Supporting Telefonica O2′s Online, Integration and Product Design team event

Smart421 were delighted to again be invited by Brendan O’Rourke to sponsor the annual Telefonica O2 Online, Integration and Product Design (OIPD) team event this year. As with the event we supported last year it was held at the very impressive Emirates stadium in London and was a mixture of team building activities, guest speakers and some great eating/drinking. As a key partner of O2, we support their events quite frequently – for example see this, this and this blog post.

Throughout the day we ran a demonstration of the monitoring dashboard of our SmartIntegrator product, which amongst other functions we use for O2 to provide a robust, high performance gateway for all EPOS prepay transactions. This supports millions of payment transactions a day and so it made for a great competition – guess the £ value of mobile phone top-ups performed during the event. We held a prize draw with some bottles of champers for the closest three guesses during the day – most people came in too low as the volume and total value of prepay transactions handled per day is immense – measured in the £m. Here’s a deliberately obscured screen shot of the monitoring dashboard that allows us to monitor transaction and £ volumes in real time, and the health and throughput of the various components of the architecture…

The guest speakers included an Olympic rifle athlete Ken Parr who is being supported by O2 throughout his training. His level of commitment to training was phenomenal, and yet he was quite realistic about his chances of selection for London 2012 – he didn’t expect to get selected despite being a Commonwealth Games silver medal winner. Apparently age is a good thing in his sport, and so there’s always the next Olympics to aim for…

Author of “The Undercover Economist” and FT columnist Tim Harford was the second guest speaker (see picture below) and gave a very entertaining talk on the barriers and enablers for innovation, coming at it from an economics perceptive. He managed to weave together the history of the Spitfire, philanthropic funding bodies and medical research to support one of his key arguments – which was that to some extent innovation requires a “bubble” to operate in, otherwise the prevailing consensus acts as a brake on creativity. He also convincingly argued that over-management of innovation efforts (e.g. setting short term targets rather than “playing”) tends to prevent significant break throughs and and leads to smaller incremental innovations rather than ground breaking changes.

From left: Brendan O’Rourke, CIO Digital at Telefonica UK, Tim Harford – Senior Columnist at Financial Times, Robin Meehan, CTO at Smart421

The final speaker was Julian Douglas from O2′s brand agency VCCP who walked through the various adverts used to support the O2 brand journey for the last 8 years or so. This was a fascinating insight into brand creation and development and showcased how the various strategies used have evolved over time to meet specific internal, competitive and market challenges – including sponsorship of the Dome, Priority Moments and er…the fawn. A key takeaway for me – Sean Bean’s done nicely out of it

 

“Disaster Recovery in the cloud” at Amazon Web Services Enterprise event

On Tuesday I presented on the topic of “Disaster Recovery in the cloud” at this year’s big Amazon Web Services (AWS) Enterprise event near Westminster in London – I had the privilege of sharing the speaking platform with a number of AWS speakers including Amazon.com CTO Dr Werner Vogels who delivered the opening keynote. Smart421 were sponsors of the event and so we had a stand in the Partner Expo and some colleagues in attendance.

In front of a full house I went through one of our AWS case studies relating to the design and implementation of a Disaster Recovery (DR) solution for Haven Power and walked though a generic DR architecture on AWS, using it to bring out various architectural considerations such as resilience, cost and complexity design tradeoffs, security features and patterns, support for heterogeneous platforms, support for emergency virtual desktops for remote users, monitoring and control considerations etc.

I also covered some material on the various data replication strategies that can be employed to meet different recovery time and recovery point objectives (RTO and RPO) for different classes of data and applications. Get in touch if you’d like a copy of the presentation.

I took what felt like a bit of a risk by throwing in some images into the presentation to keep it a bit light hearted, and seemed to get away with it . There was a definite sheep theme to the slides which was not intentional – just the way it worked out. A key takeaway for my audience was that Dolly the sheep was stuffed and is now in the National Museum of Scotland…

Overall it was a great event, very well organised (including the AV team) and well attended, with around 300+ attendees or so from enterprise customers. AWS events get bigger every year – last year there was one big event in London, whereas this year it was split across two days, with a developer/startups focus on day one and enterprise focus on day two. I had some excellent conversations with various customers and innovative startups, and it was also great to catch up with my AWS colleagues – I must confess to having enjoyed the benefits of using the speaker’s room. Highlight of the day for me was when I tenuously weaved a picture of Clive Sinclair with a ZX81 into my slide deck and used it as a “grey hair test” of my audience to see who knew who it was – and the fact that one person (admittedly not an IT person) thought it might be Babbage…

 

Internet of Things at CloudCamp

I managed to make it to the CloudCamp London meeting at St James Church last night having missed the previous one (which was on the subject of Big Data). This time the theme of the evening was the Internet of Things (IoT), which was a bit further “out there” than the usual discussion topics but really interesting all the same.

The key thing I took away from the evening (apart from some beer and jelly beans from one of the sponsors) was to have been reminded about what incredibly revolutionary times we are living through (it’s easy to forget or take it for granted) – when we look back in the future, the Internet revolution and the democratisation of mass communication will just be seen as the first steps on the road.

The evening started with an intro from Simon Wardley, which was as usual, excellent and engaging. This was followed by an overview of the history of IoT – the first webcam’d coffee pot etc – which set the scene nicely, and then the rather more random lightning presentations kicked off. Here’s a few notes on the more interesting of them:

• Open source hardware – very interesting stuff from Paul Downey – discussing 3D printing and various open source hardware projects. The key takeaway for me here relating to IoT was that these various projects (e.g. Arduino and variants forked from it) will be a key driving force in keeping costs and IP barriers down, and so therefore will enable the creation of massive volumes of “things” in the IoTs.
• Cookie Law – Kuan Hon revisited a subject that I’ve seen her speak on before. The previously delayed so called “cookie law” now comes into force on 26th May and Kuan reviewed what it means, it’s breadth and impacts – which are SIGNIFICANT. The key point I think is about enforcement – it has significant implications for advertising/marketing sectors, but it all depends on whether non-compliance is publicly tackled and punished. The relationship to the subject of IoT is that the law uses the term “terminal equipment” to define its scope – and so that can include pretty much anything – apps on mobiles, maybe RFID, maybe NFC (that’s not clear yet it seems) as well as the standard web apps, HTML5 storage etc. So, many of the things in the IoT would be within scope and therefore require explicit customer permission to be granted for data storage etc – e.g. your Internet-enabled TV.
• IoT and Science Fiction – OK, this was a bit “out there”, but there were a few interesting takeaways/provocations. Firstly, IoT is going to make IPv4 address exhaustion an even more critical issue. Secondly, security of IoT devices is going to be a key battleground of the future – as more and more devices become “connected” we will become more dependant upon them and so any failure or virus attack will be utterly devastating, e.g. if you come to rely on your Google Project Glass specs to find/do/remember anything, you’ll be pretty screwed when they bluescreen on you

 

Cloud Expo Europe notes

I didn’t manage to make it to yesterday’s opening day of the Cloud Expo Europe – customer/work stuff takes precedence – but I managed to get to the second day. These events are always a bit of a mixed bag – it feels like I could attend cloud computing conferences every week, although it’ll be big data (or is that BigData?!?!?) conferences soon as the vendor hype machines whirr into life…

First I attended the opening keynote as Dr Werner Vogels from AWS was presenting – as Smart421 is an AWS solution provider I just kinda felt I should be there and hear what he had to say. The noise from the exhibition floor was pretty grim in all the conference rooms so it wasn’t exactly a perfect environment for him or us, but I got a few useful tidbits about how Amazon.com are using AWS (which has been an evolving story over 2010 and 2011). AWS didn’t have a stand at the event and were not a sponsor etc, and yet AWS and their CTO are such a draw that they gave him the opening keynote on day 2 – which tells you a lot about where AWS’s competitors are in the the marketplace really.

I then listened to a presentation from Joan Miller – Head of Parliamentary ICT for the UK Parliament. I didn’t quite catch the end due to having to do a customer call, but whilst I found it interesting to hear what the UK Parliament are up to relating to cloud computing (especially the BYOD – “bring your own device” – trend and how strong a driver it is for them), I disagreed with the black & white conclusion that cloud computing was the answer to their challenges. It’s certainly part of the answer, but many of the implications of making information available electronically to mobile BYOD devices anywhere are still just as nasty “in the cloud” as they are on-premise, e.g. authentication, security of data, coping with different presentation devices etc. I accept that scaling is certainly easier (or at least at a price point that doesn’t keep you awake at night), and the use of SaaS offerings makes deployment of functionality much easier and cheaper for less critical datasets. To be fair to Joan, I missed the end of her presentation, and also the presentation slots were so short that there wasn’t really enough time to get the subtleties of the message over.

I also caught a session from Chris Hinkle from Firehost on the subject of secure cloud hosting – I thought he might talk about data encryption at rest and in transit, key management etc, but he started with some interesting material from Version analysing the nature of security breaches, e.g. they are no more prevalent in public cloud deployments than private data centres, and no hypervisor based attacks have taken place, so the whole public cloud multi-tenancy concern is a red herring really. After some content about the role of web application firewalls, and I was also glad to see that he called out the security elephant in the cloudy corner of the room, i.e. guess what – your SDLC (software development lifecycle) needs to include secure development processes such as code reviews, vulnerability testing, penetration testing (and for every change, not just the first release!) etc. Shocker – insecure code is insecure wherever you run it.

Frank Jennings from law firm DMH Stallard covered some cloud legal contract points, based upon the Cloud Industry Forum white paper #3 (downloadable here) to which he was a contributor. He made some interesting points:

• Cloud contracts are more about “getting out” than “getting in”, i.e. access to data in the event of a failure, lock-in periods etc.
• Negotiation with public cloud vendors just isn’t typically going to happen – they operate at low margins and use a business model that just doesn’t support custom negotiations and terms for each customer – and this means living with the legal jurisdiction that the vendor
• Even in the most custom of contracts, the provider’s financial liability (if you can even get them to sign up for consequential loss etc!) is typically capped at 100-150% of the fees you are paying them. Bottom line – service credits and the like are pretty pointless in a cloud or a non-cloud world and virtually insignificant compared with the potential disruption to your business (as discussed in a previous post)
• The US Patriot Act gets a lot of interest, and it’s real (i.e. you need to use a UK company using a UK-based UK-owned data centre(s) to avoid it), but the reality is that most territories around the world have similar constraints and if you are not in an industry sector that is likely to get the authorities’ interest, then it’s not as big a factor as the press it receives suggests.

The last point I wanted to mention was something I picked up in a presentation about cloud adoption trends by William Fellows from the 451 Group. He observed that their research has shown that whilst security is a key concern when organisations are selecting a cloud-base solution, once they start implementing it falls away to being the fourth largest consideration. This backs up what we see in the market – cloud security is more of a fear issue than a real issue (well – it’s no more real a concern than for any deployment anyway).

 

London Azure user group meeting – Jan 2012

On Tuesday night last week I attended my first London Windows Azure user group meeting – it’s the second time this new group have met, but the first one I’m managed to make it to. My colleague Simon Hart blogged about the inaugural event here.

There were about 35 attendees or so and it felt like a good crowd, asking intelligent questions and I had some interesting chats during the breaks with some other user group members and I also caught up with Yossi Dahan (a Microsoft technical architect I’ve met before) – it really feels like this young user group has some momentum – so hats off to the organisers for getting this off the ground! The good pizza, chips, and beer also always helps – this must be one of the best catered user group meetings I’ve ever been to – there was even someone opening my beer bottle for me…

Planky (aka Steve Plank from Microsoft) presented on two topics relating to different strategies for identity federation and application access control – Azure’s Access Control Service (ACS) and Azure Connect.

Most of the the presentation time was allocated to ACS – which is pretty intricate to use. Well – it’s probably fairer to say that there are plenty of moving parts and technologies to get to grips with if you want to federate identities from Active Directory on-premise using ADFS2, via ACS in Azure to a set of applications hosted in Azure (which will typically using Windows Identity Foundation – WIF – to process the security token issued by ACS). None of it is particularly tricky in itself, but the great man himself hit some issues along the way (which always makes for a better presentation anyway ) and I was left thinking that it was a bit of nightmare to troubleshoot exactly why user access to the end application (the “relying party”) was being denied (see the image above) – it’s just the joys of debugging a distributed architecture I guess.

Azure Connect is essentially a VPN and IPSEC tunnel offering that I guess is very roughly equivalent to the Virtual Private Cloud (VPC) offering from AWS, but with some significant differences – but it’s trying to address the same key requirement – seamless but secure network connectivity between on-premise and cloud-based networks. It’s still in beta (at least until Summer 2012) and has some inherent limitations such as the fact that it requires a separate installation of agent software on every on-premise server that will talk to/from Azure, but it looks like an interesting technology. My main concern was just whether our customer’s security team’s could live with this model though – as in addition to the installation requirement, it essentially avoids any corporate firewall by creating an out bound SSL (port 443) connection to the Relay Service on Azure, effectively creating a client-to-site VPN from each individual on-premise server to the Relay Service.

So overall – a very useful and interesting evening, I’m glad I attended and I recommend my Smart421 colleagues to make the effort to attend future events (which are planned to be monthly) – the next event (register here) is on the 7th Feb and relates to “Parallel Processing with Azure and HPC Server“, so I’m personally very interested to hear how this compares to AWS’s offerings in this area.

 

Smart421 a launch partner for AWS Direct Connect to the EU region

It’s an exciting day today as it has just been announced that Smart421 is an Amazon Web Services launch partner in the UK for the latest expansion of their Direct Connect offering. Up until today Direct Connect has only been available to certain regions in the US, but now UK customers can get the benefits of this improved connectivity as well. Smart421′s role as an AWS Solution Provider is to help customers reap those benefits by giving them a one-stop shop for full end-to-end connectivity from their premise(s) to the AWS EU region without relying on the Internet at all – except as a backup mechanism.

Our offering is actually a seamlessly managed combination of services from two parts of our parent company, the KCOM group. Smart421 provide an end-to-end experience for the customer and manage the provisioning of the AWS Direct Connect connection at Telecity Sovereign House in London, and we use our sister company Kcom to deploy and manage the “last mile” connection from Telecity to the customer’s premises. The immediate benefit to the customer is that they have one party responsible for a direct private connection from their premises to the cloud – not multiple suppliers to manage and triage etc.

I thought I’d just cover a few basic questions about Direct Connect that I’d expect to come up with customers…

Why would I want it?

The usual mechanism of accessing AWS is over the Internet, with user and/or administration traffic secured using a virtual private network (VPN). This gives privacy and authentication, but the network traffic is fundamentally still sharing your organisation’s Internet pipe and still going via the Internet along with everyone else’s traffic. Many of our customers have a default security policy that certain classes of network traffic must be deployed on a more private infrastructure, e.g. MPLS links etc – to give a greater degree of privacy, predictability and control, especially in terms of improved bandwidth, latency and availability.

Secondly, there is a perception issue with using the Internet – which often becomes more marked the further you move up the management chain . In fact, when talking to customers this is a classic objection that I sometimes hear – “we’re not comfortable using the cloud over the Internet”. Well now you’ve got a real choice – we can deploy an end-to-end private connection to AWS when required.

Also, you might be shifting significant volumes of data into and out of your cloud deployment, e.g. if you are performing big data processing using Hadoop/Elastic Map Reduce etc, or frequent data replication for disaster recovery purposes when you are using AWS as a logical extension to your on-premise data centres. In these circumstances, having greater control and certainty over the end-to-end connection between your premises and the AWS deployment is attractive.

What are the benefits?

In a nutshell, the key benefit is that your traffic is no longer subject to the unpredictability of the general Internet, and so basic metrics such as band with and latency will be far more predictable. For the connection from the customer’s premises to Telecity in London these metrics will be subject to strict quality of service guarantees, i.e. a bandwidth of X (you choose) with a defined maximum latency and an SLA (service level agreement) for the connection. For the second half of the connection from Telecity to the EU region in Dublin, you can expect superior network characteristics but there is not an SLA that defines guaranteed bandwidth etc. The initial adopters of Direct Connect in the EU region can expect an amazingly good network service given the price point – and our expectation is that over time AWS will have to introduce a degree of throttling/bandwidth management in order to maintain service levels…

What will it cost me?

…which brings me on to the costs. The bottom line is that Direct Connect is amazingly good value in our opinion. For a 1Gb/s port at Telecity it’s of the order of $216/month – i.e. virtually nothing. Unless you have your “on-premise” servers co-located at Telecity, then the costs for the “last mile” connection backed up by a strong SLA back to the customer premises will be much more significant. So guess what – you get what you pay for – no surprise there! For organisations relatively close to Telecity Sovereign House in network terms (e.g. in London) this makes Direct Connect a no-brainer really once your AWS usage becomes significant in terms of business criticality or data volumes, and it’s still highly attractive for an UK-based organisation.

Where might all this be going?

Finally – I just wanted to finish on why we think this is a really exciting development. For the EU region, this is the first step on the road for Smart421 to be able to offer a truly end-to-end service management offering – backed by strong SLAs for the end-to-end network connection and the AWS deployment itself. Over time we expect AWS to enhance Direct Connect with QoS (quality of service) guarantees, and we’re delighted to be in there at the start.

 

How To: Many-To-Many Currency Conversions in Microsoft’s SQL Server Analysis Services

One of the Smarties in the our Microsoft practice, David Tuppen, has published an article on the SQLServerPro web site (what was called SQL Mag) about how to work around the limitations of the Business Intelligence Wizard in SQL Server Analysis Services (SSAS).

It’s very clear and detailed. Have a read!

 

Smart421 at today’s first Amazon Web Services Financial Services event

Today I took part in a breakfast briefing event at The Mercer in Threadneedle Street in the centre of London. It’s the first of hopefully a series of events focusing on the financial services sector.

The two presenters are shown in this “rogue’s gallery” photo.

First up (pictured on the left) was AWS Technology Evangelist Dr Matt Wood (one of the contributors to the excellent  AWS blog) who gave his usual high octane-style overview of Amazon Web Services, the history, what they offer, example customers, etc.

Matt Wood

I then followed up with a presentation discussing where we are seeing traction in the market, going through some example customer deployments that we’ve delivered and support in the UK banking, telco and utility sectors, and wrapped up with some considerations to ensure confidence in the outcome of an AWS deployment.

My Prezi presentation is available here…

Despite today’s public sector strike (which we thought might dent attendance due to childcare issues etc) we had a packed house with standing room only, which was an experience I need to get used to.

Full house at The Mercer

I had some great conversations with the audience afterwards – and the wide divergence in the level of the maturity and understanding was a real eye-opener to me. When you work in the cloud arena all the time, it’s easy to assume that the market understanding is a lot more mature than it actually is…

So, overall a great event, delighted to be involved – and looking forward to the next one!

 

Elastic Load Balancing on Amazon Virtual Private Cloud

We’ve wanted to be able to use ELBs inside VPC deployments for a long time – via our AWS partnership relationship we put this on our “AWS Christmas wish list” quite a while ago, and Santa has delivered early

All the extra AWS goodies are gradually making their way into VPC, and the direction of travel /trajectory is great, and more importantly for giving our customers confidence it is consistent over time – which confirms our view (as mentioned before) that VPC will become the default model for most/all deployments over time.

 

Another day, another AWS region…

I went out to see a customer yesterday, got back in the office and saw that AWS had launched another region with two availability zones in the US. The rate of change is quite breathtaking really, especially when you consider that they launched the ITAR-compliant GovGloud US region, and that was only back in August.

The key point for me is that the new Oregon region offers the same prices as US-East, whereas the existing US-West region was always a bit more expensive than East, so I suspect a lot of AWS users in the US have been using US-East which was skewing AWS’s load distribution.

There’s a really good web page showing all the locations with a summary of how many AZs they’ve got and what services are available at each.

This has raised the question in our internal AWS Practice about when the next European AWS region will come online…although to be honest it’s not really a constraint using EU-West-1 in Dublin as it has 3 AZs and all the services we need anyway. I’m guessing that the business case for expansion in Europe at the moment for any organisation is a bit trickier than it used to be…