Hyper-V Cross-Premises Cloud with OpenStack in the Pipes

Cloud.com is working with Microsoft to integrated Hyper-V into their OpenStack project. 

“OpenStack is a collection of open source technology products delivering a scalable, secure, standards-based cloud computing software solution. OpenStack is currently developing two interrelated technologies: OpenStack Compute and OpenStack Object Storage. OpenStack Compute is the internal fabric of the cloud creating and managing large groups of virtual private servers and OpenStack Object Storage is software for creating redundant, scalable object storage using clusters of commodity servers to store terabytes or even petabytes of data”.

My guess is that we’re seeing an implementation of OVF, the Open Virtualization Format.  This provides for a portable package containing a virtual machine and its metadata.  This means we move one step closer to interoperable clouds – the subject of a presentation I did 2 days ago at Eurocloud Ireland.

Microsoft calls this sort of this a cross-premises cloud.  That means your private cloud (Hyper-V with SCVMM and SCVMM SSP 2.0) can integrate with Azure “virtual machine hosting” (Bob Muglia @PDC09) and other public clouds.

Think about it … an app developer likes “the cloud” because they don’t want to care about the infrastructure.  They just consume as required.  But they still need to care about which cloud they use.  In the near future, they’ll just work in “the clouds”, just using whatever cloud is cheapest and, hopefully (pending licensing and hosting company cooperating) be able to move VMs or application components between clouds as they see fit.  We may even see the emergence of cloud computing brokers just like we have insurance brokers now.  You just pay them to find you the cheapest and most suitable service and they do the moving on a day-by-day or month-by-month basis.  That’ll probably need some sort of white/black list for service providers that you set up.

BTW, this is my first post with Windows Live Writer 2011.  It’s got the ribbon interface and is very like Office/Windows 7.

Defining Cloud Computing

One of the most infuriation things about cloud computing has been the marketing that wraps it up.  There are a couple of international service providers (both having datacenters here in Ireland) who pretend that they invented “the cloud” when they sell it.  There are plenty of marketing people who try to define “the cloud” as being what they sell.  It’s one of those fluffy things that is constantly changing shape as it floats past us.

I was reading a story on Network World where a BMC executive said “It’s fundamentally that the cloud focuses on delivering services. I think this sometimes gets lost in a lot of the discussion around cloud computing. Everybody’s talking about infrastructure and hypervisors and virtualization, all of the components. At the end of the day, what customers really care about is getting secure, reliable, trusted services, whether that’s from their internal IT department or from the external broker to their IT department, or from an external provider directly”.

I like that comment.  He also said that he likes the American National Institute of Standards and Technology (NIST) definition.  It’s a simple 2 page document that starts with: “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.  It goes on to list different components, architectures and delivery models that could be considered a part of or type of cloud computing.

What we need to remember is:

  • It’s all about delivering a service.
  • There are many varieties.
  • Don’t get caught up in the marketing crappola.

Internet Explorer 9 Beta

The IE9 beta has been launched by Microsoft.  I just read a review that says it brings features that have been long needed.  One of those si a download manager.  Yup, IE badly needed this.  In the age of wifi networking (prone to interruption) and mobile computing (who hasn’t had to hibernate the laptop in the middle of a download) IE has needed this since … well … 1996 maybe?  Plenty of people have used other browsers or independent download managers to compensate.

I’m told the UI is smaller because, like with Office, many of the browser features aren’t used by most people.  That gives more viewing space for the content.  I’ll wait and see.

A nice new bit takes advantage of the way people work with Windows 7.  You can grab a tab, apparently, and drag it to a location where the shortcut can be tabbed.  Lots of people do this with programs so they can be quickly launched.  We’re moving to browser based SaaS so this makes sense.

Something very cool was demonstrated by MS Ireland’s DPE, Martha Rotter, at our user group event last week.  IE9 can use a graphics card in a client machine to process graphics.  You can see this in action using the test drive website.

Stuck on XP?  Sorry folks, MS aren’t exactly going to be developing much (if anything) new for you folks anymore.  You’ll need Vista or Windows 7 for IE9.

I’m hoping to download and install IE9 on my Windows 7 netbook today.

Dynamic IP Restrictions Extension for IIS Beta

DDOS was the topic of the week with the CAO office in Ireland being repeatedly attacked.  Microsoft released a beta of a new IIS module, called Dynamic IP Restrictions Extension for IIS.  The idea is that the web server will deny connection requests from detected DDOS and brute force password attackers.  I don’t know how automated this is: remember that DDOS attackers tend to be botnets of infected PC’s that will have DHCP addresses on the net.  I really like the brute force attack defence.  I can tell you that this is a huge problem for web hosting companies; I’ve seen it myself on a pretty large shared web hosting farm.  I’d like to see this followed up with similar feature for SQL: those farms present TCP 1433 naked to the net … I can hear the shrieks from enterprise DBA’s now. 

This module is a very cool development from the impressive IIS group.

Reduce the chances of a Denial of Service attack by dynamically blocking requests from malicious IP addresses

Dynamic IP Restrictions for IIS allows you to reduce the probabilities of your Web Server being subject to a Denial of Service attack by inspecting the source IP of the requests and identifying patterns that could signal an attack. When an attack pattern is detected, the module will place the offending IP in a temporary deny list and will avoid responding to the requests for a predetermined amount of time.

Minimize the possibilities of Brute-force-cracking of the passwords of your Web Server

Dynamic IP Restrictions for IIS is able to detect requests patterns that indicate the passwords of the Web Server are attempted to be decoded. The module will place the offending IP on a list of servers that are denied access for a predetermined amount of time. In situations where the authentication is done against an Active Directory Services (ADS) the module is able to maintain the availability of the Web Server by avoiding having to issue authentication challenges to ADS.


  • Seamless integration into IIS 7.0 Manager.
  • Dynamically blocking of requests from IP address based on either of the following criteria:
    • The number of concurrent requests.
    • The number of requests over a period of time.
  • Support for list of IPs that are allowed to bypass Dynamic IP Restriction filtering.
  • Blocking of requests can be configurable at the Web Site or Web Server level.
  • Configurable deny actions allows IT Administrators to specify what response would be returned to the client. The module support return status codes 403, 404 or closing the connection.
  • Support for IPv6 addresses.
  • Support for web servers behind a proxy or firewall that may modify the client IP address.
Technorati Tags: ,,

The Cloud Future of OpsMgr and VMM

There’s a lot of developments on the way for the next versions of Operations Manager and Virtual Machine Manager.  A lot of those are aimed at Azure integration.  You can read more about the future here.

Controlling Windows 7 and W2008 R2 Internet Communications

Microsoft has released a paper called “Using Windows 7 and Windows Server 2008 R2 – Controlling Communication with the Internet”.

“Provides steps that administrators can take to limit, control, or prevent the communication that flows between the features in Windows 7 and Windows Server 2008 R2 and sites on the Internet.

This document provides information about the communication that flows between the features in Windows 7 and Windows Server 2008 R2 and sites on the Internet. It describes steps to take to limit, control, or prevent that communication in an organization with many users. This document is designed to assist administrators in planning strategies for deploying and maintaining Windows Server 2008 R2 and Windows 7 in a way that helps provide an appropriate level of security and privacy for an organization’s networked assets”.