Optimizing Resources with Server Virtualization

Moore’s Law describes a long-term trend in the history of computing hardware, in which the number of transistors that can be placed inexpensively on an integrated circuit has doubled approximately every two years. In other words, Computing power of most of the systems have dramatically improved over the years. Some have CPUs with multiple processors that give these servers the ability to run complex applications with ease. System administrators usually dedicate each server to a specific application. Many of these applications don’t play well with others thereby justifying a dedicated machine for each application. One application per server also makes it easier to track down problems as they arise.

There are a few problems with this approach, though. One is that it doesn’t take complete advantage of modern server’s processing power. Most servers use only a small fraction of their overall processing capabilities. Another problem is that as a computer network gets larger and more complex, the servers begin to take up a lot of physical space. A data center might become overcrowded with racks of servers consuming a lot of power and generating heat. Last but not the least, dedicating individual machines for each application certainly increases the infrastructure and hardware costs of any organization.

Server virtualization attempts to address all of the above issues. By using specially designed software, an administrator can convert one physical server into multiple virtual machines. Each virtual server acts like a unique physical device, capable of running its own operating system (OS).

There are three ways to create virtual servers: full virtualization, para-virtualization and OS-level virtualization. They all share a few common traits. The physical server is called the host. The virtual servers are called guests. The virtual servers behave like physical machines. Each system uses a different approach to allocate physical server resources to virtual server needs.

Full virtualization uses a special kind of software called a hypervisor. The hypervisor interacts directly with the physical server’s CPU and disk space. It serves as a platform for the virtual servers’ operating systems. The hypervisor keeps each virtual server completely independent and unaware of the other virtual servers running on the physical machine. Each guest server runs on its own OS. You can even have one guest running on Linux and another on Windows. The hypervisor monitors the physical server’s resources. As virtual servers run applications, the hypervisor relays resources from the physical machine to the appropriate virtual server. Hypervisors have their own processing needs, which means that the physical server must reserve some processing power and resources to run the hypervisor application. This can impact overall server performance and slow down applications. VMware and Microsoft Virtual Server both use the full virtualization model.

The para-virtualization approach is a little different. Unlike the full virtualization technique, the guest servers in a para-virtualization system are aware of one another. A para-virtualization hypervisor doesn’t need as much processing power to manage the guest operating systems, because each OS is already aware of the demands the other operating systems are placing on the physical server. The entire system works together as a cohesive unit. Xen and UML both use the para-virtualization model.

An OS-level virtualization approach doesn’t use a hypervisor at all. Instead, the virtualization capability is part of the host OS, which performs all the functions of a fully virtualized hypervisor. The biggest limitation of this approach is that all the guest servers must run the same OS. Each virtual server remains independent from all the others, but you can’t mix and match operating systems among them. Because all the guest operating systems must be the same, this is called a homogeneous environment.Virtuozzo and Solaris Zones both use OS-level virtualization.

The Basics of Cryptography

Recently, I have been working towards establishing an enterprise framework for PGP encryption. In that regards, I came across this very useful link that outlines the basic concepts of cryptography. I am simply summarizing these concepts in short.

Encryption and Decryption

Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting ciphertext to its original plaintext is called decryption.

What is Cryptography?

Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.

How does cryptography work?

A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key — a word, number, or phrase — to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key.

A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem. PGP is a cryptosystem.

Conventional Cryptography

In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption. The Data Encryption Standard (DES) is an example of a conventional cryptosystem that is widely employed by the US Federal Government.

Key management and conventional encryption

Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not going anywhere. However, conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution.

For a sender and recipient to communicate securely using conventional encryption, they must agree upon a key and keep it secret between themselves. If they are in different physical locations, they must trust a courier, the Bat Phone, or some other secure communication medium to prevent the disclosure of the secret key during transmission. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all information encrypted or authenticated with that key.

Public key cryptography

Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. Even people you have never met.

It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared.

How PGP works

PGP combines some of the best features of both conventional and public key cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. (Files that are too short to compress or which don’t compress well aren’t compressed.)

PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient’s public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.

Decryption works in the reverse. The recipient’s copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally-encrypted ciphertext.

The combination of the two encryption methods combines the convenience of public key encryption with the speed of conventional encryption. Conventional encryption is about 1,000 times faster than public key encryption. Public key encryption in turn provides a solution to key distribution and data transmission issues. Used together, performance and key distribution are improved without any sacrifice in security.

To understand these concepts in detail and read on additional topics such as Keys, Signatures, Digital Certificates, and Trust I would strongly suggest you take a look at the original article.

Telepresence: Star Trek Style

According to Wikipedia, Telepresence refers to a set of technologies which allow a person to feel as if they were present, to give the appearance that they were present, or to have an effect, at a location other than their true location. It requires that the senses of the user, or users, be provided with such stimuli as to give the feeling of being in that other location. Additionally, the user(s) may be given the ability to affect the remote location. In this case, the user’s position, movements, actions, voice, etc. may be sensed, transmitted and duplicated in the remote location to bring about this effect. Therefore information may be traveling in both directions between the user and the remote location.

At its base level Telepresence can constitute a television set since it stimulates our primary senses of vision and hearing. As the screen size increases, the sense of immersion increases too. Let’s say for example iMAX screens or even large corporate video conference environments. At its highest level, Telepresence can become a Star Trek style virtual presence in 3D. It would seem that virtual presence concepts are far from reality and only hold place in sci-fi movies. Well, the YouTube video below will prove you wrong. It is very much a reality and several companies are working on it big time.

Cisco Telepresence Magic

Open Source BPM Applications

As more and more organizations adopt an open source strategy, BPM is an interesting domain to consider in this arena. This article presents a list of good commercial open source BPM solutions. 

JBoss jBPM is a JBoss Enterprise Framework that delivers workflow, business process management (BPM), and process orchestration in a scalable and flexible product footprint. JBoss jBPM reduces development time to automate and integrate business processes leveraging IT. It provides the tools and process execution engine to integrate services deployed in a service-oriented architecture (SOA) and automate workflows in Java and Web applications to reduce business process error, speed process execution, and enhance business performance.

JBoss jBPM enables IT flexibility by supporting multiple-process languages with the same scalable process engine platform. It’s pluggable architecture is extensible and customizable on every level: within the process engine, for each process definition, and every corresponding process instance. It seamlessly integrates with JBoss Seam which is an application framework for simplifying and unifying the EJB and Java Server Faces (JSF) component models. JBoss jBPM provides a process-oriented programming model (jPDL) that blends the best of both Java and declarative programming techniques.

Intalio is an open source business process platform built around the standards-based Eclipse STP BPMN modeler and Apache ODE BPEL engine, both originally contributed by Intalio. Intalio Enterprise provides all the components required for the design, deployment, and management of the most complex business processes which includes

• BRE
• BAM
• Porta
• ESB
• ECM

Intalio is available in several editions but what we’re most interested in is Intalio’s free community edition. This edition is made of two components, Intalio Designer and Intalio Server. Intalio Designer allows one to model  the business level processes for the model to be eventually deployed to Intalio Server. Intalio Designer is the only tool currently available on the market that allows any BPMN model to be turned into fully executable BPEL processes without having to write any code. Intalio Server is a high-performance process engine that can support the most complex business processes, deployed within mission-critical environments.

ProcessMaker is an open source business process management (BPM) and workflow software designed for small and mid-sized businesses (SMBs). It is a user friendly solution to manage workflow effectively and efficiently. Business users and process experts with no programming experience can design and run workflows, increase transparency, and radically reduce paperwork, automate processes across systems, including human resources, finance, and operations.

With ProcessMaker you can easily create workflow maps, design custom forms, extract data from external data sources and many more key features to optimize workflow management and business operations.

One key advantage of ProcessMaker is the online library which provides many process templates for you to download and begin editing. Learning curve can also be reduced since you’re starting from one which is already readily built and tested.

CuteFlow is a web-based open source document circulation and workflow system. Users are able to define “documents” which are send step by step to every station/user in a list.
It’s an electronic way for doing (i.e. internal) document circulations. A document can be assembled from input fields of different types. The fields can be filled with values by the receiver of the document directly in the users E-Mail-Client. After a completed circulation you will have a completely filled document. Also attachments to the document are possible (i.e. for illustration material). All operations like starting a workflow, tracking, workflow-definition or status observation can be done within a comfortable and easy to use web interface.

ActiveVOS is a standards-based visual orchestration system. ActiveVOS revolutionizes the work of automating business processes by making it easier than ever before to create BPM applications that radically improve business results. ActiveVOS also overcomes the cost barrier that has until now delayed many organizations’ BPM efforts.

ActiveVOS system consists of the ActiveVOS Designer and the ActiveVOS Server. ActiveVOS Designer is a rich productivity tool that incorporates the BPMN, BPEL and BPEL4People open standards and a set of advanced wizards that make easy it to create business process models and orchestrations quickly. ActiveVOS Server easily scales to meet the needs of enterprises of any size and can be rapidly incorporated into a production J2EE execution environment to meet rigorous performance and availability requirements. With ActiveVOS Server, teams can leverage existing skills and collaborate to develop, deploy and run production business process management applications.

Information Security Management System (ISMS) and ISO\IEC 27001:2005

Recently my current employer, M.H. Alshaya Co. W.L.L., became the first retailer in the Middle East to be certified with ISO/IEC 27001:2005 certification. This was a result of hard work from around 150 employees (whose processes were included in the scope) spanning across multiple departments. I was a member of the ISMS (Information Security Management System) steering committee.

ISO/IEC 27001:2005 standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving ISMS. For its implementation, ISO defines a set of information security management requirements outlined in clauses 4, 5, 6, 7, and 8 of the standard. An organization must meet each of these requirements to achieve ISO 27001 compliance. Further, the standard adopts the PDCA (Plan, Do, Check, Act) model for every aspect of its implementation.

• PLAN: Section 4 expects you to plan the establishment of your organization’s ISMS.
• DO: Section 5 expects you to implement, operate, and maintain ISMS.
• CHECK: Sections 6 and 7 expect you to monitor, measure, audit, and review your ISMS.
• ACT: Section 8 expects you to take corrective and preventive actions and continually improve your ISMS.

Along with these requirements, the standard also lists a set of control objectives and corresponding controls in Appendix A (A5-A15). Based on some detailed risk assessment, an organization needs to identify the controls to implement or exclude (with valid reasons). The control objectives are listed as:

• A5: Security Policy
  
• A6: Organization of Information Security
  
• A7: Asset Management
  
• A8: Human Resources Security
  
• A9: Physical and Environmental Security
  
• A10: Communication and Operations Management
  
• A11: Access Control
  
• A12: Information System Acquisition, Development, and Maintenance
  
• A13: Information Security Incident Management
  
• A14: Business Continuity Management
  
• A15: Compliance

For certification an organization needs to establish ISMS that meets ISO 27001:2005 and identify its internal needs. An external registrar is then invited to audit the system. If the registrar is satisfied with the compliance it will issue the ISO 27001:2005 compliance certificate. The entire process is extremely tedious but certainly worthwhile in protecting important information assets of the organization. 

Dashboard Designer in Pentaho BI version 3

Today Pentaho released version 3 of their BI suite Enterprise Edition. Apart from a few bug fixes, majority of the functionality is the same as that available in Enterprise Edition version 2 (previous post). One significant addition is the self-service dashboard designer.

Self Service Dashboards

Along with the adhoc report and adhoc analysis, you can now create an adhoc dashboard.

Dashboards

Creating dashboards is extremely simple. All you need to do is select a dashboard title, layout design, and appropriate theme. Once that is done, you can select the content of each of the components of the dashboard. This content can be a chart, report, or an analysis. The dashboard content can be filtered using a criteria selecting drop down filter.

Dashboard Designer

Using this new functionality, business users can now create rich dashboards on the fly.

VoIP Security: The Basics

In my previous post I gave a brief overview of VoIP and how it can add tremendous value to an organization by reducing communication costs. This article talks about the various security related issues that needs to be addressed in any VoIP implementation. It would be a gross mistake on the part of administrators to assume that VoIP, being just another IP-based application, can be simply plugged into their already secure networks and remain secure. Due to its real-time nature and low tolerance for network disruptions and packet loss, many security measures deemed suitable for traditional IP-based applications are no longer applicable for VoIP.   VoIP implementation needs to address Confidentiality, Integrity, and Availability requirements that are relevant to this new technology.

Before implementing any VoIP initiative it is paramount that an organization conducts a comprehensive risk assessment and has a concrete plan to mitigate every major risk highlighted. These risks include (but are not limited to) administrators level of knowledge and training in VoIP technology, maturity and quality of existing security practices, controls, policies, and architecture.

Firewall

Firewalls are a de facto in today’s IP networks and form the first line of defense. Whether protecting a LAN, WAN, or a DMZ firewalls perform the basic operations of blocking traffic deemed to be malicious, intrusive, or invasive. Network Address Translation (NAT) is an additional tool deployed on the firewall that can enable internal endpoints to use the same external IP addresses. Virtual Private Network (VPN) further strengthens firewall security providing legitimate external users with an encrypted point-to-point connection making them a part of the internal network. Although firewalls offer strong resistance to external threats, they offer no defense against internal hackers.

Network Architecture

VoIP contributes heavy voice traffic to the existing data traffic, hence requires careful planning of the overall network architecture. It is widely recommended to separate voice and data traffic on logically different networks (vLan). However this might not always be feasible since it may require expensive upgrade of the network in terms of switches that support multiple vlans or laying new network cables. In any case consideration must be given to the expected volume of voice and data traffic and understand how this can be supported on the existing network.

Password Control

Needless to say that all default system (PBX and Operating System) passwords need to be replaced with strong passwords. This simple yet often overlooked measure can leave the most critical elements of the VoIP system vulnerable to attacks. Every voice terminal (IP phones, Softphones, Mobile devices) need to connect to the IP-PBX with a username and password. More often than not (for simplicity) administrators use the device extension as the username and password. Such a practice will help malicious users to masquerade as other users with higher privileges, resulting in system abuse.

Encrypted VoIP Traffic

By default, VoIP traffic is transmitted in clear form. This enables malicious internal users to sniff voice traffic and gather valuable information. Additionally, using freely available tools hackers can eavesdrop on conversations, record them into a voice file, and playback at a later time. The concept is similar to phone-tapping in traditional PSTN phones, just that doing so becomes very easy. To prevent this, administrators MUST employ some form of basic encryption: TLS or IPSec, Secure RTP, or AES. Several of these protocols have minimal processing overhead adding little or no burden on the quality of calls.

There are several businesses that specialize in VoIP security and offer hardware based solutions. No doubt these devices provide a comprehensive VoIP security solution. However, as long as the basic security measures (outlined above) are well implemented, specialized security hardware/software is not required. Undoubtedly VoIP systems can add value to an organizations existing infrastructure as long as the basic security principle is followed: trust no one, authenticate everyone, and protect systems wherever they are.

Low-Cost Corporate Communications using VoIP

Voice over IP (VoIP) is emerging as one of the most powerful technologies revolutionizing the telecom industry. Most of us are fairly comfortable with using VoIP for personal use, courtesy free telephony services from Skype, Yahoo Voice, MSN Messenger, Google Talk, and Gizmo5. Apart from free PC-to-PC services, VoIP has also contributed towards low cost international PC-to-Phone and Phone-to-Phone services (Vonage, VBuzzer, SIPTalk, Rangatel, BroadTalk, etc).

As mentioned earlier, these services are extremely popular among individual users for personal use. However, they are not being rapidly embraced as an effective cost cutting strategy to reduce corporate communication expenses. One of the barriers in its adoption as a corporate solution is the perceived complexity associated with setting up a PBX (Private Branch Exchange). Establishing and maintaining traditional PSTN PBX systems are not within the realm of IT competencies. It involves expensive hardware and specialized (out-sourced) telecom services. However, open-source PBX systems such as Asterisk have made it extremely easy for systems admins at any level to setup and manage a PBX. Asterisk is an open source software PBX, created by Digium, Inc. and has a continuously growing user and developer base. It can run on any server hardware that is capable of supporting Linux or UNIX platform.  Asterisk can seamlessly replace your existing PSTN PBX while extending your communication network into the VoIP domain. Further, to make things even more easier, open source software systems like Elastix and TrixBox have embedded Asterisk within their environment, added several value added services, and provided a one-click installation for the entire integrated PBX software. Being open source, all these systems are FREE.

Businesses having multisite international offices or those incurring frequent international communication must give a serious thought to this form of virtually-FREE communication infrastructure.

VoIP Architecture

Using the above simple architecture, the following calling patterns can be achieved with minimal costs:

1.       Calls within the same office (same country)

·         Since all the extensions within the same office connect to a single PBX server, calls made among them are FREE

2.       Calls from an office in one country to an office in another country

·         Since both office have an IP-based PBX and communicate over the Internet (using SIP protocol), calls between the two office are FREE (irrespective of their geographic location)

3.       Calls from an office to landline/mobile of the same country

·         This is a local call, hence local charges apply

4.       Calls from an office in one country to landline/mobile of another country having an office

·         The call is connected from source IP-PBX to the destination IP-PBX over the Internet (FREE), and from destination PBX to the landline/mobile is made as a local call. Hence the cost is that of a local call in the destination country

5.       International calls from an office to any other country (where there is no corporate office)

·         The IP-PBX of each office can be connected to global VoIP provider that can offer international calls at extremely cheap prices

To summarize, a majority of businesses suffer from high international telecommunication expenses. Considering the current economic situation it is paramount for organizations to look for ways to reduce this expense. VoIP coupled with a robust, reliable, and FREE commercial-grade PBX such as Astreisk can certainly help in achieving this objective.

Business Process Modeling with BPMN

Business Process Modeling Notation (BPMN) is a standard for modeling business processes in a workflow. This article gives a quick overview of all the essential elements of BPMN and how it can be used to create standardized business process models. BPMN is used by humans (business analysts, developers) to design, visualize, and manage business processes.  BPMN activities are spearheaded by the Object Management Group. The primary objective of BPMN is to provide a common set of simple graphical elements that are easily understood by all stakeholders of a business process.

“A standard Business Process Modeling Notation (BPMN) will provide businesses with the capability of understanding their internal business procedures in a graphical notation and will give organizations the ability to communicate these procedures in a standard manner. Furthermore, the graphical notation will facilitate the understanding of the performance collaborations and business transactions between the organizations. This will ensure that businesses will understand themselves and participants in their business and will enable organizations to adjust to new internal and B2B business circumstances quickly.” BPMN Charter.

Activities

An activity is a unit of work performed within a business process. An activity can be classified as atomic (Task) or compound (Sub-Process).

Events

An event is some condition that occurs during the course of a business process. Events are further classified into Start Events, Intermediate Events, and End Events.

• Start Events indicate where a process will begin.
  

  Start Events

   

• Intermediate Events occur anytime during the execution of the process (i.e. after the start of the process and before the end of the process).
  

  Intermediate Events

   

• End Events symbolize the end of the process
  

  End Events

Gateways

Gateways are elements that control the flow of the business process. They are further classified as:

Data-based Exclusive Gateway: When splitting, it routes the incoming sequence flow to exactly one of the outgoing branches based on the condition evaluation. While merging, it waits for one incoming branch before triggering the outgoing flow.

Event-based Exclusive Gateway: It represents a branching point in the process where the outgoing alternatives are based on the events that occur at that point in the process (as opposed to the condition evaluation).

Inclusive Gateway: When splitting, one or more branches are activated based on branching condition. While merging it waits for all active incoming branches to complete.

Parallel Gateway: When splitting, all outgoing branches are activated simultaneously. While merging, it waits for all incoming branches before triggering the outgoing flow.

Complex Gateway: It triggers one or more branches based on some complex, descriptive, or subjective logic.  It is used in cases where the other gateways cannot satisfy the requirements.

Swimlanes

The concept of swimlanes is used to partition organizations and responsibilities. Swimlanes consists of Pools and Lanes. Pools represent a high level organization of process objects. For xample, depending the business process, a pool can represent a company, department, or a regional office. A lane represents sub-partitions for objects within the pool. For example, it a company is represented as a pool, various functions within a company can be represented as lanes.

Artifacts

Artifacts provide the capability to depict information that cannot be captured by the basic flow-chart structure of the process. There are three standard artifacts in BPMN.

Text Annotation: It denotes some descriptive documentation for the BPMN object. 

Data Object: It represents data flowing through the process. For example document, email, file, etc. 

Group: It represents a logical grouping of elements. 

Connectors

 There are three types of connectors that can be used in BPMN.

Sequence Flow: It defines the execution order of activities.

Message Flow: It symbolizes information flow across organizational boundaries.

Association: It indicates flow of data from one activity to another.

This article gives the most basic introduction to BPMN to get you started in the right direction. You can start modeling a majority of simple processes by using the material presented here. However, for complex processes you will need to make use of the more advanced concepts of BPM like Exceptional Handling, Transactions and Compensation, Looping, Ad Hoc Processes, Orchestration, and Process Choreography.  For further reading, some good introductory articles can be found on official BPMN website. 

Cloud Computing: A Technical Perspective

In my previous post, I pointed to a simple non-technical introduction to cloud computing. In this article I give a more technical perspective to it.

What is Cloud Computing?

 “Cloud computing is Internet (“cloud”) based development and use of computer technology, whereby dynamically scalable virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure ‘in the cloud’ that supports them.” Wikipedia

“Cloud computing is emerging at the convergence of three major trends – service orientation, virtualization, and standardization of computing through the Internet. Users will need to understand the cloud options and providers available to them. Vendors will need to evolve their platforms to be cloud-capable, and evolve their business models to maintain their competitive advantage.” Gartner

Google Trend for Cloud Computing

Cloud computing emerged as a promising technology in late 2007. Since its emergence, there have been several projects supporting this concept in industry and academia. Some examples (in no specific order) are: Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (S3), ElasticDrive, Enomaly, IBM Blue Cloud, Global Cloud Computing Testbed, Google Docs, Adobe Buzzword, and Google App Engine.

Services of Cloud Computing

Conceptually, cloud computing offers a high level of abstraction to its users. It provides some level of service to its users without revealing any details regarding hardware, software, hosting, deployment, and scalability. The services offered in a cloud can be categorized as:

SaaS: Software as a Service

Software or applications are hosted on the cloud and are offered to users from a Web Interface (browser). Users can avail these services without having to worry about the application internals or the infrastructure used to deploy them. Examples of SaaS include Facebook and Gmail. This concept can be further enhanced with pay as you go where clients can pay for the quality or quantity of such services used. Examples of this model are SalesForce.com and WebEx.

DaaS: Data as a Service

Data in various formats and multiple sources can be seamlessly deployed on the cloud. Users generate and access this data in the same manner they would on their local machines, just that it is eventually stored on the cloud. Examples of this category of service include Amazon Simple Storage Service (S3), Google Docs, and Adobe Buzzword. One can argue that DaaS is a specialized case of SaaS where the software particularly caters to manipulation of data. However, considering its usage and scale I personally feel it justifies its own category.

IaaS: Infrastructure as a Service

Infrastructure encompasses some sort of compute or execution service offered by the cloud. It is enabled by the virtualization technology that allows partitioning and sharing of infrastructure resources and scaling them up or down as per client requirements. Examples of IaaS include Amazon Elastic Compute Cloud (EC2).

Paas: Platform as a Service

A cloud platform service offers an application development environment to its users enabling them to develop cloud applications sans the low-level details of the cloud. It is analogous to a programming language that shields the programmers from technical details of operating system and underlying hardware. An example of PaaS would be Google App Engine and Microsoft Azure.

Characteristics of Cloud Computing

Instant Availability: Without any software or hardware installation users can avail the services out-of-the-box from the cloud

Elastic: Based on user requirements and budget cloud services (SaaS, DaaS, IaaS, PaaS) can be scaled up or down without affecting the service functionality

Pay/Use as you Go: By virtue of its elasticity and virtualization, users can utilize cloud environments and pay for exactly what they need/use

Quality of Service: With experts managing the cloud platforms (and of course charging for it), users can be guaranteed pre-defined quality of services.

Technologies in Cloud Computing  

Cloud computing is not a technology by itself. Rather, it is facilitated by the aggregation of several disparate technologies and initiatives.

Web 2.0: The advancements in the way we use Internet has promoted the concepts of cloud computing. With the advent of AJAX and related technologies, rich user interfaces are no longer restricted to local PC-based installations.

Virtualization: New developments in the virtualization technologies (Xen and VMware) have facilitated the concepts in infrastructure sharing and sandboxing without affecting its performance and scalability.

Web Services: The standardization in Web Services world has certainly helped in the proliferation of the service concept being adopted by industry. Not only can these services be used in isolation but can also be embedded by organizations into their SOA architecture.

To summarize, cloud computing environments have demonstrated an innovative model of service and resource sharing. They have also been accompanied by a lot of buzz and hype from the industry. However, it is still in its initial stages and needs to go through the standardization phase before it can be adopted en masse via cross compatible clouds.