Abiquo helps Admins use safe templates with Service Catalogues for Public Cloud

Public cloud services often come with a huge library of templates for virtual machines, but using these can be risky.

These image library templates are created by the provider themselves, by software partners who use the library as a form of promotion, or by members of their user community who upload an image that they think will be of interest to others.

Unfortunately, in that latter group are those who either by accident or by design leave back door access (perhaps with a poorly protected admin account), install Trojan horse software, fail to identify viruses or create insecure default configurations in the template.

With leading providers like Amazon issuing security advisories on templates, infrastructure admins managing cloud services for their IT and development teams are concerned about their exposure to security issues. This is backed up by research: in 2012 Researchers at France’s Eurecom technology institute, Northeastern University and the security firm SecludIT discovered that 22% of the 5000 machine images tested were still set up to allow a login by whoever set up the virtual machine’s software.

Users who work with these templates can put their data and platform security at risk, and they may also find they’re not using the software vendor’s best practise for configuring their solution. This can present problems for later upgrades, for application performance, and in solving dependencies in the underlying operating system and supporting software.

With the updated Abiquo Appliance Library, delivered with both the Abiquo Provider Edition for service providers and the Abiquo anyCloud service, cloud administrators can take control over the virtual machine templates available to their users, ensuring that they only deploy templates that have been tested and approved.

In the Abiquo Console, admins pick from public or private libraries to build a collection of tested and certified templates for their team for each public cloud region. By using Abiquo’s built-in template search, testing these templates, then adding them to the anyCloud App Library cloud admins can ensure that team members using anyCloud as their public cloud management system can only create virtual machines from these approved templates.

Abiquo even lets the cloud admin change the icon and description to clearly identify the template to team members.
Abiquo's remote search screen

See detailed instructions on the Abiquo wiki

In brief: Managed Service Providers and hosting companies worried about customers moving to Amazon can now offer True Hybrid Cloud services with Abiquo’s new Provider Edition Cloud Management Platform.

Managed service providers (MSPs) and hosting companies are seeing customers test and move to Amazon’s Web Services platform, as Amazon’s 60+% year-on-year growth suggests. And it’s not just US companies under attack – Amazon has hinted that it may open a German Data Centre too.

To help these MSPs retain customers and build new offerings, Abiquo, creator of the Cloud Management Platform already used by top ranked MSPs to deliver their Virtual Data Center services, has today released its new Provider Edition – a single platform for MSPs to create True Hybrid Cloud services for Enterprise customers.

“Hosting companies and service providers tell us that their customers are starting to use public clouds such as Amazon and DigitalOcean, and that they’re worried about losing revenue and the ‘trusted partner’ status that they’ve worked so hard to gain” said Ian Finlay, VP of Product at Abiquo. “By implementing Abiquo Provider Edition they give their customers access to their choice of public cloud provider alongside their own high-quality on-premise cloud products.”

Gilles Samoun, CEO at Abiquo commented: “Time to market is a critical issue for service providers. The longer they wait to have a service in the market, the more they risk their customers going elsewhere. Our customers get to market in weeks, instead of taking months to develop on open source software. It’s also very easy to get a sales team ready to sell – a focus on business rather than implementation”.

This new release, with an elegant new user interface and simplified workflow, builds upon Abiquo’s proven solution to offer a True Hybrid Cloud platform – one portal, one reporting interface, one metering engine and one set of APIs across on-premise infrastructure and public cloud providers alike. A rich set of configuration options and integration points lets providers differentiate their product from competitors and serve their specific customer bases.

Samoun adds: “Customers can be confident that this new Provider Edition is proven at scale, having been running in our free Abiquo anyCloud SaaS service for some months”

Abiquo Provider Edition ships with support for Amazon, VMware ESX, Hyper-V, KVM, Oracle VM and Xen, with additional modules for Google Compute Engine, HP Cloud, Rackspace, ElasticHosts and DigitalOcean in the pipeline.

Abiquo Provider Edition is a free upgrade for existing customers, and can be sampled for free online at www.abiquo.com/anycloud.

Abiquo anyCloud

Abiquo anyCloud allows public cloud users to integrate and manage public cloud services Amazon EC2 and Rackspace from a single console.

Rackspace is the first OpenStack implementation and further public cloud integration is planned, with support for all major public clouds to be released in the coming months. Abiquo anyCloud users can expect a continual addition of new features; in particular reporting and auditing capabilities which will allows users to monitor and control usage across their public cloud infrastructure.

Other features include:

– Greater insight: Users are able to deploy and import Amazon instances to gain visibility of public cloud environment

– Workflow controls: Set email alerts and approval notifications for new deployments

– Secure user access: Users can create multiple, secure user accounts in Abiquo anyCloud for a single Amazon account and create different roles and scopes for each user account.

– Business intelligence: Broad reporting tools and access to a full and informative audit trail

Sign up to Abiquo anyCloud and start managing your public clouds today!

sixsq                                                                               Abiquo

 This post has been co-authored with SixSq.

Important events from 2013

After their switch to cloud, some businesses have been disappointed as the promised operational cost savings and simplified  procedures have not always materialized.

This is explained, in part, by the widespread confusion between virtualized resources and cloud, especially in the private cloud sector.  Disappointed businesses deploy machines  into a cloud haphazardly, losing the opportunity to truly manage their service infrastructure.

An increase in users directly provisioning machines via their Amazon AWS accounts independently of the IT department further exacerbates the problem. As a result, we have seen a demand from IT departments to gain back control through the adoption of management tools. The IT departments have also started to direct their attention to spending in the cloud and therefore, are looking to acquire and to use systems which include comprehensive reporting and billing features.

Security has been another big talking point in 2013. In light of the NSA security issues highlighted by the Snowden Report, data location issues have become critically important.  We have seen a backlash within the tech community around data security and privacy questions which we expect to spread to the general public.

The challenge will be for service providers and authorities to address these security and privacy concerns.

This ultimately, comes down to trust. Trust is the foundation of business and always will be. Customers want to trust the person or provider from whom they are buying a service. The more they trust a provider, the more critical the applications they will be willing to outsource, and the more they will be prepared to spend. Therefore, service providers will have to up their game in building that trust by being transparent and more closely meeting the customer’s business needs.

Future predictions

The European cloud – The development of a European Cloud will offer challenges and opportunities to European cloud providers which will also have a significant impact on improvements in data security and sovereignty.

Creating an app store for cloud – 2014 will see Managed Service Providers (MSPs) and enterprise customers shift to an application deployment model, relieving them from the confusion of which cloud to choose. They will be able to choose an application from a self-service portal, which will run on a similar provisioning model for MSPs and enterprise customers.

The evolving channel industry – the channel has undergone a number of changes in the past few years and they have made a good business from selling hardware and related services. However, they now have to rethink their business models to accommodate cloud-based services, which their end users are increasingly using. In order to avoid losing revenue and to turn this issue into an opportunity, they have three options in 2014: become a cloud builder, cloud distributor or ultimately become a specialised service provider.


Contributing Authors

Dr. Charles Loomis

Dr. Charles Loomis is a founding partner of SixSq Sàrl in Switzerland.  He has worked in European computing technology projects, notably the European DataGrid and EGEE projects, precursors to the large-scale, European scientific grid, EGI.  As the Project Coordinator for the StratusLab project, he guided its production of a complete open-source Infrastructure-as-a-Service (IaaS) cloud distribution.  Within SixSq, he is a key architect and developer of its SlipStream product–a service that allows automated, full-scale software systems tests to improve the reliability of those systems.

Click here to learn more about SixSq.

Ian Finlay

Ian Finlay is VP of Products at Abiquo, specifically focussing on product development and management.
Ian brings unique insight to Abiquo having implemented the software whilst at Claranet, where he held the role of Chief Information Officer, Claranet Group – Western Europe’s largest independent Managed services provider.
Prior to joining Claranet, Ian was CTO of ControlCircle, leading a team of 50 to design, develop, deliver and support a range of networking and managed hosting services and maintaining data centre facilities across Europe and in Singapore.
Before that, he held the position of Vice President of IT and Business Systems at Interoute Communications, where he led a worldwide organisation of more than 60 staff to drive business agility, productivity and customer service through innovative technology solutions focused on business priorities.

Many organisations are wary of the agility that comes with cloud services and rightly so! They feel that they will no longer have control over users who now have access  to self service, outside the constraints of normal IT controls. Abiquo helps you deliver those cloud services, so that your users have the benefits of self service, whilst allowing you to remain in complete control.

Resource limits can be set for all of your cloud resources (compute, memory, storage and networking) for each cloud tennant. Those same resource limits can also be applied at a more granular Virtual DataCenter, or physical data center level, if required. Meaning that the cloud provider remains in complete control of anyone who can using that resources and where in the infrastructure those resources can be used. All of Abiquo’s resource limits contain a hard limit, that cannot be exceeded and a soft limit that can generate warnings or alerts to both the end user, or the administrator, or even the sales guy.


                                                                                    Abiquo Resource Limits

With v2.6, Abiquo has extended its capabilities to include AWS EC2. The same control of resources now applies to the public cloud, with the cloud administrator controlling how much resource can be used in each AWS region, and therefore controlling how much can be spent. Here are the limits you can set in an Amazon Virtual Datacenter in Abiquo:

                                                Setting resource limits in your Amazon environment with Abiquo


Contact Abiquo now to take control of your cloud resources!

Whilst the debate on public, private, or hybrid cloud continues, it is clear that we should actually be thinking about the application itself, rather than defining the platform that it runs on. There are very clear application use cases for backends sat on a private cloud and for the use of public cloud for front end services or short term bursting. It is therefore vital that any cloud service is able to easily build hybrid applications.

Here at Abiquo, we have recently extended our supported infrastructure to include Amazon Web Services and additional hypervisors such as Hyper-V 2012 and Oracle VM. Choosing AWS for our first foray into public cloud was a no brainer. First of all it is clearly the market leader in this space, but secondly, and probably more importantly was that Abiquo is already built on the same networking concepts as AWS. This not only makes an integration “easy”, but also means that once integrated it will be easy to connect the private and public infrastructures making the utopia of a hybrid application possible. To briefly explain:

An Abiquo Virtual Datacenter (VDC) is defined by a datacenter (usually a physical location) and a single hypervisor technology. It gives the cloud users a defined set of resources, in a known location and on a known infrastructure platform. Within that VDC the resources can include three different network types:

1. Public networks, typically used for true public IP addresses

2. Private networks – isolated networks existing only in the cloud platform

3. External networks – allowing connectivity outside of the cloud platform to the corporate network and other services

When adding AWS resources, Abiquo continues to use exactly the same concepts, only a VDC is now defined by the AWS region. Within the VDC Abiquo is using Amazon Virtual Private Cloud http://aws.amazon.com/vpc/ which aligns perfectly with Abiquo’s existing Private Networks. In both of these networks, because they are isolated, you have control over the IP address scheme that is used. Connect them up via a VPN and suddenly the possibilities for your application are endless. AWS Elastic IP’s are of course, the equivalent of Abiquo Public IP’s and the functionality is very similar, with the Abiquo UI making the purchase and provisioning of an AWS Elastic IP quick and easy.

The Abiquo UI not only simplifies the provisioning of new instances into AWS VPC’s, but it also provides a single view of the private and public resource, so you can see all of the components of your hybrid application in a single view.


Abiquo 3.1 public cloud screen

Click to zoom

Abiquo UI: A single view of public and private cloud resources