The Difference Between a Virutal Server and a Cloud Server: API (Cloud Computing)
In the classical web hosting business we are currently seeing a trend of what many are calling cloud washing: Every product gets a “Cloud” label attached. A good example is: It is not a virtual server anymore, it is now a cloud server.

If you follow the widely accepted definition of what cloud is (for instance see the wikipedia article about cloud computing) you realize that a so-called cloud server (or formerly known as a virtual server) is only by some means a cloud product. However, at least one important property of a real cloud server is missing from many so-called cloud servers: an API to program them. If you as a user can setup, start, stop, restart, terminate or clone a virtual server by using an API it might qualify as a real cloud server.

For me as a technical guy and CTO of a startup it is very important that I can program virtual - ähm - cloud servers. This allows me to use virtual machines just like any other software library and run different workloads on them. This is also the enabler for many vertical scalability solutions I am working on.

If the hoster of a cloud server product or should I better call it a provider is offering libraries for all the major programming languages (e.g., Java, Python) out there that wrap the cloud server API this is a big plus. A plain JSON, SOAP or whatsoever API is fine however wrapping these technologies in code is cumbersome and error-prone. If the hoster or provider does not offer libraries for his API some open-source projects exist that might fill this gap (e.g., JClouds).

So, for me a cloud server needs an API and a library wrapping this API for major programming languages besides many other important cloud computing properties to be a real cloud server.

This text represents my personal opinion and has nothing to do with any company I associated with.
Posted by Thomas King at 09:38 2013-07-26 | Trackbacks (0) | Comments (0)

Does a Minimal Viable Product Need Any Security Considerations? YES! (Cloud Computing)
I really like the lean startup movement. It is result and data driven, and leads quickly to products customers want. One big building block of the lean startup movement is a so-called minimal viable product. The concept of a minimal viable product means that you build a product with a minimal set of features that might not be completely finished and you show this product to your potential customers so that they can give you feedback about it. You use this feedback to improve your product and add the features customers ask for.

If you just started working on your startup and you just finished your minimal viable product please think twice: Did you add security to all the parts of your minimal viable product that work with sensitive customer data?

I consider security a critical component of a minimal viable product that handles sensitive customer data because if you do not have security in mind while building your minimal viable product it might happen that your customers will sue you before you get of the ground. For instance, if you are storing loginnames or passwords of other cloud services or bank account information and this data is lost because you got hacked your customers will turn on you and make sure there is no version one of your product.

I am not saying that you need a multi-layered, very complex security concept already implemented in your minimal viable product. However, I am saying provide basic security measures for the sensitive data of your customers. These first steps already made during the work of the minimal viable product will help you adding more relevant security features while your product grows. And the basic security measures let you manage the security risks you are facing during the early versions of your product.

I am not telling you this story out of the blue. At a startup a friend of mine works it happened that they got hacked a couple of weeks ago. However, because they had added a certain layer of security to their minimal viable product the hacker could not retrieve any sensitive data of customers. So, be aware and think twice of security!

This text represents my personal opinion and has nothing to do with any company I associated with.
Posted by Thomas King at 22:38 2013-07-25 | Trackbacks (0) | Comments (0)