Data Centre


IBM's cloud faces a test on Thursday: Turning something off without turning users off too

Last time Big Blue tried to bin TLS 1.0 and 1.1 it turned them back on two days later

By Simon Sharwood, APAC Editor


IBM's cloud faces a big test this week: turning something off without botching the job.

The "something" in this case is TLS 1.0 and 1.1, the known-to-be-ineffective cryptographic protocols that the world's abandoning just as fast as it can.

In 2017 IBM gave its cloudy customers just a few days' notice of its intention to turn off TLS 1.0 and 1.1 for several cloud services. Unsurprisingly, that short time left customers unprepared and many complained that their applications expected the old TLS to be present and weren't enjoying their absence. IBM therefore turned TLS 1.0 and 1.1 back on just two days later, a turnaround the likes of which The Register has never previously seen.

Which is not to say that IBM is alone in having made a mess of its cloud: AWS took down a chunk of the web with a typo and Google has broken its own cloud twice by trying two updates at once.

IBM, however, is just the sort of organisation one would expect to have a deep understanding of why a swift turnoff was a bad idea.

That it did not only re-enforced the fact it is playing cloud catch-up. Analyst firm Gartner last year rated it as "missing many cloud IaaS capabilities required by midmarket and enterprise customers" and was beset by delays in its attempt to catch up.

Big Blue has since kept up a decent clip of feature releases, but is not generally thought of as among the first rank of infrastructure-as-a-service providers even if its SaaS and other cloud services are impressive.

Which brings us to Thursday, March 1st when IBM will again try to turn off TLS 1.0 and 1.1. This time around IBM has given its customers plenty of advance notice. We first saw emails about the cutoff in November 2017. Notifications have landed regularly ever since, most recently updated on February 12th, 2018.

This time around, therefore, any TLS-is-missing disruptions should be users' fault, not IBM's. To ensure a soft landing the company has even promised to build a safety net to keep TLS 1.0 and 1.1 alive for an extra 30 days for those who land in trouble.

The Register therefore hopes we don't have anything negative to report come Friday. If we do, the stain on IBM's cloudy reputation may be hard to erase. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Amazon: For every dollar of op. profit going into Bezos' pockets, 73 cents came from AWS

It's pretty much a cloud provider with a gift shop on the side

Amazon: Intel Meltdown patch will slow down your AWS EC2 server

Sysadmins notice performance dip amid security fix rollout. Not everyone hit hard. YMMV etc

AWS sends noise to Signal: You can't use our servers to beat censors

Moxie Marlinspike bemoans Bezos' bit barns joining Google in Domain Fronting ban

It's time for TLS 1.0 and 1.1 to die (die, die)

IETF floats formal deprecation suggestion, even for failback

PayPal reminds users: TLS 1.2 and HTTP/1.1 are no longer optional

Insecure connections will break after June 30th. And it's acquired Hyperwallet, too

New AWS auto-scaler started life as private show for Netflix

Amazon’s own auto-scaler now available for third-party apps

KVM? Us? Amazon erases new hypervisor from AWS EC2 FAQ

We've fro-Xen page to preserve evidence of NVMe servers and Xen's stay of execution

OpenSSL alpha adds TLS 1.3 support

Shambling corpse of ancient, shoddy, buggy, crypto shoved towards the grave

Ex-Intel exec Diane Bryant exits Google cloud

Could Chipzilla replace Brian with a Bryant?