Archive for June, 2012

@boundary showing traditional vendors how software development needs to be done

Friday, June 29th, 2012

Our weekly customer product update today…..more enhancements than the traditional systems mgmt vendors have delivered in the last year ???

What’s New in Boundary

Some very big new enhancements in Boundary to announce this week:

  1. AWS & Rackspace Health Status Event Feeds
  2. Hadoop Application Pack
  3. Redesigned Navigation
  4. Minor Enhancements
  5. Beta Features Available to Try (by request only)
    1. Application Visualization
    2. Ephemeral Port Conversations

Rackspace & AWS Health Status Event Feeds

Who wants to look in multiple places to figure out what’s going wrong in your application?   To make this easier, and hopefully reduce the number of places you have to check when something is wrong at 2 am (and you’ve been paged out of bed), we’ve extended our Events service to accept standard RSS messages, including an out of the box feed from AWS Service Health and Rackspace Cloud Status.

If an AWS service, such as EC2 in Oregon, is suffering increased latencies or an outage, you can immediately see that in your Boundary dashboard, explaining why you are seeing problems in your application.

amazon elastic compute cloud

We’ll soon have the ability to accept any arbitrary RSS feed for Events.   We’ll also be adding more out of the box external event feeds in the future – so if there is one you’d like to see in particular – drop us a note at

To enable this feature – just click the External Event Feeds button from the Event Feed view and select which feeds you’d like.    You’ll then see them appear in the dashboard.

cloud service status

Hadoop “App Pack”

Hadoop is a complex, distributed system with many conversations occurring between the nodes.   To make it easier for you to monitor Hadoop traffic, we’ve create a Hadoop App Pack.

The App Pack automatically configures Aliases and Conversations for the default services and ports shipped with Cloudera’s CDH4 distribution, including the services HDFS, HBase, Hive, Hue, MapReduce, Oozie, Sqoop, YARN, ZooKeeper and the Cloudera Manager/Agent.   It will correctly monitor the traffic in the ephemeral port range, including those ports in the 50K and 60K range.

To enable the Hadoop App Pack, click on Organization in the top menu bar and select App Pack.

Hadoop App Pack

Note: App Packs are new in Boundary. We’re kicking them off with better support for Hadoop.   Please email us at service@boundary.comfor additional App Packs you’d like to see us build.

Redesigned Navigation & UI

We’ve streamlined the navigation and made it easier to access the key features you want to view.    A couple of key changes to be aware of:

Nodes, Dynamic Groups, Conversations, Events and Alerts are now found under the Configure top menu item.
configure nodes

Organization Settings, Aliases and App Packs are now found under the Organization top menu item.

configure organization

Minor Enhancements

  • Alerts now display their state and current value in the alerts tab
  • The Events feed was enhanced for better scalability
  • Mousing over Events in the Boundary dashboard now works properly
  • Searching using the ? wildcard now works properly
  • Documentation for the Alert State API is now available


These features are in beta and are available by request only.   If you’d like to try these new capabilities, please drop us a note at

Application Visualization

The real time graphs in Boundary are great for visualizing traffic over time and seeing trends, events and changes — but how about visualizing a graphical map – like Google traffic maps?   Now – you can visualize application traffic and service flows in an intuitive, graphical “application map” view.     We’ve just launched this capability in beta.   Email us ( if you’d like this capability enabled for your Organization.

app viz

Ephemeral Port Conversations

You can now define conversations that monitor application traffic in the ephemeral port range (ports numbered above 32768).   For example, in the Hadoop App Pack, Hadoop conversations in the 50,000+ port range are automatically defined.   If you want to monitor a custom service using an ephemeral port, this capability must be explicitly configured for you.  Please email us ( if you’d like to configure specific Conversations.

The451 article on @pingidentity @boundary @zenoss @awscloud @puppetlabs @splunk

Friday, June 22nd, 2012

Company name: Ping Identity Corp

Activities: Cloud identity security

Head office: Denver, CO

Number of employees: 200

LY revenue: NA

LY net income: NA

Key suppliers: Amazon Web Services, Boundary, Puppet Labs, Splunk, VMware, Zabbix

Ping Identity adds Boundary to its monitoring arsenal for cloud single signon

Analyst: Rachel Chalmers 22 Jun, 2012

In March 2012, Ping Identity launched PingOne as a multiplexed identity switch in the cloud and the first step toward an identity as a service business. PingOne was an important technical and strategic offering for the company. It was also a proof of concept for a brand new product from another vendor altogether: Boundary Inc. Ping Identity’s lead site reliability engineer, Beau Christensen, is one of the first customer references for the fresh out of stealth monitoring specialist.

Early Adopter Snapshot

In 2011, Ping Identity turned to its existing investors, as well as Triangle Peak Partners and Silicon Valley Bank, to raise another $21m, which it used to create an on demand services unit. PingOne is the first fruit of this newly established unit. PingOne provides businesses with Tier 1 single sign on (SSO) access to all of their cloud applications, lets IT centralize control and automate identity management, and allows cloud application providers to offer Tier 1 SSO to all of their customers. For security conscious businesses, Tier 1 requires exclusively standards based federated SSO protocols, such as SAML, OAuth, and OpenID, with zero tolerance for storing passwords or managing duplicate end user accounts in the cloud.

Strategic vision and business drivers

Ping’s Site Reliability Team is explicitly modeled on those at Web facing pioneers Facebook and Google. It combines experts in development and operations, security and risk, hypervisors, databases, and hardware – but the team is only three strong. The ratio of team members to servers is currently 1:200, but Christensen hopes to push it to 1:600. The Site Reliability Team is part of the devops team, working to deploy code into production. As Christensen put it: “We’re the guys on call. We are constantly looking for new tools and technologies.”

Challenges and obstacles

New technologies are needed to help the team manage the ambitious and dynamic environment within Ping Identity. The company’s infrastructure, virtualized since 2008, now spreads across three colocated datacenters – one for test and two for production. The production datacenters are synchronized in real time and operate autonomously, so that if one goes down, the other can take over.

Ping uses a mix of VMware, OpenStack and AWS technologies – a complex and layered virtual environment. To get a handle on all this, Christensen’s team uses a three pronged monitoring strategy. The first line of defense is active monitoring, looking at heartbeats and so on. Here Ping Identity has moved from SolarWinds to Nagios Enterprises to Zenoss to its current favorite, Zabbix. The second line of defense is operational intelligence, and the company is a big Splunk user.

It’s the third line of defense that interests us: network monitoring. Cisco’s NetFlow is widely used, but while Ping Identity is a Cisco shop, its Cisco deployment isn’t huge, and the kind of expenditure associated with NetFlow is out of Ping Identity’s reach. Furthermore, Ping doesn’t own the network in third party clouds.

“As we build automation tools to enable us to deploy into VPCs in Amazon and other cloud platforms,” Christensen explained. “We don’t have access to any of that information whatsoever. No views into systems traffic.” Smart site reliability engineers don’t let the matter rest there.

Deployment summary

Boundary’s agents and applications filled that void for Ping Identity. “If you set it up right, it’s the first tripwire,” said Christensen. “You can see immediately when something’s going on. One customer went live on [PingOne portal] CloudDesktop and sent email to thousands of employees around the world. I glanced at the screen and stuck my head up and said to the product manager, ‘What just happened?’”

As Christensen’s team tries to drill into the efficiency of CloudDesktop to make it as fast and as cost effective to run as possible, they run massive performance tests against it. The team has its own scalability lab with giant bare metal machines running big cannons firing traffic at datacenters using JMeter and BrowserMob. Thanks to Boundary, these tests can now identify inefficiencies between the application and data layers that had never shown up before.

Innovation and roadmap

While Ping Identity is only using Boundary in its test environment today, the team has realized big wins in the two to three months it’s been running.

Christensen has used it on the big Splunk indexers to see how they were performing. Now that Boundary has Puppet integration as well, Ping will use it on all its Puppet nodes.

Ultimately, of course, the plan is to push it out into the production environment. This will coincide with a new version of Ping Identity’s homegrown automation software, coming out in June, which will enable EU customers to deploy to AWS’s Irish datacenter in order to comply with EU privacy laws. “As we roll the new automation out, AWS is the first place Boundary is going to go,” Christensen said. “Then we’ll wrap it back into the VMware environment.”

A lesson in motivation and safety

Thursday, June 14th, 2012

OK, so last quarter (term/semester) my older kids school grades were a little mediocre. I decided to see whether financial motivation would work so I offered them $$ for As and Bs, nothing for Cs, and a “lose it all for a D”. And then, in a moment of madness I offered them $$$$ for straight As.

I had forgotten that my son always has a list of things that he wants to buy, and he immediately translated my offer into “I can buy a a new BMX”.

12 weeks later….yep….straight As. He went from Cs and Bs to straight As in 12 weeks or less with a GPA of 4.0.

So…he got his BMX and his first request….”dad, you need to take the brake off….it’s not cool to have a brake”. So, I understand not cool, but I also understand that we live on a hill and using your shoe to brake on the back wheel is pretty dangerous (not to mention the numerous pairs of shoes that we would likely go through).

So, on this one I said no. I think I was right to do so but my big question is, what would Val from Cheam have done?