Saturday, November 10, 2012

SAP NetWeaver Cloud Integration

During the TechEd conference, SAP has released more information about their new Netweaver Cloud Integration offering, that is the "Integration-As-As-Service" offering from SAP.

From this presentation we learn that Netweaver Cloud Integration is not "SAP PI in the cloud", but comes very,very close to it. Netweaver Cloud Integration is fully compatible and integrated with the on-premise version of SAP PI. Same development, configuration and monitoring approach.

Also interesting is the blog entry of Prasanna Burri where he talks about using Netweaver Cloud Integration with SuccessFactors. In his answers to questions, Prasanna mentions an availability date of Feb. 2013.

Monday, November 5, 2012

Virtulization: from VWare to KVM and Red Hat

To better understand the capabilities of on-premise virtualization, I've been reading the book Mastering VMWare vSphere5 last summer.  It is really amazing how this world of virtualization evolves: what surprised me most was the support for Virtual Networks.  But still need to learn about how virtualization can help arrange high availability.

On the train from Brussels to home, listened to a reasonably good interview on Floss Weekly with KVM developers at Red Hat.  Learned about the competition going on with virtualization performance.  For on-premise virtualization solutions, names like VMWare and Microsoft HyperV ring a bell.  But I was completely unaware of the Redhat virtualization offering.

Note: in the cloud world, Amazon uses XenOpenStack primarily used KVM

Saturday, November 3, 2012

ECC - Elliptic Curve Cryptography

Security is an interesting domain: a recent episode of the SecurityNow podcast about elliptic curve cryptography triggered me to dive a bit deeper into the topic.

Contrary to shared secret security, public key cryptograph is based on a public key and private key/secret.
The public and private key are related through some mathematical algorithm whereby it is impossible to derive the private key from encrypted content or the public key itself.  The most popular mechanism - RSA - is based on the difficulty to factor prime numbers.

  • RSA: based on difficulty of factorisation
  • DSA: based on difficulty of discrete log for integers modulo a prime
  • ECC (based on difficulty of discrete log for discrete ECC system

Tried to get my head around the math behind the Elliptic Curve Cryptography but it went just too deep.  Even the basic underlying mechanisms of point addition, point doubling and point multiplication went too far.

With RSA, key size need to become pretty long: 512 bits is broken as recently proven.  A key length of 1024 bits is still considered acceptable, but 2048 is becoming the default key length for RSA.  In case of ECC, key lengths can be much shorter: 200 bits is considered very strong.  These shorter key lengths have a very positive effect on performance, which is e.g. positive for mobile devices.

Use of ECC cryptography is still limited.  The world of PKI and certificates has standardized on RSA.  One use case of ECC is DNSCurve, a mechanism to secure DNS.  DNS is not connection oriented but based on the UDP protocol.  Efficient crypto is therefore very relevant.  OpenDNS has adopted DNSCurve and thus ECC cryptography.