Brad's Books and Organizations

Books

Books

Organizations

Organizations

Hi, I’m Brad Feld, a managing director at the Foundry Group who lives in Boulder, Colorado. I invest in software and Internet companies around the US, run marathons and read a lot.

« swipe left for tags/categories

swipe right to go back »

Apply To TechStars Cloud Now

Comments (64)

Are you building a cloud startup? If so, apply to TechStars Cloud today!

Earlier this month TechStars announced its newest accelerator program, TechStars Cloud, and we are looking for the best cloud startups we can find to go through the inaugural program.

We’ve gotten a lot of questions about what constitutes a “cloud startup”, so here is a discussion of what we think are cloud startups. We think we can do something special with this program and have big expectations for the results we’ll see when we connect early stage cloud startups to the best cloud mentors and companies.

If you haven’t heard, we have upped the initial funding in the program to 118k.

Apply now as the deadline is October 21.

StillSecure Announces Cloud Security Solution and Partnership with SoftLayer

Comments (78)

StillSecure has been nailing it in the service provider segment with deals with XO, ViaWest, CoreSite, and others recently. StillSecure fundamentally believes that service providers – telcos, datacenter, cloud providers – will be the channel to market for security solutions and I agree. They have built an amazing set of solutions for colocation and dedicated server environments and have solutions that can apply to some higher-end cloud users. Today they are announcing a new host-based firewall management solution in conjunction with SoftLayer – a leader in the cloud market. Aimed at all cloud users, StillSecure’s new solution is the start of a major initiative for the company and is also a new category of solutions.

As most cloud users know, securing their systems is incredibly hard. The solutions are either just “cloud-washed” products that aren’t a fit or they are so expensive that they cannot fit within the elastic cloud model. StillSecure has taken nearly 12 years of history and experience and have built a product from the ground-up with the cloud users’ customer experience and profile in mind.

The solution, called Cloud SMS, is a free today and will expand into premium offerings very quickly. StillSecure and Cloud SMS are in the SoftLayer Tech Partner Marketplace, being promoted to SoftLayer’s 23,000 customers. The two companies are also beginning to explore offering the complete spectrum of StillSecure’s managed security services into SoftLayer’s broader offerings.

I’m excited for the StillSecure and SoftLayer teams – building a secure cloud is an incredibly important goal and one that many companies can take advantage of. Do yourself a favor – if you have any cloud instances out there, go download StillSecure’s cloud security product and please secure them.

MakerBot Deals, TechStars Cloud, and Convertible Notes

Comments (10)

Before we invested in MakerBot, we bought and assembled a Thing-O-Matic. When I say we, I mean me, Jason, and Ross. It took us about 20 hours (Jason and I did the first half; Jason and Ross did the second half) and was a blast – think of it as an adult lego project. Our Thing-O-Matic has been steadily printing stuff – you can play a game of chess with our Thing-O-Matic pieces. the next time you are in my office.

As part of the endless series of Amazing Deals I bring you from my deal site, today’s offer is a fully assembled Thing-O-Matic. If you want your own 3D printer, but you don’t want to assemble it, you can buy it fully assembled for $2,500. But, through the magic of daily deals, there are 20 available for a 20% discount ($2,000). This is a one time offer from my friends at MakerBot so grab ‘em while they are available.

In additional TechStars Cloud launched today along with the first episode of TechStars on Bloomberg TV.

And finally, for all of you that have written asking for a “Convertible Debt Series” like our term sheet series, we’ve just started one on AsktheVC.com. The first post is up and introduces the series – we’ll be working through all of the terms in a convertible debt deal over the next few weeks.

Backing Up Your Google Apps Data

Comments (9)

I find it endlessly entertaining that people say things like “I don’t need to back up my data anymore because it’s in the cloud.” These people have never experienced a cloud failure, accidentally deleted a specific contact record, or authenticated an app that messed up their account. They will. And it will be painful.

I became a believer in backing up my data when I was 17 years old and had my first data calamity. I wrote about the story on my post What Should You Do When Your Web Service Blows Up. I’ve been involved in a few other data tragedies over the past 28 years which always reinforce (sometimes dramatically) the importance of backups.

We recently invested in a company called Spanning Cloud Apps. If you are a Google Apps user, this is a must use application. Go take a look at Spanning Backup for Google Apps – your first three seats are free. It currently does automatic backup of your Google contacts, calendars, and docs at an item level allowing you to selectively restore any data that accidentally gets deleted or lost. I’ve been using it for a while (well before we invested) and it works great.

I’ve known the founder and CEO, Charlie Wood, for six years or so. Charlie was an early exec at NewsGator but left to pursue his own startup. I came close to funding another company of his in the 2005 time frame but that never came together. I’m delighted to be in business with him again.

Don’t be a knucklehead. Back up your data.

Learning the Right Lessons from the Amazon Outage

Comments (15)

As most nerds know, Skynet gained self-awareness last week and decided as its first act to mess with Amazon Web Services, creating havoc for anyone that wanted to check-in on the Internet to their current physical location. In hindsight Skynet eventually figured out this was a bad call on its part as it actually wants to know where every human is at any given time. However, Skynet is still trying to get broader adoption of Xbox Live machines, so the Sony Playstation Network appears to still be down.

After all the obvious “oh my god, AWS is down” articles followed by the “see – I told you the cloud wouldn’t work” articles, some thoughtful analysis and suggestions have started to appear. Over the weekend, Dave Jilk, the CEO of Standing Cloud (I’m on the board) asked if I was going to write something about this and – if not – did I want him to write a guest post for me. Since I’ve used my weekend excess of creative energy building a Thing-O-Matic 3D Printer in an effort to show the machines that I come in peace, I quickly took him up on his offer.

Following are Dave’s thoughts on learning the right lessons from the Amazon outage.

Much has already been written about the recent Amazon Web Services outage that has caused problems for a few high-profile companies. Nevertheless, at Standing Cloud we live and breathe the infrastructure-as-a-service (IaaS) world every day, so I thought I might have something useful to add to the discussion.  In particular, some media and naysayers are emphasizing the wrong lessons to be learned from this incident.

Wrong lesson #1: The infrastructure cloud is either not ready for prime time, or never will be.

Those who say this simply do not understand what the infrastructure cloud is. At bottom, it is just a way to provision virtual servers in a data center without human involvement. It is not news to anyone who uses them that virtual servers are individually less reliable than physical servers; furthermore, those virtual servers run on physical servers inside a physical data center. All physical data centers have glitches and downtime, and this is not the first time Amazon has had an outage, although it is the most severe.

What is true is that the infrastructure cloud is not and never will be ready to be used exactly like a traditional physical data center that is under your control. But that is obvious after a moment’s reflection. So when you see someone claiming that the Amazon outage shows that the cloud is not ready, they are just waving an ignorance flag.

Wrong lesson #2: Amazon is not to be trusted.

On the contrary, the AWS cloud has been highly reliable on the whole. They take downtime seriously and given the volume of usage and the amount of time they have been running it (since 2006), it is not surprising that they would eventually have a major outage of some sort. Enterprises have data center downtime, and back in the day when startups had to build their own, so did they. Some data centers are run better than others, but they all have outages.

What is of more concern are rumors I have heard that Amazon does not actually use AWS for Amazon.com.  That doesn’t affect the quality of their cloud product directly, but given that they have lured customers with the claim that they do use it, this does impact our trust in relation to their marketing integrity. Presumably we will eventually find out the truth on that score. In any case, this issue is not related to the outage itself.

Having put the wrong lessons to rest, here are some positive lessons that put the nature of this outage into perspective, and help you take advantage of IaaS in the right way and at the right time.

Right lesson #1: Amazon is not infallible, and the cloud is not magic.

This is just the flip side of the “wrong lessons” discussed above. If you thought that Amazon would have 100% uptime, or that the infrastructure cloud somehow eliminates concerns about downtime, then you need to look closer at what it really is and how it works. It’s just a way to deploy somewhat less reliable servers, quickly and without human intervention. That’s all.  Amazon (and other providers) will have more outages, and cloud servers will fail both individually and en masse.

Your application and deployment architecture may not be ready for this. However, I would claim that if it is not, you are assuming that your own data center operators are infallible. The architectural changes required to accommodate the public IaaS cloud are a good idea even if you never move the application there. That’s why smart enterprises have been virtualizing their infrastructure, building private clouds, and migrating their applications to operate in that environment. It’s not just a more efficient use of hardware resources, it also increases the resiliency of the application.

Right lesson #2: Amazon is not the only IaaS provider, and your application should be able to run on more than one.

This requires a bias alert: cloud portability is one of the things Standing Cloud enables for the applications it manages. If you build/deploy/manage an application using our system, it will be able to run on many different cloud providers, and you can move it easily and quickly.

We built this capability, though, because we believed that it was important for risk mitigation. As I have already pointed out, no data center is infallible and outages are inevitable.  Further, It is not enough to have access to multiple data centers – the Amazon outage, though focused on one data center, created cascading effects (due to volume) in its other data centers. This, too, was predictable.

Given the inevitability of outages, how can one avoid downtime?  My answer is that an application should be able to run on more than one, or many, different public cloud services.  This answer has several implications:

  • You should avoid reliance on unique features of a particular IaaS provider if they affect your application architecture. Amazon has built a number of features that other providers do not have, and if you are committed to Amazon they make it very easy to be “locked in.” There are two ways to handle this: first, use a least-common-denominator approach; second, find a substitution for each such feature on a “secondary” service.
  • Your system deployment must be automated. If it is not automated, it is likely that it will take you longer to re-deploy the application (either in a different data center or on a different cloud service) than it will take for the provider to bring their service back up. As we have seen, that can take days. I discuss automation more below.
  • Your data store must be accessible from outside your primary cloud provider. This is the most difficult problem, and how you accomplish it depends greatly on the nature of your data store. However, backups and redundancy are the key considerations (as usual!). All data must be in more than one place, and you need to have a way to fail over gracefully. As the Amazon outage has shown, a “highly reliable” system like their EBS (Elastic Block Storage) is still not reliable enough to avoid downtime.

Right lesson #3: Cloud deployments must be automated and should take cloud server reliability characteristics into account.

Even though I have seen it many times, I am still taken aback when I talk to a startup that has used Amazon just like a traditional data center using traditional methods.  Their sysadmins go into the Amazon console, fire up some servers, manually configure the deployment architecture (often using Amazon features that save them time but lock them in), and hope for the best.  Oh, they might burn an AMI and save it on S3, in case the server dies (which only works as long as nothing changes).  If they need to scale up, they manually add another server and manually add it to the load balancer queue.

This type of usage treats IaaS as mostly a financing alternative. It’s a way to avoid buying capital equipment and conserving financial resources when you do not know how much computing infrastructure you will need. Even the fact that you can change your infrastructure resources rapidly really just boils down to not having to buy and provision those resources in advance. This benefit is a big one for capital-efficient lean startups, but on the whole the approach is risky and suboptimal. The Amazon outage illustrates this: companies that used this approach were stuck during the outage, but at another level they are still stuck with Amazon because their server configurations are implicit.

Instead, the best practice for deploying applications – in the cloud but also anywhere, is by automating the deployment process. There should be no manual steps in the deployment process. Although this can be done using scripts, even better is to use a tool like Chef, Puppet, or cfEngine to take advantage of abstractions in the process. Or use RightScale, Kaavo, CA Applogic, or similar tools to not only automate but organize your deployment process. If your application uses a standard N-tier architecture, you can potentially use Standing Cloud without having to build any automation scripts at all.

Automating an application deployment in the cloud is a best practice with numerous benefits, including:

  • Free redundancy. Instead of having an idle redundant data center (whether cloud or otherwise), you can simply re-deploy your application in another data center or cloud service using on-demand resources.  Some of the resources (e.g., a replicated data store) might need to be available at all times, but most of the deployment can be fired up only when it is needed.
  • Rapid scalability. In theory you can get this using Amazon’s auto-scaling features, Elastic Beanstalk, and the like.  But these require access to AMIs that are stored on S3 or EBS.  We’ve learned our lesson about that, right? Instead, build a general purpose scalability approach that takes advantage of the on-demand resources but keeps it under your control.
  • Server failover can be treated just like scalability. Virtual servers fail more frequently than physical servers, and when they do, there is less ability to recover them. Consequently, a good automation procedure treats scalability and failover the same way – just bring up a new server.
  • Maintainability. A server configuration that is created manually and saved to a “golden image” has numerous problems. Only the person who built it knows what is there, and if that person leaves or goes on vacation, it can be very time consuming to reverse-engineer it. Even that person will eventually forget, and if there are several generations of manual configuration changes (boot the golden image, start making changes, create a new golden image), possibly by different people, you are now locked into that image. All these issues become apparent when you need to upgrade O/S versions or change to a new O/S distribution. In contrast, a fully automated deployment is not only a functional process with the benefits mentioned above, it also serves as documentation.

In summary, let the Amazon Web Services outage be a wake-up call… not to fear the IaaS cloud, but to know it, use it properly, and take advantage of its full possibilities.

Build something great with me