Welcome!

You will be redirected in 30 seconds or close now.

ColdFusion Authors: Yakov Fain, Jeremy Geelan, Maureen O'Gara, Nancy Y. Nee, Tad Anderson

Related Topics: ColdFusion

ColdFusion: Article

Toward Better CF Server Administration Part 2 of 3

Toward Better CF Server Administration Part 2 of 3

As an administrator, or a developer interested in how your server is run, are you getting the most out of your CF Server configuration, especially with regard to security-related settings in the Administrator? Are you fully aware of the opportunities and challenges presented by those settings?

In this second article of a series (Part 1 appeared in the January CFDJ, Vol. 4, issue 1), we continue the discussion of some perhaps less obvious aspects of managing CF Server. Part 1 focused on developer- and performance-oriented settings and tasks; here we'll look at security-related settings and tasks. The original plan was to cover some miscellaneous features as well, but it turns out there's more to both topics than the original two-part format could hold. One more part is planned.

As I said in Part 1, there's no way to cover everything in a single article (or even three). If you take the time to read the available documentation outlined in Part 1, you'll benefit tremendously. And the available online help in CF5's Administrator is another great improvement.

Still, for those who don't do the reading or may have a hard time determining what to pay attention to, I'll highlight a couple of aspects that you might otherwise miss or find confusing. There's more to CF's security features than you might be aware of. Although each discussion is brief, I hope to motivate you to look into these topics on your own.

Basic and Advanced: Insider Tips
CF offers two forms of security out of the box: basic and advanced. If you fire up the CF Administrator (as discussed in Part 1), you'll find them under Security at the top left of the Administrator, as seen in Figure 1.

Note that if "Advanced Security" hasn't been installed (it's optional), it won't show up in that navigational toolbar. Prior to release 5, the Basic Security option showed up left of the main Administrator toolbar under the Server heading (again, Advanced Security shows up under Basic if installed).

The simple designation of "basic" and "advanced" security really doesn't do justice to the differences between the two. There are three forms of control that these two approaches share: access to the Administrator, access to tags within the CF environment, and access to resources by way of ColdFusion Studio's RDS feature (supporting remote developers connecting to the server over the Internet).

There are other aspects of security that the Basic approach doesn't provide, and many developers don't realize that ColdFusion can help them with Advanced Security's built-in functionality. First, there's the simple matter of enabling security within your application, providing a login process to control which users are allowed access to the application and/or specific pages within the app. This is referred to as authentication.

Most people "roll their own" form of it, looking up users in a database and using session variables to track a user's logged-in state. This works, but Advanced Security provides a mechanism to handle these tasks in a more standard way. It allows for authentication against not only a database but also, optionally, an LDAP server or a Windows NT domain.

Identifying who may access your site is just one part of the application security equation: once users are logged in, you may want to limit what they're allowed to do. This is referred to as authorization. Not only can Advanced Security provide for multiple levels of security, with roles and varying rules per individual (or group), but it can even limit access to what specific CF tags, functions, data sources, collections, files, and other resources a user may access. We'll come back to these aspects of application security later.

This article can't discuss all these security matters in depth, but I do want to put some things in context.

CF's Basic Security Option
Using "basic" security, which is implemented by default, the only things that CF secures are:

  • Who can access the CF Administrator itself (by way of a password defined at installation or changed within the Administrator)
  • Who can access the CF Server resources (files and data sources) by way of Studio's RDS feature (also controlled by a single, but optionally different, password that is set at installation and can be changed in the Administrator)
  • Whether developers can execute any of several potentially dangerous tags
These choices are found under the Basic Security link in Figure 1. Even if you're familiar with these three settings, you may not have considered some of the aspects.

Understanding and Guarding Access to the Administrator
The CF Administrator is a Web-based application, which means that it's accessible over the Web if you know the URL for it, which defaults to http:// <yourserver>/CFIDE/Administrator/index.cfm. That remote accessibility is a benefit for many, but there's also the risk that someone gaining unauthorized access might compromise it. Obviously, those who know the Administrator password will be able to change any aspect of the CF Administrator settings, so the password should be guarded. Sadly, there are no mechanisms forcing you to change it regularly, so it would be a good idea to do that on your own.

You can take extra steps to secure the Administrator Web pages at <webroot>\CFIDE\Administrator\ by using Web server security to tighten control further. Just be careful that you don't lock the entire CFIDE directory one level up, because there are more things in there than just the Administrator. Such measures are discussed at www.macromedia.com/v1/Handlers/index.cfm?ID=10954&Method=Full.

Another idea is to remove the CFIDE/Administrator/directory if you're not using the Administrator at all (which is unlikely, but possible), or simply to move it so that visitors to your server can't easily guess its location. Just be aware that there is a setting in the Administrator - the Unsecured Tags Directory - which by default points to that Administrator directory. If you move the directory, be sure to change that as well or the Administrator won't function. The Unsecured Tags Directory was discussed in detail in my February CFDJ article (Vol. 4, issue 2). More on that in a moment.

Understanding and Guarding Basic Studio/RDS Security
As for the aforementioned RDS password, for those not familiar with it, it's used when setting up Studio's RDS mappings feature to allow a remote Studio user to see the files and data sources on the server, as well as perform debugging against that server. For more information on this, see the Macromedia manual "Using ColdFusion Studio," which, like all CF manuals, is available online on your server (if the docs were installed). If you own Studio, you'll find them in Studio's Help feature. Anyone can view all the CF (and Studio and other) docs online at http://livedocs.macromedia.com, as was described in more detail in Part 1.

One problem with the RDS password feature in basic security is that it's an all-or-nothing proposition. Anyone who knows the password and connects to your server via Studio can obtain any resources that the CF Server has access to. The next section shows you how Advanced Security offers an alternative that can provide more granular control over who can access what via RDS. Just know, too, that you can do a couple of things even with simple basic security enabled.

First, you should almost never uncheck the "Use a ColdFusion Studio Password" option in the Administrator, which means that no password is required at all. This is similar to the checkbox for the admin password, as shown in Figure 1 (the same admonition obviously applies to the admin password). It may seem obvious that the Use Studio Password checkbox should be checked, but some administrators who don't understand the Studio/RDS password - or misunderstand it, thinking that it might disable RDS - simply turn off the checkbox, not realizing what could happen. Any Studio user who connects to the server could now access any resources under CF's control, unless you take one of the additional steps below.

Indeed, if you know you're not going to support RDS access to your server at all (not a bad idea in a production environment), you can disable the ColdFusion RDS Service. Like the ColdFusion Application Server and ColdFusion Executive services, it's set by default at installation to start when your server is started.

Another thing you could do, as with the CF Administrator itself, is apply additional Web server security to the RDS connection. When a Studio RDS session is connected, Studio actually runs something like a Web service request to the server (using WDDX under the covers), interacting with a program in the CFIDE\Main\ called ide.cfm (ever wonder where the CFIDE directory got its name?). You could apply additional Web server security to that program or directory as another level of protection. Just be sure to test things out within Studio, since some changes you make may not allow Studio RDS connections to work at all. Again, we're discussing authentication here - who's allowed to use the RDS feature - rather than authorization - what an authenticated user is allowed to access within the server once connected via RDS. That kind of security, enabled by Advanced Security, will be discussed later.

A final way to limit what RDS users can see when they connect is to have the ColdFusion Server service start under an account other than the default, System. There are many possible ramifications of that choice, so I recommend you research it carefully before considering it.

Understanding and Fully Leveraging Basic Tag Restriction Security
The third and final aspect of basic security is optional control to restrict access to a set of potentially abused CF tags. If you follow the link for Tag Restrictions, as listed in Figure 1, you'll be presented with a screen like that in Figure 2. If any of the tags listed here isn't checked, no developer on the server can execute that tag. It's a brute force approach, but in the name of security it works.

As with RDS security, this aspect of Basic Security is an all-or-nothing proposition. If a tag is restricted, the intention is that no one on the server can use it at all. A developer may be unable to perform some needed action, like a CFFILE file upload or a CFCONTENT download. For many that's too severe, and they may choose instead to leave the tags unrestricted, which exposes any applications on the server to potential abuse by less scrupulous developers on that same server. There are two alternatives to consider.

First, in my February article, "Unlocking Restricted Use of CFFILE, CFCONTENT, and More," I wrote about using the Unsecured Tags Directory option, which is also offered at the bottom of Figure 2. With that you can still choose to restrict the tags, but any code placed in the named directory can indeed execute any of the otherwise restricted tags (whether by CFINCLUDE of a template there or a call to it as a custom tag, as with CFMODULE). That's a cool alternative, if you didn't know about it.

But there's another solution, which on the surface would seem absolutely ideal for this challenge - and many others - and it's the subject of the remainder of this article: Advanced Security, the second part of CF's built-in access-control mechanisms.

CF's Advanced Security Option
The Basic Security mechanism is nearly as old as CF itself, but in release 4 the CF team recognized that a finer level of control was needed beyond the previously available all-or-nothing aspects of securing the Administrator, RDS access, and the tag restrictions. The Advanced Security mechanisms were created to give finer-grained control over those things and much more.

Advanced Security (in CF releases 4 and 5) is enabled by the (transparent) bundling of a third-party product called SiteMinder from Netegrity. It's an option available at installation time and can be added after installation. The only changes it makes to CF are the addition of new mechanisms in the Administrator for controlling the setup of Advanced Security and a couple of tags and functions for the application-level security that it can enable.

Briefly, some of the things Advanced security can enable and/or control are:

  • Authentication against an ODBC database, LDAP server, or Windows NT security domain
  • Granular control of RDS access to resources on the server (who can access what)
  • Login/authentication functionality for your applications (through the CFAUTHENTICATE and CFIMPERSONATE tags and the IsAuthenticated, AuthenticatedUser, and AuthenticatedContext functions)
  • Granular control of what resources a user may access within an application (tags, custom tags, functions, directories, files, databases, verity collections, etc.) and authorization functionality to test for such access in your programs through the IsAuthorized function
  • Permission for specified developers to access the Administrator to manage their own data sources (a feature that was removed in ColdFusion 5. See KB 21965)
  • Sandbox security, which may be most useful in a hosting environment, as it restricts at runtime the available directories and files that the users of a given application can access (not related at all to RDS security, and different from the authorization abilities described above)

    We don't have room for more detail, but there is ample coverage of it in both the "Advanced ColdFusion Administration" manual (renamed and improved in release 5) and the "Application Security" chapter of the ColdFusion user's guide, named "Developing ColdFusion Applications" as of release 5. Again, if you don't have the printed manuals, these docs are available online at http://livedocs.macromedia.com (and are available for purchase as a complete set as well).

    It may be worth noting that the ability to authenticate against a database was introduced in version 4.01 of ColdFusion. Initially, many administrators or developers may have dismissed using the authentication features because they didn't want to deal with the complexity of an NT domain or LDAP server, but they may not have heard about the fix in 4.01 that solved that problem. (Indeed, there were many small but important changes in 4.01, and now, two years later, I'd still recommend my February 2000 article, "Hidden Gems in 4.0.1" (Vol. 2, issue 2). There's so much that people missed and still don't know, or worse, spread as misinformation.)

    Advanced Security Setup
    Briefly, the key is the initial process of creating:

    • One or more user directories indicating what database, LDAP server, or NT domain will be used for authentication for an application or for RDS access (you can have different user directories for different purposes)
    • One or more resources describing the actual resource (file, directory, tag, collection, etc.) that you want to control and the type of access to it that should be allowed
    • One or more policies mapping what users should be allowed access to what resources
    • One or more contexts serving as a logical grouping of related user directory, resource, and policy specifications
    A better discussion of the details can be found in the Advanced Administration book, specifically the section "Advanced Security Basics," at http://livedocs.macromedia.com/ cf50docs/Advanced_ColdFusion_Administration/AdvSecurity3.jsp.

    While you're debating whether to use Advanced Security, remember that, even if installed, it doesn't take effect unless the administrator chooses to set it up and enable it. That's done by way of a checkbox called "Use Advanced Security" at the top of the Advanced Security page. Furthermore, simply checking the box won't have any impact unless and until you configure it further.

    Another thing to keep in mind is that it can be enabled to secure one aspect of the server (for instance, controlling RDS access) while not impacting existing applications at all. In fact, Advanced Security won't affect existing applications unless they're modified to leverage the new features (tags and functions) that it enables. So there's no harm in trying it out. As usual, it's best to experiment with any new approach in a development or testing environment before implementing it on a production server.

    It's worth mentioning here that a free, single-user developer edition of ColdFusion is available for such testing. You no longer have to get it from CF Studio alone. Just download the fully functioning, non-user-limited trial version of CF that, after 30 days, will revert to a single-user version. It will remain fully functioning in every other respect. Both it and the downloadable trial version are Enterprise versions of ColdFusion. Some aspects of Advanced Security, such as Sandbox Security, are only in the Enterprise version.

    Challenges in Implementation
    Advanced Security offers quite a few useful improvements. Unfortunately, the SiteMinder integration underlying it has proved challenging for several reasons, and most developers have thus never benefited from its existence. There are also other reasons why it hasn't been that popular.

    It's an option at installation, so many don't even install it, not knowing any better. Furthermore, since it requires setup, many admins have never bothered to take that next step, or they may fear that enabling it without the complete setup will harm their environment (it won't). Since the benefits aren't obvious to admins and developers unless they read the manuals, many developers have never learned of it nor have they demanded its support by their administrators.

    There are some more substantial problems, however - even for those who have tried to use it. For example, the Administrator interface for setting it up can be quite difficult to understand and use. It's been improved in both 4.5 and 5, but it's still daunting. Also, since there are so many ramifications to what it enables, it's easy to misconfigure.

    In addition, the default installation uses an Access database as the underlying SiteMinder repository, which of course does not perform well. Even in a low-volume site, the highly interactive nature of the Advanced Security authentication capabilities is such that it can bog (or break) down rather quickly. The simple solution is to use an alternate database, and there are knowledge-base articles and documentation (quite improved in CF5) about doing just that, but the bottom line is that many have just not bothered to install or use it at all.

    All this is too bad, because there are quite a few positives about Advanced Security. While there's talk of substantial changes coming in the next release of ColdFusion, code-named Neo, at the time of this writing (early March) it's still in beta. It will be interesting to see if the response of the Neo team is toward making what Advanced Security tried to offer more effective, or toward removing features that people never bothered to use. That would be unfortunate, because it's not that the features it enabled weren't worthwhile, but that the initial implementation, marketing, and education appeared lackluster, and most influential users who tried it got a bad taste.

    The docs are better, and there are several KB articles on Advanced Security. Just visit the KB Search form at www.macromedia.com/v1/support/knowledgebase/searchform.cfm and search for "Advanced Security." You might want to try it.We can look forward to what awaits us in the next release, but at least now you know what's possible in the meantime.

    Other Aspects of Security in the Administrator
    While I've focused on the distinctions between Basic and Advanced Security in ColdFusion, there are still a few other aspects of security worth mentioning (and worth your exploring).

    Perhaps the simplest to appreciate is security of your data sources by the use of database usernames and passwords that will be controlled by the database engine. If you use such security, you can choose to store the userid and password in the Administrator's data source definition itself, or you can specify it on the CFQUERY (or any other database-related tag) itself.

    An Aside for Users of Microsoft Access
    Many of you never bother to secure your database at all, but it's certainly worth doing. One simple way is to create a password for the entire database using Tools>Security>Set Database Password within the Access interface, and then specify that in the password field for "Default Login" (the username defaults to "Admin"), or you can specify that username and the newly set password within a CFQUERY itself. That way, if someone steals the database, it's not that easy to open. And if you want to create individual user logins for the database, look into the Workgroup Information File feature in Access. With that sort of security in place, you can specify that file as the System Database when setting up the data source configuration in the CF Administrator and then use usernames and passwords within your application, as with any other database.

    Many don't notice that as another measure of security you can set which SQL statements are or are not allowed via a set of checkboxes in the CF Settings for a data source. (Internal database security can limit that as well, of course, but this is just another possible level of control.) You can even have multiple data sources for the same database with different controls (of SQL statement access or even username/password combinations, if that makes sense for you).

    Moving from databases, still another source of security is control over resources on the server and associated servers by way of the Web server and/or operating system, which might be used instead of or in addition to CF's Advanced Security.

    Yet another aspect of security involves the ColdFusion Administrator Debugging settings. These are discussed at length in the CF Manual "Installing and Configuring ColdFusion Server" in a section available online at http://livedocs.macromedia.com/cf50docs/ Installing_and_Configuring_ColdFusion_Server/basiconfig13.jsp. You should investigate whether to enable debugging at all, as well as which users should see the debugging output and what potentially sensitive information should be shown or restricted, such as whether to show SQL and data source information and whether to show the full template path of a template in error. I discuss those latter two aspects in my October 2000 article "Toward Better Error Handling (CFDJ, Vol. 2, issue 10).

    Another aspect of Administration security that may be worth noting is a change as of release 5. CF5 Enterprise now tracks all the configuration changes you've made to the ColdFusion Administrator, providing options for both a setting summary (a snapshot in time) and change log (an audit trail).

    In these days of increasing instances of hacking and occurrences of worms and viruses, administering the server also requires paying attention to security, not only of the ColdFusion Server itself, but also the Web server and physical server environment. To that end, there is a security zone at Macromedia (www.macromedia.com/v1/developer/SecurityZone/) with information that should be understood by anyone setting up a ColdFusion Server (it covers issues related to some common Web server and database security problems as well). It includes more Macromedia products than just ColdFusion, of course, but there are many CF-specific sources there, such as security bulletins, best practices, and white papers. There's even a notification service to receive security bulletins by e-mail as soon as they're released.

    .  .  .

    I hope this quick tour of features, possibilities, tips, tricks, and traps will make you at least a little more familiar with what's available to make your server more secure and have it running more effectively - not just for administrators, but for developers and end users as well.

  • More Stories By Charlie Arehart

    A veteran ColdFusion developer since 1997, Charlie Arehart is a long-time contributor to the community and a recognized Adobe Community Expert. He's a certified Advanced CF Developer and Instructor for CF 4/5/6/7 and served as tech editor of CFDJ until 2003. Now an independent contractor (carehart.org) living in Alpharetta, GA, Charlie provides high-level troubleshooting/tuning assistance and training/mentoring for CF teams. He helps run the Online ColdFusion Meetup (coldfusionmeetup.com, an online CF user group), is a contributor to the CF8 WACK books by Ben Forta, and is frequently invited to speak at developer conferences and user groups worldwide.

    Comments (0)

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


    @ThingsExpo Stories
    SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
    The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
    Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
    The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
    SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
    The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
    @ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
    DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
    Cybersecurity is a critical component of software development in many industries including medical devices. However, code is not always written to be robust or secure from the unknown or the unexpected. This gap can make medical devices susceptible to cybersecurity attacks ranging from compromised personal health information to life-sustaining treatment. In his session at @ThingsExpo, Clark Fortney, Software Engineer at Battelle, will discuss how programming oversight using key methods can incre...
    Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software in the hope of capturing value in IoT. Although IoT is relatively new in the market, it has already gone through many promotional terms such as IoE, IoX, SDX, Edge/Fog, Mist Compute, etc. Ultimately, irrespective of the name, it is about deriving value from independent software assets participating in an ecosystem as one comprehensive solution.
    The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
    SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
    New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
    SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
    SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
    Five years ago development was seen as a dead-end career, now it’s anything but – with an explosion in mobile and IoT initiatives increasing the demand for skilled engineers. But apart from having a ready supply of great coders, what constitutes true ‘DevOps Royalty’? It’ll be the ability to craft resilient architectures, supportability, security everywhere across the software lifecycle. In his keynote at @DevOpsSummit at 20th Cloud Expo, Jeffrey Scheaffer, GM and SVP, Continuous Delivery Busine...
    20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
    With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
    With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
    SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.