What is multi-tenancy?

Apartments

For virtual solutions, the idea of having multiple customers leveraging the same infrastructure is nothing new. The whole theory of operations is that instances of applications and entire OS’s can run simultaneously on one piece of physical hardware. However, with the advent of Public Cloud systems, the challenge is to let that happen when not all the users of a particular system get along or like to share.

The issue isn’t that multiple users leverage the same systems, but rather that multiple users who cannot or do not want to share data and resources are acting on the same systems at the same time. Think of Amazon Web Services: customers who do not want their data shared with each other (like Netflix and Amazon’s own streaming product line) can and do co-exist on the same data systems. AWS has to keep the platform shared, but the data and operations separated.

In addition to data segregation, administration must also remain separate. Customers A and B need to be able to monitor and maintain their instances, but cannot see or touch each others instances of apps and servers.

Finally, billing is dependent on the amount of users and/or data/storage/transmission bandwidth that each organization uses. So the service provider needs to be able to bill each customer independently, even though they’re all using the same infrastructure.

And so, multi-tenancy, according to Wikipedia:

refers to a principle in software architecture where a single instance of the software runs on a server, serving multiple client organizations (tenants).

Simply stated, multi-tenancy is what lets unique infrastructure components (like VM hosts and apps) be shared safely and effectively by multiple users and groups.

Photo Credit: Steve-h

Mail.app or Outlook 2011?

Email1

Recently, I had a conversation on Twitter with a friend who was considering what tools his end-users should be using to access Exchange-based email on their OS X clients. Apparently many of the employees of his firm are on – or are switching to – Macs at home, and wanted to know what to use to access the corporate mail systems.

After going back and forth with him, I decided to do a blog post here about what the two bigger tools, Mail.app and Outlook 2011, could offer in terms of strengths and weaknesses.

Mail.app

Only recently, with the advent of Exchange 2007 in the mainstream, the native email app for OS X started being able to connect to Exchange using native protocols (ActiveSync/Outlook Anywhere). That doesn’t mean it doesn’t work with earlier versions, but it did so over IMAP and POP protocols, which many organizations do not allow outside the corporate network. Now, however, it’s a real competitor to Outlook on the OS X platform, and so a lot of users are looking at it for corporate mail.

Pros:

– Native to OS X, so no need to install additional software or acquire additional end-user licensing (you still need CAL’s for Exchange, though)

– Familiar interface to users who mainly use Macs

– Single email client for home and office mail (both a pro and a con)

Cons:

– Requires three apps (Mail, Calendar, Address Book/Contacts) to accomplish the common business tasks that Exchange is used for

– Mixes all email accounts, signatures, etc. in one mail client (both a pro and a con)

– Less corporate control over end-user data. Organizations can still disconnect accounts, but many Outlook-only data control measures and archiving systems won’t work (It should be noted that many archiving tools don’t work in Outlook 2011 either, but some do)

Outlook 2011

The de-facto standard for Exchange Email, Outlook has always been the preferred client for corporate users on Windows. Until Office 2011, the only option on Mac was Entourage, which has not be a well-loved piece of software. In 2011, Microsoft released the latest version of Office for Mac, which included a full-feature version of Outlook specifically designed for the OS X world.

Pros:

– Comes as part of Office 2011, which is probably already installed due to wanting to work with native MSFT apps for Word Documents, Excel Spreadsheets, etc. (Yes, I know that Apple has apps for those too, but for Windows-based companies, using the Office Suite is likely)

– Allows for segregation of user personal email from work email

– Has mail, calendar and contact functions in one application

Cons:

– Requires licensing for Office 2011 for each end-user

– Requires Exchange 2007 and up (for native Exchange protocols)

– Looks/feels/acts differently than most Mac apps (uses the MSFT Ribbon and doesn’t sync to the Address Book/Contacts app by default, for example)

What both do:

– IMAP, POP and ActiveSync/Outlook Anywhere protocols with or without a VPN

– Can sync contacts, calendar events and email

So who wins?

This is a tough call. For those who refuse to have Office 2011 on their machines, then Mail.app is the preferred choice. For those who don’t mind a few MSFT apps on their OS X boxes, there are a lot of benefits to going with Outlook – especially if you keep both personal and corporate mail on your Mac.

For me, I went with Outlook for my corporate mail. I use Mail.app for my personal accounts, and didn’t want to have to worry about accidentally sending personal mail to corporate contacts or vice versa. I also have Office 2011 installed for some interop reasons in the work I do, and therefore already had Outlook installed on my Macs.

Take a look at the pros and cons, but for an off-the-cuff opinion, I recommend Outlook 2011 for Exchange Server, Mail.app for everything else.

Photo Credit: Tim Morgan

HP Jumps in the Cloud Game

HPChipEarlier this week, HP announced it is getting into the game on cloud. In and of itself, the announcement isn’t a shock, as many hardware makers are re-tooling for the reality of hosted applications and servers in cloud configurations. However, I was impressed by the depth of what they’ve been working on at HP.

In addition to a public cloud offering – which will be the first piece of the tech they beta in May – HP is ramping up a few other services to compliment it:

CloudMap systems which create ready-to-go images and applications to encourage roll-out into cloud resources. This isn’t new, as Amazon has had pre-built images from nearly the get-go, but very nice to see.

Virtual Private Clouds for enterprises that want flexibility but don’t need or want the general public to access their cloud plant. Again, not new, but a good sign that HP realizes that just saying they have a cloud solution isn’t enough for most organizations to get on board.

Services offerings wrapped around all of this to allow an enterprise to just define what they want to put in the cloud, and have HP figure out how to get it done.

Brining both the platform and the services in-house is a welcome sign that big manufacturers have begun to truly embrace distributed resources. Just saying “We do cloud” is nice, but doesn’t help anyone get there. HP’s decision to offer hand-holding to firms that don’t have the internal resources to build out these things will make adoption in larger firms easier.

Of course, that leads to bigger contracts for HP, but everything has a trade-off.

Photo Credit: Luigi Rosa

So what the heck *IS* Flashback?

TrojanHorseA lot of noise has flooded into the net over the last few days surrounding a piece of malware called “Flashback.” Here’s what you need to know:

1 – What is it?

– First things first, it is NOT a virus. Computer viruses are malicious programs capable of copying themselves across networks. The user doesn’t have to do anything to get infected.

– It is, however, a trojan. Trojans (named after the famous horse in Homer’s writings) get on your computer by pretending to be, or hiding themselves in, some software you want to install. You get tricked into running some software, such as an update to Flash Player as in this case, and the malware gets installed instead.

– This particular trojan installs a back-door into your Mac, that allows malware writers to check in with websites and download other software you don’t want onto your machine over time. It does this by forcing your web browsers to load pages any time they are opened up (and silently); and it forces the browsers to open up just in case you weren’t planning on doing that yourself.

– More insidiously, the malware disables the native, limited, virus protection system in OS X, and therefore this program can render your machine vulnerable to older, known threats.

– Both Snow Leopard and Lion are vulnerable if you installed Java. Since many applications use Java, the Java runtimes are most likely already installed on your Mac.

2 – How do I get it?

Flashback is downloaded from websites where you see alerts that you need to update Adobe Flash Player (which is where it gets its name). Since the malware has been carefully built to look like an Adobe Flash installer, many users think they’re just getting updated software and authorize the installer with their Administrator Password.

That’s all it takes, as once the trojan has your admin password, it has free rein to do whatever it wants.

3 – How do I know if I have it?

Finding Flashback is a little tricky. There are some apps that seem to be able to detect it, but that means downloading and installing another app, which may not be the best method. Instead, look in the Utilities folder in your Applications folder and look for the Terminal app.

Then, in Terminal, copy and paste the following three commands, hitting the Enter key after each one:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

After you run each command, you should see a message that ends in “… does not exist” If you have any other response except one that ends with that phrase (does not exist) then you have most likely got a Flashback infection. Thanks to Wired.com for the instructions

4 – How do I get rid of it?

Removal of Flashback is not easy or automated. There will be a removal app from Apple in the near future, but you should not wait. F-Secure has a set of instructions for manual removal that you can perform today, but they’re not a set of simple point-and-click things. You’ll have to use Terminal, and keep a notepad handy to keep track of information.

Reach out to an expert if you need assistance, as you definitely don’t want this hanging out on your Mac until Apple finally releases the automated Flashback Remover app.

5 – OK, my Mac is clean (or I cleaned it up), now what?

First, make sure you update your Mac with the latest OS X software. Click the Apple menu and choose “Software Updates…” to check for new software and tools from Apple. The latest updates for Snow Leopard and Lion have security updates to Java that block Flashback from being able to install. I do this once a week, though it’s very rare that Apple releases more than one set of updates per month.

Next, install anti-malware software. We all know that Macs are not immune from malware, and you need to protect yourself. Sophos, Intego and others make great anti-malware software for Macs. Sophos Anti-Virus for Mac (which I’m currently using) is even free for home use.

Also, get a two-way firewall package if you can afford it. For example, Little-Snitch is a great tool that is very user-friendly and lets you know when things on your Mac are trying to talk to the outside world. You can choose to allow the connection once, forever, or block it if you think it shouldn’t be phoning home.

Little-Snitch is so good at its job that the makers of Flashback wrote a special routine into the software to look for it, and give up trying to install if L-S is installed. It’s not free (it’s about US$30) but definitely worth it if you have the funds available.

Finally, always remember to only accept application updates from one of three sources:

1 – You used the “Check for Updates” system inside the application itself.

2 – The update is delivered via the “Software Updates…” system in OS X

3 – You went to the vendor’s site manually (not via a link or in an email) and download the update directly from them

Any other time software wants to update, or install for that matter, cancel out and seek that software from one of the three sources above.

Stay clam, stay safe, and remember that every OS can be hit with malware. This isn’t the first time it’s happened on a Mac, and it certainly won’t be the last.

Photo Credit: Tama Leaver

What We Can Learn from the Instagram Buyout…

Money1It’s not news to anyone that Facebook bought out Instagram for One Billion US Dollars.

For me this was a bit of a kick in the gut, as I had just recently left Facebook over concerns about how they use personal data (see last blog post on this site).

So what did I learn from seeing an app I love being scooped up by a site I would rather not be part of?

– Be wary of anything free.

Free software that is not ad-supported should be a gigantic warning sign whenever you see it. If an app has no revenue stream, then it has no purpose but to get itself acquired by some larger company that actually makes money. Hat-Tip to several folks I follow on twitter (@miketalonnyc) who have already posted quite a lot of info on this phenomenon.

– Never assume your data is going to stay put.

When FB integrates Instagram, you can be sure that all the photos you have taken on the indie app will end up on Facebook. Whenever you post something online, just take it for granted that it will eventually become public. No matter if because a site changes its policies, or gets bought by a company with different policies, any data that you don’t hold on your local machine will eventually be seen by everyone.

– Always know how to remove (and how to keep) your stuff.

Instagram has a page where you can delete your account – so you can indeed remove all the data they have from you. That doesn’t help much if you actually want to keep all your photos and move them elsewhere. Sites like InstaPort.me can give you a backup of your photos before you delete them, and even move them over to another site if you want. Note that this site is also a free app, but at least they take donations so they have *some* kind of revenue stream going.

– Know where to go next.

There are generally many apps that can do something you want to do. Finding the right one is tough, though, as many of those apps are bad ripoffs of the one you need to get rid of. Sites like AppAdvice can help sort through the crap to find the good tools.

As for my personal feelings on Instagram:

It was a great tool that did some nifty things with photos. That was about it. I loved using it, and would have liked to keep using it, but I very much dislike Facebook and don’t want the apps I’m using to be owned by them.

I’m very happy for the creators of the app who just hit a major payday, and I don’t fault them for taking the money when it was offered.

Finally, I did not “rage quit” Instagram. I took a day, thought it over and really asked myself if the app was good enough to keep using it in spite of who bought it out. The answer – in my case – was “no.” So I calmly found a site to help me get my data downloaded to my desktop, deleted my account, and then the app. No one should get so attached to an app that major changes like this cause them emotional turmoil.

So what did I switch to? Hipstamatic. It lets me take fun photos with filters and effects, and it’s not a free app, so it’s less likely they’ll get bought out and make me go through the process all over again in the near future.

Photo Credit: Amagill

Single-Vendor or All of Them?

Work togetherThere’s quite a few virtualization platforms out there. From VMware to Microsoft to XEN to KVM and beyond, the choices abound.

Do you want to stick to one vendor for all virtual technologies, or work with many of them at once? That’s a valid question, and one more companies are looking at every day.

Standardizing on one virtual platform has benefits. The company in question makes management tools that control their software, and having one platform means having to learn fewer tools. Also, since most vendors make entire suites of tools, you can probably find Server, Desktop and Application virtualization platforms from one vendor alone.

Spreading out also has benefits. Some platforms only make one type of virtual platform (such as hyper-visor for only server virtualization). Sticking with just one vendor would limit the tools available to you.

Cost always comes into play, as the more advanced platforms can often come with higher price-tags. So using only one vendor for all your needs might inflate your budgets dramatically – and in some cases unnecessarily as other vendors make tools that are less expensive and work great. Don’t forget training costs either, as multiple tools from multiple vendors means training your staff on multiple systems.

Which will you do? Most of the organizations I talk to started out on a single-vendor methodology. As folks like Quest Software roll out multi-vendor management solutions, they are beginning to explore having multiple vendors work in the same datacenter. This gives them flexibility to choose the best vendor for each tool they need, without losing control of the environment or having to learn a large number of tools just to keep things running.

Cross-Platform management is not 100% yet, but it is getting there, so we could easily see a day in the near future where the decision is a moot point. Until then, what’s your company doing? Sound off in the discussion section!

Photo Credit: lumaxart

What is iCloud?

ICloudScreeniCloud has been out for a while now, but many folks are still confused as to what it does. There’s not a lot of mystery, when you dig beneath the surface to have a look.

iCloud is Apple’s data-online service. Much like DropBox or Box.net, but with a twist – as iCloud is specifically build around Apple’s OS X and iOS systems.

First, the basics:

– The iCloud platform is free for up to 5GB of space. It then costs US$20 for up to 10GB, and there are plans for more money that go up to 100GB of storage.

– Your iTunes-purchased books, Movies, TV Shows and Music, as well as your Photo Stream don’t count against your storage space numbers, so you only pay for extra space if you go beyond 5GB of non-iTunes data.

– You can store your mail, all photos, as well as personal Music, Movies, TV Shows and documents in iCloud – these count toward your storage space use.

– iTunes Match (see below) also doesn’t count against your storage space numbers, but does have an additional cost.

There are several components to iCloud, but here’s what you’ll use most:

– iTunes Match: This component of iCloud is designed to allow you to keep your music, video and books in the iCloud platform. It costs about US$25/year above your iCloud storage costs, but currently only works for music files. Apple has stated that it will eventually also support TV Shows and Movies. You allow iTunes to scan your music collection and upload any songs not purchased from iTunes to the iCloud platform. From there, you can download those songs (plus any you bought from iTunes directly) to any Mac, PC or iDevice.

NOTE: Songs, TV Shows and Movies you bought through iTunes are available for download on any device that supports iTunes with or without an iTunes Match subscription – this service only handles non-Apple-purchased media. To find previously purchased media, go to iTunes, click on iTunes Store and look for the Purchased link.

– iCloud document storage allows you to put any data into your iCloud storage, but remember that if you go above 5GB it starts to cost money. There are similar sections for mail, calendars and contacts.

– Find my iPhone actually works for any iDevice, and will show you the location of any registered iDevice on a map. Handy if you lose your iDevice or if it gets stolen. The service only works if the iDevice is turned on, and if Push Email is enabled.

– iCloud Backup lets you backup your data and settings from your iDevice, allowing for easy restoration if you accidentally mess up your devices.

– Find my Friends allows you to track other people (with their permission, of course). Handy for parents who want to keep tabs on their kids and friends who want to know where they are in relation to each other.

– App integration allows apps to leverage iCloud for storage and syncing. Few apps take advantage of this yet, but the rumor is that more are on the way.

And that’s about it. iCloud simply enables more features in iTunes and iOS, as well as giving you some cloud-based data storage. Using more than the free 5GB is not a great idea, though, as many other services offer more space for less money, but getting features like Find My iPhone and iCloud backup are definitely worth signing up for the free version.

One last note, most of these services were also in MobileMe – Apple’s previous cloud-based service. However, Mobile Me will be no more as of this summer, so shifting over to iCloud is not only a good move, but will soon be a requirement if you want these tools.

Photo Credit: CLF

Don’t Panic Over Requests to See your SocMed

AlarmSilenceAlright, we’ve all seen the headlines.

Employers are demanding to see your Social Media profiles, and even – in some cases – demanding usernames and passwords to sites.

Before you panic, keep a few things in mind:

– Asking for your profile information before you are hired (NOT username/password) is something you should not fight against. There are two reasons for this. First, that information will only let them see what’s already available to the public at large, and so it’s stuff they could find on their own anyway. Giving them your screen names will at least let you know they’re looking. Secondly, knowing that they’re looking can come in handy, as you can ensure that there’s nothing you don’t want them to see before you hand over the info.

– Asking for private information before you are hired is NOT OK. Asking you for your login information is a severe violation of privacy, and should not be permissible for any employer. They cannot ask for your bank account information, they cannot – in most states – ask if you’ve been arrested (though, interestingly enough, they CAN ask if you’ve been convicted of a crime) – why should they be permitted to ask for private online information access?

– Asking for private information after you are hired is another story. If you signed an employment contract that gives them the right to ask, then you have to give up that info or risk termination. This is why you need to read your pre-employment and post-employment documents very carefully.

What I’m saying here is that many employees are raising the same level of alarm to the question “What is your FaceBook name?” as they are to the question “What is your FaceBook username and password?” These questions are not the same, and should not be handled the same.

The first question is perfectly reasonable. They want to see what you let any other person in the world see already, they’re just lazy and don’t want to Google search for your profile. The second question is a privacy violation.

We – as a community – need to differentiate between the two and only scream about the true violations, otherwise we risk having the general employer community accuse us of crying wolf over the issue.

That being said, what should you do if asked either type of question?

Pre-Employment:
If they just want to know your online name, give it to them. Prior to beginning the interview process you should have made attempts to sanitize your profiles anyway.

If the interviewer demands your login information, politely refuse. Also inform them that you will note that the question was asked, and take your refusal into account if you are denied employment. In short, put them on notice that you’re still happy to work for them, but that you will not be pushed around.

Post-Employment:
Read ALL documents carefully to ensure you’re not giving away rights to your personal accounts. This is critical, as you may need to turn down a job offer if the company demands that all employees give up their logins. You may be able to negotiate a rider to your contract that explicitly states they don’t have rights to your Social Media accounts, but usually it’s either “do this” or “don’t work for us.”

If your employment paperwork does not explicitly state that you are required to give that information as a condition of employment, and you are still asked for it; refuse. Also note that you are not required to do so by your contract, and be very clear that you feel that logins are Personal Information and not subject to company disclosure. Let them know that they are very much welcome to view your public information, however; so that it doesn’t appear like you’re trying to hide anything.

In short, treat your FaceBook, Twitter, Pinterest and any other Social Media site login info the same as your bank account info, your medical info, etc. Unless you specifically agree – in writing – to give up that information as part of your employment, don’t give it up.

What if you get fired over this? I’m not a lawyer and you shouldn’t take any legal advice from me, so I won’t give you any. If you are terminated for not giving an employer your login information, seek legal help immediately. If you are denied a job for not giving your login information during an interview, seek legal help immediately. Many free advocacy groups exist, so hunt around and get help!

Secondly, if the employer in question is going to be that strict about your personal life, do you really want to work for them? If you have no choice (it is still a bad job market, after all) then you have to make a very tough decision, but if not, walk away. The employer may realize their mistake and ask you back, sans the request for your passwords.

To sum up: If the company only wants to see public information, or if you willingly agree to give them the logins in your contract, then give it to them. If they fire you unduly, or refuse to hire you because you won’t give them personal info, get legal help. But don’t raise the alarm over public data or data you agreed to give up, save that for the real bullying and privacy violations.

Photo Credit: Flattop341

Ready to hit the road?

Cat5I’m on a train.

No, really, I’m typing up this blog post as I travel from NYC to Rochester, NY.

That’s got me thinking about how we’re a mobile bunch – us IT folks – traveling anywhere we need to be to do the job we need to do.

This has got me thinking about how to manage Virtual Infrastructure while on the road, no small task, to be sure.

First, you need to have a connection to the Internet in general. On the ground, that’s not so hard, but does require some forethought. You’ll either need to know someplace where you can connect to WiFi, or else bring a mobile modem or WiFi hotspot with you where you’re going. You could tether your phone, but keep in mind that you may not be able to make or receive calls if you do that, so an independent data device may not be a bad idea if you travel a lot.

In the air, that’s a different story. Most major air carriers have WiFi on only a few – if any – flights. Check ahead to see if you’ll have access to connectivity as you fly the rarely-friendly skies.

Then, you’ll need a VPN. When doing remote admin for virtual systems, you will be talking to components like vCenter and Virtual Machine Manager, which means you’ll literally be transmitting the keys to your kingdom across the networks you’re on. Sending that data “in the clear” is a very bad idea.

Once safely linked to a network, you need the right configuration at your datacenter. For VMware, you can use the vCenter Web clients to do most things, but you may want a Remote Desktop Server to allow you to access the full versions of various tools while on the road. This might be Microsoft’s own RDP server, or could be a third-party remote-access tool to your own desktop – depending on the security policies of your organization.

For Cloud platforms, this becomes a bit easier. As these systems are typically designed to be administered via Web interfaces anyway, you won’t need the RDP server, but you still need the connectivity and security. Make sure your vendor supports linking to their tools over HTTPS/SSL and use it – always.

Once you have all these tools and tech lined up, you can administer your Virtual Infrastructure from just about anywhere you can get a mobile signal. Just remember to go slowly and ensure that you save your progress at every opportunity. You never know when the cell network will give up the ghost, leaving you with no connection and a lot of work half-done.

Photo Credit: nrkbeta

Traveling with your Mac and Gear

Airliner in flightNearly everyone will have to travel somewhere at some point in time. For work or play, we tend to travel a lot, on the whole. When you travel, you’re gonna want to take your Mac and your Apple gear with you, and that means you have to remember a few tips:

– Get a case. Nothing can ruin a trip like that $2000 plus MacBook Air getting banged up, and that one-piece case looks beautiful, but dents easily. Get yourself a carrying case and a skin or shield for it. Same goes for your iDevices. No matter what Apple says, a $3 screen shield is a good idea, and a case will often save you from a cracked device.

– Plan your baggage. Remember that iPads and MacBook Pro and Air are all electronic devices that must be taken out of your carry-on luggage and placed in a bin to go through airport security. Don’t bury them at the bottom of your bags and scramble for them in line.

– Get AppleCare+. Things get broken (even with care and cases) and get lost/stolen too. AppleCare+ and/or a 3rd-Party warranty (I use SquareTrade myself) can get your stuff back.

– Sign up for Find My i now. This service allows you to track your phone and iPad if you should lose them someplace. Quite handy when you’re not sure if you left your phone at the hotel, the client’s site, or the pizza joint you were just at.

– Get a travel power strip. You’ll be everyone’s friend with one of these things, because they turn one power outlet (which always seems to be hard to find) into three or more. Many vendors make travel-ready power strips that are compact, and typically have USB ports built in for your iDevices too. It’s hard to ask someone to unplug their stuff so you can charge, it’s easy to ask them to unplug it when you’re going to create three outlets that you both can share.

– Keep an eye on the FAA and TSA sites. The Federal Aviation Administration and Transportation Security Administration are changing rules quite often. They may be allowing more electronic devices to be used during takeoff and landing, or changing what kinds of batteries you can bring into the plane. Have a quick look at their sites before your trip, so you are in the know. Of course, if you’re traveling in/through/to other countries, you want to get up to speed on any local and national rules as well.

Travel safe, and travel sane!

Photo Credit: lrargerich