPhone email and webmail are working.  But I think I want a more complicated configuration; multiple email domains, virtual users, etc.  That’s obviously part of the hook with Gmail and it’s Software as a Service model.  All that hard work is done for you.

(The irony that most of my mobile technology posts are pro-Android but from a security and privacy perspective, Apple’s mobile OS is probably much better for you – well that’s not lost on me.  I’m just sulking about it)

This is the second step I’ve taken.  The first was to give Firefox yet another go.  I’ve got a post brewing for a while about why Firefox is really the only browser to trust and the steps you can take to make it even more secure and private.  Back to the “too many eggs in one basket” theme of this post however – the summary is that nothing is free, there is a cost to everything.

But is it worth it????

Categories
privacy

Trust Issues

We trust Internet conglomerates to give us services but how much are we giving away for functionality?

I flit between being ultra paranoid about Google to fully embracing it’s services and living in the future.  This has been one of the more difficult posts to write.  I think that’s because I’m not talking about cold hard facts, but expressing a feeling. Every time I start, it ends up being a ramble about privacy and security, big brother, the youth of today not realising they over share, and get off my damn lawn….

The cold hard facts are that we have technology around us today that we couldn’t imagine 10 years ago, 5 years ago, probably even less than that.  And that technology needs data to do amazing things.  Forget about security of information, about privacy, about the concerns about a single organisation having so much data about you.  Embrace the future.  I’m sure Oppenheimer felt the same way.

It’s not just a GOOG thing

It’s not Google per-se that gives me pause for thought.  It’s the aggregation of data from different data points held by a single organisation that makes me nervous.  Think about all of the data in GMail, Google Plus, Google Drive, Android Fit, Nest, Google Wallet (the same can be said for Outlook.com, OneDrive, Office 365, etc.)  Individually most of those sources are relatively negligible.  It’s when they are aggregated that the data becomes so powerful.  And therefore so worrying.

So What?

Cold hard facts work much better than abstract examples

Look at Google Now.  Every now and again it’ll prompt you to ask if you’re interested in travelling to a particular location.  If you drive to the same place every morning, it’ll guess that’s your place of work.  We trust Google to have impervious security.  But anyone with a modicum of IT experience knows that nothing is bulletproof.  So, Google knows

  • my home address,
  • it has my work address,
  • it knows when I commute and when I’m not at home.  For hours at a time.

I’m pretty sure Siri or Cortana would do the same thing if I used them in anger.

With a little thought you can extrapolate that list to show that it knows an awful lot about you, your purchasing habits, your physical location, etc.  I trimmed it back to the above three points just to illustrate that on a very basic personal or home security perspective – you’d better hope and pray that Google has it’s very best security guys looking after you.  And yet nothing is ever really secure.  Not 100%

Categories
cloud projects

Why I bought a server instead of using the Cloud

Everything is cloud computing, Amazon AWS, etc. etc. these days.  And yet for this website I kept it old school and purchased a Linux web server I had full root access to.  Why was I such a Luddite?  A couple of reasons really.

Curiosity killed the techie

Part of this is a learning experience.  A hundred years ago I used to be a sys-admin.  I still play with Linux periodically, on laptops, raspberry pi’s and virtual machines.  But I wanted to build a thing from the ground up.  To choose my webserver (apache or lighttpd), choose my blogging software, etc.  I wanted a platform where I could do a little coding and be free to install what I wanted.  And then to secure the whole platform correctly.  In summary this website isn’t just a tool for me to share (or vent) my thoughts on a number of technology subjects.  It’s also a learning exercise

But why so old school?

One of the supposed break-through’s that Amazon AWS provides is the ability to be charged for what you use.  From a processor  / memory perspective but also from a bandwidth perspective.  Which for a small blog like this should be more cost effective.  But what happens when my massive genius delivers the post that makes me famous.  The popular web-based source code repository Github hosts their sites on Amazon’s AWS cloud platform.  When they got DDoS ‘d earlier this year (supposedly by The Great Firewall of China), through no fault of their own and completely out of their control, Github started incurring a $30,000-a-day Amazon bill.  Which is more than my little hobby can stand.

I’ve obviously picked an extreme example to make a point. But whilst paying for a dedicated virtual server is certainly not the cheapest website hosting option, it’s a known cost every month and something I can control.

The elephant in the cloud computing room

The pay per use / consumption model stands out to me as one of the major unspoken issues with cloud computing.  The implication is that we have all bought far too many servers for what we really need. If we just moved to a usage model where we just pay for what we use then that’s bound to be so much cheaper.  This concept is based on the assumption that IT (or non-IT people for that matter) have a really good idea on how specific applications are applying load to existing infrastructure.  Or they have mature processes for projecting the infrastructure requirements for future applications currently in development.

Oink Flap Oink Flap Flap

Ahem

A consumption based solution like cloud has an associated requirement that product revenue is closely tied to infrastructure utilisation, i.e. if my hosting costs increase then that’s fine because that means my product is generating more revenue in line with the increased cost.  But in reality how many people are re-architecting their applications this way.  Sometimes that’s not even possible.  Re-designing an application to tie it’s infrastructure utilisation to the revenue it will create is more than just a technology problem. It’s a business process and sales problem as well.

Summary

As a technology I’m a big fan of Infrastructure as a Service and Platform as a Service cloud technologies.  I think the problem is when we are promoting them based on business reasons and not technology reasons.  And often either the business isn’t engaged in that conversation, is just too far removed to understand the problem or even be in a position to make the required changes to adopt those benefits.

I’d share a picture of a Emperor but nobody needs to see that

Categories
mobile

A Philosophical Debate on an OS?

Chatting with one of our Solution Architects yesterday and I saw an Apple watch on his wrist.  Amused I pointed out that I had my Moto 360 and we were living in a Dick Tracy future.

“I’m sure we could have a philosophical debate over this” he said, referring to our different mobile OS affiliation.

An interesting choice of words

Philosophy according to Wikipedia is ” the study of general and fundamental problems, such as those connected with reality, existence, knowledge, values, reason, mind and language”  and as a method, “philosophy is often distinguished from other ways of addressing such problems by its questioning, critical, generally systematic approach and its reliance onrational argument

Rational argument where iOS and Android fanboys are concerned is a level of hilarity on it’s own. However I do think there’s something in there around the two operating system approaches and what it is about them that appeals to different people.

Android for the most part shows it’s heritage in the Linux and open source world.

iOS is a platform from a company with a history of selling boxed software and hardware products.

Those origins have a core input into the design approach of the operating system, how users interact with the product and the overall experience of the device.  I’ve pulled out a few interesting points and it’s not an exhaustive list.  But I think they go to illustrate some of the key differences between the OS that reflects the vision that each organisation has for it’s product.

Security

Android  Apple iOS
 It’s relatively open and users can install the applications they choose.  This is great for hippies  Software access is strictly controlled and locked down to vendor approved apps.  From a security perspective the iOS platform has strong encryption, better built in two-factor authentication in the hardware and an operating system and application eco-system that provides fewer attack vectors

A common critique of iOS from the Android camp is it’s locked down walled garden approach.  This isn’t necessarily a bad thing though.  Assuming that you trust Apple (and objectively there’s little reason to trust them any less than you would Google or Microsoft), then they are providing a layer of control over your device that is impossible to replicate on Android.  The iPhone is a product from Apple comprising a hardware model and an operating system.  The two are intrinsically linked.  Android is an operating system licensed by many vendors and then tweaked by carriers.  So when a major security flaw hits, Google can patch it’s OS, but then the hardware vendor has to patch their version of Android, and then the carrier has to patch their version of that version.

So whilst Android is providing a greater level of freedom for the user, it’s also providing a greater level of freedom for anyone trying to break into your phone.  Now that Android is the most popular mobile OS globally, that’s a big incentive for hackers to focus their attention on.

 

Application Integration

Android  Apple iOS
 Applications can talk to each other and share data.  There’s some inter process communication but it’s a bit of a fudge and for the most part applications live within a walled garden

A common question from iOS users when they first come to Android is “which apps should I install”?  “The same apps you use on iOS” is the standard sarcastic reply.

Apps aren’t the differentiation between these two operating systems.  Functionality is.  Whilst iOS has picked this up to a point, one of the really useful parts of Android is the ability to share data between applications.  Sharing links, images or other data points is significantly easier and much more widespread on Android.  And going back to your previous application without losing your place or the context you are working in is both great and easy.

This can be seen to be another example of the first principle around segregation described above.  Where Apple is trying to control what applications can do (from a security, functionality and probably battery life perspective), the barriers are much lower on Android where sub-systems and applications are much freer to  communicate and share.  For good or bad.

Core OS User experience

Android  Apple iOS
 Core applications updated incrementally.  Core applications are distributed through the Play Store and frequently updated with minor versions.  Effectively this makes operating system upgrades far less important for the user.  It also makes the user experience much more fluid and dynamic, or less politely – chaotic.  Core applications are updated with the operating system.  With it’s heritage as a company who sold boxed software, the version of mail you get with iOS 7 is the same version until the whole operating system gets an update.  Whilst this can be seen as constraining, it makes for a very consistent, controlled and polished user experience

To a point this is a direct result of the fragmentation described above wherein Google’s OS goes through a 3rd party manufacturer filter and then a mobile carrier filter before hitting the end user.  By moving previously core applications into the App Store, Google has made much of the fuss around Operating System updates obsolete.  Android users can get the same GMail experience on Jellybean, KitKat or Lollipop.

 The debate

The debate therefore is a circular and pointless one.  Depending on which of the above you consider to be more important, then either OS can be painted as the “better” option.  What is clear though is that both companies do have a clear and focussed direction and if nothing else, that’s better than a me-too product.

Categories
mobile

The Smartphone is the new computing platform

I learned this weekend that Apple thinks the desktop is it’s computing platform.   For Google the smartphone is the primary computing device.

A first world problem is giving your child a tablet or smartphone. How do they buy stuff for their device? How can you stop them running up massive in-app payments by accident.  To even create an iTunes account you need to add a credit card as proof of identity (you can delete it later but it’s a faff).

With the kids wanting to play Minecraft, the solution I came up was gift cards.  The cheapest Google play card is £10. The cheapest iTunes card is £15. Both overkill when Minecraft is only £4.99 but it gives some leeway for buying other stuff and testing the in-app payments theory without running up a massive credit card bill.

cards

 

 

 

 

Google Play was easy. Try and buy the game, and the payment screen on the tablet has a “redeem” button. Type in your code. Job done.

redeem

iTunes was much harder.  Harder because the payment screen on the device only let’s you enter a credit card as a payment option.  An internet search implies you can top up your account online but either I was being thick or its a convoluted process that I couldn’t decipher.  Fire up iTunes on a PC and its dead easy.

itunes-gift-card

So much swearing later the upshot is that I was doing it wrong. It’s 2015 and I thought we live in an smart device world and PC’s are for old people and enterprises. But it seems that Apple consider the smart phone to be an ancillary device to be managed from a computer whereas Google consider the device to be the primary computing platform.  I’d say this is probably a reflection of what the companies are; Apple is a physical products company, Google is an internet services company. But it’s an interesting reflection of the mind set and software interface design choices going on in each company

Categories
mobile

Google isn’t Apple. And why it may win

Apple is a computer company.  Google is a data and services company.  And that might mean Google win’s the long game

In q3 2014, Apple posted revenue of $37.4 billion and net quarterly profit of $7.7 billion. (source: Macrumors) What’s interesting is if you look at the breakdown of that revenue, the vast majority of that cash comes from hardware sales

And over time that percentage isn’t changing.

Take a look at a similar chart from Google (albeit from 2009) and all of the data is about their advertising.

Trying to find any kind of product breakdown on where Google’s revenue comes from is nigh on impossible.  And that’s kind of the point.  Google’s product is advertising.  So you can kind find plenty of breakdown’s on who is buying Google Ads, how the trend is moving from desktop to mobile, and how Google is trying to monetise that mobile search.  But the revenue from physical product is negligible

As shown above, Apple is a computer company.  Under Steve Job’s helm they’ve been very successful at spotting the computing trends and building products to meet that trend.  And that’s their ongiong challenge.  Apple needs to spot the next computer trend.   Admittedly they weren’t the first product to market in the mobile connected computer space (Palm and Microsoft say hi there) – but they were certainly the first to create a product that generated a mass market.  And then to spot the tablet as the next big computing platform – more product insight there.

However tablets are now in a decline.  Consumer’s are trying to get the best of worlds and increasingly moving to the phablet form factor.  Which provides apple with an interesting challenge because with their Iphone 6+ they aren’t the first to market here. Neither with their Apple Watch.  For a company so reliant on being dominant in the computing platform, not leading that market space is certainly a concern for them.

With the absence of a technology leader spotting those trends and driving best of breed products – Apple’s medium to long term prosperity will certainly be something to watch with interest

(this was supposed to be a post on why Google may win as a services company instead of a physical product company.  But it got too long winded so that post will be in a follow up – TL; DR)