Management @en

T-Systems sets an example and sends lawyers and notaries into the cloud [update]

Along with the Information Technology Working Group of the German Bar Association (davit) T-Systems offers all lawyers and notaries in Germany a secure document management in the cloud. The corresponding cooperation agreement was signed by the Deutsche Telekom subsidiary and the davit on the 64th German Lawyers Day in Dusseldorf. With the cloud solution the jurists can create, edit and archive electronic documents in the cloud and create any number of digital files. The solution is scalable and charged according to a usage-based rent, what means that there are no investment costs. The access can be purchased via davit and T-Systems.

Tailored to the needs of lawyers and notaries

T-Systems has the own developed audit-proof standard solution tailored additionally both professionally and technically to meet the needs of lawyers and notaries. The service is compliant with § 203 for “Berufsgeheimnisträger” (person whose profession swears them to confidentiality) and also meets all the requirements of the seizure protection of confidential information between lawyers and clients. To access the system an eight to 50 digit long digital key is necessary that is only known by the user. According to T-Systems no employee can access and read the data in the cloud solution at any time. Even not for maintenance. For privacy reasons, the documents are located in each case on servers in Germany in a German data center certified according to internationally recognized safety standards.

In the background operates the solution doculife of the Swiss partner Document Future AG. This integrates seamlessly with Microsoft Office and Outlook. If the user has a De-Mail account, he can use this via a plug-in and send encrypted messages to clients or to the courts. Messages and attachments reach the recipient or recipients, thus safe and conclusive. Conversely, lawyers and notaries can also receive De-mail messages. However, conventional e-mails can also be received but only from senders that the user has activated.

Lawyers and notaries become mobile

Using a mobile device with Apple iOS also allows to safely retrieve all documents from the cloud from anywhere. Users of Windows 8 and Android have to wait a bit. But pilot projects already have been launched. The files can also be set for resubmission. The cloud application then reminds the user to the tasks ahead.

Update: More information about the offering

I had a briefing with T-Systems about this service yesterday. Here are the other important facts.

Basically, T-Systems offers all its customers, which not applies only to this lawyer and notary solution, a private cloud. This means that companies will be connected via a dedicated network line with a T-Systems data center and access the hosted private cloud or virtual private cloud over it. For this purpose different solutions are physically isolated from each other in blocks, in order to ensure safety.

The service for lawyers and notaries also runs separately on a dedicated platform in a separate physical block within a T-Systems data center in Germany. The user must not necessarily access over a dedicated MPLS connection to the data center and can also use a standard Internet connection.

The security for the access to the system is ensured, as described above, over a digital key with up to 50 digits lenghts. This is exclusively owned by the user and stored on the local system. This also means that this key should never be lost. Otherwise, the data is lost, as T-Systems has no way to recover the key or to access the data without this key.

The access to the data in the private cloud ensued via a classic local software installation of doculife that has full functionality, the Webrowser with limited functionality, or via mobile apps for smartphones and tablets. The functional limitation in the browser is for example the non-existent e-mail integration. The mobile apps are still in a pure read-only mode.

The secure transfer of data from the user to the cloud is ensured using the browser via HTTPS (SSL). If the local doculife software including Outlook integration is used, an end-to-end encryption is built. Is doculife used to send an e-mail including an attachment via the De-Mail service, according to T-Systems’, an end-to-end encryption is far ensured, that only the De-Mail is opened briefly on the servers, the doculife attachment but still remains encrypted.

The solution can be used in six various configurations, including three different consulting packages whose prices can be find in this list.

Comment: A sign for all businesses

Technologically considered the cloud has arrived in Germany. Many companies have already realized how they can use it to increase their productivity and create more capital, time and room for innovation. Nevertheless, some legal and privacy concerns, as well as problems to build up the necessary confidence in the providers, exist. The first person to contact in such cases is usually the lawyer. This then appeased with keywords such as order data processing, Safe Harbor, EU Model Clauses or personal SLA contracts. Because the legal conditions have been created. However, there is still a lack of confidence. This is something very subjective, which no lawyer or data protection officer directly can convey.

The trust in the cloud can therefore only be strengthened when also users with highly sensitive evaluated data set on cloud solutions. This step T-Systems and the davit have gone now and thus set an example for all companies that are still raising concerns to store, among others, personal data on a cloud service. One should not be overlooked here. Lawyers and notaries are working alongside with personal data also with other extremely sensitive data, which are considered to be more critical. In addition, they still have stricter laws than the average company.

Mentioned only is the § 203 StGB “Verletzung von Privatgeheimnissen” (Violation of private secrets), in which is regulated, how to deal with violations belonging to the personal lives secret or any trade or business secret. Or the requirements of the seizure protection of confidential information between lawyers and clients. So, lawyers and notaries belong legally and safety to the most vulnerable groups in the cloud, for which T-Systems and the davit have created a solution.

I was recently in a think tank, where we talked about how to build cloud services for lawyers and accountants legally compliant but also consider the technical and organizational parts. There also some lawyers were present, who reported from practice, and who would sooner rather than later rely on cloud solutions to access their data, especially from anywhere and at any time.

Even other cloud providers should follow this example and provide maximum legal security, such as the audit-proof archiving and storing of data. Another asset, German providers quite clearly have to play off as an advantage over international cloud providers is to offer true(!) cloud services from a German data center, which is certified according to internationally recognized safety standards.

Management @en

Breaking news: TeamDrive is "Cool Vendor in Privacy" 2013

Good news from Germany. The cloud storage solution for enterprises TeamDrive has been named as a “Cool Vendor in Privacy” 2013 by Gartner. In particular, the growing use of tablets and smartphones lead to an increased demand for hybrid cloud services that are equally easy to use and have to provide the highest level of security. One reason why TeamDrive has won this year’s title.

About TeamDrive

Team Drive is a filesync and sharing solution for companies and organizations that do not want to risk that sensitive data is scattered with external cloud services and allows data or documents in the team synchronize. Therefore TeamDrive monitors any folder on a PC or laptop that you can use and edit them together with invited users. With that data is available at any time, also offline. The automatic synchronization, backup and versioning of documents protect users from data loss. With the possibility of TeamDrive to operate the registration and hosting server in the own data center, TeamDrive can be integrated into existing IT infrastructure. For this TeamDrive provides all the necessary APIs.

Find more about TeamDrive under “TeamDrive: Dropbox für Unternehmen“. (German only.)

In addition, I am working on a security comparison between TeamDrive and the open-source cloud storage solution ownCloud. These will be published in the next few days here on CloudUser and as a paper (PDF).

Management @en

Google makes first serious steps into the enterprise

In a post on the Google Enterprise Blog, Google has announced support plans for its cloud platform solutions App Engine, Compute Engine, Cloud Storage, Cloud SQL and BigQuery. Google says, they understand that Google Groups or StackOverflow does not always provide the right answers, and sometimes the support by phone is required. That’s right, Google!

Support plans for the Google Cloud Platform

Google divides its support in four categories: Bronze, Silver, Gold and Platinum, with the following services:

  • Bronze
    Price: free
    Service: Access to the online documentation and forums, contact regarding questions about billing.
  • Silver
    Price: $150 per month
    Service: All benefits of Bronze. Plus: E-mail support regarding product features, best practices, and error messages.
  • Gold
    Price: from $400 per month
    Service: All benefits of Silver. Plus: 24×7 telephone support and consulting for application development and best practices and architecture support for a particular use case.
  • Platinum
    Price: Upon request.
    Service: All benefits of Gold. Plus: Very individual support. Direct access to a Technical Account Manager.


Google seems more and more to understand that the “old world” would be supported not only by boards and communities. In particular, enterprises expect a high quality and personal support. That Google also wants to make bigger steps into the business environment, I already had experienced personally. Following a request form to a Google Apps problem a few minutes later I received a call from a German Google employee who helped me out. That was a positive wow factor and a key experience. As a very early Google Apps user, I was used to times, where support pages were running on error pages and a telephone contact even to the United States was not possible.

Nevertheless, today Google is not on a par with the Amazon Web Services (AWS) or Microsoft Windows Azure and is likely to be found at number three. Indeed Google, in addition to the two mentioned plus Salesforce, belongs to the current cloud players in the market, however, the portfolio of Google’s cloud platform compared to AWS and Azure is very thin. With App Engine, Compute Engine, Cloud Storage, Cloud SQL, BigQuery, the Prediction API, and the Translation API at least seven encapsulated services are available, but which not nearly provide the scope of AWS. In addition, you should know that the Google Compute Engine is still in a closed beta and therefore not in active competition.

For Google I still see a problem of acceptance in terms of credibility and above all, the trust. In the core Google is and remains a search engine, which is financed by advertising. Therefore Google is not without a reason named as data kraken, what underpins numerous actions and decisions by Google’s executives even further. At this point Google must be much more open and show what happens to the data that companies but also ordinary users give in trust to Google.

Management @en

AWS OpsWorks: More PaaS functionality in Amazon's cloud portfolio

Correctly, we name the Amazon Web Services (AWS) as an infrastructure-as-a-service (IaaS). AWS Elastic Beanstalk splits the stock, whether the service should be counted as a platform-as-a-service (PaaS). Anyway, AWS provides various PaaS functionality in its cloud portfolio for some time and extends it now with AWS OpsWorks (still in beta).

What is AWS OpsWorks?

AWS OpsWorks is a solution for the flexible and automated application management. It addresses IT administrators and DevOps developers, who can use it to manage the complete lifecycle of an application, including resource provisioning, configuration management, software updates, monitoring and access control. AWS OpsWorks can be used for free. Costs emerge for the deployed virtual AWS infrastructure resources.

OpsWorks allows you to create a logical architecture, the provisioning of the required resources based on the architecture and providing the application and the necessary software packages for a specific configuration. OpsWorks then cares about the operation of the application and supports the life cycle including autoscaling and software updates.

AWS OpsWorks details

AWS OpsWorks supports different application architectures and works with any software whose installation is script-based. Based on the Chef framework you can use your own ready recipes or those from the community. An event-based configuration system helps during the application lifecycle management. These include customizable deployments, rollbacks, patch management, auto-scaling and auto healing. With that an update can be rolled out just by updating a single configuration file. Moreover OpsWorks has the ability to host AWS instances based on a precisely self specified configuration. This also includes the scale of an application based on the application load, or a time-based auto scaling as well as monitoring the application and the replacement of faulty instances.

With OpsWorks applications can be build in so-called “Layers”. A Layer defines how a set of together managed resources are configured. An example could be a web layer. This includes EC2 instances, EBS volumes including a RAID configuration and mount points and Elastic IP addresses. In addition for each layer, a software configuration can be created. This includes installation scripts and steps for initialization. Is an instance added to a layer, OpsWorks ensures that it will receive the corresponding configurations. OpsWorks provides pre-defined layers of technologies such as Ruby, PHP, HAProxy, Memcached and MySQL. These can be customized and extended.

Technology from Germany

OpsWorks was invented in Germany and is based on the technology Scalarium of the Berlin company Peritor. Scalarium was bought in 2012 by Amazon.


Indeed, AWS OpsWorks is not a concrete PaaS offering. This is due to the building blocks philosophy of the Amazon Web Services. This means that the offered services will be made ​​available as granular as possible. The customer then has the option to integrate the services for its use case and how it needs them. For that, of course, a lot of personal contribution and knowledge is required, which for the infrastructure of a typical PaaS is not required. However, AWS OpsWorks closes in terms of convenience the gap to the PaaS market and offers more and more PaaS functionality in the Amazon Cloud.

About one thing a customer should be aware of. And that applies not only to AWS OpsWorks but for the use of each AWS service. The lock-in in the AWS infrastructure becomes bigger and bigger with each service Amazon is releasing. This need not be a bad thing. A lock-in is necessarily anything negative and may even be beneficial, on the contrary, as long as the own needs are met, and not too large compromises have to be made ​​by the customer himself.

As a customer you just have to keep this in mind before the way into the AWS cloud, as well as in any other cloud, and consider possible exit strategies or multi-cloud approaches.

Management @en

Data lines: the backbone of the cloud

During cloud talks there are always a lot of discussions about the providers, their availability, reliability and service level agreements (SLA). What is often not discussed is the main dependence number one: The backbone of the Internet carriers. The Submarine Cable Map 2013 nicely illustrates where which cables run worldwide, which are responsible for the data transfer between the different continents.

Data lines: the backbone of the cloud

Submarine Cable Map 2013 – The global backbone under the sea

The “Submarine Cable Map 2013” shows the backbone of the global submarine cable in the ocean. It shows where most of the data transfer takes place and which countries have the best interconnection.

Overall, the map illustrates 244 lines. Among those who were laid between the period 1992 to 2012, or those which are taken up in 2014. Existing lines are color-coded, gray cable are planned. Another twelve lines to be laid in the next two years.

At the bottom of the card it can also be seen how quick the respective connections between the different countries and continents are and how much the workload is. It can be seen, for example, that the available data connections from the United States to Colombia and Venezuela are fast, but to France and the UK, they are slower. The weakest data line, the U.S. has to South Africa and India.

Management @en

Netflix releases more "Monkeys" as open source – Eucalyptus Cloud will be pleased

As GigaOM reported, Netflix will publish more services similar to its Chaos Monkey and the Simian Army under the open source license on Github in the near future.

The Chaos Monkey

The Chaos Monkey is a service running on the Amazon Web Services which is looking for Auto Scaling Groups (ASG) and terminates instances (virtual machines) for each group randomly. The software is designed flexible enough that it works well on the platforms of other cloud providers. The service is fully configurable, but by default runs on ordinary weekdays from 09.00 until 15.00 o’clock. In most cases, Netflix has written their applications so that they continue to work when an instance has some problems. In special cases, this does not happen consciously, so that their own people have to resolve the problem in order to learn from it. The Chaos Monkey thus runs only a few hours a day so that the developers are not 100% rely on him.

Find more information about the Chaos Monkey and the Simian Army under Netflix: Der Chaos Monkey und die Simian Army – Das Vorbild für eine gute Cloud Systemarchitektur.

More services from Netflix Monkey portfolio

  • Denominator: A tool for managing multiple DNS provider.
  • Odin: An orchestration API that can be called by Jenkins and Asgard, the Netflix deployment tool. It is designed to help developers deploy more convenient.
  • Recipes: These are blueprints, which can be used to roll out several Netflix components together more easy.
  • Launcher:Rolls out the final blueprints by pressing a button.
  • Mehr Monkeys: Other Netflix Monkeys are to follow later this year, including the Conformity Monkey, the Latency Monkey and the Latency Howler Monkey. The Conformity Monkey ensures that all relevant instances are placed equivalent. The Latency Monkey simulates latencies and more errors. The Howler Monkey latency monitor whether a workload meets AWS possible limitations and reports it.

The Chaos Gorilla which randomly simulates the crash of an entire AWS Availability Zone and the Chaos Kong that simulative shoots an entire AWS region should also follow soon.


Although Netflix would offer its “Monkeys” across multiple clouds, so that e.g. also OpenStack users can refer to it. However, with the steady release of its HA test suite Netflix plays more and more in Eucalyptus hands.

Eucalyptus Cloud lets you build a private cloud based on the basic functions of the Amazon cloud infrastructure. What is at Amazon for example an AWS Availiablty Zone represents in Eucalyptus a “Cluster”. Thus the Netflix tools allow similar HA functionality testing in the private / hybrid cloud, like Netflix already uses it themselves in the Amazon public cloud. In addition, Eucalyptus will certainly integrate the Netflix tools in its own cloud solution in the midterm to have an own HA test in their portfolio.

The release of the Netflix tools under the open source license will strengthen, not least, the cooperation of Amazon Web Services and Eucalyptus but rather make Eucalyptus more attractive for Amazon as a takeover target.

Management @en

Cloud Computing ROI: Costs not always say a lot

How the return on investment (ROI) of cloud computing can be determined, I have described earlier in this article. In practice, however, it is usually not so easy to implement, and other values ​​should stay in the foreground.

Return on Investment

The purpose of the “return on investment” metric is to measure, per period, rates of return on money invested in an economic entity in order to decide whether or not to undertake an investment. ROI and related metrics provide a snapshot of profitability, adjusted for the size of the investment assets tied up in the enterprise. ROI is often compared to expected (or required) rates of return on money invested. Marketing decisions have obvious potential connection to the numerator of ROI (profits), but these same decisions often influence assets usage and capital requirements (for example, receivables and inventories).


The benefits face the costs

The successful use of cloud computing is not always expressed in figures. Therefore, the ROI of cloud computing is best determined from the utility. Administrators and CIOs should obviously regard the values ​​that occur when using. You should for example ask what you can expect from the use of a particular service. On this basis further questions, based on the benefits, can be developed that do not focus on the financial side. Thus, for example, metrics are related to the visible benefits of a cloud service it is able to deliver. Metrics could be:

  • How is it with the technical support and other services that are provided by the vendor?
  • Can savings be achieved?
  • How complicated is the billing process?
  • What is the ease of use of the service?
  • Is the dynamic use of the new service guaranteed?
  • How flexible is the new service in relation to changes and changing requirements?
  • How fast can the new cloud service be adapted and deployed?
  • What are the maintenance and upgrade costs as well as the downtime compared to the cloud service?
  • What is the impact on the company if services are refer from the cloud in the future?
  • What are the risks related to the business processes and data stored in the cloud?
  • Could the satisfaction of my employees be increased?
  • Has the agility and flexibility improved?

Agility, flexibility and satisfaction face the costs

Consciously I advise not to look at the actual cost only when evaluating cloud computing. What’s the use anyhow, if an on-premise solution is, comparing to a cloud service, cheaper after five years, if one forget in this equation, that a company also have maintenance costs for updates, server hardware etc. within those five years. Sure, once I purchased a strong invest in my resources and use them over a long period, without renewing them, I’m going definitely cheaper than using a cloud model, where I pay monthly or annual contributions. However, what should be noted is that I am constantly hanging behind the current trends and above all never use the latest software versions. So, if I invest a large sum in initial software licenses and let my employees work six to seven years with outdated software versions, of course, I save in the long term. The situation is similar with hardware. But do I make my employees happy with that and in particular more productive? No!

Cloud computing optimizes all technology processes and improves efficiency. It also reduces access to resources and increases the ability to innovate. Employees can access information and applications more quickly, enabling them to analyze information summarily and make decisions immediately. A location-independent access to the data can also increase the productivity of each employee.

Developers ask for the on-demand provisioning of resources

This confirmation I got from a manager of a German DAX company who has built a private cloud to optimize and standardize the delivery process of internal resources (servers) for the developers. For years, developers have been forced to make use of a provisioning process for physical servers, which took forever. This meant that some projects were completed either with a delay or could not have been performed. With a workaround, which deviated from the standard process, an external service provider was brought on board, ready to put the virtual server within 5 days. However, the developers here depend on the provider’s software because it does not support the software stack of the DAX company. Consequence: A development process with poor-quality, as the software on the virtual servers was not compatible to the later Live platform.

By building a private cloud, this whole situation has now been resolved. Servers are now provided within 5 minutes. Since a company must fully invest in their own infrastructure resources for a private cloud, the ROI would be negative if one focuses only on the hard numbers.

Developers ask for the on-demand provisioning of resources. So it is with the DAX company and so it is with other companies. Just ask the developers. Unfortunately the value, which states that a developer or employee works satisfied, never flows into the ROI. But it should. Because the agility, flexibility and satisfaction should play as large a role as the actual costs.

Management @en

Amazon Web Services suffered a 20-hour outage over Christmas

After a rather bumpy 2012 with some heavy outages the cloud infrastructure of the Amazon Web Services again experienced some problems over Christmas. During a 20 hour outage several big customers were affected, including Netflix and Heroku. This time the main problem was Amazons Elastic Load Balancer (ELB).

Region US-East-1 is a very big problem

This outage is the last out of a series of catastrophic failure in Amazon’s US-East Region-1. It is the oldest and most popular region in Amazon’s cloud computing infrastructure. This new outage precisely in US-East-1 raises new questions about the stability of this region and what Amazon has actually learned and actually improved from the past outages. Amazon customer had recently expressed criticism of the Amazon cloud and especially on Amazon EBS (Amazon Elastic Block Store) and the services that depend on it.

Amazon Elastic Load Balancer (ELB)

Besides the Amazon Elastic Beanstalk API the Amazon Elastic Load Balancer (ELB) was mainly affected by the outage. Amazon ELB belongs to one of the important services if you try to build a scalable and highly available infrastructure in the Amazon cloud. With ELB users can move loads and capacities between different availability zones (Amazon independent data centers), to ensure availability when it comes to problems in one data center.

Nevertheless: both Amazon Elastic Beanstalk and Amazon ELB rely on Amazon EBS, which is known as the “error prone-backbone of the Amazon Web Services“.

Management @en

Amazon improves EC2 with automatic failover and details their billing reports

Amazon improves one of their biggest “weak points” and with that comes towards their customers. It’s about the failover for individual EC2 instances. Typically, a customer must take care themselves to ensure that a new EC2 instance boots up, when a running fails. Amazon has now optimized its infrastructure and introduces automatic failover for EC2 instances. Furthermore there are more detailed information on the bills.

Automatic failover for Amazon EC2

As an Amazon customer it is not easy to build your own infrastructure in the AWS cloud. For the promised high availability in public cloud computing it is necessary that the customer ensures that for themselves, which many users have not been implemented.

Amazon comes towards their customers now and extends its Auto Scaling function with the Amazon EC2 status checks. That means, when an instance in an Auto Scaling group becomes unreachable and fails a status check, it will be replaced automatically.

As Amazon writes, it is not necessary to take any action to begin using EC2 status checks in Auto Scaling groups. Auto Scaling already incorporates these checks as part of the periodic health checks it already performs.

More details within the invoices

Furthermore new detailed billing reports give access to new reports which include hourly line items of the Amazon infrastructure.

Management @en

"Liquid Work"

Luca Hammer, Gründer von diskutiert in diesem Vortrag das Thema “Liquid Work”. Genauer geht es darum, was sich hinter diesem Begriff verbirgt, wie man es einsetzen kann, welchen Einfluss es hat und wie sich Unternehmen in diesem neuen Bereich orientieren sollten.