Data Center Map


5 CDN Software Solutions

By on April 24, 2012

Traditionally the CDN (Content Delivery Network) market has been dominated by a few key players, such as Akamai, Limelight, Level 3, EdgeCast and Highwinds, and likewise the number of companies using CDN’s has been pretty limited as well. The reason for this is that the barriers of entry have been very high, as providers wanting to get their share of the $2.6 billion CDN market would have to establish many pops worldwide as well as develop their own software to support the CDN.

However in recent years the adoption of CDN has gone up, due to cost going down and more and more companies reselling services from the large CDN networks. This has led to a lot of growth in the CDN market, which has spawned some very interesting startups that are trying to evolve and commodify the CDN industry. By removing the large barriers of entry that have traditionally been in this part of our industry, they are opening up the game to even small providers. In this post, I will be looking at some of these and the options available for providers to get involved and get their share of the CDN market:

  • OnApp CDN
    OnApp is traditionally known for its cloud platform, but in 2011 they acquired the CDN startup Aflexi. They have since used Aflexis platform as a base for creating the OnApp CDN Federation, which combined with OnApp CDN Stack and OnApp CDNaaS makes up their CDN solution for hosting providers.

    The CDN Federation is basically a marketplace, where providers can sell excess capacity at whatever GB price they wish to charge, and likewise they can buy capacity from other providers without any commitment – and thereby build up a CDN with a large amount of pops, without having to invest in infrastructure or expensive software. The CDN Stack is the edge server software, that needs to be set up on the locations you would like to establish your own pop, and the CDNaaS (CDN as a Service) is an anycast dns service used to distribute the traffic between the pops.
  • XDN, Xchange Delivery Network
    XDN was originally known as 3Crowd, and is an offering based on their two components CrowdDirector and CrowdCache. CrowdDirector is XDN’s intelligent anycast DNS load balancing service that is used to distribute traffic among the edge nodes, which are running the CrowdCache software. CrowdDirector has some very advanced filtering capabilities, enabling you to set up advanced rule sets based on criteria such as IP, AS number, time of day, geographic location the request was from etc. to get the most optimal out of your pops.

    Like OnApps CDN Federation, XDN is also based on the federation concept and thereby enable you to sell your excess capacity – either by gb accounting or 95-percentile mbps accounting.
  • EdgeCast Licensed Carrier CDN
    As one of the old and dominant CDN providers, EdgeCast started offering a licensed version of their CDN software some time ago. The licensed version is aimed at carriers and other telco providers with a large network presence, and hence is targeted at larger enterprises rather than small and medium sized hosting providers. The licensed version is offered both as a managed service and as a licensed version where the customer manages the software.

    The introduction of the term “federation” has not gone by EdgeCast either, who recently announced that they have also established a federation where their carriers can buy and sell capacity from each other.
  • Limelight Deploy
    Limelight is another traditional CDN provider, that has realized the potential in supporting other providers who wish to enter the growing CDN market.  Therefore they recently launched Limelight Deploy, a managed CDN solution. There is limited information available on Limelights website, but based on what I could find it seems like the solution can utilize the carriers own network as well as Limelights existing. Limelight have chosen not to go the federation way though, but apparently it is still possible for customers to exchange capacity if they wish to.
  • Highwinds Licensed/Federated CDN
    Much like for example EdgeCast, Highwinds are offering their software as a licensed CDN solution, complimented by the ability to exchange traffic with Highwinds own CDN network and other members of their federation. Likewise the software is also offered both as a managed and a licensed model.

There are of course other solutions out there, as well as the Do It Your Self approach with for example BIND DNS, GeoIP and Ngihnx, but the purpose of this post is just to give some insight to some of the most common options available. Which model is the right obviously depend on a number of factors, including what kind of content you are looking to deliver (http push/pull, video streaming etc.).

In addition to the CDN software solutions available, there is of course also the option to resell capacity from an existing CDN vendor without utilizing your own infrastructure. However, the federation approach that in addition to selling CDN, also gives you the option to monetize spare network capacity is really appealing.

Tags: ,
April 24, 2012

Data Center Reviews

By on January 18, 2012

Choosing a data center to host your critical services and data in is a matter of trust, which is why the choice often relies on the providers references and recommendations from other customers. To make the decision process easier, we have now added a new feature to the site, allowing users to read and post data center reviews.

Users are now able to give a rating of 1-5 stars, depending on how positive/negative their experience is, along with some comments about the data center. The review, rating and name of the author will afterwards be publicly available together with a calculated average of all the reviews the data center has received, which will help new potential customers get a sense of what experience other customers have with the data center.

In addition to being a great asset for customers looking for a data center, it is also a valuable tool for the providers. Having a lot of positive independent reviews will build trust around their brand and support the providers online reputation, by using the existing customers as ambassadors.

For now the reviews are listed as a new tab under the data center profiles (example), but if the feature becomes popular we intend on integrating the ratings from the reviews other places on the site as well. So if you are a data center provider and believe that you have satisfied customers, then hurry up and get them to post a review about you on Data Center Map.

January 18, 2012

20 Cloud Platforms (IaaS software)

By on April 11, 2011

Following the launch of our cloud server map two months ago, covering IaaS offerings from service providers, it has been interesting to track which software the various providers are using for managing their clouds, what hypervisors they are running, what kind of storage they use, which features they support etc.

While many are using custom platforms, where they have written their own code to manage their virtual servers, a lot are using already available frameworks or turnkey solutions to power their cloud offerings. If you are looking to start offering cloud services there is a jungle of different platforms available, both commercial and open source, that can either help you get started or deliver you a complete solution tailored to fit your exact needs.

The platforms available are developed with different feature sets and with different target groups in mind, so finding the right one for your needs can be a challenging task. Due to the many providers who are using our service, and the fact that many of them are realizing the need to get started with cloud services, we have compiled a list of some of the various platforms below with a few notes about each of them:

  • Abiquo
    Supporting VMware ESX, ESXi, Microsoft Hyper-V, Citrix XenServer / Xen, Virtual Box and KVM, Abiquo supports all the common virtualization engines. Designed for multi-tenancy and available in both a free community edition and an enterprise edition with different features.
  • CA 3Tera AppLogic
    Commercial platform from 3Tera based on Xen, designed for commodity hardware without the need for a SAN due to its integrated distributed storage solution. Web interface, API and resource metering is included in the AppLogic turnkey solution.
  • CloudStack
    Designed for multi-tenant solutions with support for Xenserver, VM and VMware vSphere.’s CloudStack supports billing/metering, web interface, APIs based on existing standards and virtual networking with segmentation of network traffic into VLANs.
  • Convirture ConVirt
    Available in an open source and commercial version, both with support for thin provisioning, template library, live migration while only the commercial version support high availability, backup functionality, VLAN integration and resource limiting.
  • ElasticStack
    The ElasticStack platform is offered by cloud provider ElasticHosts, designed specially for service providers with billing, web administration and API. Removes the need for a SAN, but utilizing storage on the local hypervisor nodes.
  • Enomaly Elastic Computing Platform (ECP)
    Designed for service providers with automation in mind, with the ability to integrate with existing billing systems via Enomalys API. Includes self-service web interface and support for the most common hypervisors, as well as a special feature that enables Enomaly providers to sell spare capacity via their SpotCloud platform.
  • Eucalyptus
    Eucalyptus is an open source cloud platform, available with commercial support, that was originally started as a university project but since commercialized. Designed to be hypervisor agnostic and compatible with the widely used EC2 API.
  • Flexiant Extility
    Extility was created by cloud provider Flexiant to manage entire virtual data centers, and provides a turnkey cloud solution aimed at service providers with full API as well as an extensive web based control panel with integrated billing. In addition a commodity based SAN solution called Flexisan can also be provided to remove the need for enterprise storage.
  • HP CloudSystem
    An enterprise oriented commercial solution from HP, designed for both private, public and hybrid clouds. Designed with automation in mind and includes a self-service portal with built in service catalog with support for predefined templates.
  • IBM CloudBurst
    IBM CloudBurst is an enterprise targeted product providing resource monitoring and cost management through a self service portal with built in service catalog and prepackaged templates.
  • Incontinuum CloudController
    Commercial solution from the Dutch company InContinuum Software, that automates and simplifies the management of a virtual data center.
  • Nimbula Director
    Nimbula Director was created by some of the people behind Amazons EC2 technology, and aim to provide both enterprises and service proviers with a simple software solution to build private, public or hybrid clod infrastructure. Includes both web administration plus API, and available in a free edition for smaller deployments.
  • Novell Cloud Manager
    The Novell Cloud Manager is a commercial solution aimed at enterprise usage, with utilization tracking, template based provisioning, VLAN management and built in pricing plus approval process for provisioning.
  • OnApp
    OnApp is a turnkey solution aimed specially at hosting providers, integrating with existing billing solutions widely used by service providers and providing end user API and control panel. Originates from the service provider VPS.NET, but today OnApp is an independent company.
  • OpenNebula
    Fully open source solution that provides a set of management tools with full API and a simple web interface, enabling organizations to build their own cloud platform around it to fit their own needs. Commercial solutions with support also available.
  • OpenQRM
    Open source solution with commercial support, aiming to provide a complete data center management platform with focus on automation, rapid deployment, monitoring and high availability cloud computing. Support the most common hypervisors as well as OpenVZ, Virtualbox and LXC.
  • OpenStack
    OpenStack is an open source project originating from Rackspace and NASA, aiming to provide more open standards within the industry. OpenStack includes both a compute and a storage project.
  • Parallels Automation for Cloud Infrastructure (CI)
    Cloud Infrastructure from Parallels is part of their Automation product, intended to automate the provisioning and management of virtual servers for service providers. Designed for multi-tenancy and integrated with their billing, management is available either via control panel or API.
  • VMware vCloud
    VMware vCloud solutions are commercial solutions based on VMwares own hypervisor, making it possible to provide on-demand, pay-as-you-go infrastructure as a service.
  • Xen Cloud Platform (XCP)
    XCP is an open source solution based on the Xen Hypervisor, aimed to cover the isolation and security needs of a multi-tenant deployment. API support as well as some community driven graphical user interfaces.

Now putting platform one versus platform two up for comparison obviuosly would have been handy, but to be honest there is so much difference between these various platforms that it would simply be impossible to compare them in a fair manor – some of them do completely different things. My best advice would therefore be to compare them on your own, based on the needs your organization have.

Things to consider are storage type (for example NFS or iSCSI SAN, local storage, distributed storage), hypervisor support, multi-tenancy, high availability, API, self-service control panel, billing integration, resource metering, automation, network isolation, licensing, openness to customization, commercial support, integration assistance etc.

Tags: ,
April 11, 2011

Mapping The Cloud

By on February 8, 2011

We are pleased to announce a new feature on Data Center Map, that will help clients navigate through the growing jungle of cloud server providers – just as we did with colocation when Data Center Map was launched in 2007.

The new feature can be found at

Cloud – Feasible Alternative

The reason for this new feature is the rapid growth of cloud computing, that is causing the demands from clients to change and thereby forcing providers to be agile and change their strategy to adopt to these changes. Renting infrastructure as a service rather than investing in network equipment, servers and storage to colocate, is becoming more of a feasible alternative for many clients as technology evolves and more providers start offering such services. However, it has become quite a jungle for clients to find relevant cloud server providers and compare their services.

A recent study performed by IDG Research on behalf of Savvis, Inc. shows that 75% of companies will use enterprise-class cloud computing within the next five years, but that 60% consider it extremely or very challenging to find the right cloud computing solution for their companies. We therefore feel that there is a huge need in the industry for such a service, to make it easier for clients to navigate the market and find providers in specific geographic areas (which is often necessary due to regulations of where data may be stored) or providers offering specific features – and afterwards compare them.

Lack Of Cloud Definition

Comparing the various cloud server providers is not an easy thing to do though, as there is no clear definition of what cloud servers are in the industry – and it varies a lot what kind of features are available with the various cloud platforms. For some the most important factor is that the service is billed as a utility service, while others consider high availability the most important factor. We have chosen to narrow down the definition of infrastructure as a service, to being virtualized server instances that are automatically deployed.

In addition we are then gathering details about whether or not the various providers offer utility billing, high availability etc., to make it possible for clients to filter the cloud providers and see only providers that live up to their own requirements rather than fitting in to a definition of cloud servers defined by us. Currently we are gathering the following details:

  • Physical data center locations
  • High availability / full redundancy
  • Minimum billing period
  • Providers selling model (whether resources are bundled or sold separately)
  • Scalability of server instances
  • Guaranteed minimum CPU resources
  • SAS 70 audit
  • API access
  • Availability of CDN services
  • Availability of managed services
  • Availability of free trial
  • Availability of phone support
  • Integrated backup/snapshot functionality
  • Integrated load balancer
  • Integrated firewall
  • Operative systems supported (Linux, Windows and custom image installation)
  • Technology: Cloud Management Platform
  • Technology: Hypervisor (KVM, Xen, Hyper-V, VMware etc.)
  • Technology: Storage type (Central SAN, local disk storage, distributed storage system etc.)

If you have any suggestions for other data to collect, or other ideas that can improve this service, feel free to let us know.

February 8, 2011

SAS 70? ISO 27001? PCI? The Big Overview

By on September 8, 2010

It is very normal that companies require that their colocation or managed service providers are certified according to one or more standards, to make sure that they can expect that their data is in good hands. Some industries are even forced by law to require specific standards from the providers they choose, which is why compliance with these is important for enterprise orientated service providers.

There are a bunch of different standards though, commonly used for different purposes, so it can be quite a jungle if you are new to this. In this post we will be going over some of the most common standards and certifications you might come across in the data center industry. We will only touch some of the standards very briefly to give an overview, so if you would like to know more about them you will have to dig deeper on your own via the links included.

SAS 70

SAS 70 is a statement on auditing standards by AICPA (American Institute of Certified Public Accountants) from 1993, where an independent auditor is to evaluate a service providers controls and generate a report based on the evaluation. SAS 70 is the most common standard you will encounter in the US, but unfortunately it is often misunderstood as being a general stamp of approval that provides a guarantee of everything being secure and all procedures being perfect.

However this is not guaranteed in any way by choosing a provider who is SAS 70 audited, as the SAS 70 audit does not necessarily touch all relevant topics (the provider chooses what they would like to have audited) or alternatively the report can contain remarks about certain procedures etc. that are not properly designed. Even though this would be the case the company would still be able to say that they are SAS 70 audited, which is why the fact that a company is SAS 70 audited in no way is a guarantee of anything. The only sense of security when it comes to SAS 70 is the actual content of the SAS 70 report, so there is no purpose of just requiring that a service provider is SAS 70 audited without reviewing the SAS 70 report thoroughly.

There are two types of SAS 70 auditor reports (SAS 70 I and SAS 70 II). Type 1 is limited to the auditors opinion on the service providers description of controls and their relevance compared to the service providers control objectives, where type II audits are extended to also include audit of how this actually works in operation during a period of time than just evaluating it on paper.

- Link to the full standard

ISO 27001

ISO 27001 is an ISMS (Information Security Management System) standard by ISO and IEC from 2005 (therefore also referred to as ISO 27001:2005), evolved from the British Standard BS7799, for managing information security. ISO 27001 is used in conjunction with other standards from the ISO 27000-family, such as the ISO 27002 that contains some guidelines to audit by.

Even though ISO 27001 is an international standard SAS 70 is often preferred with US service providers, but in Europe for example the standard is commonly used. The ISO standard is also used in the US though, as it has advantages such as being an International standard as well as being more specific with a formal set of requirements, which provides more sense of security that a provider has been audited on specific things (unlike the SAS 70 that as mentioned leaves it up to the provider to choose suitable things to audit on).

- Link to the full standard


The PCI DSS (Payment Card Industry Data Security Standard) was created by the credit card companies (VISA, MasterCard etc.), to ensure that data is probably handled and secured when handling credit card data. Even though it is the merchant or PSP (payment service provider) that needs to be PCI certified for handling credit card transactions, the standard also has some requirements to the physical facilities that the data center they are located in needs to be compliant with. This includes access control, surveillance, procedures for visitors etc., to limit who has access to the equipment that handles and stores transaction related data.

- Link to the full standard

Tier Standard

The Tier Standard from Uptime Institute was developed specifically to data centers, evaluating them on various fixed benchmarking points and then placing them in a category from 1-4 that would reflect its operational sustainability (tier 4 being the best). In addition to the number, a tier certification also includes a rating as either Bronze, Silver and Gold depending on the characteristics of the company and facility certified.

The Tier standard is very well known within the industry and a lot of clients as well as providers use the terminology of the tier standard. Even though a lot of clients require for example a minimum of a tier 3 and a lot of providers claim to operate a tier 3, it is actually very few providers that choose to get certified according to this by the Uptime Institute.

- Link to the full standard


HIPAA (Health Insurance Portability and Accountability Act) was enacted by the US Congress in 1996, to ensure protection of for example medical records for US consumers. HIPAA compliance is therefore required when storing and processing medical data in the US and lack of this can result in fines if you handle such data.

HIPAA covers various subjects that needs to be taken care of, under topics such as administrative safeguards, technical safeguards and physical safeguards, but without defining how they should be taken care of (for example requiring that an organization shall take implement policies and procedures to limit physical access and ensuring that only authorized access is allowed, but without requiring how large an effort should be put in to this).

- Link to the full standard

LEED System

The LEED system (Leadership in Energy and Environmental Design) was designed by the US Green Building Council and introduced in 1998, and unlike the other standards above has nothing directly to do with operation or security. A LEED certification functions as a third party evaluation of how energy efficient a building is, which some data center developers choose to certify by due to the huge focus on efficiency and green data centers. When being certified, buildings are placed within one of four categories (Certified, Silver, Gold and Platinum) depending on how many points they score in their evaluation – the higher the score, the more energy efficient the building is.

- Link to the full standard


Obviously there are a ton of other standards and regulations available out there, for example SSAE 16 that is a new upcoming standard that will function as a replacement of SAS 70 and ISAE 3402 that is a new international standard designed to streamline some of the various national standards under an international standard (such as the the American SSAE 16, German IDW PS 951, Canadian CICA 58970, British AAAF 01/06, Australian GS 007 etc.). SSAE 16 and ISAE 3402 are definately standards that we will be seing more of in the future, but for now the standards listed in this post are probably the ones that you will be most likely to meet in the data center industry.

To sum them up, you could say that the SAS 70 and ISO 27001 are the most “general” standards used. PCI compliance and HIPAA on the other hand are more industry specific standards, while the Tier Standard is focussed on data centers operational sustainability specifically and the LEED system on the energy efficiency of buildings. So it is not really possible to draw any real conclusion on the various standards, as they were designed for different purposes and therefore have different methods of achieving their goals.

As a result of this you will often see data centers promote themselves as being certified, audited or compliant according to more than one standard, as it varies from customer to customer what they will require – and then of course it always looks good if you meet a standard that your competitors does not.

Now I am no expert on this subject, so if you have any corrections or comments – feel free to put in your two cents.

September 8, 2010
Copyright © Data Center Map