Tag Archives: bolster

JFrog taps partners, adds features to bolster DevOps platform

JFrog continues to bolster its core universal repository platform with new features and strategic partnerships to provide developers with a secure, integrated DevOps pipeline.

The Sunnyvale, Calif. company’s continued evolution includes partnerships with established companies to provide services around JFrog’s flagship Artifactory universal repository manager. This week, JFrog partnered with RunSafe Security of McLean, Va. to help secure code as it is created.

Under the partnership, RunSafe’s security software will plug into users’ Artifactory repositories to protect binaries and containers in development. RunSafe’s Alkemist tool adds protection to all compiled binaries as developers add them to Artifactory, said Joe Saunders, founder and CEO of RunSafe.

Alkemist inserts in CI/CD pipelines at build or deploy time. The security software hardens third-party, open-source components, compiled code that developers originate themselves, and it hardens containers as part of the process, he said.

“We immunize software without developer friction to enable continuous delivery of code or product,” Saunders said.

How RunSafe works with JFrog

Rather than scanning and testing the code, RunSafe inserts protections into the code without changing the functionality, slowing it down, or introducing any overhead.

“We eliminate a major set of vulnerabilities that are often attributed to both open source and general compiled code,” Saunders said. “That is all the memory based attacks, things like buffer overflow, etc.”

RunSafe launched a beta program for developers to try out the Alkemist plugin, as memory corruption-based attacks can be devastating and stopping them is no trivial exercise in most development environments.

“When a determined attacker understands the layout and memory allocations within an application, they can craft targeted exploits to devastating effect,” said Chris Gonsalves, senior vice president of research at The 2112 Group in Port Washington, N.Y. “And they can keep using those attacks as long as the underlying binaries remain the same. What RunSafe does is bring reduced-friction binary hardening to app development.”

RunSafe uses a “moving target approach” that changes the underlying binary in a way that keeps the app’s functionality intact while destroying the effectiveness of previous attacks, Gonsalves said.

“Just when a hacker thinks they know precise location of a buffer overflow vulnerability and how to exploit it, boom, RunSafe’s Alkemist plugin for JFrog users switches things up and effectively neutralizes the attack,” he said. “This is hand-to-hand combat with the bad guys at the binary level. That it can be done with negligible performance overhead and zero change in app functionality makes it an effective and important layer of defense in DevSecOps.”

RunSafe employs a process known as binary randomization to thwart intruders. This process eliminates the footing that exploits need to find and identify vulnerabilities in code. Randomization is typically a runtime protection, but RunSafe has added it into the development process.

“What you see now, especially when you have to move faster, is a full integration with your security pipelines,” said Shlomi Ben Haim, CEO of JFrog. The goal is to be able to avoid or to quickly resolve any kind of bugs or violations of vulnerability or license compliance issues, he said. “We want to provide continuous deployment all the way to the edge, fully automated, with no script.”

JFrog-Tidelift deal assures open source integrity

Regarding open source license compliance, JFrog recently partnered with Boston-based Tidelift. The companies introduced an integration between the Tidelift Subscription, a managed open source subscription, and JFrog Artifactory.

Tidelift checks that open-source software it supports is clean and secure with no licensing issues. The combination of the Tidelift Subscription and JFrog Artifactory gives development teams assurance  that the open source components they are using in their applications ‘just work’ and are properly managed, said Matt Rollender, Tidelift’s vice president of global partners, strategic alliances and business development, in a blog post.

“Customers save time by being able to offload the complexity of managing open source components themselves, which means they can develop applications faster, spend less time managing security issues and build fails, while improving software integrity,” said Donald Fischer, CEO of Tidelift.

As more enterprises include large amounts of open-source code to their repertoires, companies like Tidelift allow developers to use open-source without having to think twice. While Tidelift is somewhat unique in its approach, its competitors could include Open Collective, License Zero, GuardRails and Eficode.

“Tidelift is taking a very interesting approach to developing a way to sustainably manage the maintenance on open source software components and tools that are used at enterprise development,” said Al Gillen, an analyst at IDC. “The company is filling a niche that is not readily addressed by any other solutions in the market today.”

The Tidelift Subscription ensures that all open-source software packages in the subscription are issue-free and are backed and managed by Tidelift and the open source maintainers who created them.

“This means comprehensive security updates and coordinated responses to zero-day vulnerabilities, verified-accurate open source licenses, indemnification, and actively maintained open source components,” Rollender said.

JFrog tool updates

At its SwampUp 2020 virtual conference in June, JFrog introduced several new offerings and updates to existing products.

The company introduced CDN-based and peer-to-peer software package distribution mechanisms to help companies that have to deliver large volumes of artifacts to internal teams and external clients. The company also released new features for its JFrog Pipelines CI/CD offering, expanding the number of pre-built common functions, known as “Native Steps.”

In addition, JFrog introduced ChartCenter, a free community repository that provides immutable Helm Chart management for developers. Helm charts are collections of files that describe a related set of Kubernetes resources.

While JFrog has made some good strategic moves, a lot of them only strengthen the company’s core business as a repository, said Thomas Murphy, a Gartner analyst.

“They have a solid footprint and are very robust, but the question is, over the next three years as we see a move from a toolchain of discrete tools to integrated pipelines and value stream tooling, what do they do to be bigger and broader?” Murphy said. “I think of the growth in ability of GitLab and GitHub, and the expansion of Digital.ai and CloudBees in contrast.”

Go to Original Article
Author:

Dell EMC Isilon file storage floats into Google public cloud

Dell EMC spun out a flurry of cloud initiatives to bolster one of the few areas where its products lag competing storage vendors.

The infrastructure vendor teamed with Google to make its Dell EMC Isilon OneFS file system available for scale-out analytics in the Google Cloud Platform (GCP). Dell EMC said Google cloud customers can scale up to 50 petabytes of Isilon file storage in a single namespace, with no required application changes.

The managed NAS offering uses Google compute to run software instantiations of Isilon OneFS. The service is part of Dell Technologies Cloud, an umbrella branding for Dell EMC’s cloud options. This is Google’s second major foray into file system storage within the last year. It acquired startup Elastifile, whose scale-out system is integrated in Google Cloud Filestore.

Dell Technologies Cloud hybrid cloud infrastructure enhancements also include native Kubernetes integration in VMware vSphere, along with more flexible compute and storage options.

File storage written for cloud

Dell EMC allows customers to tier local file storage to all three public cloud providers via its Isilon CloudPools, but the Google partnership is its first effort at writing OneFS specifically for cloud-native workloads. AWS has the largest market share of the public cloud market, followed by Microsoft Azure and Google Cloud Platform.

Dell did not address if it plans similar integrations with AWS or Microsoft Azure, but it represents a likely path, especially as enterprises deploy multiple hybrid clouds. File pioneer NetApp started offering cloud-based versions of its OnTap operating system several years ago, while all-flash specialist Pure Storage recently added file services to its block-based FlashArray flagship array. Hewlett Packard Enterprise also sells file services in the cloud on ProLiant servers through an OEM deal with Qumulo, whose founders helped to engineer the original Isilon NAS code.

Dell has to continue to execute on this strategy with the other major cloud providers. This can’t be a one-and-done.
Matt EastwoodSenior vice president of enterprise infrastructure, IDC

“Dell has to continue to execute on this strategy with the other major cloud providers. This can’t be a one-and-done [with Google]. We’ll need to see more improvements from Dell in the next six to 12 months to show they are able to bring their file storage technologies to the cloud,” said Matt Eastwood, a senior vice president of enterprise infrastructure at IDC.

Although Dell and Google publicly acknowledged a beta version in 2018, the formal OneFS cloud launch comes a little more than one year after Thomas Kurian took over as CEO at Google Cloud Platform. An interesting twist would be noteworthy if Kurian’s arrival helped spur the Dell product development: George Kurian, his twin brother, and CEO at NetApp, has said Dell is “years behind” NetApp’s Data Fabric strategy.

Brian Payne, a Dell EMC vice president, said enterprises have struggled to run traditional file systems that fully exploit Google’s fast compute services for analyzing large data sets. Enterprises can purchase the cloud version of Dell EMC Isilon OneFS with the required compute services in the Google Compute Platform portal.

“We found that customers are using Google to run their AI engines or data services, and we paired with Google to help them process and store very large content files in Isilon,” Payne said.

Node requirements flexed for Dell Technologies Cloud

Dell’s strategy has evolved on how to unify is hybrid cloud offerings with public cloud technologies, although its ownership of VMware provides assets supported by Dell EMC storage competitors.

Dell Technologies Cloud integrates VMware Cloud Foundation (VCF) and Dell EMC VxRail hyper-converged infrastructure as a combined stack to run workload domains, software-defined storage, software-defined networking and virtualized compute. Customers can buy Dell Technologies Cloud and manage it locally or as an on-demand service.

VMware Cloud Foundation 4.0 includes native Kubernetes integration that allows container orchestration to be managed in vSphere. The Kubernetes piece is part of Project Pacific, the code name for a major redesign of the vSphere control plane. Payne said it allows cloud-native workloads to run directly on the Dell Technologies Cloud platform, with Dell handling lifecycle management.

Dell Technologies On Demand offers the same services as a consumption license. Payne said Dell’s new entry requirement is a minimum of four nodes, down from eight nodes, and users can scale capacity across multiple racks.

The Dell Technologies Cloud binge includes updates to Dell EMC SD-WAN software-defined networking, based on the VeloCloud technology VMware acquired in 2017. Dell also added support for Dell EMC PowerProtect Cyber Recovery data protection to VMware Cloud, which uses Dell EMC storage to extend private IaaS deployments to public clouds.

Go to Original Article
Author:

Microsoft scoops up NAS vendor Avere for hybrid cloud services

Microsoft moved to bolster its cloud storage capabilities with the acquisition of NAS vendor Avere Systems, giving it a high-performance file system to manage unstructured data in hybrid clouds.

The Pittsburgh-based NAS vendor Avere’s OS file system is incorporated in FXT Edge filers in all-flash or spinning disk versions for on-premises or hybrid cloud configurations. Avere also provides a virtual appliance, the Virtual FXT Edge filers, which are available for Amazon Web Services (AWS) and the Google Cloud Platform. 

The terms of the deal were not disclosed.

Microsoft disclosed the acquisition in a blog post on its website but declined an interview request to provide more details about its plans for the cloud NAS vendor. Microsoft acquired early cloud NAS vendor StorSimple in 2012, and gives that technology to Azure subscribers to tier data into the cloud.

However, Avere CEO Ron Bianchini wrote in a company blog post that the two companies’ “shared vision” is to use Avere technology “in the data center, in the cloud and in hybrid cloud storage …” while tightly integrating it with Azure.

“Avere and Microsoft recognize that there are many ways for enterprises to leverage data center resources and the cloud,” Bianchini wrote. “Our shared vision is to continue our focus on all of Avere’s use cases — in the data center, in the cloud and in hybrid cloud storage and cloud bursting environments. Tighter integration with Azure will result in a much more seamless experience for our customers.”

Avere was founded in 2008 as a company that focused on the data center with its FXT Core Filers that used flash to accelerate network-attached storage (NAS) performance on disk systems. The company later transitioned to the cloud with its Avere FXT Edge Filers that served as NAS public clouds, allowing customers to connect on-premises storage to AWS, Google Cloud and Azure services.

In addition to NFS and SMB protocols, the Avere Cloud NAS appliance supports object storage from IBM Cleversafe, Western Digital, SwiftStack and others through its C2N Cloud-Core NAS platform.

The only other vendor that offers end-to-end is Oracle. But Oracle does not have a global namespace. Avere has a global namespace.
Marc Staimerfounder, Dragon Slayer Consulting

The NAS vendor also sells FlashCloud, which runs on FXT Edge Filers with object APIs to connect to public and private clouds. The systems can be clustered so that cloud-based NAS can scale on premises while also providing high-availability access to data in the cloud. Customers can use FlashCloud software as a file system for object storage and move data to the cloud without requiring a gateway.

“They provide a true NAS filer,” said Marc Staimer, founder of Dragon Slayer Consulting. “They provide a complete, end-to-end package. The only other vendor that offers end-to-end is Oracle. But Oracle does not have a global namespace. Avere has a global namespace.”

Avere founders Bianchini, CTO Michael Kazar and technical director Daniel Nydick came from NetApp, which acquired their previous company Spinnaker Networks in 2004 for its clustered NAS technology.

Some of Avere’s customers include Sony Pictures’ Imageworks, animation studio Illumination Mac Guff, the Library of Congress, Johns Hopkins University and Teradyne Inc. The company is private so it does not disclose revenue, but a source close to the vendor put its bookings at $7 million in the fourth quarter of 2016 and $22 million for the year. Those bookings were up from $4.8 million in the fourth quarter and $14.5 million in 2015.

In March of 2017, Google became an Avere investor during the company’s $14 million Series E funding round. Avere raised about $100 million in total funding. Previous investors include Menlo Ventures, Norwest Venture Partners, Lightspeed Venture Partners, Tenaya Capital and Western Digital Technologies.

The Avere team will continue to work out of its Pittsburgh office for Microsoft.