Skip navigation

Hello World,


I work in Intel IT Engineering in our Data Center Engineering team and am our enterprise private cloud engineering lead.  This means that I focus across all aspects of our cloud engineering work to ensure that we are building optimum solutions, that our technical investments are meeting our overall architectural plans, and that our operations teams are getting “design to run” solutions.  Before this role I was heavily involved in various engineering and operational aspects of our Design Grid environment, and decided to take on the challenge of bringing many of our grid computing concepts to the rest of our IT infrastructure.



I also spend time out talking to peers in the IT Industry, and realized that it would be beneficial to share my personal perspective as well as that of the many engineers that I work with on the challenges, successes, and failures that we encounter on this Cloud journey.  So now I am blogging to help increase that communication, and I hope I hear from some of you on what you are doing in this exciting space.



Cloud is a pretty broad topic, and I like to keep my blogs somewhat short to stick to a key point…   we have published a few IT@Intel whitepapers ( which you can take a look at to provide more in-depth context on our journey, and I will pick one-two areas that are either keeping me up at night or that I am proud of to share in the future - this first blog is my introduction, and to give a few pointers on what we are doing.



At a high level we are taking a pragmatic approach to shifting our IT Office and Enterprise infrastructure from a silo’d predominantly physical environment to an elastic on-demand infrastructure with multi-tenancy.  We made a decision last year to make pervasive virtualization a foundational aspect of our Enterprise Private Cloud, and have gone from around 12% of our Server OS’s running on virtual hardware in late 2009, to over 35% now.  This is also an interesting topic that I will speak about in another blog; both from an operational perspective to move at that pace, and from a technical perspective on how we are handling the analysis of technical limiters and addressing them systematically.



On top of virtualization we have introduced on-demand self-service… this is also a very significant and complex area which relies heavily on multiple solutions such as capacity management, entitlement, and appropriate controls to make our infrastructure appear infinite to our consumers.  This isn’t happening overnight, but I am excited about our progress.



Let me know if there are specific things you are interested in, I will try to get these out on a somewhat regular cadence, and thanks for reading my introduction.






Couple weeks ago, I traveled a long way from Hong Kong to California to meet with other community managers in Intel and to attend a social media platform conference. It was a productive & very informative week. Allow me to share some quick notes and observations with you.


  • I heard the attendees at the conference were more than double compare to previous year. There were a lot of energy and passion among the attendees towards the topic. It is showing a strong trend in more enterprise adoption of social media.
  • From people I talked to, there are similar among of internal and external deployment of social media platform – internal for collaboration between employees and external for engagement with customers. Among the external implementation,  support communities seem to be one of the more popular social media implementation. There were quite a few success stories about support communities shared.
  • Executive support, endorsement and participation are key to the success of a social media program as noted by a number of speakers sharing their success stories and by a few conference attendees I spoke to.
  • A social media community requires a critical mass (a certain amount of active participants) to be successful. However, you cannot build a community and hope people will come. Marketing and getting people participating initially is key.
  • A intuitive interface is helpful to get people participate and engage. Instead of using the default user interface from your platform, customize it for your audience.
  • You need 'super users' in your community and you need to keep them engaged and motivated
  • There is still a lack of standard or best practices in measuring success of a social media program or getting actionable indicators
  • Business value of social media is still difficult to measure. A few suggestions: telling success stories; finding proxy measurements to cost reduction or revenue generation; finding a quantifiable business case


Are you seeing similar trends and challenges in your social media programs? Do you have any success stories to share?

... and i'm not talking about the giveaways :-)


Last week I spent on the road between a few days at the Intel Developer Forum and then at the Insight Conference in Denver.  At both events, I was speeking about the Intel IT private cloud computing implementation around why and what we are implementing inside our business.  But during the conference I alo had the change to see a lot of exhibits, talk to a lot of technology professionals and IT peers, and listen in on a CIO panel discussion. While the week was filled with learning, three things stood out for me both professionally and personally.


1) Every CIO's priorities are driven by business needs, however the challenges they face are dramatically similar.  Topics of security, consumerization, collaboration, employee productivity, business efficiency and IT leadership (ie leading their organizations) are front and center.  Some interesting insights / quotes from the panel I wrote down:


     "Security model is shifting from the firewall to the end piont device"

     "IP is everything - must protect it"

     "enterprise security requires partnership with employees"

     "we're measuring producitivity in minutes"

     "work is done in smaller increments" ... but with more people involved"

     "the openness of social media and consumerization is contrary to requirements to secure IP"

     "requirements of enterprise security and consumer security are fundamentaly different"

     "CIO role is changing and growing in importance"

     "IT cannot be the department of No"


2) Cloud Computing remains a mis-understood confusing topic.  There are so many definitions, techologies, solutions and delivery models that get associated with the term "cloud" and the hype cycle on cloud is at full peak.  The concern I have is that because the term "cloud" elicits a variety of reactions (often bi-polar) of strong endorsement or strong skepticism and concern.  As I share the Intel IT cloud computing strategy and implementation roadmap a few items garner most of the questions from IT professionals - the good thing is we have our answers already .. does your IT group?


     "how are you defining cloud computing"

     "how are you balancing private vs public cloud"

     "how are you managing the services and applications in the virtualized environment"

     "how are you implementing self-service"

     "where are you doing application development" 


3) Smart TV is pretty cool.  Prior to IDF, I'd heard about the concept but did not understand its usage model.  The demos really caught my interest and when these devices come out, I will certainly talk to my wife about purchase. If you want to learn more about Smart TV, start here



Intel’s SOA Expressway is a software package that allows for the many different options in controlling the flow and security of web services throughout an organization or even those published to external consumers through a DMZ. In many instances, especially for public interfacing web services, it is essential to have some type of filtering (also called reverse-proxy) of requests from a consumer of a web service and this is the specialty of SOA Expressway and how it is used to protect web services. In addition to the built-in security features provided by a proxy workflow, proxy workflows within SOA Expressway can contain Content Attack Prevention (CAP) policies.



There 3 essential parts to a standard web service gateway proxy workflow which include Receive, Invoke, and Reply. This workflow can be synonymously called the BPEL or Business Process Execution Language. The Receive action actually takes in the SOAP request for processing, the Invoke will send the call to the web service and the reply can send the response back to the consumer of the web service. But there are many other activities that can be configured for a web service to provide increased security and even actions based on what is returned from a prior step in the workflow. But for a simple overview, below is a display of a workflow using some of the tasks necessary for configuring a CAP Policy. A CAP policy is a comprehensive policy that fits into the message validation category of securing web services. CAP offers mitigation against both structural XML threats, such as coercive parsing and XML fuzzing, and semantic threats in the message payload. In a previous blog on SOA Expressway, I described some of the threats that a CAP policy can mitigate. More generic terms for these type of attacks include Canonicalization, Cross-site scripting, SQL injection, XPath injection, and XML bomb.


The following image is an example of a workflow created using the Intel SOA Expressway Designer tool. The CAP policy is placed in position to evaluate the received message.



The CAP policy is configured within the SOA Expressway Designer tool. This configuration area can customize the mitigation for many different types of attacks using a CAP policy. The CAP policy can be configured to reject any message request that contains violates the policy.

The following options exist to configure the CAP policy.



Although this type of security feature does not cancel out the need for proper security development processes, having a CAP policy can provide another layer to your security defense-in-depth strategy by applying restrictions to what can be allowed to pass through to the web service. This is especially helpful if a newly discovered xml based threat is known to have characteristics such that can be evaluated with a CAP policy. Another great benefit to the CAP policy within SOA Expressway is that a CAP policy can be assigned to many different workflows so that it can be changed in one location and utilized by many different workflows. Of course, this should be after it has been thoroughly tested in a test environment.



Other valuable features that can provide greater security within SOA Expressway include XML schema validation and global error handling within the BPEL workflow. There are some great video tutorials available at


Video Blog #2!

Posted by IanThomas Sep 13, 2010

OK, folks!

Ian Thomas here!


IDF is spectacular, and there were so many things that mattered to me to learn about there.

So, what kind of microarchitecture should I care about? Do you think I need to learn something more?

Check out my video blog below; we should all have a little fun with the camera once in awhile!



printf("hello, world");

Posted by IanThomas Sep 10, 2010

Hello everyone!


Welcome to my new video blog (not a vlog, what kind of word is that anyways?)

I'll* have a few episodes on my thoughts about IT in the coming few weeks, including as I prepare to head to the Intel Developer's Forum 2010 in San Fransisco this year.

Feel free to say hello! I'll be bringing my camera with me to IDF - let me know what you'd like to see!




*Ian Thomas is a persona by Second City for Intel

Intel Developer Conference is coming fast on Sep 13. A few Intel IT members of this community will speak at IDF this year discussing hot topics in the IT industry and sharing how we use technology to create business value inside Intel. If you are attending the IDF next week, you are welcome to meet with them at the following sessions.


  • DianeBryant, Intel’s CIO, will be joined by several of her peers from Thomson Reuters, Genentech Informatics, Motorola and Walt Disney Studios in a CIO Panel discussing current and future trends ranging from IT consumerization, cloud computing, business intelligence (BI), security and more (SPCS002)
  • Gregg Wyant, Intel IT CTO and Dr John Pormann from Duke University will discuss the increasing challenge of large data management, data proliferation, and efficient information processing including 3D content, context awareness and more (INTS001)
  • SudipChahal and ChrisPeters will discuss Intel’s Cloud Computing strategy, investment roadmap and share our perspective on key requirements for hardware and software developers (DCCS004)
  • VirtualDave from Intel IT joins other technologists from software vendor Citrix XenDesktop, systems integrator CompuCom Systems in a panel focused on using client virtualization to create business value  (PROP001)
  • ddevette and JohnMahvi join Intel NSG to discuss Intel® SSD and share Intel's total cost of ownership model as a means to quantify the benefit of using SSDs in the enterprise (SSDS005)
  • Cindy Pickering and Ed Jimison discuss IT consumerization, a core industry trend where employees want IT to support personal devices in the enterprise (INTS002)


You can find the schedule of these sessions and plan your IDF attendance using the IDF Forum Planner. Enjoy your IDF!

To look forward and try to predict what is going to happen, sometimes you have to first look back and gauge where you have come from first.  Have you ever stopped to look at how much technology has changed in your day to day workplace in just the last 5 years?  If you were to look back to 2005, there wasn't anything like an iPhone, definitely not an iPad.  Instant messaging was something you used at home and they tried to prevent you from using at work.  3 hour battery life on a laptop was nirvana and a cell phone was just that, a phone. We were just starting to use wireless in the workplace and nobody had it at home, much less in their DVD or Xbox system.  We have definitely come a long way in 5 years. There are 2 main forces at work now pushing on your corporate environment, technologies and trends.  Technologies that are changing the way we compute and trends like Consumerization, bring your own device and a changing skillset in the workforce changing the demands on computing.  As we look at technologies, we see that there are more and more coming to market every day. And sometimes it seems as though many of the requested technologies were designed for home or personal use rather than corporate.  But as we look forward we see that changing.  The world of personal and professional computing are no longer so isolated from each other. With hardware and software virtualization available now and as it evolves over the next few years, we see these world beginning to blend, more and more. 5 years from now we may look back and ask ourselves, why was it necessary to have a work laptop and a home computer.  Why was it always so focused on one device.  If anything that we are seeing right now is a marker to where we think the client footprint is going, just take a look at the device ratio.  even as early as 2-3 years ago, most people had a device.  1 system they primarily computed or accessed information from, but today most have at least 2, a laptop or desktop and a small form factor device like a smart phone, PDA, iTouch etc.  TV's now have computer chips and Internet access, consumer electronic set top boxes in the next few months will have the same, your car no longer just has a radio, but on board navigation, local info and even compute power.  We are seeing more and more that the user of the future is indeed a mobile one, but more than just carrying a device to allow this, it will be about accessing corporate services across all these devices.  Not the same computing bubble on each device, but layers of compute services, specific to what that device can offer.  The combination of these devices and their compute offerings will make up the corporate user of the future's compute environment.  And who knows, maybe I will finally get to travel to work via Jet Pack!

We recently captured Intel IT cloud computing experts on camera talking about their experience, vision and IT best practices for implementing a private cloud architecture in a large enterprise environment.  Feedback from the show floor at VMWorld this week where this video was unveiled was great.


Next week, on September 9th at 12pm PST, Das Kamhout, Intel IT Engineer, will be delivering a live webinar and QnA session around both the Intel IT cloud computing strategy and our progress for implementation.  Das recently shared some business statistics with me about how the Intel IT organization has reduced the time to deliver new services via the private cloud architecture from 90 days to a 14 day average.  Das also mentioned that he believes we will be measuring time to service in a matter of hours by end of year as self-service functionality is fully incorporated.


I invite you to learn more about how the Intel IT private enterprise cloud is already delivering tremendous business value for Intel.



Filter Blog

By date: By tag: