Open Source at CenturyLink

July 30, 2015
By Jared Wray

We value participating in the Open Source community at CenturyLink. Just in the past year we have made sizeable contributions to the community with tools such as Panamax, Lorry, Image Layers, Chef integration with VMware, Iron Foundry, Cloud Foundry, xUnit.net, Chocolatey, and ElasticLinq. We just recently announced even more contributions.

Today is a special day as we get to talk about how we are transforming internally to streamline the process for enabling the usage of open source and contributions.

Where we started was what would be called a very traditional enterprise policy that limited contributions but also made it very complex and cumbersome if you wanted to use open source or contribute. This could take weeks of approvals and in some cases just didn’t make sense for our engineers to pursue.

We have made major changes to our policy focusing on how not only can we embrace open source technology but also give back. Here are the highlights of our open source policy at CenturyLink now:

Any engineer can contribute to a project as long as they follow the project’s guidelines. If they want to do this during working hours they just need their manager’s permission.

While building products and services, it is acceptable...

Read on...

AppFog Makes 12 Factor Apps Easier. But What Are 12 Factor Apps?

July 21, 2015
By Jared Ruckle

Businesses have a mandate to gain a competitive advantage from IT. Invariably, this discussion turns to cloud-native apps. Leaders ponder questions like “How can we create, run, and scale new applications quickly and easily?” “How do we experiment, get to market faster, and reduce the cost of trying new things?”

The answer: embrace the development and operational principles behind “12 Factor Apps.”

Our AppFog service (based on Cloud Foundry) makes it easy for developers to create apps that adhere to these 12 factors.

But what are these 12 factors? What does the developer need to do differently?

12 Factor Apps Meme

Thankfully, this phrase - defined on this manifesto - has avoided the fate of terms like “cloudbursting” or “as-a-service.” It has a very specific technical meaning, and strong roots with engineers, not vendors.

For those just getting started with cloud native apps, we thought it might be helpful to discuss each of the factors – and what you can do to adhere to each one. We’ve included quotes from the 12 Factor site when helpful.

###I. Codebase - One codebase tracked in revision control, many deploys

####WHAT IT MEANS Many organizations have siloed development and operations teams (unintentionally or otherwise). This results in different codebases; different versions across different systems,...

Read on...

Chef-Provisioning-vSphere driver now open sourced

July 20, 2015
By Matt Wrock

I am happy to announce that we have recently open sourced our Chef provisioning driver for vSphere. This driver makes it easy to provision Chef nodes on VMware vSphere infrastructure.

###What is Chef-Provisioning?

Chef-Provisioning (formerly known as Chef-Metal) is a fairly new offering from Chef that allows you to create Chef recipes to bootstrap machines. It extends the functionality of a recipe typically used for defining an individual node to potentially define all infrastructure for a distributed application or even an entire data center.

Chef-Provisioning introduces a collection of new resources to your recipes and at the center of these is the machine resource. With the machine resource one describes:

Hypervisor or cloud-specific properties of a machine Node attributes to associate with the machine A runlist that the created machine will converge

Chef Provisioning exposes a driver interface making it possible for any hypervisor, cloud or even some bare metal infrastructures to interact with these machine resources. There are currently several drivers available and today, CenturyLink introduces our own driver for vSphere.

###Chef Provisioning for the Enterprise

The CenturyLink-released driver fills in a significant gap for provisioning Chef nodes in enterprise shops that use VMware for their core virtualization technology. We began working on this in the spring of...

Read on...

Different Hosts for Different Folks – Agile Infrastructure Services & You

July 16, 2015
By Jared Ruckle, Product Management

Take a look at the application portfolio of any enterprise. The range and diversity is astounding. You’ll see apps running on many types of infrastructure (mainframes, physical servers, virtualized), and in different physical locations (on-premises, colocation, in the public cloud).

Layer in different development languages, the desire for managed services, plus security and compliance considerations by application – and it’s easy to see why IT pros yearn for simplicity and efficiency in day-to-day management.

And that’s just the legacy “keep the business running” stuff. What about the new, transformative apps that differentiate the business? Analytics, Hadoop, mobile, and cloud-native apps are a different challenge that require a different mindset.

Our goal at CenturyLink is to dramatically simplify the management of infrastructure that powers all these scenarios, and do it in a way that delivers a competitive advantage for the enterprise.

Today, we take a big step towards that goal.

Two new products join our flagship public and private VM-based services in the CenturyLink Cloud: bare metal (physical servers, on-demand) and AppFog (multi-tenant Cloud Foundry).

These four “core” capabilities offer customers the flexibility to use the right service based on their application characteristics: underlying architecture, elasticity needs, sensitivity of data, and level of isolation required.

What’s more, they...

Read on...

From Application Services to Bare Metal: A Complete Platform for a Complex World

July 16, 2015
By Richard Seroter

As comedian Louis C.K. put it, everything is amazing right now. Companies serve a worldwide audience by deploying apps almost anywhere in minutes, collect unprecedented amounts of data by processing hundreds of millions of events without breaking a sweat, and design resilient systems that quickly adapt to changing usage patterns and unplanned disruptions.

With all this power, comes complexity. The era of simple two-tier, single-technology apps is over. To achieve the scale and performance needed to solve modern problems and differentiate your company from competitors, developers often create powerful distributed systems made up of ephemeral containers running single function microservices based on cutting edge open source software, and all of it deployed via automation. Even if you’re not doing all of those things right now, your applications and services rarely fit neatly into a single host. What you need, is a platform that offers the optimal host for each component of your system.

That’s our focus at CenturyLink — but more on that in a moment.

Let’s look at an example. A typical business system has a number of components that comprise the overall solution. In the case below, a mobile user comes into the system via an app that leverages an API...

Read on...

Automated Patching: Improving security and efficiency in the Cloud

June 25, 2015
By Navin Arora, Operating Systems Product Manager

Cloud computing has automated the traditional IT world, reducing application development time, while increasing speed and agility. Most of the automation has focused on things that are mostly short term in nature, like spinning the servers up and down with the change in demand. However, when running critical applications, it’s important to keep servers patched and constantly up to date.

Maintaining server patching is as crucial in the IT world as maintaining our cars in our day-to-day lives. Patching keeps servers healthy to fight malicious viruses, repel hacker attacks and perform like well-tuned cars. Most managed hosting customers have their servers manually patched, by scheduling this with their service provider. However, self-managed customers have to patch their own servers, a process that is tedious and time consuming, as they must manually check for updates and install them.

CenturyLink Cloud now offers Patching as a Service to all our customers, both those that we manage as well as those that are self-managed, providing an automated, self-service patching approach that is both simple and provides for greater cloud security.

CenturyLink customers can now patch their servers, whenever they want, through any of the following three methods:

Blueprint- simply run the appropriate blueprint for the OS -...

Read on...

Run by Robots (and human experts when you need them, too)

June 15, 2015
By Jared Ruckle

Executives, IT pros, and developers are all looking for ways to inject more automation into their business processes. Public cloud services are a key enabler. But there are degrees of automation.

Run by Robots

To take this notion further, the Gartner Mode 1 / Mode 2 perspective on enterprise IT is a helpful frame of reference. Let’s start with Mode 2 first:

Mode 2 workloads – the cloud-native apps – are everyone’s favorite son. These “transform the business” projects are API-driven, and built to scale on low cost, elastic compute. Automation is central to application architecture and design - so much so that very small teams of engineers can create amazing apps that “go viral” worldwide. “Robots” do all the undifferentiated heavy lifting.

Mode 1 workloads – the existing “core” apps that run the business today – have a different slant on automation. These programs were largely designed for traditional infrastructure or basic virtualization, and as such, are ill suited for cloud scale. But the opportunity for automation exists in the form of day-to-day maintenance and optimization. Human experts are needed to keep these apps running - often in the form of outsourced managed services - since significant internal investment can’t be justified.

Our June release has...

Read on...

Cloud Security Tools and Services

June 10, 2015
By Ben Brauer

###Third in a series of 3 blogs on Cloud Security

Now that we’ve covered cloud security fundamentals and how CenturyLink secures its cloud, for our final post on security this week, we turn to addressing managed services for cloud-based resources.

Many cloud users would like to assign the majority of security responsibilities to a third party service provider, particularly if the workloads and applications are not core to their business. Yet maintaining a high level of cloud security is essential to their business. Using a cloud service provider with expertise in cloud security makes sense; the right provider will have a breadth of experience and skilled employees in this specialized field. In-house cloud security expertise is increasingly hard to find, and even harder to keep.

Security for Managed Server and OS

CenturyLink Cloud offers managed services for operating systems and applications, such as a Windows Server running IIS, Active Directory, or Redhat Linux machines running Apache Tomcat. These managed services include built-in security features and security options. For example, the Operating Systems come with industry-standard anti-virus protection and regular virus and malware signature updates. It has to be hardened, e.g. by closing off ports, downloading and applying the latest security updates...

Read on...

Is CenturyLink Cloud Secure?

June 9, 2015
By Ben Brauer

####Best Practices for Service Providers: 2nd in a series of 3 Cloud Security Blogs

Welcome back to our cloud security week! Today our cloud security series has a focus on how CenturyLink Cloud manages its cloud environment, per the shared responsibility model described in this week’s earlier post and our recently released Cloud Security Overview.

With security as the top IT concern for many years, it’s no surprise the industry worked hard to alleviate enterprise customer security concerns. Today many organizations actually feel more comfortable with security in the cloud than they do with that of their on-premises data center. One customer noted, “when we were running our own datacenters, it was a full time job just to evaluate and install all the required security patches. We just didn’t have the ability to get to them all. That was creating risk.”

Let’s look at some best practices in critical areas under the cloud security domain, including APIs, user management, logging, and identity and access management.

Securing API Calls

Application Programming Interfaces (APIs) allow you to integrate your cloud-based application with myriad other systems regardless of their locations or platforms. They’re great for business agility, but they introduce an additional...

Read on...

Security Matters - 1st in a series of 3 Cloud Security Blogs

June 8, 2015
By Ben Brauer

Security is paramount at every layer of the infrastructure stack, from the underlying hardware to the application itself. The advent of cloud and hybrid IT models has extended this conversation off-premise when creating cloud-enabled applications.

This is the first post in a cloud security series on topics ranging from the shared responsibility model to the intricacies associated with identity and access management, just to name a few. These posts build on cloud security best practices covered in our recently released ebook, 5 Best Practices for Cloud Security, and our detailed look at security in the CenturyLink Cloud Security Overview.

Today’s blog discusses the shared responsibility model and the least privilege principle. These two lay the foundation for most security decisions when adopting and leveraging cloud-based infrastructure resources. Without them, businesses using cloud may not know when or how to secure their environments or what actions authenticated users can take.

Shared Responsibility Model

The shared responsibility model describes an understanding between the cloud provider and its users, where the provider manages security of the cloud and users managesecurity in the cloud. Security of the cloud normally constitutes physical assets, underlying network and IT infrastructures, and foundational...

Read on...

Ecosystem Showcase: Add Layers of Security to your CenturyLink Cloud Networks

June 5, 2015
By Margaret Walker, Cohesive Networks

Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology ecosystem to share how they leverage our platform to enable customer success. This week’s guest author from the Cloud Marketplace Provider Program is Margaret Walker from Cohesive Networks, a software-defined networking company.

Cloud computing effectively outsources a lot of the traditional data center operations and management roles and responsibilities. Cloud providers build data centers that are faster and cheaper than most enterprises. That's great but what does that mean for the way you, the cloud users, secure your cloud resources?

Public cloud is arguably just as secure as an on-premise data center, but getting data to the cloud uses the public internet. The public internet is just that - public. Your data in motion moves from your device, over the public internet, then into a secure cloud environment.

Shared Attention: Overlapping Security Controls Are Powerful

CenturyLink is excellent at building secure data centers, screening and vetting their staff, and automating security controls that support their compliance policies. With a solid cloud platform, you no longer have to worry about hardware and virtual security in Layer 0 – 3.

So the underlying cloud is secure, which means you have...

Read on...

Seven Secrets to High Availability in the Cloud

June 4, 2015
By Kevin Yurica, Product Marketing Manager

It’s no secret that enterprise applications are increasingly being operated in ‘cloudy’ environments. When systems are moved to the cloud, they often are moved partially or relocated in stages that are instep with the evolution of other IT systems. Even when traditional back-end enterprise systems such as ERP, data warehouse and similar systems remain entirely in-place, they’re increasingly being augmented or extended with vendor software and services that reside in the cloud. For example, many organizations have already integrated Salesforce.com into their back-end enterprise systems, and these back-end systems often reside on premise or in a colocation environment. Thus, Hybrid IT is already the current reality for many IT organizations and is on the road to becoming ubiquitous. Optimizing Hybrid IT architectures, from an availability perspective, is the central question considered here. If Hybrid IT is the new normal, then what are the implications for how we design and manage systems that run across multiple data centers in different locations? In a new whitepaper titled the ‘Seven Secrets to High Availability in the Cloud’, lessons are borrowed from distributed computing and applied to Hybrid IT scenarios which reveal opportunities for improving availability, despite growing complexity.

The ‘Seven Secrets to High Availability...

Read on...