Thursday, October 30, 2014

IoT rocks

IBM Insight 2014 in Las Vegas is over now, here are some remarks.

Mobile first, Cloud and Watson are the big things of the day. IoT is a rising trend, but a bit curiosity among IT people. IBM is still refining it's IoT strategy, but the importance is well recognized. Bluemix is one the key enablers of the new era.

In the main session at Tuesday morning, even a live IoT-demo with Bluemix and Node-RED was presented. I felt that so familiar. Some readers may remember my Bluemix-journey starting from the IOTcoop with very much the same technologies.

MQTT plays essential role how devices are connected. Actually, meanwhile IBM people had their event, OASIS organization officially approved new version 3.1.1 of MQTT standard. I'm a member in the Technical Comittee.

Presentation slide of John Thompson.
I had my priviledge to attend a Business and Industry Leadership Executive Luncheon, hosted by the Vice President, Internet of Things Strategy, John Thompson. John gave an awesome speech about Internet of Things. He really knows what he is talking about, and well recognized all the challenges which well known by Embedded Systems and IoT players like my company.

John stated 70% of technology is the same in traditional IT and IoT, but 30% is different and that's why it is hard for traditional IT players to succeed in any IoT project. The snapshot from his attachment highlights the key differentiating factors. It's interesting to notice that it's not only about technology, but people as well. In IoT, your partners are different to tradional IT.

Companies like Espotel are the rising stars of the new IoT era.

Saturday, October 25, 2014

Cloud on cloud

Where do you do your cloud development, in the cloud perhaps while flying high?

One important aspect to add in to my previous Bluemix testimonial. As it is a cloud service, it's omnipresent. No matter whether you're in the office, at home, or traveling, you can control and develop your cloud app, at any place any any time.

Wifi is getting more widely available in airplanes nowadays. It was really cool Yesterday when I was flying to Las Vegas for IBM Insight conference. I did literally cloud programming by modifying the Bluemix app while up in the clouds, or above. 

Before I departed, I told to the business partner that I'll be away for couple of weeks in total, but don't worry, I'll keep my commitments and your progress is not endangered at any time. I can do my part of the job while being away, thanks to the decision to select the cloud as the common integration point.

Cheers from Vegas! I'm looking forward for 5 interesting days among IBM technology and people. Watson for Analytics will be my topic of special interest here. I hope I can soon tell more about that.

Watson logo.

Wednesday, October 22, 2014

Bluemix for real business

Last week at IBM Business Connect I talked about Bluemix accelerating to market. This week I made it reality.

Usually I don't talk about customer projects here, and usually I don't implement software in customer projects by myself either. So this is a double exception.

Recently we started a new project where my company is supposed to deliver an IoT solution for a retail domain, another vendor provides ERP system, and we do integration together. So this is a multi-vendor case. All the vendors - 4 in total - are separate legal entities having separate premises and information infrastructure.

Traditional way of co-development would cause need to cross-install software components into each others development environment, an/or creating VPN-connections or other holes to firewalls and stuff. This time I decided to make it differently: for the duration of development, I created the integration point in Bluemix.

Node-RED screenshot as illustration. Picture taken from nodered.org web site.


There are clear benefits we gained immediately at the beginning of the project:

Rapid development
First of all, thanks to PaaS, the base system with selected components was up and running just in minutes. I decided to use Node-RED to implement my part of the integration. Node-RED is semi-graphical programming language built a top of Node.JS. Roughly within an our from beginning, I had the first application specific functionality implemented and in service.

Shared access
All parties involved in the development have access to the cloud, no-one needs to compromise corporate security by implementing any changes in the existing IT configurations. Connections are encrypted by TLS/SSL, which makes it secure enough especially as no real business data is involved in the system during development time.

Instant deployment
As this is a R&D project for a new innovation, no readily available specifications exists. Documentation is written parallel to the development, in agile manner. Changes occur multiple times per day, and it's crucial to deploy them fast. With Node-RED, the development actually occurs in Bluemix with web user interfaces. Performing deployment only requires single click of Deploy-button, and changes are in production (in developer zone) in a second.

Fail fast
As said, no specs exists a priori. Some ideas are good, some others not so much. The three things mentioned above make it easy to test new ideas quickly - and fail fast. Already during the very first day of joint development, we found some basic assumptions wrong, and changed some design fundamentals immediately. Without all help of this, it would may have taken weeks to recognize the root problem. Think of all the wasted effort by re-writing the code then!

DevOps
I'm not an operator. I can install a Linux desktop by myself, but installing a production server with high security and SLA sounds like a nightmare. With help of Bluemix PaaS, I do not need to care about the platform. I only need to focus on my own code which brings the added value to the customer.

It's not just hype, the benefits are evident, and experienced in real-life commercial business. Someone is paying for all that, and I believe the one is happy for the benefits gained in terms of savings in time to market and development costs.

Tuesday, October 7, 2014

PaaS security considerations

Security is the first concern which arise when talking about cloud services. Let's take a closer look.

Cloud services are usually categorized as SAAS, PAAS, and IAAS. What comes to security, I personally trust PaaS most.

Infrastructure as a Service (IaaS):
Computing resource, typically a virtual machine or sometimes physical computer, is provided to customer. Customer installs platform, middleware services and application software. Security is more or less up to the customer's competence. Example service providers: Amazon EC2, IBM Softlayer.

Platform as a Service (PaaS):
OS platform, execution environment, data storage and services are provided by service provider. This environment is more limited simultaneously more protected than IaaS. Example service providers: Microsoft Azure, IBM Bluemix.

Software as a Service (SaaS):
Customer pay for use of certain domain specific application and has very limited capability to affect the behavior of the software. Usually SaaS providers do not disclose their security measures, thus one can not evaluate the level of security. Example services: Salesforce, Basecamp.

Summary: IAAS - You're on your own. PAAS - Limited but protected. SAAS - You just got to trust.

PaaS security mechanisms
Let's dig into some details of security mechanisms of PaaS service. I'm using IBM Bluemix as an example here.

Control of external communication
Only HTTP/S and WebSocket/S connections are allowed. All other connection attempts are discarded. All external connections go through external appliance for improved security.

API isolation
Only selected set of application programming interfaces are provided to developer. Even if the application is behaving badly, it can not do much harm. Vulnerabilities like Shellshock are eliminated as the platform does not provide access to such services as command line.

Data protection
Data is proven to be available to given application only. However, several instances may share the same data store, if configured so.

Platform instantiation
Each application runs in its own container that has specific resource limits for processor, memory, and disk.

The week point of a PaaS-based cloud service is the application itself. No security measure can protect the application from it's own stupidity. However, the developer can focus all attention to application design, without need to worry for underlain services. This may eventually reduce the amount of stupidity in application design and leads to better overall security.