Use Apache Tomcat. It is free.

I don’t understand why firms spend millions of dollars on Java application servers like Oracle Weblogic or IBM WebSphere Application Server. I get why firms spend money on Red Hat JBoss -- they want to spend less on application servers. But, why spend anything at all? Apache Tomcat will satisfy the deployment requirements of most Java web applications.

Your Java Web Applications Need A Safe, Fast Place To Run

Most Java applications don’t need a fancy container that has umpteen features. Do you want to pay for a car that has windshield wipers on the headlights? (I wish I could afford it.) Most Java applications do not need these luxuriant features or can be designed not to need them. Many firms do, in fact, deploy enterprise-class Java web applications on Apache Tomcat. It works. It is cheap. It can save tons of dough.

Expensive Java Application Servers Sometimes Add Value

There is a need for luxury. But, you probably don’t need it to provide reliable, performant, and scalable Java web applications. Application server vendors will argue that:

• You need an application container that supports EJBs. EJB3 fixed the original EJB debacle, but why bother? Use Spring, and you don’t need an EJB-compliant container. Many applications don’t even need Spring. EJBs are not needed to create scalable or reliable applications.

On July 5th, First Trust launched an exchange traded fund (ETF) designed to help investors capitalize on the growing market for cloud computing. I'd be excited about this sign of maturity for the market if the fund let you invest in the companies that are truly driving cloud computing, but most of them aren't publicly traded. Now don't get me wrong, there are clearly some cloud leaders in the ISE Cloud Index, such as Amazon, saleforce.com and Netflix, but many of the stocks in this fund are traditional infrastructure players who get a fraction (at most) of their revenues from cloud computing, such as Polycom, Teradata and Iron Mountain. The fund is a mix of cloud leaders, arms dealers and companies who are directionally heading toward the cloud - dare I say "cloudwashing" their traditional revenue streams. 

The bigger question, though, is should anyone invest in this fund? Ignore the name and why not. Many of these stocks are market leaders in their respective areas, so if you are looking for a good technology fund, this is probably as good as any. 

The importance of data security throughout the supply chain is something we have all considered, but Greg Schaffer, acting deputy undersecretary of the Homeland Security Department of the National Protection and Programs directorate at the Department of Homeland Security, recently acknowledged finding instances where vulnerabilities and backdoors have been deliberately placed into hardware and software. This is not a risk that hasn’t been previously pondered as, in 1995, we watched Sandra Bullock star in ‘The Net," and address this very issue. However the startling realism of Mr. Schaffer’s admission means that it can no longer be categorized as a "hollywood hacking" or a future risk.

The potential impact of such backdoors here is terrifying and it is easy to imagine crucial response systems being remotely disabled at critical points in the name of financial or political advantage.

If we are dedicated to the security of our data, we must consider how to transform our due diligence process for any new product or service. How much trust can we put in any technology solution where many of the components originate from lowest cost providers situated in territories recognized to have an interest in overseas corporate secrets? We stand a chance of finding a keylogger when it’s inserted as malware, but if it’s built into the chipset on your laptop, that’s an entirely different challenge… Do we, as a security community, react to this and change our behavior now? Or do we wait until the risk becomes more apparent and widely documented? Even then, how do we counter this threat without blowing our whole annual budget on penetration testing for every tiny component and sub-routine? Where is the pragmatic line here?

Mark this date. While it isn't an anniversary of anything significant in the past, it is a day where our beloved cloud computing market showed significant signs of maturing. Major announcements by VMware, Citrix, and Microsoft all signaled significant progress in making cloud platforms (infrastructure-as-a-service [IaaS] and platform-as-a-service [PaaS]) more enterprise ready and consumable by I&O professionals.

* VMware updates its cloud stack. The server virtualization leader announced version 5 of its venerable hypervisor and version 1.5 of vCloud Director, its IaaS platform atop vSphere. Key enhancements to vCloud include more hardening of its security and resource allocation policy capabilities that address secure multitenancy concerns and elimination of the "noisy neighbor" problem, respectively. It also doubled the total capacity of VMs service providers can put in a single cloud to 20,000. VMware also resurrected a key feature from its now defunct Lab Manager — linked clones. This key capability for driving operational efficiency lets you deploy new VMs from the image library and the system will maintain the relationship between the golden image and the deployed VM. This does two things; it minimizes the storage footprint of the VM, much as similar technology does in virtual desktops, and second it uses the link to ensure clones maintain the patch level and integrity of the golden master. This alone is reason enough to consider vCloud Director.