Remaining on Watch for HP Innovation
TBT: The things that we miss this season

One Course to Sail a 3000 Into the Cloud

People in IT have come to understand the meanings and potential for the term cloud computing. But plenty of them don't trust it, according to a recent survey. Not with many mission-critical apps, anyway. Since HP 3000 managers have always had a belt-plus-suspenders approach to datacenter management, we'll bet that a great percentage of them are among the doubters about cloud security.

Docker_(container_engine)_logoRemote instances of HP 3000s have been with the community as long as MPE could boot a server. But now, knowing which precise server will deliver an application isn't part of the cloud's design. Even as recently as this year, companies are getting by with 3000 computing by using a server located outside their site, sometimes even outside their state.

It's the state of cloud computing security that gives IT pros some pause. According to a study conducted this year by Unisys (remember their mainframes?) and IDG Research, more than 70 percent of 350 respondents feel security is the chief obstacle in cloud deployment. IT executives want to collect data about the security of data that's in the cloud.

The technology to put Linux instances into cloud computing is already available. And Linux is essential to installing the HPA version of CHARON from Stromasys. There's been no announcement of a cloud edition of the virtualization product. But Docker looks like tech that could help, according to our contributor and 3000 consultant Brian Edminster.

"Docker struck me as an easy mechanism to stand up Linux instances in the cloud -- any number of different clouds, actually," Edminster said. According to a Wiki article Edminster pointed at, Docker is based upon open source software, the sort of solution he's been tracking for MPE users for many years.

Docker is an open-source project that automates the deployment of applications inside software containers, "thus providing an additional layer of abstraction and automation of operating system-level virtualization on Linux. Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines," the Wiki article reports.

Docker is "a standardized software platform for delivering apps at scale," according to a recent article in Infoworld. And it's taking over the world, the article adds. 

Two major operating system projects have already started integrating Docker as a fundamental part of how they work. CoreOS uses Docker to create a pared-down Linux distribution -- one now available on Google Cloud Platform, appropriately enough -- where all software is bundled into Docker containers. Red Hat's already started building major support for Docker into Red Hat Enterprise Linux and has plans for a major reworking of RHEL around Docker, Project Atomic.

Early deployments of cloud applications, however, are mostly non-critical applications where security is less of a concern, according to the Unisys-IDG survey. Cloud servers present new risk considerations that a company like CloudPassage is glad to address.

There's genuine concern for keeping cloud servers more secure, because they present great targets of opportunities for fraud. From a report by CloudPassage:

Fraudsters demand a constant stream of freshly compromised servers to keep botnets running. An entire underground business known as bot herding emerged to capitalize on this illicit need.

Coyote e SamBot-herders make their living by building botnets to then sell or rent to other e-criminals. Compromising an elastic cloud infrastructure environment can return a windfall versus hacking into a traditional hardware server. If a bot-herder is able to place command-and-control software on a VM that later is duplicated through cloning or cloud bursting, the botnet capacity will automatically grow.

For stakeholders in cloud hosting environments, the implication is a higher expectation of being targeted for server takeovers, root-kitting and botnet command-and-control insertions

CloudPassage is the leading cloud server security provider and creator of Halo, the industry’s first security and compliance platform purpose-built for elastic cloud environments. Halo operates across public, private and hybrid clouds.

And, one would assume, Linux hosted on Intel cloud servers that could be cradles for CHARON instances. The last time we checked on this issue, the authentic HPSUSAN number -- now supplied on a USB drive -- was the narrow part of the passage in sailing the emulator onto cloud servers.

Caution has been the practice for much of the 3000 community over the decades I've watched it. Even when the HPSUSAN strategy is resolved -- assuming that's a customer need for Stromasys to address -- keeping those clouds clear of bot-herders will be essential.

Comments