Posts

Showing posts from July, 2023

Migration to the Cloud – Introduction of Software Licensing Assessment and Optimisation

Image
One of the key considerations in a cloud migration is the existing software that an organisation has been using. Being able to continue using existing software that has been supporting the workloads, or being able to ensure the operational order of an alternative method – is important when a migration to cloud is being evaluated. Logically, the entitlement to the use of a software is dictated by the software vendor, typically with a series of conditions. That is, if the software vendor’s set conditions are such, then the current software used by an organisation on-premises will not be able to be used in a cloud environment, even if it is technically straightforward to install this software on cloud compute. The non-technical rules on how a software is authorised to be used and on what conditions is known as the licensing entitlement, or licensing conditions. To help with the explanation, some examples are used below, mainly on Microsoft licensing, with a bit on Oracle software as well.

AWS Firewalls - Stateless, Stateful and Deep Packet Inspection (DPI)

A firewall in a car blocks potential harms (fires) in the engine compartment from spreading to the passenger compartment, but still allows control cables and shafts (ultimately for the purpose of permitted communication) to pass through. The same concept can be likened to access control technologies in data communication. In ICT, firewalls may offer additional functionalities but access control is always a core feature – and in turn a core expectation of data security. TCP/IP data communication is in the format of packets (billions and trillions of them), with each packet comprising of two portions: header(s) and data contents (payload). The communication protocols use a layered approach: the payload with the lower communication layer’s header together go into a higher layer’s payload with another header added - and such enveloping can go on a few times.  Static access control is a basic form of access control - commonly known as operating at OSI (Open Systems Interconnection) Layer 3/