Welcome!

If everyone is thinking the same, someone isn't thinking

Lori MacVittie

Subscribe to Lori MacVittie: eMailAlertsEmail Alerts
Get Lori MacVittie via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Articles from Lori MacVittie
We’re all aware that dev/test != production environments. While the software stacks upon which applications are deployed may be (and hopefully are) the same, there still remains a whole lot of “infrastructure” (that’s everything else) that isn’t the same. Routers, switches, security de...
I’ve been reading up on APIs cause, coolness. And in particular I really enjoyed reading Best Practices for Designing a Pragmatic RESTful API because it had a lot of really good information and advice. And then I got to the part about compressing your APIs. Before we go too far let ...
I am often humbled by the depth of insight of those who toil in the trenches of the enterprise data center. At our Agility conference back in August, my cohort and I gave a presentation on the State of Application Delivery. One of the interesting tidbits of data we offered was that, ov...
Yes, Lori has been reading the Internet again. And what she’s been seeing makes baby Lori angry. It also makes this former test designer and technology editor cry. Really, I weep at both the excuses offered for such testing and the misleading headline. I have read no less than two con...
When we talk about the impact of BYOD and BYOA and the Internet of Things, we often focus on the impact on data center architectures. That's because there will be an increasing need for authentication, for access control, for security, for application delivery as the number of potentia...
In case you haven’t heard, the new hotness in app architectures is serverless. Mainly restricted to cloud environments (Amazon Lambda, Google Cloud Functions, Microsoft Azure Functions) the general concept is that you don’t have to worry about anything but the small snippets of code (f...
It was a Monday. I was reading the Internet. Okay, I was skimming feeds. Anyway, I happened across a title that intrigued me, “Stateful Apps and Containers: Squaring the Circle.” It had all the right buzzwords (containers) and mentioned state, a topic near and dear to this application ...
There’s a tendency, particularly for networkers, to classify applications by the protocols they use. If it uses HTTP, it must be a web app. The thing is that HTTP has become what it was intended to be: a transport protocol. It is not an application protocol, in the sense that it define...
Let's just nip the conflation of these terms in the bud, shall we? "MIcro" is big these days. Both microservices and microsegmentation are having and will continue to have an impact on data center architecture, but not necessarily for the same reasons. There's a growing trend in which...
Sharding has become a popular means of achieving scalability in application architectures in which read/write data separation is not only possible, but desirable to achieve new heights of concurrency. The premise is that by splitting up read and write duties, it is possible to get bett...
There's a lot of things we do to improve the performance of web and mobile applications. We use caching. We use compression. We offload security (SSL and TLS) to a proxy with greater compute capacity. We apply image optimization and minification to content. We do all that because p...
Early (very early, in fact) in the rise of SDN there were many discussions around scalability. Not of the data plane, but of the control (management) plane. Key to this discussion was the rate at which SDN-enabled network devices, via OpenFlow, could perform “inserts”. That is, how man...
Remember when you were in school, learning math, and you learned about the importance of the order of operations? You do? Okay, good. Pop quiz: 1 + 1 * 8 = ? The answer is 9, not 16. Why? Because multiplication has precedence. If you want to get to 16 with those numbers, we’ll ne...
Developers are often caught between a rock and a hard place. They aren’t allowed to employ the tricks of the trade that can squeeze more performance out of their code because the consequences – technical debt stemming from impaired maintainability - are generally considered even worse....
Proxies are one of the more interesting (in my no-doubt biased opinion) “devices” in the network. They’re the basis for caching, load balancing, app security, and even app acceleration services. They’re also a bridge between dev and ops and the network, being commonplace to all three g...
No, this isn't a tirade on the security of IoT. It's about story about change. Specifically, change and its implications on security. Change is constant. There's a million different axioms and proverbs about change, so it's really hard to choose just one to sum up how it impacts sec...
Still here? Okay then, let me explain further. This whole thing started because I was reading the Internet the other day and happened upon a claim that stated: “the attack surface for cloud applications is dramatically different than for highly controlled data centers”. And that ma...
Go ahead. Name a cloud environment that doesn't include load balancing as the key enabler of elastic scalability. I've got coffee... so it's good, take your time... Exactly. Load balancing - whether implemented as traditional high availability pairs or clustering - provides the mean...
One of the big performance benefits of moving to HTTP/2 comes from its extensive use of multiplexing. For the uninitiated, multiplexing is the practice of reusing a single TCP connection for multiple HTTP requests and responses. See, in the old days (HTTP/1), a request/response pair re...
Microservices are the result of decomposing applications. That may sound a lot like SOA, but SOA was based on an object-oriented (noun) premise; that is, services were built around an object - like a customer - with all the necessary operations (functions) that go along with it. SOA wa...
Operationalizing the network continues to be a driving force behind DevOps and SDN. The ability to solve real problems using programmability to automate and orchestrate infrastructure provisioning and configuration across the application release process remains the hope for many intere...
79% of new products miss their launch date. That was the conclusion of a CGT/Sopheon Survey in which the impact of such market misses were also explored. What it didn't dig into was the reason why so many products and projects miss their launch date. When we start digging into th...
Web application security. Everyone knows how important it is (and if they don't, they should) and yet the complexity of managing services that provide it often result in, shall we say, less than holistic coverage of applications. At least that seems to be the case given some rather dis...
Choosing between BIG-IP and LineRate isn't as difficult as it seems.... Our recent announcement of the availability of LineRate Point raised the same question over and over: isn't this just a software-version of BIG-IP? How do I know when to choose LineRate Point instead of BIG-IP V...
Security is one the more prominent of the application service categories, likely due to its high profile impact. After all, if security fails, we all hear about it. The entire Internet. Forever. So when one conducts a survey on the state of application delivery (which is implemented...
No, not the head-banging, gritty, heavy metal Metallica song (though that's certainly awesome too.. excuse me for a moment while I turn it up to 11) but the Puppet as in automation kind of master. The importance placed on APIs - which are key to automation - in our State of Applicati...
Whether the goal is to achieve higher levels or productivity or generate greater customer engagement and revenue the venue today is the same: applications. In any application-focused business strategy, availability must be the keystone. When the business at large is relying on applica...
One of the most difficult things to do today is to identify a legitimate user. Part of the problem is that the definition of a legitimate users depends greatly on the application. Your public facing website, for example, may loosely define legitimate as "can open a TCP connection and s...
So HTTP/2 is official. That means all the talking is (finally) done and after 16 years of waiting, we've got ourselves a new lingua franca of the web. Okay, maybe that's pushing it, but we do have a new standard to move to that offers some improvements in the areas of resource manag...
Microservice architectures are the new hotness, even though they aren't really all that different (in principle) from the paradigm described by SOA (which is dead, or not dead, depending on whom you ask). One of the things this decompositional approach to application architecture does ...
"Programmability in the network" is a wordy yet simpler way to describe the extension of network capabilities through the use of software-defined techniques. See what I mean? In any case, whatever you want to call it, there are two distinct methods of leveraging programmability in th...
#SSL #webperf #infosec  Now your services can take advantage of hardware acceleration even when they're deployed on virtual machines Way back in the day, when SSL offloading was young and relatively new, there were a variety of hardware, software and even architecture t...
Applications are as integral to F5 technologies as they are to your business. An old adage holds that an individual can be judged by the company he keeps. If that holds true for organizations, then F5 would do well to be judged by the vast array of individual contributors, partners,...
#SDAS #HTTP #webperf #SSL De facto standards can be as difficult to transition off of as official ones If you haven't heard about HTTP 2.0 it's time to start paying attention. It is anticipated that in November the latest version of the specification will become "the st...
UPDATE (9/28/2014): Our security team indicates that we're now seeing the majority of attempted exploits of Shellshock coming in through input paramters. They've provided ASM signatures to mitigate and recommend customers use these signatures to protect their applications. You ...
The keys to the digital kingdom are credentials. In no industry is this more true (and ultimately more damaging) than financial services. The sophistication of the attacks used to gather those credentials and thwart the increasingly complex authentication process that guards financial ...
#SDAS #IAM #IoT #Mobile The new requirements for app delivery include a focus on hyperscaling access to applications. A plurality (48%) of enterprises deliver between 1 and 500 applications to consumers and employees. A somewhat surprising 21% deliver more than 1000 applications every ...
The term hybrid is somewhat misleading. In the original sense of the word, it means to bring together two disparate "things" that result in some single new "thing". But technology has adapted the meaning of the word to really mean the bridging of two different technological models. For...
It's not the first time we've heard the statement that cloud can be too expensive and I doubt it will be the last. This latest episode comes from Alexei Rodriguez, Head of Ops at Evernote by way of Structure 2014: It is important to note that this admission - like those in the past - ...
Despite the hype and drama surrounding the HTTP 2.0 effort, the latest version of the ubiquitous HTTP protocol is not just a marketing term. It's a real, live IETF standard that is scheduled to "go live" in November (2014). And it changes everything. There are a lot of performanc...