Latest News from Mamoon Yunus

Replacing Your Cisco XML Gateway? Forum Systems Can Help!

Mon, 15 Nov 2010 15:54:00 EST

Company Augments Cisco ACE XML Gateway Replacement Program to Offer Direct Trade-in Credit for Any XML Vendor Gear, No-cost Training, Migration Best Practices and More

read more

Using SQL Azure for SOA Quality Testing

Tue, 25 May 2010 09:00:00 EDT

To better understand the components offered by MS Azure, we registered for MS Azure Platform and browsed through the three components. SQL Azure turned out to be the easiest one to configure and do something useful with, so we built a mashup that utilizes MS SQL Azure as a centeral repository for SOA Testing. In this article, we share our impressions of SQL Azure and how to automate SOA quality assurance by building test cases that use data from a SQL Azure instance.

Strategies for Securing Enterprise-to-Cloud Communication

Thu, 14 Jan 2010 12:30:00 EST

The Cloud Security Alliance (CSA) published Version 2.1 of its Guidance for Critical Areas of Focus in Cloud Computing with a significant and comprehensive set of recommendations that enterprises should incorporate within their security best practices if they are to use cloud computing in a meaningful way. The Guidance provides broad recommendations on operational security concerns including application security, encryption & key management, and identity & access management. In this article, we will consider security implications of REST- and SOAP-based communication between consumers and specifically, Infrastructure as a Service (IaaS) providers.

The Guillotine Effect of Cloud Computing

Sat, 09 Jan 2010 20:30:00 EST

David Linthicum wrote an intriguing article titled "Cloud Computing will kill these three technologies" in which he writes obituaries for: i) design-time governance ii) older and smaller clouds iii) and Tier 2 enterprise software providers. Of these predictions, the one that resonates most is design-time governance.

Vint Cerf and Multi-Cloud Mayhem of Cloud Computing

Sat, 09 Jan 2010 18:45:00 EST

According to Cerf, "Strong authentication will be a critical element in the securing of clouds." We know that authentication is a core for establishing trust between transacting parties. This requirement is now further heightened because of the expansion of corporate boundaries out to cloud-based services. Authenticating to cloud services and accessing only authorized services in a multi-tenant environment will continue to be the most important aspect of establishing trusted connections between enterprises and IaaS, PaaS and SaaS providers.

Federated SOA: A Pre-Requisite for Enterprise Cloud Computing

Sat, 09 Jan 2010 18:45:00 EST

Successful enterprise SOA implementations build on a set of localized, project-level efforts with services that have clearly identified and accountable business and technology owners. Ownerships defines a SOA Domain. SOA domains may exist within corporate boundaries or may be provided as services by third parties. Deciding what services are core to a business owner and should be implemented within her/his domain versus consumed from another SOA domain becomes a critical part of building Federated SOA. Understanding core capabilities provided by SOA domains is a crucial task at the enterprise-level for encouraging efficiency through re-use and for keeping focus on core business services. As SOA domains mature, key issues arise in enabling "SOA Domain Jumping," -- easily and rapidly integrating with other SOA domains. Here are the top three Federated SOA requirements that corporations must first address before embarking on a meaningful and sustained cloud computing deployment.

Does Cloud Computing Exacerbate Security and File Transfer Issues?

Wed, 06 Jan 2010 04:45:00 EST

Here is an interesting article by Rob Barry titled: "In SOA, cloud resources may exacerbate security and file transfers issues." It highlights significant requirements for Federated SOA especially around large file transfer using SOAP Attachments. The article makes the following interesting points:

Virtues of Service Virtualization in a Cloud

Fri, 01 Jan 2010 19:00:00 EST

Service virtualization is the ability to create a virtual service from one or more predefined Service files, typically defined in a Web Service Description Language (WSDL, pronounced Wizdel) file. Typically, service virtualization takes place across multiple back-end systems that expose their operations through WSDL documents. The services may be off-premise cloud computing Software as a Service(SaaS) artifacts or on-premise services deployed in the corporate Data center. An intermediary Cloud gateway sits between the producer and the consumer and aggregates the WSDLs. Based on policies enforced on the Cloud gateway, only authorized operations are exposed to the consumers.

Support Real Healthcare Reform: Start Using HL7 v3

Wed, 30 Dec 2009 19:30:00 EST

We all know that technology is central in reducing health care cost, eliminating dangerous errors, and eventually providing coverage to all. I like learning from others, so while we are innovative, there is no point in repeating mistakes. A quick view of what the Dutch have be working on for almost a decade now shows that they are on the leading edge of a useful Health Informaton Exchange (HIE) deployment. They have weathered major political headwinds in developing a visionary Health Information Exchange by using HL7 v3 - an ANSI health care standard modeling clinical, administrative, pharmacy, medical devices and imaging domains. The Dutch government's aggressive health care initiative in building a nationwide Health Information Broker (HIB) can serve as a good model for the current US Administration that is considering transforming US health care through nationwide electronic medical records (EMR) as one of its key policy initiatives. We are still working with EDI centric HL7 v2, whereas the Dutch are deploying XML-based HL7 v3. This article give a flavor for technology artifacts being deployed by the Dutch, including HL7 v3 messages using Schematrons.

Understanding Cloud Taxonomies and Security

Wed, 30 Dec 2009 17:00:00 EST

OWASP AppSec DC 2009 had a compelling session that defined cloud taxonomies and the security implications associated with the cloud computing. Set of virtualized components that can be assembled to build a application. Amazon EC2, Rackspace, Opsource, and GoGrid are examples of IaaS where you can rent "virtual" hardware and software as a "pay-as-you-go" services. If you need 5 Linux servers running MySQL Database for 3 months, you'd subscribe to an IaaS provider and using their REST or Web service-based API (or command line if you're too cool) to provision, de-provision and monitor your instance.

Why is a Cloud Gateway Required?

Wed, 30 Dec 2009 15:30:00 EST

Security has been on the forefront of discussion in the technology community as being the primary concern gating enterprise adoption of cloud computing. Although this is a valid concern, most cloud providers, owing to the security demands of maintaining a multi-tenant infrastructure, provide strong security provisions, perhaps better than an enterprise's own data center. Legal, compliance and process issues become more significant rather than technical security concerns.

Cloud Reliability Will Be Bigger than Cloud Security for 2010-11

Wed, 30 Dec 2009 15:15:00 EST

We have all the tools for securing information in a Cloud: establishing trust through identity, data privacy through encryption, and content integrity through signatures. We are overly focused on Cloud Computing Security issues and less on reliability. This is all about to change. Following the outages experience by Amazon EC2 in 2009, another premiere cloud provide, Rackspace, suffered an outage on December 18. Using technology such as Forum Systems XML / Cloud gateways is essential for establishing multi-cloud reliability and fault tolerance.

MIT Technology Review Covers Cloud Security

Tue, 29 Dec 2009 11:30:00 EST

MIT Technogy review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing. Some of the interesting points in this article include the cloud security threat is across two related dimensions.

"Swamp Computing" a.k.a. Cloud Computing

Mon, 28 Dec 2009 20:45:00 EST

MIT Technology review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing. Some of the interesting points in this article are summarized. Cloud data may be mishandled by the cloud provider because of technology gaps, but more importantly, such information can be extracted through a court issued subpoena. Whether the data resident in the cloud versus on-premise makes it more or less likely to a subpoena being exercised is yet to be seen. Bit and bytes lost accidentally or intentionally have a strange way of persisting and being recovered eventually. 22 Million emails "lost" during Bush's era were "suprisingly" recovered by computer technicians recently.

SOA Security Track - Anatomy of a Web Services Attack

Wed, 15 Dec 2004 00:00:00 EST

A broad range of new security threats is facing enterprises implementing XML Web services, leaving the enterprises open to financial risks, loss of property, and tarnished reputations. The basic rules of security - authentication, authorization, and auditing - no longer provide adequate security in the new world of straight-thru-processing paths into mission critical systems.

Understanding Federated SOA: A pre-requisite for enterprise cloud computing

Wed, 31 Dec 1969 19:00:00 EST