Today we continue to describe migratory assets. A significant percentage of the end users do not care about where the assets come from.  Consequently we can move assets between public cloud to public cloud or even public cloud to private cloud or even private to private cloud while letting the users access their resources by name and in some cases by the same IP. 

There are two factors contributing to this: 

1) a large number of requests are for fine grained number of assets 

2) Most assets are managed by system center managers that don't depend on the host but only on the agent running inside the asset. 

These promote migratory assets. 

Another important criteria is the offloading of infrastructure activities to existing automations in the public cloud. Take for example, periodic evaluation of unused resources and the reminders to customers. This is no longer done with custom or proprietary automations. Instead the same technologies that monitor usages and trigger alerts in public cloud can be reused. There is significant savings in reusing out of box technologies. First, the tools and technologies are widely accepted and have already matured to feedback across organizational usages. Second, there is no need to increase ownership and maintenance of in house tools and technologies that serve the same purpose. 

By a similar counterargument, there is always a place for in house tools and automations that can benefit private cloud implementations and boost the overall offering to the customer. Cheap, dirty and fast solutions are easily facilitated in a private cloud and we welcome this with independently controlled private cloud as an alternative offering to the customers.  For example, we can create clusters and containers in a private cloud that can benefit as additional resources to the user. 

Lastly, applications and services can leverage appliances, technologies and services that are not available in a private cloud. We have storage appliances, network accelerators, firewalls, routers and many other technologies that can apply only in private cloud. These then become foundations for Infrastructure as a service, Platform as a service and software as a service layers which bring their own advantages. Arguably though these upper layers for the most part should not differentiate between whether the resources are requested from private cloud or public cloud providers

#codingexercise

Find the maximum product of a subsequence of an array of integers such that no two elements are adjacent.

int GetMaxProduct(List<int> A)

{

assert( A.all(x => x > 0));

if (A == null || A.Count == 0) return 0;

int inclusive = A[0];

int exclusive = 0;

for (int i = 1; i < A.Count; i++)

{

var max = Math.max(inclusive, exclusive);

inclusive  = exclusive × A[i];

exclusive = max;

}

return Math.max(inclusive, exclusive);

}
if the integers were both positive and negative, we would have need to make sure the count of selected negatives is even. We would keep track of two products one with the negative integers only and the other regular.
The key observation here is that we skip the negatives and find the desired max among the positives. Then we take the negatives alone and find their desired max with the additional criteria that they have to be even in count. Whichever is greater dictates the list that will be included as is and elements of the other list will be included such that there are no adjacencies.

Migratory Assets

          Today many organizations use one or more public clouds to meet the demand for the compute resource by its employees. A large number of these requests are fine grained where customers request a handful of virtual machines for their private use. Usually not more than twenty percent of the customers have demands that are very large ranging to about a hundred or more virtual machines. 

 There are a few challenges in servicing these demands. First, the virtual machines for the individual customers are sticky. Customers don’t usually release their resource and even identify it by their name or ip address for their day to day work.  They host applications, services and automations on their virtual machines and often cannot let go of their virtual machine unless files and programs have a migration path to another compute resource. Typically they do not take this step to create regular backups and keep moving the resource. While container platforms for Platform-as-a-service (PaaS) have enabled software to be deployed without any recognition of the host and frequently rotated from one host to another, the end users adoption of PaaS platform depend on the production readiness of the applications and services The force for PaaS adoption has made little or no changes to the use and proliferation of virtual machines by individual users. Therefore the second criteria is that the individual users habits don’t change.

Consequent to these two factors, the cloud services provider can package services such as additional storage, regular backup schedule, patching schedule, system management, securing and billing at the time of request for each asset. However such services depend on the cloud where the services are requested. For private cloud a lot of the service is in-house adding to the costs even if the inventory is free.

I describe that a significant percentage of the end users do not care about where the assets come from.  Consequently we can move assets between public cloud to public cloud or even public cloud to private cloud or even private to private cloud while letting the users access their resources by name and in some cases by the same IP.

#codingexercise
Find the maximum of a subsequence of an array of integers such that no two elements are adjacent.
int GetMaxSum(List<int> A)
{
if (A == null || A.Count == 0) return 0;
int inclusive = A[0];
int exclusive = 0;
for (int i = 1; i < A.Count; i++)
{
var max = Math.max(inclusive, exclusive);
inclusive  = exclusive + A[i];
exclusive = max;
}
return Math.max(inclusive, exclusive);
}
Courtesy: geeksforgeeks

We read how Google protects data.While Google is an innovator in two-step authentication and encryption methods and may even have more scale of operations than many other companies, all that other companies need to do is to ensure that they don't fall short of the considerations from Google's security efforts. Their implementations can vary but the threats will have been mitigated. Where may companies may lead the initiative is to show how to use the public cloud by setting security standards in its adoption. I enumerate the areas of control. These include:
1) network integration between on-premise and public cloud
2) penetration testing of virtual private network in the public cloud
3) Active Directory connector between virtual private network and on premise
4) System Center Manager for public cloud assets
5) Setting up of monitoring and alerts on all threat related operational activities
6) Successful key management for all assets and operations related key usages
7) Isolation among security groups or access controls for individual instances and groups.
8) Metering and reports on all usages so that anomalies can be detected
9) Metrics on all distributions across regions and fault tolerance
10) Size of large groups and the percentage of fine granularity in resource groups
11)Time based variations over a period

Most public cloud providers publish their own security guidelines and practice while providing documentation and community support forums. These best practice cover many tools and features that the cloud providers give to enable empowering the companies that adopt the public clouds. However, the degree to which each one uses these clouds and their compliance to minimum security standards is largely not governed. The contract between public cloud providers and organizations safeguards the public cloud provider but does not secure the end user or their data in all aspects of their usage. For example, with the use of public cloud for private networks, an organization may or may not guarantee isolation of user data on the same server, its robustness and reliability against loss, theft or mishandling, its availability to export when the user no longer wishes to use the services and its portability. Moreover, administrators have their own administration tasks that require certain level security compliance as we saw with our coverage of how Google secures its data. These tasks include writing rules that dictate data retention, showing responsibility towards legal hold and law enforcement response, maintaining transparency in their actions and the publication of their reports, or showing discretion in other maintenance activities.
Therefore, adoption of public cloud computing for organizational needs requires certain criteria that can evolve as an internal security compliance requirement.
More reading at https://1drv.ms/w/s!Ashlm-Nw-wnWrF0qVoeSgL7Xnu1w


#codingexercise
Yesterday we were discussing a codingexercise that attempted to sort a doubly linked list of 0 and 1.
It had a helper function to cut and insert element before or after the transition point. We implemented the insertion after the transition point and we implement the insertion before the transition point.
dll CutAndInsertBefore(dll transition, dll current, dll root)
{
assert (current != null && root != null);
if (transition == null) return root; // nothing to do
if (transition == current) return root;
if (current == root) return root; // this op only when current > transition
// root == transition is acceptable
// cut current;
var temp = current.next;
if (temp)
     temp.prev = current.prev;
if (current.prev){
     current.prev.next = current.next;
     current.next = null;
}
// insert before
if (transition.prev)
     transition.prev.next = current;
else
      root = current;
current.next = transition;
current.prev = transition.prev;
transition.prev = current;
return root;
}

Today we conclude reading up on how Google protects data.Google has incredible expertise in this area. Security is an integral part of their operations. They scan for security threats using tools, they use penetration testing, quality assurance processes, security reviews and external audit. They have a rigorous incident management process for security events that affect the confidentiality, integrity or availability of systems of data. They apply defense-in-depth perspective to securing their custom-designed servers, proprietary operating systems and geographically distributed data centers. Data is encrypted in transit, at rest and on backup media, moving over the internet or traveling between the data centers. They build redundancy into their server design, data storage, network and internet connectivity and even the software services.Their audits cover compliance standards and we reviewed some of them. We also reviewed some of the tools used to empower users and administrators to improve security and compliance. We were discussing user authentication, data management and email management features. We reviewed data detention which is facilitated by the eDiscovery feature.Administrators can specify retention rules that specify how long certain messages are retained before they are removed from user mailboxes and expunged from all Google systems. Administrators can enforce policies over mobile devices in their organization, encrypt data on devices, and perform actions like remotely wiping or locking lost or stolen devices. Administrators can also recover data by restoring a deleted user account or restoring a user's drive or gmail data. They can publish reports that provide transparency to their actions.
Thus Google protects data in its infrastructure, applications and personnel operations. The same security considerations are acknowledged by the industry. We mentioned comparision to Adobe's efforts in this regard. While Google is an innovator in two-step authentication and encryption methods and may even have more scale of operations than many other companies, all that other companies need to do is to ensure that they don't fall short of the considerations from Google's security efforts.  Their implementations can vary but the threats will have been mitigated. Adobe has secured its data by virtue of the very same compliances that Google has made. These include  the SOC, ISO27001, FedRAMP and Payment card industry data security standard. In addition Adobe fulfils regulatory compliances such as Gramm-Leach-Bliley Act GLBA for financial institutions, HIPAA the health insurance portability and accountability act and protected health information PHI, the code of Federal regulation, Title 21 and the US Family educational rights and privacy act.
Adobe is able to meet these standards and regulations because it practices a bottom up physical layer securing approach called the Adobe Common Controls Framework and a top down software layer securing approach called the Adobe Secure Products Lifecycle. The former manifests as a set of Adobe specific controls that map to approximately a dozen security standards and the latter is a set of security activities that span several product development practices, processes and tools.
Where Adobe could become pioneer is to put together a security standard for using hybrid or public clouds for organizational use. While Google claims its public cloud has better security than on-premise computing, Adobe could become a pioneer to say that its embrace of public cloud is more secure than on-premise computing of many other companies.
#codingexercise
Yesterday we were discussing a codingexercise that attempted to sort a doubly linked list of 0 and 1.
It had a helper function to cut and insert element before or after the transition point. It goes like this:
dll CutAndInsertAfter(dll transition, dll current, dll root)
{
assert (current != null && root != null);
if (transition == null) return root; // nothing to do
if (transition == current) return root;
if (current == root) return root; // this op only when current > transition
// root == transition is acceptable
// cut current;
var temp = current.next;
if (temp)
     temp.prev = current.prev;
if (current.prev){
     current.prev.next = current.next;
     current.next = null;
}
// insert after
if (transition.next)
     transition.next.prev = current;
current.next = transition.next;
current.prev = transition;
transition.next = current;
// root remains unmodified for insertion after transition
return root;
}

The cutandinsertbefore method is similar to the one above except that the root might change.

Today we continue to read up on how Google protects data.Google has incredible expertise in this area. Security is an integral part of their operations. They scan for security threats using tools, they use penetration testing, quality assurance processes, security reviews and external audit. They have a rigorous incident management process for security events that affect the confidentiality, integrity or availability of systems of data. They apply defense-in-depth perspective to securing their custom-designed servers, proprietary operating systems and geographically distributed data centers. Data is encrypted in transit, at rest and on backup media, moving over the internet or traveling between the data centers. They build redundancy into their server design, data storage, network and internet connectivity and even the software services.Their audits cover compliance standards and we reviewed some of them. We also reviewed some of the tools used to empower users and administrators to improve security and compliance. We were discussing user authentication, data management and email management features. We now review data detention which is facilitated by the eDiscovery feature. eDiscovery is the means to prepare for lawsuits and other legal matters. Google Vault is the eDiscovery solution for Google Apps that lets customers retain, archive, search and export their business gmail. Administrators can specify retention rules that specify how long certain messages are retained before they are removed from user mailboxes and expunged from all Google systems. Retention rules can be specified based on duration, content, labels and delegation. A legal hold is a binding requirement on a user to preserve all their emails and on the record chats indefinitely In a legal hold, messages may be deleted from the user's view but not from the message servers. Email and chat can be searched using user accounts, organizational units, date or keyword. Results can be exported as evidence reports.
Endpoints are also secured. For example, administrators can enforce policies over mobile devices in their organization, encrypt data on devices, and perform actions like remotely wiping or locking lost or stolen devices. This comes with mobile data management in Google Apps. Chrome browser security can be managed by policies specified by the administrator remotely There are over 280 policies that can be specified. The Google Apps admin console applies policy  to Chrome Devices
Administrators can also recover data by restoring a deleted user account or restoring a user's drive or gmail data. They can publish reports that provide transparency to their actions.
#codingexercise
given a doubly linked list of 0 and 1 integers, sort them in place

dll Sort0And1(dll root)
{
if ( root == null || root.next == null) return;
var current = root:
var transition = null);
while(current)
{
if (current.data ==1)
{
if (transition == null)
     transition = current;
root = CutAndInsertAfter(transition, current, root);
}else{
root = CutAndInsertBefore(transition, current, root);
}
current = current.next;
}
return root;
}

Today we continue to read up on how Google protects data.Google has incredible expertise in this area. Security is an integral part of their operations. They scan for security threats using tools, they use penetration testing, quality assurance processes, security reviews and external audit. They have a rigorous incident management process for security events that affect the confidentiality, integrity or availability of systems of data. They apply defense-in-depth perspective to securing their custom-designed servers, proprietary operating systems and geographically distributed data centers. Data is encrypted in transit, at rest and on backup media, moving over the internet or traveling between the data centers. They build redundancy into their server design, data storage, network and internet connectivity and even the software services.Their audits cover compliance standards and we reviewed some of them. We also reviewed some of the tools used to empower users and administrators to improve security and compliance.
Specifically, the user authentication/authorization features  involved a 2-step verification that adds an extra layer of security to Google Apps accounts by requiring users to enter a verification code which was also enhanced with a physical security key SAML single sign on allowed customers access to multiple services using the same sign in page. Oauth and OpenID extended the single sign on to multiple cloud solutions. In addition to these user access management enhancements, the data is also managed with features such as information rights management that can disable sharing of information meant for one or select people. The driver audit log lists every access that involves a data manipulation. Specific actions taken by user can also trigger alerts using the drive content compliance or alerting. There are trusted domains for drive sharing. There are trusted domains for drive sharing where whitelists are maintained. Sharing of data such as by emails are done over encrypted channels Even the from address in emails, if forged in a common compromise attack called phishing is detected and the threat mitigated. All emails have data loss prevention. Objectionable content is removed. Thus emails conform with content compliance. Administrators can even restrict the email address users can exchange mail with. Google vault provides an eDiscovery feature that lets customers retain, archive, search and export their business gmail This is very helpful to stay prepared in case of lawsuits and other legal matters.
#codingexercise

Find four elements a,b, c and d in an array such that a+b = c + d 

We discussed several solutions to this exercise. Another way to do this would be as follows
1) generate combinations of four element subarrays from the overall array
2) find if the four elements satisfy the given condition.
For distinct integers this can be like:
Void Combine (List<int> a, List<int> b,int start, int level, int val)
{
For (int I = start ; I < a.Length; i++)
{
if (b.contains(a[i])== false){
b[level] = a[i];
if (b.length == 4 && isValid(b, val)){Console.Write(b.ToString()) };
If (I < a.Length)
    Combine(a,b,start+1,level+1), val)
b[level] = 0;
}
}
}
bool isValid(List<int> nums, int val)
{
assert(nums.Count == 4);
nums.sort();
if (nums[0] + nums[3] == nums[1] + nums[2] && nums[0] + nums[3] == val)
   return true;
return false;
}

Today we continue to read up on how Google protects data.Google has incredible expertise in this area. Security is an integral part of their operations. They scan for security threats using tools, they use penetration testing, quality assurance processes, security reviews and external audit. They have a rigorous incident management process for security events that affect the confidentiality, integrity or availability of systems of data. They apply defense-in-depth perspective to securing their custom-designed servers, proprietary operating systems and geographically distributed data centers.Data is encrypted in transit, at rest and on backup media, moving over the internet or traveling between the data centers. They build redundancy into their server design, data storage, network and internet connectivity and even the software services.Their audits cover compliance standards and we reviewed some of them.
Next we started reviewing some of the tools used to empower users and administrators to improve security and compliance.
These included User and authentication/authorization features such as 2-step verification which requires users to sign in with their username, password as well as one-time-password-tokens. In addition, a security key developed by Google as an actual physical key to use with the Google account is used to enhance the 2-step verification.  The purpose of the security key is to send an encrypted code rather than a code which means login cannot be phished. Services such as single sign-on enables user to use multiple services with the same login.  OAuth 2.0 and Open ID allows customers to configure this single sign on service to multiple cloud solutions.
In addition to securing user, data management features are also provided to users and administrators.
Data Management includes such things as securing information rights with driver audit log, driver content compliance, trusted domains for drive sharing and email security features such as secure TLS, phishing prevention, data loss prevention, content compliance, restriction to content and objectionable content.

#codingexercise

Find four elements a,b, c and d in an array such that a+b = c + d 

List<Tuple<int,int>> PairSums(List<int> nums, int sum) { 

Var ret = new List<Tuple<int,int>>(); 

int left = 0; int right = nums.Count - 1; if (nums.Count <= 1) return ret; 

nums.Sort(); while (left < right) {          if(nums[left] + nums[right] == sum) 

{               var t = new Tuple<int,int>(nums[left], nums[right]); 

              ret.Add(t); 

              ret.Append(PairSums(nums.GetRange(left, right-left), sum); 

              ret.Append(PairSums(nums.GetRange(left+1, right-left, sum); 

              left++; 

              right--; 

}          else if (nums[left] + nums[right] < sum)               left++;          else               right--; } return ret; } 

CombinePairs(PairSums(nums,sum));