« The Paradox Of Positive Elasticity | Main | Questions And Answers »

October 15, 2009




Great observations about trust in the cloud. I would also submit that CSC's Trusted Cloud Orchestration strategy is another viable means of achieving the desired degree of visibility into the operation of cloud services. Our approach is documented here:


The author Ron Knode is active in cloud standards development with a particular emphasis on IT Security (although CSC's cloud ourchestration vision is a superset of more than just IT security, audit and compliance functions).

CSC's vision of this "Trusted Cloud" is summarized as follows:

"What we desire is nothing less than a trusted cloud – i.e., a cloud that harmonizes the security for transactions and data with comprehensive transparency of control and result, such that it conveys evidence-based confidence that systems within its environment operate as advertised, and that no unadvertised functions are occurring."

It is a pretty cool vision and I am heartened by our progress in instantiating key components of it as we develop our Orchestration Core.

Thanks again for an interesting and timely posting.


Preston de Guise

I believe the Sidekick debacle is clear and evident proof of the need for an industry agreed audit/certification and compliance process in order for companies to offer "Cloud" based services. I discussed how this might be approached in my backup blog at http://bit.ly/4xInTt


Chuck, I've been part of a cloud sausage making operation at a top 5 server company, and I wish you all the luck in the world with your control planes. But I seriously doubt you'll make much headway. Until then, I'm sticking to steak, or chicken, or even a pot of beans if I have to, but I've sworn off sausage for all time.


I have a friend who used to work for some big outsourced tape company early this decade, I think they were called "Storage Networks", the company is long since defunct. But they were big enough to the point I recall him mentioning they had a dedicated DS3 between their facility and Microsoft for the backups for example. They had lots of really big libraries), lots of high end gear, lots of big SLAs etc.

He said the back end was just a disaster, they were lucky if they could get 50% of their mandated backups done at any point in time, they routinely could not restore data that customers asked for, even their big customers like MS.

I don't know the precise reasons what drove them under....

Two jobs ago we used a company to off site tapes to a vault of some kind. It's a good company, mostly reliable. Though you had to stay on top of them, they were caught many times not picking up the tapes at all. We used the same company again at my last job with similar results though not as frequent. Not sure what the deal is, but if you stay on top of them they do get it done. Planning on using the same company this time round too....

At the same company, two jobs ago at least in the early days our "backup" process for Oracle included invalidating the log files on a nightly basis. So while we could get the data back, if we actually wanted to play a log against a production DB there was no chance in that.

Several jobs ago(laid off in 2002 from this gig) I setup a tape rotation scheme and off site data replication between three offices. So data was always stored at two different sites. All using pretty basic tools(rsync for replication, BRU for tape backup). I was told after the fact that my manager at the time on several occasions deleted data and asked me to restore it just to see if I could do it. Usually I could. There were of course times that I could not(data was created & deleted before a backup ran or something).

You said it Chuck, I want to be able to verify the backups are getting done with my tools.

In the process right now of finalizing my current company's off site backup scheme. Our data layout is so complex that no off the shelf software will work right, I have to gather the data from the various sources and stage it for the tape software, as we don't want to backup full volumes, we only want a small subset of our data(~1.5TB compressed vs ~80TB on the array). De-dupe doesn't work (well) for our data set either.

The comments to this entry are closed.

Chuck Hollis

  • Chuck Hollis
    SVP, Oracle Converged Infrastructure Systems

    Chuck now works for Oracle, and is now deeply embroiled in IT infrastructure.

    Previously, he was with VMware for 2 years, and EMC for 18 years before that, most of them great.

    He enjoys speaking to customer and industry audiences about a variety of technology topics, and -- of course -- enjoys blogging.

    Chuck lives in Vero Beach, FL with his wife and four dogs when he's not traveling. In his spare time, Chuck is working on his second career as an aging rock musician.

    Warning: do not ever buy him a drink when there is a piano nearby.

    Note: these are my personal views, and aren't reviewed or approved by my employer.
Enter your Email:
Preview | Powered by FeedBlitz

General Housekeeping

  • Frequency of Updates
    I try and write something new 1-2 times per week; less if I'm travelling, more if I'm in the office. Hopefully you'll find the frequency about right!
  • Comments and Feedback
    All courteous comments welcome. TypePad occasionally puts comments into the spam folder, but I'll fish them out. Thanks!