Archive for January, 2017

Securing cloud assets

January 23, 2017

In this post, I’m going to point out the ways in which you can access your assets (VMs, Storage, DBs) in the cloud securely. This is no different than accessing the assets in your corporate network. The goal is to make you feel comfortable about having your assets in the cloud.

To accomplish anything meaningful, you would need at least one server, a VM (if you are going IaaS) and may be storage as well. The basic level of access restriction can be achieved with AWS IAM and Azure AD. You can restrict and control access to your storage and other assets with different users.

The first and foremost activity is to form a network (virtual) and keep your servers inside that network. A network helps you to group your assets, so all security actions you take can be applied equally on all the constituents rather than doing it on individual assets. Forming a network also enables / helps in free flow of access among its constituents (like an economic bloc). Now, this network need to be protected from the rest of the world. The Security groups will help you define the rules on enabling and blocking access.

Now that you created a network and setup rules, since this whole network lives outside your corporate network location, you need access to it first. There are many ways to accomplish this. The basic and rudimentary approach is to restrict access to this virtual network in the cloud to specific IP addresses (location 1, location 2, etc). However, in this method, though the access is limited to specific IP addresses, the traffic is over the internet and there is no security.

The next level is setting up a VPN.  If you are in development mode or access is limited to specific small set of individuals you can setup Point-to-Site (P2S in the Azure world). However, if you want your entire corporate network to be able to connect to the virtual network in the cloud, you can setup Site-to-Site VPN. In both scenarios, the traffic is encrypted but you still are going over public internet. Thus your speed, latency, SLA all limited to the bandwidth & SLA of your ISP. If you are not happy with that, you can try something in AWS it is called Direct Connect and in Azure it is Express Route. This is not public internet but a dedicated pipe, you can call up providers like AT&T, Level3, the cable companies, they will be happy to provide. In addition to this, most of the Datacenter providers such as Sungard, Datapipe, IO offer direct connect between their datacenters and AWS, Azure and other cloud providers.

You can see, how this is no different than working from home and connecting to your corporate network. If you have enabled your employees to work from home, then you are ready for cloud.

Significance of SSL Certificates

January 19, 2017

This is not a big write up exploring why you need SSL certificates, their need etc. You need to see this as a continuity to my previous post on browser push notifications.

This is the beginning of the year and is a good excuse to review all your websites and their SSL (HTTPS) certificates and make sure they are valid. It is one of the best practice for your websites to support https if it allows login. Your webapp will look so sorry and in some cases, outright rejected and you end up losing your ground. The current browsers do a validation themselves as well as the myriad security products from Norton to free Avast may block, suggest that your website is not secure.

In the last post, we noticed the beauty and significance of browser push notifications. Here, in the current one, I’m talking about servers that host & send these messages. The floating pop-ups or suggestive windows such as the Chat app, that show up to assist the customers may be a totally different app. Gone are the days were the app and all its components lived in one server. now every one of them may live on their own and not even in the same data center or country! This is the day and age of Micro services architecture (better than SOA), each app is a service plugged in to make a complete offering. The web solutions these days are like a giant 1000 piece puzzle and you should orchestrate better.

ssl

Here is an example where even a company such as Bank of America has an SSL certificate that is not valid. You could spend all your money in developing nice features but at the end something as simple (wild card certificates are not cheap) an invalid SSL, will block and the messages / features / notifications would not see the light!

 

Browser Push Notifications

January 6, 2017

You might have heard about push notifications for apps (Android, Apple, Windows – for completeness sake :-)), but to bridge the gap, browsers are coming up with support for push notifications. Currently Firefox and Google Chrome support push notifications. You might have seen something like this recently when you visited a certain website. for eg: one from economictimes.com

notify

It is a pretty cool feature. With email becoming ubiquitous and gmail tagging emails under “promotion”, you need a way to reach out to your customers on significant events.  I can state a laundry list of scenario where this will be useful.

Let us say,

  • You booked a flight and checked-in, the gate changed
  • You booked a ticket for an event, you want to show parking tips or parking coupon
  • You have a business website, wherein a crucial information is made available and the client need to be notified.
  • customer left items in the shopping cart, show promotional or price change alert

and more. Here is an introductory video on this

https://developers.google.com/web/fundamentals/engage-and-retain/push-notifications/video

Yes, you can email, SMS  your clientele but in the world of diminishing attention, you need to grab as much an attention you can get.

Please drop me a line if you are interested to discuss or interested to implement this for your business.

New Year Resolution – “Ready for cloud in 2017”

January 3, 2017

You all had a party for holidays, to celebrate new year, Christmas, Kwanza, Hanukkah. Now what? back to reality – Love the most.  Along with it, there would be a whole slew of new year resolutions. How about a work related resolution? You don’t have to have your boss set goals for you, you should have a goal for yourself.

It is 2017 and in all probability, you will be using, marching towards or will be dragged kicking & screaming into the cloud. In all probability, you are using some form of cloud for your personal needs. The biggest hold back I see is the security concerns and the investments that are already made.

Knowledge is powerful and in the new year, make a resolution to learn about the unknowns. You already have your servers in a data center of your own or co-hosted with a vendor. The data centers of the cloud are no different. Microsoft has come up with a 3D visualization of one of the Azure data centers.  It is simply wonderful.

https://cloud-platform-assets.azurewebsites.net/datacenter/

If you search the internet, you will find similar videos for Google as well. I’m sure you are backing up your photos to google or if you are using an android phone, you data lives in one of the data centers anyway.

Let’s start the journey. The journey is as important as the destination.