Cloud computing

Launched on the US market mid-November, the Amazon Kindle Fire tablet has yet to cross the Atlantic. With its 7” display, a mere 8GB storage capacity, and WiFi but no 3G connectivity, it’s unlikely to be seen as an adequate alternative for a BYOD iPad in the corporate environment.

What’s got us interested in a device that clearly targets the consumer market (why else launch it just in time for Christmas?) is Silk, the native web browser. To quote from Amazon’s web site:

“Amazon Silk is a revolutionary, cloud-accelerated browser that uses a “split browser” architecture to leverage the computing speed and power of the Amazon Web Services cloud. Supports Adobe® Flash® Player.”

That last sentence is clearly targeted at the iPad; if you’ve been following us you know how to solve that problem. So what about this “revolutionary, cloud-accelerated browser”, then?

On closer inspection, it turns out that Amazon has adopted very much the same approach to browser architecture that we’ve been offering for nearly three years. Silk, like CommonIT’s AirShip product, selectively executes browser components in the cloud, streaming the result to the device. When we originally developed this approach for the Virtual Browser product, the objective was to deliver a highly secure web browser by isolating browser execution from the end point device. We quickly saw that this also offered the opportunity to boost browser performance compared with a natively executed browser, especially on older or less powerful devices such as battery-powered mobiles and tablets.

Amazon has taken the same approach for performance reasons. Amazon, of course, has a cloud ready to use for this. So the cloud-based browser, an approach originally developed by CommonIT, is now going mainstream. It’s nice to have company! But if what you need is a browser for enterprise deployment, offering centralized management, multi-platform support (user and server side), directory integration, multiple concurrent browser configurations… there’s still only one solution.

In a rare show of Anglo-French synchronization, the IPExpo event in London last month was mirrored by IPConvergence running at the same time in Paris. Both shows pitched themselves to visitors as the meeting place for cloud, communications, and mobility.

In Paris, cloud infrastructure services – IaaS – and unified communications dominated the show, with large stands showcasing the Cloud offerings of a number of (ex-) ISPs, hosters, and telcos. The London event was stronger on solutions vendors with sponsor “villages” highlighting this or that vendor’s solutions and partner ecosystem.

But while vendors, operators, integrators and just about anybody trying to sell IT solutions is pushing the Cloud, where are the customers?

Faced with a plethora of offerings, the customer is anxiously trying to work out what the best solutions are for their business- and how to fit those solutions together. Cloud computing may one day boost agility, but right now it’s doing a good job of boosting confusion.

This is where Cloud Services Brokerage fits in. The Cloud Services Broker is a specialized third party who can identify, select, and integrate multiple cloud services according to individual customer needs.

What does this have to do with CommonIT? With a new solution, AirShip, CommonIT complements the Cloud Services Brokerage with a focus on the end user. Multiple services from different clouds are likely to be even more confusing for the end user than for the CIO. With AirShip, browser configurations and connectivity are managed from the datacenter or in the cloud, with no end-user intervention. As cloud-based services evolve and migrate between private or public clouds, AirShip allows the enterprise or the service provider to deliver reliable, transparent connectivity for the end user.

gPartner positions itself as a new generation of consultant, distributor and integrator for the SaaS market. Based in Paris and Lyon (France), gPartner is one of Google’s leading partners in the French market for the Google Enterprise family of products and services, with the expertise to integrate Google technologies in the core of the enterprise IT environment.

Seeking new ways to accelerate customer migration to online services, gPartner has turned to commonIT. With our Virtual Browser solution, the enterprise retains full control over end-user access to Cloud services through full management of the browser. Whether the need is for access and content filtering for security reasons, support for diverse end-point platforms and application environments, or to deliver transparent connectivity for end-users, Virtual Browser delivers performance and affordability.

The partnership with gPartner reinforces our positioning in the Cloud Services Brokerage market segment, where Virtual Browser facilitates and accelerates enterprise migration to Cloud Computing.

The browser is an integral element in the corporate Cloud strategy. The broad take-up of web technology with standardized languages and protocols has resulted in the browser taking on the role of a universal client for end-user access to web-based and cloud-based resources. Browsers are free, and everyone knows how to use one. Pretty compelling arguments when budgets are tight!

But is using an industry standard browser really a zero-cost proposition for the enterprise? Let’s take a look at some of the issues.

Consumer-driven technology. The browsers we’re all familiar all obey one fundamental design principal: they must be as easy to use as possible for the greatest number of users. They must not hinder the user’s interaction with the web and the sites they want to visit – no matter what content those sites are hosting. In response to the Web 2.0 drive to increased user interactivity with rich internet applications, the browser transparently downloads and executes “helper” applications (Ajax, Flash, Java, ActiveX for example). In other words, the configuration of the browser is unstable and unmanageable. Is this really what you want from a key element of the corporate information infrastructure, the user interface to business critical applications?

Insecure design. Security professionals are increasingly aware that browsers are inherently insecure. The problems are threefold: (i) the browser, like any complex software environment, will always be exposed to bugs and vulnerabilities; (ii) the browser, connected to the internet, is inherently more exposed to external threats than software operating primarily locally on the machine, with local data; (iii) the browser’s self-modifying architecture (via plugins, for example – see above) multiplies the two preceding security risks.

No protection for confidential data. The end user connecting to enterprise Cloud services from home or from a cybercafé using the locally-installed browser is a threat to the enterprise. Business-critical processes and data may be exposed, via the browser, to a PC over which the enterprise has no control. Even if the user is sufficiently security-aware (and technically competent) to clear the browser cache and history at the end of each session – and how many of your users are? – sensitive data may still be stored locally (Flash cookies, to give just one example, without going into spyware and other threats).

If corporate IT management is to take full control of the cloud computing environment, we need to rethink the client-side connection. A new browser architecture is needed, secure by design, protecting corporate IT resources against web-based threats.

For more about the security issues of the browser and the Cloud, take a look at our White Papers.

Microsoft’s staged launch of Windows 7 during the latter half of 2009 has left enterprise system and network admins facing a dilemna. Is now the right time to migrate? And what are the issues?

Given the widely acknowledged lack of enthusiasm for Vista in the corporate network, this means migrating from XP — and the default browser in XP, IE6. For Microsoft, there’s no problem. IE8, integrated with Windows 7, offers “a faster, easier, safer web” (compared, we presume, to IE6 and IE7). The problem in the enterprise is that many applications were (naively) optimised for IE6, and are dependent on certain Microsoft proprietary “enhancements”… which were subsequently dropped in IE7 and IE8 as Microsoft moved to improve compliance with W3C standards.

Will migrating the desktop to Windows 7 mean re-writing enterprise applications to ensure compatibility? Is it cost-effective? Can it even be done? And if we do go through with it, can we be sure we won’t be faced with another costly re-write the next time MS updates IE?

Complicating the situation for today’s CIO even further, compatibility is now about much more than just following Microsoft’s roadmap for Internet Explorer. Your users are chosing Firefox, Safari, or Google Chrome, with terminal devices become more and more diverse — user’s own PCs or laptops from home, mobile users running an unpredictable range of smartphones, netbooks and soon to arrive slate devices. As a system administrator, you no longer have the luxury of dictating the configuration of the end-point device. You’re expected to deliver a service irrespective of user choices of platform and browser. How many IT departments have the means to test and validate corporate web-based applications against multiple browsers running on multiple end-point devices?

Fortunately there’s a secure, cost-effective and future proof answer to the issues,. A solution which allows users running Windows 7 to access IE6 optimised applications and IE8, without the need to go through any sort of context switching or reconfiguration. The solution is Virtual Browser.

Virtual Browser allows you to migrate desktop PCs to Windows 7 while offering IE6 compatibility by virtualising the browser (IE6 — or any other industry standard browser), ensuring ongoing access to IE6-optimised applications, simultaneously with support for the most recent browser releases. In practice a fully optimised browser configuration (browser release, plugins, helper applications such as Flash and Java) is hosted by the Virtual Browser server and launched on demand for each user connection. Multi-browser support made easy — find out more from one of our customers here.

Malware researchers at McAfee Labs, the research division of McAfee, have just published their annual report “2010 Threat Predictions”. The browser, unsurprisingly, continues to be the principal vector for attacks, according to the report; the news is that social networking sites are fast becoming the main source of threats. One simple example: the popularity of URI shorthands (bit.ly, tinurl.com) to save characters in Twitter makes it easy to get even the most aware user to click on a “poisoned” link which may download malware or launch a cross-site attack.

The McAfee report also discusses the recent growth in exploits taking advantage of vulnerabilities in helper applications and browser plug-ins such as Adobe Acrobat and Flash. And they highlight the risk of HTML 5.0 “blurring and removing the lines between a web application and a desktop application”. The need for the enterprise to isolate different web usages based on security policies will become increasingly urgent in 2010.

The latest release of Virtual Browser introduces several new features (like every new release — with thanks to Mathieu’s team!). One of these new features in particular adds a whole new dimension to the Virtual Browser solution. Virtual Browser now supports delivery of ICA and RDP remote desktop clients, alongside our already familiar browser support (IE, Firefox, Java, Flash, etc). With this release the end-user now has access not just to web-based applications but to any application which can be virtualised, as well as full-featured virtual desktops.

It’s worth taking a few minutes to understand where we’re going with this. Release 1.3 offers a single, secure, platform-independent client delivering installation-free end-user access to any web-based or virtualised application without the need to worry about (i) the configuration of the end-point device; (ii) the compatibility of end-point browser configuration and the target application/server; or (iii) the appropriate network configuration (VPN, etc) to access the remote application. The objective is to position the Virtual Browser solution as the universal client for access to cloud-based services.

The “Cloud” and “Cloud Computing” are still relatively new terms and there are varying definitions of what they comprise. For us, they cover the full set of web-enabled or virtualised applications, hosted in the enterprise (the private cloud) or by third-party service providers (SaaS). What we’re seeing today is enterprises migrating step-by-step to cloud computing models, with the infrastructure becoming decentralised — some of it moving to virtual environments (Citrix and others), some of it onto the Intranet, and some moving to the Internet, taking advantage of Cloud offerings vendors like Google, Salesforce.com and other SaaS providers.

In positioning Virtual Browser as the universal client for cloud access, we’re facilitating enterprise migration to cloud computing by resolving three key management issues:

1. Security: encrypted traffic between the VB client and server, strong authentication, and support for multiple isolated user environments: Internet, Enterprise (internal) applications, on-line (cloud, SaaS) services, on both enterprise (managed) end-points and non-managed end-point devices.
2. Single point of management and maintenance — configuration, updates, patching — of the client environment, on a centralised server environment, clustered for redundancy and scalability.
3. Platform independence and compatibility: No matter what type of device the end-user is using or where they connect from, the application sees the same browser, eliminating compatibility issues and facilitating application development and support.

Hot on the heels of Virtual Browser version 1.2, version 1.3 is now ready for release. Why are we introducing two versions at so close together? Well, it’s part of an ambitious product roadmap which leads up to a full rollover to version 2.0 during Q1 2010. Regular intermediate releases help keep us focused, while fulfilling customer and partner expectations in terms of fast time-to-market for new features and functionality.

Virtual Browser release 1.3 delivers support for transparent authentication modes so that, for example, user authentication for Virtual Browser sessions can be based on Windows logon credentials. On the server side, Virtual Browser can now integrate ICA and RDP clients, opening up a whole new range of possibilities for enterprise deployments.

Looking ahead, the objective is to position Virtual Browser as the universal client for the Cloud Computing era. For the enterprise moving to Cloud-based solutions, Virtual Browser offers a single, centralized point of control for multi-platform access to any web-enabled or virtualized application, wherever it’s hosted. By integrating support for ICA and RDP clients on the Virtual Browser server, end users can access web applications and Citrix or TSE applications through a single, secure, multiplatform browser interface.

In Sizing the Cloud; Understanding the Opportunities in Cloud Services (published in March 2009) analysts at Gartner, Inc. predict a global market for enterprise cloud services reaching $150.1 billion in 2013 – more than three times the size of today’s market of $46.4 billion. The cloud-based enterprise will be dependent on the internet to an extent way beyond the situation today, and information systems and applications will be utility services, like water or electricity — a click of the mouse to bring up the CRM software and shut it down, with the user paying for a metered service.

As far as I’m concerned this is a fantastic development which will allow businesses to focus on — well, what they do best, where they can add value. Information resources will be available on demand, like tapwater. Except that a packet of data is not like a drop of water; those data packets may be carrying business-critical data. The internet is a two-sided coin for the enterprise: one the one hand, on-demand access to flexible, massively scalable information resources ranging from basic hardware platforms to individualized services and applications software; on the other hand, the vector for increasingly intense efforts to penetrate enterprise information systems for criminal gain. In other words, the enterprise is in the process of migrating it’s information resources to the most stressful environment you can think of if you’ve ever had to think about information security.

If the Cloud Computing paradigm is to fulfill its promises, we urgently need to find ways of reducing the stress of internet dependency. We need to protect ourselves from the internet that threatens us, to get the full benefits of the internet that will make our business more agile, more responsive, which will allow us to evolve and progress. If we can’t make the internet “stress free” we’ll start seeing the (costly) development of parallel secure networks for enterprise applications.

If the best way to avoid internet attacks is not to connect to the internet, that’s clearly an unrealistic approach today. What we can do, however, is to segment different usages, isolating access to sensitive, business-critical data and applications from the potential threats. While building an entirely new network is probably a stretch too far, a more realistic solution, perfectly feasible today, is to isolate individual web applications by virtualizing access at the source, the browser itself. Enterprise end-users access sensitive business applications and data over the internet using secure tunnels carrying virtualized browser sessions. With the virtual browsers hosted in close proximity to the applications, data need never be exposed on the internet with this architecture. We can’t clean up the internet to make it entirely safe for your business critical data and applications, but by ensuring that critical systems and end-user browser sessions are protected from attack we can bring a “stress-free” internet experience several steps closer for the CIO.