Rapid elasticity, measured service, multi-tenant applications…if these features make visions of Software-as-a-Service (SaaS) dance in your head, then you are in the right place. And if it just brings confusion, have no fear-you too are in the right place! During the second installment of the Fundamentals of Cloud Computing webcast series, the DLT Cloud Advisory Group talked “SaaS” and lots of it. Beginning with an overview of the basics, CTO Van Ristau delves into a complete evaluation of different solutions available with this deployment model. But what really is the difference between SaaS and PaaS and IaaS you ask? Watch this exclusive video of Van explaining just that.

With the Fundamentals of Cloud Computing webcast series completed, each week we will highlight pieces of useful information discussed during the sessions, hosted by the Cloud Advisory Group. The series started with Introduction to Cloud Computing, offering an overview of the history and basics of the cloud. With an in-depth look at the role of virtualization, the different service and deployment models and vendor choices, CTO Van Ristau provides key some key knowledge necessary to prepare for migration to the cloud. But no preparation would be complete without an understanding of the challenges associated with relocating to a cloud environment. Check out this clip from the webcast to hear Van’s take on some of key issues to consider when taking the cloud computing plunge.

I've been asked several times to help agencies evaluate their readiness to build a private cloud. Time and time again, I use the same concepts to find their current levels and what they should be looking at next. Data center automation, service oriented infrastructure, IT service management, resource orchestration, standard operating environments. Why am I bringing up ancient buzzwords in a private cloud conversation? Because without these fundamentals, your private cloud won't get very far off the ground. An Amazon AWS VP has been quoted saying "If you are buying hardware, it isn't cloud". You may think, "Well of course, that's their business model. They don't want me to buy a private cloud." The argument made isn't a business model, it is architecture and use case. The economies of scale that need to be achieved in order to validate a cloud model only make sense in large deployments. The benefits of the IT department are best realized when the shift from capital to operational expenditures is complete. A set of local resources that takes advantage of the new cloud focused toolsets to move in a service oriented direction may not be a private cloud, but it is still a valuable direction for those IT shops that need to retain in house capabilities.

One of the first tasks that an Enterprise Vault Administrator will perform is the configuring of the Enterprise Vault indexes. Put simply, the indexes allow the searching of the archived items – kind of an important thing. If you were to organize your workspace, wouldn’t you want to know where you placed your Red Swingline stapler or your “Jump to Conclusions” mat? Well, indexes allow you to know where they are. With indexing there are 3 different levels that an administrator can specify; these levels are Brief, Medium, and Full. The actual index size will be a certain percentage of the original items -- 3% for Brief, 8% for Medium, and 12% for Full. Obviously with the Full indexing level, this level will give you the more granular searches when searching the html and text versions of the items in the archive.

Red Hat announced two new cloud offerings at their Summit in Boston, OpenShift and CloudForms. The OpenShift PaaS offering is aimed at developers who want a quick and easy way to deploy apps into an existing IaaS environment. That is a key differentiator here, existing IaaS environments. OpenShift does have a 'locally' hosted PaaS flavor called Express. This is for quick and dirty, not very scalable apps. Using the distributed revision control system, git, a devvie can push a webapp up to the PaaS environment and get a URL for the running app. It is possible to deploy simple apps with PHP, Python and Ruby support available. With no access to database software, you can still install apps like Drupal or MediaWiki. There are no promises here, so make no demands. This is designed for quick prototyping and light use. If you want more features or control, there's Flex and Power.

Over the last week or so, the internet has been awash in reports of the latest piece of malware targeting Apple OS X systems called MacDefender , MacSecurity or MacProtector. This is a piece of software that Symantec calls FakeAV, which is an entire family of “scareware.” A browser window pops up and says the machine is infected and to download a particular piece of software to remove the issue, when in fact the software you download is the payload that infects your machine. This is not new to the Windows camp as FakeAV products have been around for many years. Everyday many bogus antivirus and security applications are released and pushed to unsuspecting users through various delivery channels. Many of these programs turn out to be clones of each other. They are often created from the same code base but presented with a different name and look - achieved through the use of a "skin". These programs attempt to convince the user to purchase software in order to remove non-existent malware or security risks from the computer. The user is continually prompted to pay for the software using a credit card. Some programs employ tactics designed to annoy or disrupt the activities of the user until the software is purchased.

The Department of Homeland Security (DHS) has released a draft request for quotation (RFQ), HSHQDC-11-Q-00173, supporting the update and overhaul of DHS’s public web properties. In order to consolidate and update these properties, DHS is competeing this requirement among the Infrastructure as a Service (IaaS) public cloud blanket purchase agreement (BPA) holders on General Service Administration’s (GSA) apps.gov portal. DHS is looking to the cloud providers to deliver the development, staging, and production web environments… but there’s a catch. The production environment cannot go live until they have both the GSA Authority to Operate (ATO) and the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB) ATO. This is particularly challenging since the FedRAMP isn’t quite ready for primetime. The good news is that the awardee will have 120 days to become compliant once the FedRAMP has officially been released.

The problem is that we don’t typically have a disciplined methodology for arriving at a plan of action. Consider the following: You have to know what the loss is that you are trying to avoid. Sound simple? I assure you that most money is spent protecting assets without any regard to the loss that they represent. Remember, it’s not the laptop computer that you are protecting per se. It is the monetary value of some aspect of that asset. It could be the replacement cost of the asset. Do you think that would change your view of what was needed as a control? Of course! The replacement value of the computer is only a factor if you physically lose the computer or it is broken through physical damage. Anti-theft devices, padded carrying cases, security awareness training for employees are all possibilities but if the cost of these measures exceeds the cost of the computer then I’m guessing that you wouldn’t be likely to apply them. You may do some but not all and it would depend on analysis of which would represent a greater cost reduction.

Assembling, operating, and maintaining critical pieces of machinery are a daily responsibility of maintenance mechanics in the military. Amphibious Assault Vehicles (AAVs), in particular, are a perfect example of military land/water machinery that must be constantly maintained in to avoid potentially serious or fatal incidents. The military technical documents, used for assembly, operations, and maintenance of these multi-ton beasts, are typically static paper drawings. Normally kept in a three-ring binder, the documents are prone to get crumpled, dirty or even lost making life difficult on the mechanics. Needless to say, navigating away from clumsy, static, paper documents towards an electronic system of managing and accessing their technical documents is a welcome change.

(Network Access Control and Gateway Protection) In previous blogs we talked about the need to educate end users, knowing the details of what activity is occurring on your network, and managing the threat through compliance. In part 4, we’re going to talk about protecting your network and web/email traffic. First let’s talk about Network Access Control. Most enterprises have widespread networks across multiple locations with hundreds or thousands of network ports at each. Protecting these networks gives you peace of mind that a rouge machine will not get on the network and potentially capture data or cause disruptions. Another way to think of this is network endpoint compliance. Compliant machines get access to the network.