Tuesday 20 October 2015

How a VPN Works

How can you connect two networks in geographically separate locations without installing a private connection between them? How can a software development company provide remote services to allow users to access corporate services that need to remain protected from the prying eyes of the public Internet? The answer to both questions is to use a Virtual Private Network (VPN). VPNs provide virtual network links based on encrypting and isolating traffic at the packet level while using commodity Internet services for transport. The two most common uses of VPN are to link branch offices or remote sites together (called LAN-to-LAN tunneling, or L2L) and to provide remote access to office environments (called Remote Access [RA] VPN).

L2L tunnels are used widely for private communications between corporate networks and other trusted networks, which could be remote offices or other corporate-controlled networks, or third parties (for example, for outsourcing or Business-to-Business [B2B] data exchange). The L2L tunnel can be thought of as the “industrial-strength” VPN approach, typically used in the same way that a point-to-point circuit or private network link would be used. VPNs are a default approach to secured communications between any two parties, because the conditions and traffic allowed on the VPN can be strictly controlled from either end of the tunnel. L2L VPNs typically require a device on both sides of the connection that can support the same features and capabilities, as all settings need to be identical on both endpoints of a VPN for a tunnel to be created. While there is no way to provide Quality of Service (QoS) with Internet-based VPNs, since the routing of the traffic is still at the discretion of the layer three pathway, they are fast, convenient, and secure.

RA VPN services enable users to work from a remote location as if they were physically in an office. For both convenience and cost reasons, RA VPN services are becoming more prolific as telecommuting and third-party system access become increasingly important to a variety of businesses.

How a VPN
Works The goal of a VPN is to provide a secured communication channel through a network, most commonly a private tunnel through the Internet. To do this, the traffic is encapsulated with a header that provides routing information that helps the traffic get to the destination. The traffic is also encrypted, which provides integrity, confidentiality, and authenticity. VPN has great importance to software development companies in India.



A VPN is referred to as a tunnel because the client does not know or care about the actual path between the two endpoints. There are many types of non-encrypted tunnels available today, such as Generic Routing Encapsulation (GRE) tunnels, which make two places on a network appear closer together. While a VPN topographically does the same thing, the private component of VPN refers to the encryption. For example, suppose a branch office is linked to the corporate network by a VPN. There might be a Border Gateway Protocol (BGP) autonomous system (AS) path 15 hops over the public Internet between the corporate VPN device and the branch office’s endpoint device, but once the VPN is established, any clients using this connection will only see the single hop between the VPN endpoints.

A trace route over a VPN can neatly illustrate this concept. Figure demonstrates this logic. In the figure, the Internet cloud represents all of the potential connections and transit points that might actually be taken by packets traveling from the client to the server. The path from client to server represents the logical tunnel—to the client the connection looks like a direct path through the Internet.


Most VPN tunnels allow for the encapsulation of all common types of network traffic over the VPN link. IPv6 connections can also be transported across IPv4 networks using tunneling, but these types of tunnels are not necessarily encrypted, and by themselves are not a VPN (they are referred to as dual-stack tunnels, and there are a few different methods for using them). The ultimate goal of VPN service is to allow clients to have the same functional capabilities through the tunnel that they would have if they were locally connected to their corporate network—in short, secure remote access. Ref – custom software development companies

Saturday 17 January 2015

Cloud selection basis - few other parameters

We are exploring other few factors that helps in deciding cloud vendor. Software companies in India recommend following factors/elements to be considered.

  • Speed to deliver or network throughput
  • Data in Motion
  • Logging and Audit
  • Help and Support
  • Additional features
We will discuss each point in detail.

  • Speed to Deliver and Network Throughput
The speed at which the user can push or pull data to cloud storage determines the throughput. If the cloud provider went “low end” on their choice of upstream networks (high packet loss) or under provisioned bandwidth for the storage deals they sell (thin pipes), that “unlimited storage” deal suddenly looks a cloud mirage. It’s always better to insist on a trial period (most providers offer them) and monitor throughput both up and down with real data over a number of days.

  • Data in Motion
However, if the cloud providers offer multiple methods (or protocols) to access their service, users may opt to use a weaker than default option; e.g. FTP or WebDAV with no SSL. One thing to avoid is confusing the encryption endpoint cloud providers use when the users of cloud push/pull the data, with the encryption they use on their website. So users might check their website SSL certificate, see it’s issued by a reputable CA and feel reassured.

In reality, the company devices will communicate with their storage endpoints running on different servers with different SSL/TLS setup. And this is where problems can creep in. For example; a provider may require user to use their software to access their service. Their software may not be programmed to verify the SSL certificate of the storage endpoint (this is not specific to storage security; it’s surprisingly common across SSL clients). But since users are using their software, they won’t see any message alerts or pop-up boxes warning that their SSL session is subject to a man in the middle attack.

  • Logging/Audit:         
Some cloud storage providers do not provide any user accessible logs. What data was accessed by who and when is kept hidden many times. It’s safe to assume that if they do not expose this data to users via their website or an API, the users will not be able to obtain this information. This is nearly always the case on free plans. Logging and audit features tend to come with “Professional” and “Enterprise plans”.

Storage providers offering monthly plans generally do not charge separately for logging – it’s usually baked in (but do double-check before signing up).

Supplemental to logging and audit trails is whether the storage provider exposes an event API. This is like an activity feed that a program can subscribe to and react to events. For example; if company business partner started erasing all the shared files, one could find out in real-time… Real-time notifications (with a way to program a “reaction”) may be the fastest way to learn when cloud account or file has been compromised."

  • Help and Support
Help and support for Cloud and Online Services and provided with Links to customer service, technical solutions, and answers to top cloud computing issues. Also if the users don't find the solution, they can have more options in the troubleshooting tool and provide with recommendations. Having a 24/7 support is what the users shall look for considering the users reside in different time zone.

  • Additional services
"Cloud storage providers oversell storage to survive in a competitive market: for every 1GB of space they “have”, they will sell it many times over. This is a common business practice and works when there is reasonably predictable consumer behavior. In short: the majority of “pre-paid” customers don’t use all the resource they are entitled to.


Monday 8 December 2014

Basis of cloud selection – Compatibility, Reliability, Scalability, References, Trust and User-friendly environment


We have checked the importance of backups, SLA, Location, Exit criteria and Accessibility in previous post for Software development companies in India.  We would explore and discuss few other parameters that are very important for cloud vendor selection namely compatibility, Reliability, Scalability, References, Trust and User-friendly environment.

  • Compatibility - Compatibility of the SaaS, PaaS and IaaS services with your applications, systems needs to be optimum to work with your organization, users, and customers. 

  • Reliability - Even without outside attacks, Cloud services may fail. However online storage can be reliable as well, as we know that the workstations may crash some time leading to loss of data, which is less probable if it is stored on the cloud.

  • Scalability - Companies data storage requirements double every 2 years. Ensuring if the data center can accommodate this growth is needed.

  • References - Before you making a commitment, the companies should ask the vendor to submit three customer references. Then the buyer should run down this list and check off each point that the references respond to positively. If a positive reinforcement on each and every point is received, one can be sure about that cloud providers credibility to some extent.

  • Trust - The public cloud services providers have to improve and aggressively guarantee SLA performance to meet enterprise expectations before some of the “trust barriers” that have formed can be removed.

  • User-friendly environment - The companies should look for a cloud station where you can move about intuitively, quickly and with immediate signs of progress. Whatever the user experiences in the first five minutes generally gives a very good indication of what the rest of the activity will be like. 

Software development companies in India can refer above points while giving suggestions and inputs for cloud vendor selection.

Wednesday 5 November 2014


Basis of cloud selection – Backups, Service Level Agreement, Location, Exit Strategy and Accessibility


We discussed the importance of four parameters while selecting cloud computing that custom software companies in India take into consideration. We discusses other five parameters namely backups, service level agreement (SLA), location, exit strategy and accessibility below. 

  • Backups
This parameter shall help understanding if the cloud providers offer better/faster backup and recovery of your data, and so will be going to the cloud part of your disaster recovery / business continuity solution.

  • Service Level Agreement
While selecting the cloud provider, one should look for the answers to the following questions: 
  1. Can the service provider deliver on your service level requirements?
  2. Can they provide a history of outages, recovery times, and impact to the customer? 

The downtime can be far more devastating financially than the credits received back from the provider for missing an SLA.

  • Location:  
The facility should be physically secure. It should be checked if it is located on a fault line. The high risk area/coast should be explored. Also if they are geographically diverse, how their International relations are can be explored. If they have data centres offshore is the data replicated to those data centres in time is another related question.

  • Exit Strategy
The time required to move out of the cloud, or to another provider needs to be calculated. Selection of a cooperative cloud provider who would deliver seamless transition in that case is important.

  • Accessibility
The companies opting for cloud should have the access to their data whenever needed within no time. Making sure that the corporate strategy and technology strategy require that users have 24/7 access to data, regardless of geography and platform. 

Tuesday 9 September 2014

Basis of cloud selection - Security, Risk, Legal and Cost


Taking our discussion further about parameters to select right cloud solution provider, we would discuss four parameters in detail namely Security, Risk, Legal compliance and cost.

  • Security
By its nature, an attack on a Cloud service can affect a huge number of people at once. The level of security/protection than your current environment has always been the highest concern with the adoption of cloud services. This extends to the concerns about the credibility of the third party audit reports on their security. Network security, Data protection and application security are the top priorities. Hence if the cloud can provide secure services this could be the biggest advantage and the growth driver. (SAVVIS, 2014)

  • Risk
The risk taking ability of any organization becomes another deciding factor behind the adoption of cloud services. It leads to the decision on amount of resources/mission-critical data that the organization can keep off-premise. This parameter would lead to the calculation of the likelihood of bankruptcy / likelihood of failure / likelihood of negligence. This can be used to understand who will be accountable and what the cost of downtime greater than the savings, will be achieved by moving to the cloud. This will make a big difference when up against a risk averse culture. (bmcsoftware, 2014)

  • Legal
Does a cloud environment meet compliance requirements (HIPPA, CJIS, PCI, retention, SOX, etc.) that your current environment does not support or would otherwise be too expensive to build? It is good to ask following questions while choosing the cloud provider.
  • Who owns the data?
  • What’s your access to the data?
  • Does it comply to government and other regulatory bodies?
Most providers will provide auditable information that their systems and servers meet compliance standards but the accountability is generally on the customer to report and prove compliance to a governing agency or standards. Cloud service providers will generally not indemnify customers when it comes to the customer’s lack of compliance (bmcsoftware, 2014).

  • Cost
The profits and the cost savings that can be made by availing the cloud services have to be analyzed and thus foreseen significant net savings to the organization over 5-10 years can be calculated. Considering the opportunity costs with the cap-ex while the op-ex is being foreseen is important. One can factor the costs to organization (people, energy, space, insurance, downtime, training, etc.) Cost estimation is mandatory process and the market research shall reveal the trends.

Monday 1 September 2014


Basis of cloud selection


Based on various articles and the research work, consolidated list of parameters are defined that small scaled company should evaluate before cloud implementation. The research has been exhaustive and it led us to these parameters for deciding whether a vendor can be selected or not. Business environment of the startups and small scale IT companies has been studied along with the current trends.  This was done via a survey. The inputs of several corporate personnel have been taken, to understand the issues and challenges and the benefits that they reap with the current working IT infrastructure. 

However brainstorming was done to decide on the services to opt for on the basis of their benefits and costs with the help of certain parameters. These parameters were found to form the basis for deciding which services will benefit small companies. They will help the startup companies understand if they should take their business on cloud (completely or partially).

The following are the parameters that should be ideally considered for opting for these cloud solutions by any small scale IT Company:

    1. Security
    2. Risk
    3. Legal
    4. Cost
    5. Backups
    6. Service Level Agreement
    7. Location
    8. Exit Strategy
    9. Accessibility
    10. Compatibility
    11. Reliability
    12. Scalability
    13. References
    14. Trust
    15. User-friendly environment
    16. Additional services
    17. Speed to Deliver and Network Throughput
    18. Data in Motion
    19. Logging/Audit
    20. Help and Support
We would discuss the importance of each parameter in subsequent pots.

Monday 18 August 2014


Comparison of Cloud Service Models

This comparison has been done on the basis of the services that are provided by each type of model, its Service Level Coverage and the customization flexibility for the different types of consumers.


SaaS
PaaS
IaaS
Consumers
End Users
Application Owners
·      Application Owner or IT provides OS
·      Middleware
·      Application support
Services Provided
Finished applications
·      Runtime environment for application
·      Cloud Storage
·      Other Cloud Services such as Integration
·      Virtual Server
·      Cloud Storage

Service Level Coverage
·     Application uptime
·     Application performance
·      Environment availability
·      Environment Performance
·      No application coverage
·      Virtual Server Availability
·      Time to provision
·      No Platform or Application

Customizations
·     Flexibility from minimal to no customization
·     Capabilities dictated by market or providers
·      High degree of application level customization available within constraints of the service offered
·      Many applications will need to be rewritten
·      Minimal Constraints on applications installed on standardized virtual OS builds