Data Centre


IBM's cloud faces a test on Thursday: Turning something off without turning users off too

Last time Big Blue tried to bin TLS 1.0 and 1.1 it turned them back on two days later

By Simon Sharwood


IBM's cloud faces a big test this week: turning something off without botching the job.

The "something" in this case is TLS 1.0 and 1.1, the known-to-be-ineffective cryptographic protocols that the world's abandoning just as fast as it can.

In 2017 IBM gave its cloudy customers just a few days' notice of its intention to turn off TLS 1.0 and 1.1 for several cloud services. Unsurprisingly, that short time left customers unprepared and many complained that their applications expected the old TLS to be present and weren't enjoying their absence. IBM therefore turned TLS 1.0 and 1.1 back on just two days later, a turnaround the likes of which The Register has never previously seen.

Which is not to say that IBM is alone in having made a mess of its cloud: AWS took down a chunk of the web with a typo and Google has broken its own cloud twice by trying two updates at once.

IBM, however, is just the sort of organisation one would expect to have a deep understanding of why a swift turnoff was a bad idea.

That it did not only re-enforced the fact it is playing cloud catch-up. Analyst firm Gartner last year rated it as "missing many cloud IaaS capabilities required by midmarket and enterprise customers" and was beset by delays in its attempt to catch up.

Big Blue has since kept up a decent clip of feature releases, but is not generally thought of as among the first rank of infrastructure-as-a-service providers even if its SaaS and other cloud services are impressive.

Which brings us to Thursday, March 1st when IBM will again try to turn off TLS 1.0 and 1.1. This time around IBM has given its customers plenty of advance notice. We first saw emails about the cutoff in November 2017. Notifications have landed regularly ever since, most recently updated on February 12th, 2018.

This time around, therefore, any TLS-is-missing disruptions should be users' fault, not IBM's. To ensure a soft landing the company has even promised to build a safety net to keep TLS 1.0 and 1.1 alive for an extra 30 days for those who land in trouble.

The Register therefore hopes we don't have anything negative to report come Friday. If we do, the stain on IBM's cloudy reputation may be hard to erase. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Automated Weather Source didn't see this cloud coming: Amazon snatches up

Uh, we'll be having that domain

AWS elbows Google Cloud aside in fight for SAP HANA customers

My box is bigger than your box

Amazon: For every dollar of op. profit going into Bezos' pockets, 73 cents came from AWS

It's pretty much a cloud provider with a gift shop on the side

Web browsers sharpen knives for TLS 1.0, 1.1, tell protocols to dig their own graves for 2019

IE, Edge, Safari, Firefox, Chrome, all planning to deprecate lousy old versions by 2020

Datrium shifts disasters up the Amazon: Adds DR in AWS for on-prem kit

Locks out 3rd party DRaaS folk with VM-centric cloud stuff

Amazon: Intel Meltdown patch will slow down your AWS EC2 server

Sysadmins notice performance dip amid security fix rollout. Not everyone hit hard. YMMV etc

TLS developers should ditch 'pseudo constant time' crypto processing

Fixes for Lucky 13-type bugs could still be vulnerable

VMware, AWS preview database-on-vSphere

VMworld US Database ops need less 'muck' says AWS boss Andy Jassy

AWS sends noise to Signal: You can't use our servers to beat censors

Moxie Marlinspike bemoans Bezos' bit barns joining Google in Domain Fronting ban