OpenWorld Oracle reckons it has “fundamentally” rebuilt its cloud architecture to boost security, promising full separation of customer software and cloud control code.
After painting a picture of a nefarious customer, Big Red’s CTO and cofounder Larry Ellison claimed in his first keynote of this year's OpenWorld conference that the biggest problem with "first-generation" cloud is its multi-tenant architecture.
He told his audience in San Francisco that Oracle had developed a “second-generation cloud” with a completely separate network of computers dedicated to controlling the cloud service, so as to protect against the threat of having customer code break out of its confines and attack the platform from its host server.
The billionaire also touted what he dubbed “Star Wars cyber defense” for its "second-generation" cloud, and promised the use of AI and machine learning to monitor the cloud infrastructure.
Kicking off the keynote, Ellison claimed the “current state-of-the-art cloud defenses” are “not even close” to being good enough, noting high-profile tech companies and security-conscious organizations that have failed to protect the data they hold.
As well as pointing the finger at the somewhat obvious targets of Facebook and Google, Ellison also named-and-shamed the Pentagon – which happens to be in the process of awarding a $10bn IT contract to one cloud supplier – and the suspected front-runner in that race, Amazon.
Use the force, Larry!
Ellison also repeatedly referred to his second-generation cloud's “Star Wars cyber-defense" system, and its "impenetrable force fields" with "autonomous robots" that "kill" software nasties, without ever explaining the link to the film franchise, in which a teenager, er, blows up the supposedly technologically advanced Death Star. El Reg wonders if it was a nod to the name of the Pentagon’s aforementioned cloud program, JEDI.
And, as usual, Amazon was the chief target in the exec’s speech, as Ellison mentioned the firm’s name more than enough to have Jeff Bezos’ ears burning. In particular, he claimed that, with Oracle’s second-generation cloud, there would now be a “fundamental difference” between the way the pair built their cloud infrastructure.
The main driver of Oracle's work, he said, was to address the “incredible vulnerability” of running sensitive cloud-control software and customer-provided code on the same computers.
He described this kind of vulnerability thus:
That means you better trust your customers, you better trust all your customers. If you’re going to let your customers inject code; if you’re going to let customers share that computer – the computer you use to control the cloud - and those customers are smart, they can look at your cloud control code, they change your cloud control code; they can move from one computer to the other, they can look at other customer’s data, they can schedule the other customers’ data is exfiltrated out of the cloud some place else.
Huge if true: We'll put customers, applications, and AI first, says Oracle at annual SF shindigREAD MORE
Ensuring a “malicious customer” can’t move laterally in the cloud requires a new hardware configuration as well as new software, Ellison said. A key component of the infrastructure is providing a bare-metal server, he said.
This contains none of the database giant's own cloud management code, and ring-fences customer's software into zones on the bare-bones box. If a subscriber is more security conscious, and presumably also cash rich, they can rent one or more such machine just for themselves. These bare-metal servers are controlled separately by an Oracle-powered system. In effect, Oracle has kinda rebranded bare-metal servers as "second generation."
Ellison said that perhaps the most important component of Oracle's second-generation cloud is its autonomous database that the tech titan announced at last year’s OpenWorld event, which is built on top of this generation-two infrastructure. Since last year, he said, the firm has increased the use of machine learning and boosted autonomous services in this database offering, including auto provisioning, scaling, fault tolerant failover, and auto backup and recovery.
Time to trash the opposition
And, once again, Ellison spent the last part of his keynote offering up “comparisons” between Oracle and Amazon Web Services, which of course showed Big Red as multiple times faster and significantly cheaper.
For its generation-two cloud, Ellison claimed 45 per cent faster compute at a third of the cost, five times faster block storage at a thirtieth of the price, and 100 per cent faster networking at 100 times cheaper than the opposition.
While many of the Oracle fanbois at the keynote took to Twitter to praise the CTO, Ellison’s approach of taking pot shots at competitors’ cloud security didn’t impress everyone, as analyst Doug Henschen said it risked sowing fear and confusion.
.@larryellison getting into rearchitecture cloud for the sake of security with new network to form “impenetrable barrier” MyPOV: It’s a set of features I’d want under the hood, but I’m not interested in hearing about them. Generating FUD about rival clouds. #OOW18 pic.twitter.com/aabV5wPixc— Doug Henschen (@DHenschen) October 22, 2018
Oracle's public cloud services will, from now on, be sold solely for its generation-two cloud infrastructure. And if you're using a generation-one database cloud installation in your own data center, you'll be able to upgrade to the autonomous database in summer 2019. ®