Welcome!

@CloudExpo Authors: Pat Romanski, Zakia Bouachraoui, Yeshim Deniz, Liz McMillan, Elizabeth White

Related Topics: @CloudExpo, Microservices Expo

@CloudExpo: Blog Post

Logs for Better Clouds - Part 5: Daisy Chaining Clouds

How transitive is Trust?

Daisy Chaining Clouds, how transitive is Trust?

So we talked about some of the challenges - and hence opportunities - faced by Cloud Providers.  Last time we talked about Trust, and how important Trust is for business relationships.

Trust is already difficult in pretty straightforward environments, but in the context of Clouds, it can become very fuzzy...   Read on.

Clouds: Providers, Clients, Partners and Competitors... all at the same time!

We could imagine a world where there are so many cloud providers, so many interconnections between them and so many trust relationships that end-client duties are performed by different cloud providers based on the time of the day, the type and complexity of the task or any other criteria.

This means that a Cloud Provider can be both provider and client.

We could even envision that some Cloud Providers can be both partners as well as competitors. In fact, it is not uncommon for business entities to collaborate on some projects and compete on others. So are these Cloud Providers friendly partners or are they enemies?

In the following diagram, Client A1 uses B1 and B2 as a SaaS Software as a Service provider.  B1 uses C1 and C2 as PaaS Platform as a Service provider. And C1 uses D1 and D2 as IaaS Infrastructure as a Service provider.

Client A1 and Client A2 are competitors.  Cloud Providers B1 and C2 also are competitors, although C2 provides service to B1.

How would it be possible for all of these entities to collaborate despite requirements for secrecy in a climate of suspicion?


Figure 4 - The layered structure of subcontracting within Cloud Providers.

Inter-Layer Relationship

In the figure below we can see a logical diagram of a Cloud Provider (Layer N) and its interactions to neighboring layers, layers N-1 and N+1.


Figure 5 - High-level view on the operations of a Cloud Provider

At any layer within this hierarchical view, a provider (Layer N) accepts requests for a specific service to be rendered, either from an end-client or from another Cloud Provider.

The Layer N uses internal computing resources to perform this service (Local Processing, Processes A-F), and can even subcontract some or all of the required computing resources to a layer below (Layer N+1).  In this case, it requests to Layer N+1 a service to be performed. Upon receiving the result back from the subcontracting (N+1) layer, and combining it with its own processing, it will finally deliver the final result to the originally requesting Layer (N-1).

Please trust me.

If you (Layer N) trust your provider (your Layer N+1), who trusts its provider (your Layer N+2), do you trust your Layer N+2 also?

Not necessarily...

Trust is transitive in nature, but the more degrees of separation, the more trust relationships fade away.

And although there is implicit trust between you and your Layer N+2, explicit trust would be better. Why exactly does your provider (your Layer N+ 1) trust its provider (your Layer N+2)? And are these reasons shareable?  If your Layer N+2 gives your Layer N+1 permission to share these reasons with you, and if for you these reasons are sufficient, then you just went from implicit trust to explicit trust.

You can now decide to trust or not trust your Layer N+2, it is an informed decision that you are making.

So, in this environment, what is the information that needs to be exchanged between these different layers to enable effective collaboration while protecting trade secrets from potential competitors?

Verifiable reports based on actual logs.

Sure, it is not easy to define what reports will be required to build confidence and foster trust while protecting intellectual property and trade secrets.  These reports need to describe and demonstrate usage and performance of computing subsystems, yet should not go so deep that it becomes obvious to understand precisely how these computing subtasks are defined.

There is a difference between the actual raw logs that are collected and managed, with the higher-level view of the reports.

Logs will allow for a very precise understanding and visibility into the "how", and higher-level reports will provide the level of transparency required for Trust, SLA, usage and performance measurement.

Next time we'll look at some Critical Success Factors required as basis for Log Management solutions.

More Stories By Gorka Sadowski

Gorka is a natural born entrepreneur with a deep understanding of Technology, IT Security and how these create value in the Marketplace. He is today offering innovative European startups the opportunity to benefit from the Silicon Valley ecosystem accelerators. Gorka spent the last 20 years initiating, building and growing businesses that provide technology solutions to the Industry. From General Manager Spain, Italy and Portugal for LogLogic, defining Next Generation Log Management and Security Forensics, to Director Unisys France, bringing Cloud Security service offerings to the market, from Director of Emerging Technologies at NetScreen, defining Next Generation Firewall, to Director of Performance Engineering at INS, removing WAN and Internet bottlenecks, Gorka has always been involved in innovative Technology and IT Security solutions, creating successful Business Units within established Groups and helping launch breakthrough startups such as KOLA Kids OnLine America, a social network for safe computing for children, SourceFire, a leading network security solution provider, or Ibixis, a boutique European business accelerator.

CloudEXPO Stories
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or personal computing needs.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | DevOpsSUMMIT | CloudEXPO New York will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018. Polish Digital Transformation companies which will exhibit at CloudEXPO | DevOpsSUMMIT | DXWorldEXPO include All in Mobile, dhosting, Cryptomage, Perfect Gym, Polcom, Apius Technologies, Aplisens, ELZAB SA, TELDAT, and Rebug.io.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to advisory roles at startups. He has worked extensively on monetization, SAAS, IoT, ecosystems, partnerships and accelerating growth in new business initiatives.
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app security and encryption-related solutions. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University, and is an O'Reilly author.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.