Cloud Track at WSO2Con Europe

WSO2Con Barcelona agenda is now live including the Cloud track near and dear to my heart. Here’s a quick overview of what to expect:

1. Cloud Strategy – track keynote – we will go through all things cloud with WSO2 technology: our work with Apache Stratos, private cloud, dedicated cloud, and our shared public cloud services,
2. Still to-be-announced session on IaaS platforms and how we work with them,
3. Apache Stratos Roadmap and Strategy – Apache Stratos is a community project to which we are one of the key contributors and which we at WSO2 are using a lot internally for our own products and services,
4. WSO2 Private PaaS – the private PaaS platform that we built on top of Apache Stratos,
5. App Factory – our DevOps PaaS that integrates all aspects of application and API development and hosting: from specs and task/issue tracking, to code repository, resource provisioning and management, application lifecycle management (ALM), and production hosting,
6. Public Cloud – we will be for the first time publicly promoting the shared public cloud platform that we are developing for application and API development, management and hosting,
7. How we built WSO2 cloud – our cloud team sharing details of our own cloud design: how we used WSO2 products to assemble and run our public shared cloud – a great source if information if you are considering doing something similar internally or for your clients,
8. Getting more 9s from your cloud operations – the Operations side of how we run our cloud and ensure its high availability,
9. Buyers guide to all things cloud – we will summarize all things cloud on the market today, and perhaps also have customers share their experience in building their own clouds.

Besides the Cloud track, there will also be tracks on Integration, API Management, Application Development, Big Data, Security, Mobile, IT Strategy, and Partner track, plus detailed pre-conference workshops, meetings with the key members of the WSO2 team and much more.

See full agenda here.

Early bird registration is still available.

See you in Barcelona this June!

Checklist for Cloud Service Operations

I knew one software company that failed their SaaS transition because they chose to cut a few corners with the operations. Since they were software engineers, they did not really want to spend time on such mundane tasks as security, auditing, backups and so on. One day they let a disgruntled employee go, the guy went to an internet cafe, logged into the hosting account with the shared admin credentials, and deleted all customer data.

There were no backups or data replicas to bring the data back, no personal admin accounts or procedures to prevent such an incident from happening, and even no monitoring to learn about the issue before customers did. This was the end of this SaaS application – it just never recovered.

Cloud business is more than just putting some code online (and collecting money ;)) Whether you are offering Software-as-a-Service (SaaS) web application, Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS) – what you are offering is more than just your code – it is your service.

Even if you do not offer a formal service level agreement (SLA) and have a statement in your Terms of Service that you are not liable for anything, your online application or platform is still a service so your customers expect it to be reliable and secure.

At our recent WSO2Con, Chamith Kumarage delivered an excellent session on how our Cloud DevOps team works. If you are delivering a service online (or considering doing so) – make sure to watch the recording (quick registration required).

Here’s my quick summary of Chamith’s advice:

1. Automate everything: repetitive tasks not only are inefficient and mundane, and eat your time. When done manually they are unreliable. Humans tend to do things slightly differently each time they do them, or not do them at all.

2. Tasks are really parts of processes: when you come up with something that needs to be done, ask yourself what is the process flow for this task? For example, a data backup is really a part of a process that includes:

• Scheduled (e.g. at 1 a.m. every day) script which creates a backup,
• Some sort of monitoring system which verifies that the script ran and the backup got created,
• Notifications on failures and procedures that need to be followed in not,
• Backup testing: automated and/or regular manual recovery drills (if manual then documented and performed by different team members).

3. Design for failure: everything will be failing so make sure that your system can sustain the failures. For example, if your system uses multiple virtual machines in the cloud, keep running a “chaos monkey” script which keeps randomly killing the instances and automated tests which ensure that these instance failures do not affect the overall system (by the way, see how Netflix does that.)

4. Self-healing and success verification are critical for all tasks. Any task and operation can fail (see above) so the system should not get “surprised” but should always automatically validate the action results and if something didn’t go right – implement the healing procedures (start new instances, retry, and so on).

5. Enforce discipline, processes, automation, checklists. Document everything. This will make your processes repeatable and reliable.

“Bus monkey test” (related to the above) if one of your team members gets hit by a bus – all operations should keep working: everything needs to be documented and tried by other team members. (* This is a mental experiment – do not actually hit your team-members by busses :))

6. Monitoring and analytics: the key is not to collect and show tons of data and alerts, but be able to quickly detect abnormal behavior.

7. Communications: your dashboards should quickly and clearly give you the big picture and relevant details. Key metrics and system state should be something that everyone sees and understands, effective drill-downs should make it easy to understand and fix stuff.

8. Agile delivery: waterfall processes in the cloud are bad and stressful.The smaller the changes and the more often and in more automated fashion they are – the more mundane they become: which lowers the risks and improves the skills and reliability. Cloud and big-bang releases do not go well together.

9. Use standard tools and native systems of underlying platforms – do not reinvent the wheels. For example, if the platform gives you SQL-as-a-service (Amazon RDS, Azure SQL and so on) – use those and not your own MySQL running on a virtual machine.

10. Post-mortem analysis is a must. If something did get wrong after all, you need a formal investigation process:

• What happened?
• Why and what needs to be done to prevent this in the future?
• If automated monitoring didn’t catch it, why and what needs to be done to prevent this in the future?
• If validation and self-healing didn’t catch it, why and what needs to be done to prevent this?

Full session recording and slides are available here.

Building WSO2 Cloud

This year I changed my job and became in charge of the Cloud business at WSO2. This means that now on this blog you will have even more “cloud stuff”, so I thought I would start with a quick intro to why I joined WSO2 and our general cloud directions.

Sorry if the stuff below sounds a bit salesy. 🙂

WSO2 started as a middleware company – with an enterprise service bus – WSO2 ESB – that is still one of the leading products in the industry.

For those who do not know, ESB is basically a system that helps connect all the discrepant IT systems that you might have – all talking different protocols, formats, etc. – so you can create your enterprise applications that use all the building blocks that you have in the company.

What made WSO2 cool (besides amazing performance and the fact that everything they produce is open source under Apache license and that all the core product discussions happen in the open, in public newsgroups) is that early on, the company designed the product to be a platform (called Carbon) which has many building blocks (for identity management, various protocols, event processing, transformations, analytics and so on) which the company then used to deliver a huge set of successful products:

• ESB,
• API Manager,
• Identity Manager,
• Business Analytics Monitor,
• Complex Event Processing,
• Private PaaS,
• App Factory,
• Enterprise Mobile Manager,
• and many more.

All of these built from the same Carbon platform – which is very impressive.

This basically pushed the company from middleware provider to become a supplier of one of the most comprehensive platforms that the biggest enterprises are using to turn their IT platforms into Connected Business – unified system serving APIs, mobile apps, portals, applications and services connecting the company’s resources with employees, partners and customers.

Companies like Boeing, eBay, and StubHub are using this platform to run their systems – so inadvertently you have probably been a user of WSO2 technology one way or another.

Now my goal within WSO2 is to extend the reach of our technology to companies which would like to consume it as a service.

Coming from both enterprise and cloud background, I can attest that the collection of technology that WSO2 has is probably the most comprehensive cloud platform in the industry today.

At the moment, this technology gets used mostly in private cloud scenarios. My team is now actively building the public cloud side of the story. Stay tuned!