Network Computing

Get Out Your Checkbooks, The IT Recovery Is Here

Robert J. Mullins — Thu, 11 Mar 2010 15:10:57 -0500

Analysts from the research firm IDC say the IT economy will grow faster than the overall economy this year as the recovery from the recession builds. IDC forecasts information technology spending to grow by about 3 percent in 2010, modest by historical standards, but 1.5 times faster than the growth in the overall economy, said Stephen Minton, vice president of IT markets and strategies for IDC. Minton was one of a number of IDC experts who spoke Wednesday at the IDC Directions 2010 conference in Santa Clara, at which the Boston-based research firm shared its research on a wide range of IT topics.

Minton compared the impact of the recession on IT in the current downturn to the previous recession that began in 2001. The current recession had nothing to do with IT and more to do with the financial industry crisis, while the 2001 recession was all about IT. That recession began with the bursting of the dot-com bubble, the decline of the tech-heavy NASDAQ stock market and was compounded by the shock to the economy after 9/11.

The 2001 recession was relatively mild overall, but it was tough on tech, he continued, while the current recession was deeper overall, though less so for tech. While IT spending dropped by 5 percent in 2009, the economy grew in the fourth quarter, indicating recovery is on its way. IDC forecasts IT spending to grow by between 5 percent and 6 percent over the next five years.

As IT budgets were squeezed in the last few years, businesses and other enterprises were forced to consider cost-saving strategies they had not embraced before, he said, such as subscribing to software-as-a-service offerings or doing cloud computing. Reservations they had about security, reliability and access to their data by such outsourcing had to be accepted in favor of saving money.

The recovery presents an opportunity for businesses that use IT to invest in technology that manages and studies the vast amount of information coming into an organization in order to benefit the company and make it more competitive, Minton said. He noted that the I in CIO stands for information. "The opportunity for the CIO is that they really need to make themselves more important to the organization and the way they can do that is by helping the company extract the value of all that data," Minton said.

IDC's John Gantz said the recovery also coincides with an upturn in the long term boom and bust cycle for IT and advised vendors to "turn on the jets" in sales and marketing. "We have this extra adrenaline shot from the recovery coming in so it's a very special time and it can be a lucrative time if we do things right," said Gantz, a senior vice president and chief research officer.

In another presentation, Rick Vancil vice president of IDC's Executive Advisory Group, forecast marketing budgets to increase by 3.5 percent this year after declining by 8.3 percent in 2009. Gantz advised vendors that they need to address the complexity of IT systems that customers have to face. In the old days, the strategy was vertical integration, in which a company like IBM would develop a wide range of products and services to address every conceivable IT need. But even that's not enough today.

When Gantz used the word "solutions," he said it with a sigh. "A vendor's solution is not really a user's solution. If a CIO needs to get 20 solutions from 20 vendors to solve a single business problem ... it's not really a solution." Instead, Gantz spoke of "ecosystems" of IT companies with hardware, software, storage, security, communications, services and all the other technology businesses need to make sense of all that complexity.

Avaya Targets SMEs With Newest IP Telephony Offering

Sharon Fisher — Thu, 11 Mar 2010 14:33:05 -0500

Avaya has launched a new version of IP Office, the company's telephony product that targets small and medium enterprises. The 6.0 version adds new unified communications capabilities, including instant messaging and presence. It also supports video-conferencing. Avaya also says it has made design changes that reduce the price of the product by up to 30 percent, which they hope will attract small businesses.

IP Office 6.0 supports IP phones as well as virtual phones that run on a PC or laptop. Applications include a browser-based thin client feature, Avaya one-X Portal, that gives users remote access to the system. New Avaya one-X Portal features include instant messaging, embedded voice calling and presence tools. Browser support includes Internet Explorer, Firefox and Safari. The 6.0 version also introduces audio-conferencing for up to 64 parties per call. Conference-call organizers can view, add, drop and mute attendees, as well as record conference calls. A new IP Office Video Softphone application lets users make video calls using a "virtual phone" on a PC or laptop.

The new version fills a void that Avaya has had at the low end, says Rob Arnold, senior analyst at Enterprise Communications in Atlanta. He says previous versions of the product were not price-competitive in the sub-20-user space. "It's more or less an 'office in a box' with integrated functionality, as opposed to the enterprise level where the applications are separated out," he says.

Avaya redesigned the product to reduce costs specifically to attract those smaller businesses, says Joe Scotto, director of product and solutions marketing at Avaya. For example, while version 5.0 was configured via a flash card, version 6.0 has additional software and intelligence in the hardware, with the software delivered via an SD card. Sotto says this change reduced costs from $795 to $50 per device. Similarly, where organizations used to buy separate cards for digital, analog and IP devices, the system now has a combination card that consolidates those devices.

Avaya hasn't ignored larger businesses in the new release. The system's capacity has been doubled from 500 to 1,000 users. As many as 384 users can be supported per server. For organizations with multiple sites, up to 32 IP Office systems can be connected. The new version also adds voice messaging and auto attendant to its rollover capability, so if one site fails, calls automatically are routed to an IP Office server on another company site. Avaya IP Office 6.0 is sold via the channel. The software ranges from $89 to $169 per seat.

IEEE 802 Standards Committee Turns 30

Mike Fratto, Editor — Thu, 11 Mar 2010 11:57:44 -0500

The IEEE 802 Standard Committee, turns 30 on March 13th and has been a major influence on data networking. Ethernet is the OSI layer two standard for data communications and in 30 years, the speeds at which Ethernet operates has risen five orders of magnitude from 10 Mbps to 100 Gbps, and the diversity of where it is used (LAN, WAN, wireless) has grown. Indeed, topics have exploded from frame formats to power management and study groups to analyze esoteric events like static discharge in copper cables. That's a lot of work for a 30 year old group.

A lot of commentators complain that standards groups tend to be slow and unresponsive to the needs of consumers of standards products, such as enterprises and end-users. Paul Nikolich, chariman of the 802 Standards Development Group, counters that most standards work follows a three to four-year process from inception to finalization. During that time, participants hammer out the details that formulate the interoperable standards we have today. Given the number of standards that have been developed and are in use, the 802 Standards Committee has been very busy.

Nikolich points to three key factors for the 802 Standards Committee's success. The first is innovation through consensus. The people who attend and participate in standards work, which he says (contrary to popular belief) is open to all, work together to build the standards. The work is contentious at times, and there isn't always unanimous agreement within the groups, but through consensus, interoperable and applicable standards are developed. Sometimes the innovation comes through in unforeseen ways.

For instance, a group of people within 802.4 Task Group predicted wireless networking and searched for other projects in the IEEE that might be candidates for a wireless media access layer. Finding none, the 802.4l Task Group was formed to evaluate using token bus for wireless. The group found that Token Bus wasn't a fit for wireless and 802.4l was reformed as 802.11, tasked with developing the wireless LAN standards we use today.

The second factor Nikolich attributes to 802's success is the impact of standards through broad application. We have certainly seen the impact of the standardization of Ethernet on networking. Any Ethernet NIC can be plugged into any Ethernet switch and it works. Even features like automatic link detection, link aggregation, device identification and power distribution to end devices is fully automated. Ethernet has evolved from a LAN standard to providing long haul WAN connectivity through Carrier Ethernet, wireless over 802.11, and is merging storage and data networking by making Ethernet lossless through Data Center Bridging.

Finally, Nikolich points out that "participation has grown internationally as well. We are starting to see increasing participation from countries like China, India, and South Korea and countries with developing economies." The expansion outside of North America and Europe shows that the standards work of 802 has global application and impact.

Of course, not all of the work 802 did fits the three criteria. Networking coalesced around Ethernet, but there were other networking standards active in the IEEE in the 80's and 90's. The 802.5 Token Ring, which competed with Ethernet was moved to hibernation status in 2000, but 802.5z, Gigabit Token Ring was approved at the standards board. No products were released that we are aware of. Similarly, 802.4, Token Bus, was disbanded due to lack of interest. And there were some glaring mistakes such as Wired Equivalent Privacy (WEP) that came out of the 802.11, which didn't provide the equivalent privacy of a wired network to a wireless one. However, WEP was quickly broken and wireless vendors developed proprietary methods to address WEP's weaknesses, which were primarily key management. The 802.11 Task Groups created 802.11i to address wireless security in a standards based way.

The next 30 years appear as full of change as the first 30. Nikolich considers the 802.4l working group to be revolutionary in pre-dating wireless LAN. We asked which standards work he sees as potentially revolutionary in the next 30 years, he pointed to the Wireless Personal Area Network Visible Light Communications (VLC) task group (802.15.7) as one such group. The task-group's PAR states that they are developing standards for using visible light sufficient to carrying audio and video multi-media services. In addition, work on power reduction and increasing networking speeds will continue.

The work coming out of the 802 Standards Committee hasn't always been perfect, but the successes far outweigh the mistakes. Whether the future holds faster speeds, more ubiquitous networking, or new communications methods that we can't know today, but the work of standards bodies and adherence to standards are critical for the future.

Tone Software's New Knowledge-Base Puts Actions At Your Fingertips

Mike Fratto, Editor — Wed, 10 Mar 2010 13:54:21 -0500

Tone Software, who makes ReliaTel data and voice-management products for managed service providers, has recently added an in-depth knowledge-base that allows administrators to have all the knowledge and tools to troubleshoot and repair problems in a single, integrated set of portlets. Combining knowledge-base documents and troubleshooting tools with traditional management platforms is a growing trend among management software vendors that should be welcomed by IT.

ReliaTel is used for managing large-scale telecom suites that use products from multiple vendors. ReliaTel provides a unified management and reporting interface so that administrators can more effectively manage their telecom products from a single management platform. ReliaTel's Operational Knowledge Base, part of their Streamline management system, offers a wealth of information to administrators.

Operational Knowledge Base is made up of six portlets. The documentation portlet contains vendor-supplied documentation based on the product that is being managed. No need to maintain a separate documentation repository. The documentation portlet can also be extended with your own documentation on a per device, department, or customer basis so that you can document change control requirements, dependencies, or anything that is pertinent to the operation of the product or system. Tone Software also supplies vendor recommended actions to solve problems. The recommended actions are tied to other parts of the management system so that context-sensitive help is available. As with the documentation portlet, you can also add your own recommended actions as needed. The manual actions portlet provides a way to run commands on remote devices without having to login to each. The log browser and attribute function provide a way to view device specific logs and attributes respectively.

Integrated documentation is helpful when dealing with cryptic logs messages. By viewing a log message, an explanation of the log message is displayed and any vendor recommended actions. The trend of how often an event has been occurring is also available. Armed with this information, administrators solve problems quickly.

Relating event definitions to log entries is a trend that is starting to take hold. Prism Microsystems has created a knowledge-base that is integrated with their Event Tracker log management system (reviewed in November, 2009), providing descriptions of events, sources for further information, and it can include user notes and recommendations, as well. Tone Software is evaluating whether it wants to add support for community-supplied notes and actions, but has yet to figure out how to have the actions vetted to ensure they work and how to share actions among customers without violating confidentiality. It's a tough nut to crack, but anything that makes IT's job easier when it comes to supporting products is a check in the win column.

Cisco Swings Open The Doors With New Carrier Router

Michael Brandenburg — Wed, 10 Mar 2010 08:00:00 -0500

With the promise of giving "an adrenaline boost to networking," Cisco Systems has announced the Cisco CRS-3 Carrier Routing System. Designed for the service provider market, the new router is a leap forward for Cisco both in bandwidth and throughput. While the new products will not be on any enterprise's wish list, the CRS-3 will grant the large service providers the ability to bring higher performance to the backbone of the Internet and will also streamline and enhance the cloud and video services enterprises are adopting.

At the heart of the Cisco CRS-3 Carrier Routing System is Cisco's QuantumFlow Array, a high-performance, high-core network processor. The result is a significant jump in the CRS-3's ability to scale. At 322 Tbps of capacity, tripling the 92Tbps of its predecessor, the CRS-3 brings the service providers 100Gbps connectivity over their fiber networks, raising the bar on their Internet backbones and eliminating the need to bind multiple 40Gbps networks to meet the growing demand, while using the same chassis and power systems of the previous generation of products.

Along with all of the new capacity and performance metrics, the CRS-3 is designed to enhance the solutions that service providers can offer their customers. "Beyond the speeds and feeds of the CRS-3, the new data center service system, which includes network positioning system and VPN self-provisioning features based on Cisco's UCS, will streamline the managed solutions that carriers offer to the enterprise," notes Glen Hunt, principal analyst for Carrier Infrastructure at Current Analysis. He adds, "Cisco is delivering the tools to enable service providers to offer carrier-grade cloud services." The network provisioning system, for example, can determine the best-qualified path to the cloud resources an enterprise customer needs, based on demand and space requirements, as well as the proximity to the user. When the best path is determined, the CRS-3 can then automatically provision VPN links between that resource and the enterprise.

While Cisco's new core router is not likely to be deployed in enterprise data centers, its entry in the service provider marketplace will certainly have benefits to corporate. The CRS-3 not only enables the carriers to meet the needs of ever-expanding networks, it also allows service providers to bring a new level of services to their customers, without completely ripping and replacing their current investments.

Free Software Integrates Outlook And Google Docs

Andrew Conry-Murray — Tue, 09 Mar 2010 13:54:45 -0500

Mainsoft has announced a free Outlook plug-in called Harmony that links a user's Outlook UI with his or her Google Docs account. The plug-in creates a window sidebar in the Outlook user interface that shows documents stored in the Google service. Users can grab documents from the sidebar and drag them into an e-mail message to share with coworkers and colleagues. The document can be shared as a link rather than an attachment. This lets business workers collaborate on a single version of a document from a central location and reduces the size of the e-mail being sent.

Users can also drag attachments from Outlook, or documents from their hard drive, into the sidebar, and the file is saved to Google Docs. When files are saved to Google, they are transformed from their native format to the Google Docs format (other than PDFs, which remain in the PDF format). Google has announced that it will allow files such as Word and Excel to be uploaded and stored in their native formats, but Mainsoft says the search giant hasn't released the Web services API for this capability. The company says it will upgrade the plug-in when the API becomes available.

When a user prepares to e-mail a link to a Google Docs file, Harmony prompts the user to assign read-only or edit privileges to the recipients. Note that the Harmony plug-in stores the user's Google Docs credentials as a cookie. The company says the plug-in encrypts the password when saving the credentials on the end user's computer and uses HTTPS when sending the password when the user logs in.

The company says the plug-in is designed to facilitate collaboration. "E-mail is becoming the collaboration console," says Mainsoft CEO Yaacov Cohen. "If you make the browser and the Outlook client work together, you have better attention management and don't have to switch to browser window and be opening tabs."

The company has also announced the availability of Harmony for SharePoint. As with the Google Docs version, this Outlook plug-in creates a sidebar window in the Outlook UI that lets users tap into SharePoint libraries. Users can drag and drop attachments from Outlook into a SharePoint site. They can also take documents from SharePoint and send them as links to other users. Users can also search for documents in SharePoint from the Outlook UI. Both the Google Docs and SharePoint plug-ins require Outlook 2007. The Google Docs plug-in is still in beta version but is available for download.

More Companies Plan For Unified Communications See ROI

Beth Bacheldor — Tue, 09 Mar 2010 08:19:16 -0500

Unified communications (UC) has long been touted as a money saver and productivity booster, and according to a new vendor-backed study, the technology may be making good on that promise. For the second year, technology products and services provider CDW has conducted its Unified Communications Tracking Poll, surveying 915 IT professionals in December 2009 who work on unified communications or component technologies in business, government, healthcare and education. The company conducts the survey to better understand and gauge the adoption of UC technology, which converges voice, video, and data services and software applications across the enterprise. Among a variety of technologies and services, CDW provides unified communications solutions to organizations in the private and public sectors, and has partnerships and certifications with Cisco, IBM and Microsoft.

Of those surveyed that have fully implemented UC and are tracking their return on investments (ROI), the majority (71 percent) of organizations say that UC ROI has met or exceeded expectations. "ROI is better than expected," says Pat Scheckel, VP of converged infrastructure solutions at CDW. "That matches the direct experience we have with our own customers, but it is nice to see that validated in this poll," he says.

Of those that did see an ROI, 13 percent said the returns exceeded their expectations, while 58 percent said ROI met their expectations. Only 5 percent said ROI was less than expected, and about one-quarter, or 24 percent said it was still too early to determine whether they would achieve an ROI. A little more than half, or 54 percent of the IT executives surveyed said the top benefit from UC was the reduction of operating costs - a particularly meaningful benefit given the economic battering of the past few years. But half the IT execs also pointed to productivity as a key benefit. Other benefits included more reliable communication of information (44 percent) and improved cross-functional communication and collaboration (37 percent).

The capital outlay to plan for and implement UC continues to be of concern. Nearly half, or 46 percent, said getting the budget to pay for their UC deployments was the most significant challenge. Scheckel says, however, that organizations that have planned and/or have some experience already with UC have fewer cost concerns. For example, only 32 percent of organizations that have developed a business case for UC have reported that capital costs were a significant concern, versus 47 percent that had not developed a business case. "We see different levels of sophistication in our customer base, across the board," Scheckel says. "It's like anything. If you develop a plan, and understand and identify potential savings, it is far easier to run that by management and get approvals."

Nonetheless, the poll has indicated that there's an uptick in UC implementations, says Scheckel. In fact, 67 percent of those polled have prepared a business case or strategic plan for unified communications, compared with 55 percent in 2009, the first year the poll was conducted. A closer look at the numbers reveals that few have completely implemented UC but that is changing. For example, only 8 percent have completed an implementation (compared with 6 percent a year ago) but another 31 percent have either made their plans or are in the midst of an implementation.

The poll also looks at how organizations are implementing UC. Often, organizations implement component technologies of a UC strategy, such as video, audio and Web conferencing; presence (which identifies which users are available able to receive communications); unified messaging, and instant messaging. This year and last year, video conferencing and collaboration tools took the top spots in component technologies implementations. But unified messaging had the biggest increase, jumping from 46 percent in 2009 to 58 percent this year. And 45 percent of IT executives polled said they have deployed presence technology, compared to 37 percent in the 2009 study.

Scheckel attributes the growth of unified messaging to the fact that the functionality is now an integral part of communications solutions. "There's been broader acceptance of unified messaging, but also vendors used to offer unified messaging as an add-on capability, but now almost all are offering it as an included capability in their solutions," he says.

There's also been a shift in how some organizations are approaching their UC implementations. Video and Web conferencing, like last year, continues to be the most commonly used approach, an e-mail centric approach jumped from only 18 percent last year to 29 percent this year.

Sepaton Goes DeDupe

Mauri — Mon, 08 Mar 2010 11:30:00 -0500

Sepaton adds deduplication along with capacity and bandwidth optimization to its enterprise storage platform with today's introduction of the S2100-MS2. The S2100-MS2 sits in the midrange of the Sepaton products. A rack-ready device with capacity to back-up and restore of up to 40TB is aimed at small enterprises, the MS2 can be equipped for up to 160TB of useable data, while the existing ES3 can be configured for up to 1.6 Petabytes of data. The 2100-MS is currently available, listing for a two-node 30 Terabyte system starts at $321,000.

The rack-ready S2100-MS2 with DeltaStore software features a dual-node scalable system with an entry capacity of 36 TB raw and 30 TB usable and a maximum capacity of 192 TB raw and 160 TB usable. It performs at an ingest speed of 1,200 MB/sec. The S2100-MS2 is upgradable to the S2100-ES2 series. "This is a logical next step for SEPATON to make," says George Crump, owner of Storage Switzerland and a Network Computing contributor. "They had a gap in the mid-tier and the new MS2 helps fill that."

The MS2 ships the upgraded versions of Sepaton's DeltaStor and DeltaRemote software version 5.3, which sports improved data reduction and bandwidth efficiencies. The new software also has a virtual tape library with full dedupe, spanning most backup-class solutions in the industry including EMC NetWorker, Veritas NetBackup and HP Data Protector.

The increased platform support will be particularly important for the company. "While Sepaton is content dependent, deduplication can be more intelligent about identifying block boundaries it requires Sepaton to explicitly support each backup app," says Howard Marks founder of DeepStorage.net and a Network Computing contributor. "Now they're adding support for Networker, so they have the big three (TSM, NetBackup, Networker) and HP Data Protector, no surprise given the OEM relationship. Users of Simpana and others will have to wait."

Also included are advanced, centralized-management capabilities with reporting for capacity planning and management applicable across Sepaton's entire product offering. "Reporting around deduplication is an important capability that many enterprises are now demanding," says Crump.

3Par Slashes Storage Array Costs

David Greenfield — Mon, 08 Mar 2010 10:08:58 -0500

3Par dramatically improves the performance of corporate storage arrays with the announcement of its support for Solid State Drives (SSD) in its autonomic storage arrays, the InServ Storage Server F-Class and T-Class storage servers. SSDs, the sort of small drives that you might find in an iPod or other consumer electronics, provide incredibly fast storage access. They're widely being seen as an alternative to higher-priced Fibre Channel access for commonly accessed files. With SSDs, IT would continue to use SATA drives for about 98 to 95 percent of their storage needs and then integrate SSDs for the two to five percent of files that are commonly accessed, says Craig Nunes, vice president of marketing at 3Par.

Cost savings are a big driver for deploying SSD. Incorporating SSDs into the array should yield about a 30 percent savings, says Nunes. Other savings will come from the environment as well. "In this kind of system you could go from 200, 73GB drives to get enough IOPS to 50, 300GB drives and some SSD saving MUCH floor space and power with an improvement in performance," says Howard Marks, founder of DeepStorage.net and a Network Computing contributor.

The determination of which data sets are active or being frequently accessed is made automatically by 3Par's Adaptive Optimization Software. To support the introduction of SSDs, 3Par has also introduced a sub-volume, data-movement engine. Previously, 3Par could only assess performance of specific drive volumes, but with the introduction of SSDs, 3Par can now assess traffic based on block-sized regions. When the software sees I/O activity that is high within the region, it will move the data up to faster the SSDs. When it sees the performance drop off for a region then it will move the file back to the SATA drives.

"3Par isn't the first vendor to introduce SSDs and block-sized movement in its storage array and in SSDs its playing catch up", notes Marks. "Compellent has done so for some time in smaller firms. EMC provided SSD support albeit without sub-lun movement nearly two years ago", he says.

3Par Adaptive Optimization software is available immediately. SSDs for the 3Par InServ will be available next quarter and are compatible with all InServ F-Class and T-Class arrays running the latest version of the 3Par InForm Operating System. 3Par Adaptive Optimization software is an optional product that starts at $1,400 and requires 3Par System Reporter software, version 2.7 or newer. Pricing for SSDs starts at $22,400 per InServ array.

Motorola Brings Vendor Neutral WLAN Management To AirDefense

Michael Brandenburg — Fri, 05 Mar 2010 12:13:18 -0500

The enterprise mobility division of Motorola has announced its new multi-vendor WLAN management solution. The AirDefense Infrastructure Management module joins the other components of the AirDefense product line, including its Network Assurance, Advanced Troubleshooting, and the AirDefense Security and Compliance suite. The new management platform offers command and control features to Motorola's enterprise WLAN products and to its closest competitors' products as well.

The AirDefense suite is in many ways a stand-alone product for Motorola, which acquired AirDefense in 2008. The security solutions were primarily designed as an overlay sensor network running alongside the primary wireless data network. In fact, the only direct impact on the product suite was the move to use Motorola's access points as sensors on the security net. The multi-vendor approach allows AirDefense to keep a bit of independence while becoming part of Motorola's all-encompassing One Point Wireless Suite. This level of vendor-neutrality also gives Motorola a response to other third party management solutions, particularly against the AirWave Wireless management tool, now owned by WLAN competitor Aruba Networks.

At launch, the management solution will offer plug-in support for the WLAN gear of the current market share leaders in the enterprise space: Cisco, Aruba Networks and of course, Motorola. Motorola is quick to point out that this modular approach enables AirDefense to add additional vendors and products based on customer demand without having to release full software updates.

Multi-vendor wireless networks are an all-too-common reality for network administrators. Whether it is a case of switching vendors changing OEM partners, corporate mergers bringing new facilities and disparate infrastructures, or even just a simple matter of a new preference in vendors, an enterprise's WLAN can easily become a hodgepodge of products. A management platform that can provide a centralized level of control across all of these products, while maintaining a consistent configuration and design, will be key to keeping support costs, and your sanity, in check.

Ballmer Bets Microsoft's Future On Cloud Computing

Robert Mullins — Fri, 05 Mar 2010 08:26:01 -0500

Thursday Microsoft CEO Steve Ballmer delivered what was essentially a State of the Cloud address, providing a forward-looking view of what cloud computing will be like for the world in general and for his company, in particular. While much of his talk focused on consumer end-user features like a more interactive Bing Maps and the Xbox gaming console, he also spoke to the future of cloud computing for enterprises.

Describing technology as "the gift that keeps on giving," Ballmer made a commitment for his company to go "all in" for cloud computing. "This is the bet, if you will, for our company." Cloud computing for enterprises is the act of replacing the computing power in an on-premise data center with computing power delivered by a third-party provider with a vast computer infrastructure that services multiple clients. The customers pay for computing power from a cloud vendor the same way they pay for electrical power from their local utility company.

Microsoft is delivering cloud computing to enterprises by putting its flagship business application suite, Microsoft Office, into the cloud, Ballmer explained in an address from the campus of the University of Washington in Seattle. Cloud computing for the purpose of better collaboration and communication among employees "is one of the core kind of technical ambitions behind the next release of our Office product, which you'll see coming to market this June," he noted.

In January, Microsoft launched the Windows Azure Platform of cloud software and services, the cloud equivalent of Windows Server, which includes Windows Azure, an operating system as an online service; Microsoft SQL Azure, a cloud-based relational database solution; and Windows Azure Platform AppFabric, designed to simplify the connection of cloud services and on-premise applications. Cloud computing is also changing the way enterprises think about how server hardware and software fulfills their computing needs, Ballmer continued. "How we think about everything to do with server hardware and server software now needs to change based on the cloud. The cloud has really driven a perspective that comes from scale."

He spoke of how cloud computing allows enterprises to tap into more computing resources when demand spikes, but relinquish those resources when demand declines, paying only for the compute cycles they use. Increasingly, enterprises will want to use cloud computing to rapidly deploy new capabilities, new functionality, new data and new software releases. Cloud computing will become a major focus for new Microsoft products and services going forward, Ballmer concluded. Today about 70 percent of Microsoft's 40,000 global employees are involved in cloud computing in one way or another, "and a year from now that will be 90 percent."

Citrix, Carpathia Launch XenServer Cloud Service

Charles Babcock, InformationWeek — Thu, 04 Mar 2010 17:08:27 -0500

Carpathia Hosting and Citrix Systems have combined resources to offer a XenServer-based set of cloud services, called Carpathia InstantOn. Such services are likely to appeal to heavy users of Citrix XenServer hypervisor or Microsoft's Hyper-V hypervisor, since both use a shared VHD virtual machine file format which would lend itself to export to a XenServer based cloud. InstantOn is one of the first cloud offerings to be based on XenServer.

Amazon's EC2 is based on a variation of the open source Xen hypervisor known as Amazon Machine Images. The AT&T and Verizon clouds are based on working with VMware ESX Server virtual machines, as are Rackspace and other suppliers.

The nature of the virtual machine format a cloud service is prepared to work with determines who is most likely to find it easy to use. In some cases, customers will want to move workloads already running in their data centers out into the cloud. Doing so on short notice is much easier if they don't need to undergo a virtual machine format conversion first.

Carpathia CTO Jon Greaves said in the recent announcement that the Capathia cloud offering will be suitable for workloads designed to run in the public cloud, or for more secure private cloud-type operations. "Our focus has been delivering robust public and private cloud solutions for production-ready applications," he said.

The following will be made available through InstantOn, accessed through CarpathiaHost.net's E3 Portal:

On-demand computing services for virtual machines, including connections to dedicated or single-tenant infrastructures. Most public clouds invoke multi-tenant infrastructures, putting many customers side-by-side on the same physical servers.
Virtual networking that can take advantage of Citrix Systems Netscaler VPX, which allows Web applications to rapidly scale up to growing traffic demand.
Virtual storage in the form of object or block storage that can be shared by a single customer's multiple virtual machines.

In addition, Greaves wrote in an email exchange with InformationWeek, that special, secure, and private facilities will be made available in the InstantOn cloud. They include:

Hardened virtual operating system images for use in virtual machines to guard against outsider security exploits. Monitoring agents for the system are included.
Network support over a private virtual local area network with private addressing.
Support for implementing firewalls on a virtual machine and an intrusion protection system.
Support for open source tripwire security.
Support for deploying a hybrid cloud infrastructure, where some operations, such as databases, remain on an on-premises physical server, while database applications serving Web site users run in the cloud.

Greaves said by email that the Carpathian services ensure a more private operation, when desired, than the "simple, flat networking that is normally the case in public clouds."

In addition, he said Carpathia's InstantOn services can impose Secure Sockets Layer, virtual private networking and RSA public key/private key certificates to particular data handling operations in the cloud. Such a move would allow the tracking of accountability in the cloud and allow operations to be audited, if necessary.

"We support continuous compliance scanning where virtual machines are validated daily," he wrote. In addition, in the event of a virtual machine failure, Carpathia implements ITIL based incident management processes, or best practices set by the IT Infrastructure Library, for discovering why and reestablishing the VM. Greaves is a former distinguished engineer at Sun Microsystems who was CTO of its Services business.

Microsoft's Scott Charney Calls For Disrupting Cybercrime Activities

Robert Mullins — Wed, 03 Mar 2010 15:49:01 -0500

It's not enough to build defenses against cybercriminals, the good guys have to put the bad guys out of business, according to Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group, in a keynote address Tuesday morning at the RSA Conference 2010 in San Francisco. "We are committed to collaborating with industry and governments worldwide to realize a safer, more trusted Internet through the creative disruption and prevention of cybercrime," says Charney. While focusing on security and privacy fundamentals like threat mitigation remains necessary, the industry needs to be more aggressive in blunting the efforts of cybercriminals.

Microsoft's latest success at thwarting cybercrime occurred last week when the company, along with other industry, academic and legal communities, obtained a restraining order against the operators of the Waledec botnet, one of the 10 largest botnets in the U.S.A. Botnet is a large network of computers that have been compromised, usually without the owner's knowledge, to launch cyberattacks such as spam, denial of service attacks, click fraud and distribution of malicious software. Battling botnets was just one of several themes in Charney's address, in which he promoted Microsoft's "End to End Trust" vision of secure Internet computing for both on-premise and cloud-based enterprise IT.

At RSA, Microsoft also released a community preview of new technology it calls U-Prove, which uses cryptography to better protect privacy and enhance security in online transactions. Microsoft also released portions of the U-Prove intellectual property along with an open-source software development kit for both the C# and Java programming languages, in order for developers to experiment with U-Prove and provide feedback. Charney also addressed the need for a clarification on how data is secured in cloud-computing environments. The issue is not just about how a cloud service-provider secures a client's data, but about what the government has to do to obtain access to it.

In the pre-Internet world, a government agency would have to show probable cause to get a subpoena to see data, he said. "The fact of the matter is as we move more and more of this data to the cloud, it means governments and litigants can go to the cloud and get that data without ever coming to the citizen." Charney said there may be a need for legislation to protect data in the cloud.

The Trustworthy Computing initiative has been successful at improving Microsoft's reputation for security competence, a reputation it did not always have, said industry analysts in a panel discussion Tuesday afternoon. "People used to beat up on Microsoft," said Jonathan Penn, vice president at Forrester Research. "Microsoft was not in the business of providing secure solutions but focused on functionality for the user, until things got bad enough that it started to affect their business."

Net Optics Director Pro Combines Deep Packet Inspection And Load Balancing

Mike Fratto, Editor — Wed, 03 Mar 2010 13:33:43 -0500

Anyone who need to view network traffic for application, network or security monitoring knows the difficulty in getting traffic from the wire to the analyzer. Physical and network interfaces have to match exactly, or IT is forced to use switch-span ports that can place additional load on the switch fabric and limit the output speed. Net Optics announced a new inline tap that supports 40Gbps pass through traffic, a Gigabit Zero Delay TAP and a Director Pro with hardware based deep packet inspection and dynamic load balancing. Director Pro starts at $19,500.

The two new taps are, in a way, incremental improvements to existing passive tap products. The 40Gbps tap is, as far as we can tell, the first 40Gbps passive, full duplex network tap on the market, but we are sure there will be more to follow. Net Optics Zero Delay tap preserves the electrical connectivity to connected device ports, ensuring that if there is a power failure to a Zero Delay tap, the connected devices won't detect the electrical failure and have to renegotiate the physical link.

The bigger news, however, is Director Pro is a new hardware platform that adds additional processing power for performing deep packet inspection (DPI) and load balancing. Existing Director products are not field upgradeable to Director Pro, but both Directory and Director PRO use the same hardware interface modules.

The DPI function allows IT administrators to set-up filtering rules based on patterns that can match anywhere in the packet. Other intelligent tap products like Gigamon's Gigavue has had DPI pattern matching for quite some time. DPI is used to direct matching packets to specific output ports. Net Optics Director and Director Pro can direct packets to specific ports based on a variety of parameters like IP addresses and port numbers, but with DPI, IT administrators can direct only HTTP traffic, regardless of the TCP port being used, to a specific port based on the discovery of an HTTP header. For example, an IDS might be tuned to look for malicious traffic in the HTML responses like SQL Injection or Cross Site Scripting from a client to a server, and you want that traffic to be processed by the IDS. Other HTTP traffic such as images and videos don't need to be processed and won't be sent to the IDS. Or you might want to direct HTTP files like images and videos to be an anti-malware product. Using DPI, setting up those rules allows you reduce load on analysis devices.

Director Pro also allows dynamic load balancing, which can spread traffic flows among a number of different output ports. As network speeds increase beyond 10Gbps, analysis products have a hard time keeping up. Just like load balancing incoming HTTP connections among multiple servers lightens the load per server, load balancing captured traffic among multiple analysis products--multiple IDSes, for example--lightens the load per IDS.

Load balancing can be round robin where packets are sent to output ports in sequence. Round Robin might be used in cases where the analysis product receiving the packets has multiple interfaces and can rebuild the traffic flow across all the interfaces. For example, an analysis product might perform TCP off-load on the NICs to relieve that processing from the CPU. By sending packets in a round-robin fashion to the appliance can manage higher capacity.

Flow-based load-balancing is more intelligent and can forward all the packets in a network flow, loosely defined as all the packets between to network nodes, to an output port. Flow-based load-balancing is used in cases where there are different analysis engines attached to a network port. For example, if you have multiple IDSes analyzing traffic, each IDS needs to see all of the packets between two nodes that make up a flow to detect malicious traffic. Director Pro can load-balance flows between two nodes based on IP addresses, meaning all the packets between two nodes will be sent to the same output port. In addition, load-balancing can occur based on source IP address or destination IP addresses. Flow-based load-balancing allows the IDSes in our example to see the entire conversation between client and server while balancing conversations among multiple IDSes.

The intelligent tap market is getting interesting. Director Pro adds some welcome features to network taps. The load balancing might give you more life out of existing analysis equipment without having to go through upgrades to keep up with network speeds and feeds. There are some features, like packet-slicing (removing a payload) and data-masking (overwriting data), that intelligent taps, such as Gigamon's Gigavue 2404 offers, can aid in conforming to privacy policies while allowing analysis to be conducted. It looks like your options are expanding.

Nexenta Deduplicates ZFS

Sharon Fisher — Wed, 03 Mar 2010 11:00:00 -0500

Nexenta Systems Inc. has enhanced its NexentaStor 3.0 product to include in-line deduplication for Zettabyte File System (ZFS). The company also used NexentaStor 3.0 as the basis for its Nexenta Virtual Machine Datacenter (VMDC) 3.0 product, which adds support for Microsoft's Hyper-V virtualization environment.

In-line deduplication means duplicate data is eliminated as it is being written the first time, rather than offline or post-process, says Evan Powell, CEO of the Mountain View, Calif., company. This is particularly important in virtualization, where 95 percent of the storage in the virtual machines is identical, he says. The deduplication is done at the storage layer so it is transparent to the hypervisor software that manages the virtual systems, according to Powell.

Support for ZFS makes it easier for users to migrate to larger storage devices and to mix storage devices from multiple vendors, because it is an open file system, Powell said. "All legacy enterprise storage systems today write the data in proprietary format," he said. The data is then in a machine to which users don't have access without that vendor's technology, and a time-consuming conversion process is required to move to a different vendor's hardware, he said.

ZFS also lets users build files that are bigger than what could actually fit on a disk. "The maximum file system in a proprietary storage system is 16 terabytes," Powell reports. "Ours is 16 exabytes."

Jefferson Nunn, IT Director for GoWireless Inc., a Las Vegas Verizon reseller with 300 stores across the country, uses a previous version of NexentaStor and is deploying a pilot version of NexentaStor 3.0. He is particularly interested in the support for Microsoft Hyper-V, which he said is weak in the current version. His company originally started using NexentaStor when he found he could get "50 percent more storage for 60 percent less cost," he said.

VMDC lets administrators provision storage and storage policies. "It gives you, as the storage administrator, a unified view," Powell said. "It gives you a fighting chance to do your job and establish storage policies at the VM level."

Compared with proprietary storage products, NexentaStor users have experienced 75 percent savings using increased efficiency through compression, thin provisioning, and hybrid storage pools that include support for solid-state drive (SSD) flash memory, the company said. Both NexentaStor and VMDC run on industry standard rather than proprietary hardware, Powell said.

Since its introduction in April, 2008, NexentaStor has been deployed in about 1,000 commercial sites and 20,000 noncommercial or free sites, Powell said. About 80 percent of its customers buy the product through a VAR, he said. Some deployments are in the petabyte range, he added. The company is privately held.

Sun developed the software last year. This is the first time it has been included in a commercial product, Powell said. NexentaStor 3.0 is scheduled to be available at the end of the month for prices starting at $1,100 for 4 terabytes and which scale up based on capacity. Existing users can upgrade free.

Cloud Security's Seven Deadly Sins

Robert J. Mullins — Wed, 03 Mar 2010 09:00:00 -0500

A new study, Top Threats to Cloud Computing V1.0, conducted by the Cloud Security Alliance, identifies seven types of security risks present in cloud computing. Many of the threats also apply to corporate networks, but can be exacerbated by both the openness and scale of cloud services. The study was released at the RSA Conference 2010. Hewlett-Packard funded the study and is using its release to promote its Secure Advantage services, which help businesses sort through the myriad security products and services on the market, including HP's and other vendors.

The first threat outlined by the study is misuse of cloud computing, where the cloud itself is used to host attacks. Clouds have been infected with the Zeus botnet and the InfoStealer Trojan horse, for instance. Because people can access cloud computing services with just a credit card, or even a free trial period, criminals can spam and spread malware in relative anonymity. The study recommends stricter registration and validation, better credit card fraud detection and data traffic monitoring.

The second threat is unsecured APIs. Poorly written APIs can contain exploitable loopholes, says Chris Whitener, chief security strategist for HP. "This isn't new; people write bad applications all the time. But when you expand it to, say, 10,000 instances to handle 100,000 employees, you really make a big mess out of the thing." The study recommends closer analysis of API security. It also recommends strong authentication, access controls and encryption.

Malicious insiders are identified as the third threat. This threat is well known in corporate networks, but with the cloud, Whitener explains, you don't have control over who works at the cloud vendor and what they might be up to. The study recommends a comprehensive supplier assessment as well as contract specifications around how the vendor must screen workers.

Shared technology is a fourth area of concern. In an environment where multiple virtual servers have the same configuration, a single bug or misconfiguration can be replicated across a broad patch of a cloud provider's infrastructure. Companies should make sure their cloud vendor follows best practices for network and server configuration and should enforce service level agreements for patch management and vulnerability remediation.

Fifth is data leakage, another common concern that is magnified in the cloud. "There are so many more applications floating around on a cloud so chances are one of them has got to be screwed up and has to be leaking data," says Whitener. Among the study's recommendations are specifying strong API access control and implementing strong key generation, storage and management, and data destruction practices.

Account or service hijacking is the sixth threat. If an attacker can hijack a legitimate customer's account, he or she can gain control of that customer's virtual machines. The study recommends two-factor authentication and proactive monitoring to detect unauthorized activity.

The seventh threat is the unknown. Cloud vendors and their customers may think they've covered every possible risk, yet something may still happen that they weren't aware of. Whitener says there are companies who don't think through security risks because they think it won't happen to them. "They say 'I'm not going to think about all the issues that are associated with cloud computing, I'm just going to try it,'" Whitener says. "There are an awful lot of people out there who are doing that."

The CSA includes such companies as Dell, Intel, McAfee, Microsoft, Symantec and VMware. Notably, HP rival IBM, also is active in cloud computing, is not a member.

Symantec E-mail Security Appliances Focus On Targeted Attacks, SMB Markets

Neil Roiter — Tue, 02 Mar 2010 13:32:37 -0500

Today at RSA, Symantec announced the release of a small business edition with identical feature sets to its Brightmail, but simplified licensing and SMB-scaled pricing. Symantec's latest release for its e-mail security appliances boasts enhanced ability to detect and block increasingly prevalent targeted e-mail attacks, real-time updates and customer-centric protection.

Targeted attacks such as 419 scams and focused phishing, according to Symantec, accounted for 21 percent of all spam messages in January 2010, more than double the percentage in January 2009. These range from attacks that target groups of users -- for example, those likely to contribute to charity such as earthquake relief -- to very specific attacks that zero in on a particular industry, company or user. They typically leverage profile information gathered on Facebook or LinkedIn, claiming to be a friend, relative or perhaps an IT admin.

The latest Brightmail release employs new techniques designed to detect these lower volume attacks, analyzing common characteristics such as word proximity, header information, subject versus body text, source, etc. Symantec has also widened participation its Probe Network to collect input directly from customer appliances and responding rapidly to attacks on specific customer businesses. In the past, the Probe Network collected information primarily from U.S.-based ISPs.

"The difference is that historical process of joining was focused on service providers because that gave us largest volume of e-mail, and spam used to be more generic," said Angelos Kottas, principal product manager for Brightmail. "Now with targeted attacks, different customers are seeing different kinds of spam. So, we need to insert probe accounts into the entire spectrum of our customer base."

Speed is a factor, Kottas said. Symantec analysts say that most attacks are delivered with half-hour of launch. In response, Brightmail now downloads protection updates incrementally as often as every second--compared to every few minutes up to now--and verifies the baseline every 24 hours.

Symantec has offered a hosted e-mail security service since its acquisition of MessageLabs. Brightmail 9.0 integrates MessageLabs' e-mail encryption service with the appliance's e-mail-based DLP capabilities, offering policy-based encryption. Brightmail Gateway 9.0 Small Business Edition is driven by channel demand, Kottas said, with single-appliance licensing, no per-user metering and SMB pricing.

The Small Business Edition strengthens Symantec's competitive position in the SMB market, by offering the option of either an appliance or hosted service. McAfee, for example, recently acquired hosted email security provider MxLogic. Enterprises make the choice based on customer preference, Kottas said, choosing to control everything on premise, or going to a hosted service based on business strategy.

There's plenty of opportunity for both models in the 250-and-under user market, he said.
"I absolutely think the SMB market will embrace the hosted model," he said. "But there's a market in the hundreds of millions of dollars that's focused on SMB appliances, and Small Business Edition is a direct response to channel partners. The CDWs and Dells of the world, these very transactional businesses, get customers calling in to say 'I want an e-mail appliance.""

Start-Up Pays You To Recycle Old Mobile Phones

Robert J. Mullins — Tue, 02 Mar 2010 11:19:13 -0500

When the Chicago law firm of Jenner & Block LP moved its offices last year, it found that many employees disposed of old cell phones by sticking them in a drawer. Wanting to be environmentally responsible, the firm decided to recycle the phones rather than just throw them out. It turned to CorporateRenew.com, a start-up created by two Yale University undergrads that pays businesses for old cell phones and PDAs and resells them on the secondary market.

"Reusing is the highest form of recycling, and for every device that comes through our door, we try to find a new home for it," says Joe Pappalardo, director of business development for CorporateRenew.com. He works with founders Rich Littlehale and Bob Casey at the new company, based in New Haven, Connecticut and open for one year now. The founders also operate a companion site called YouRenew.com, where individuals can sell consumer electronics, including MP3 players, game consoles, digital cameras and external disk drives.

The start-up resells the items on the secondary market, ideally at a profit, through such e-commerce channels as Amazon.com or eBay. Pappalardo says ninety-nine percent of the products it buys are resold, and the rest are recycled through a certified recycling partner.

At either site, the visitor enters information for the product he or she wants to unload, such as the make and model of the device and its condition, then they are told what the company will pay. For instance, the two-year old Dell Inspiron notebook on which this story was written is worth all of $36. This reporter's Palm Centro smartphone fetches just $28. But an Apple iPhone 3GS, introduced in June 2009, is worth as much as $318 if it's in perfect condition. Shipping is free, and once YouRenew/CorporateRenew checks the condition of the product, it mails a check to the customer.

CorporateRenew is tapping into a market with the potential for high growth: according to the Environmental Protection Agency (EPA), only 10 percent of cell phones are recycled in the United States. Those that aren't stashed in desk drawers end up in landfills with other e-waste such as computers, TV sets and servers. Hazardous substances in these products, including lead and cadmium, can pollute groundwater.

CorporateRenew serves businesses of all sizes, from small accounting firms to Fortune 500 companies, says Pappalardo. "Working with large corporations, the benefits of being environmentally responsible and getting some money back are great. It's really a no-brainer."

At present, CorporateRenew only buys back cell phones from businesses, though it is about to begin buying laptops. For desktop computers, servers, routers and other enterprise networking equipment, organizations have to engage a larger recycler. CorporateRenew and YouRenew link to Earth911.org, a nonprofit recycling resource. Companies that recycle corporate computing devices and mobile phones should ensure that memory and disks are completely wiped before the devices leave the premises. Otherwise, they risk exposing potentially sensitive information when the devices are resold.

Organizations have several options for recycling or re-purposing electronic equipment. Small and medium businesses can drop off unused equipment at Staples and Best Buy. For larger enterprises with hundreds of computers or servers to dispose of responsibly, hardware manufacturers have recycling or repurchase programs. HP, for instance, offers Asset Recovery Services to buy unwanted equipment, even if it's not an HP brand. The EPA posts a list of recycling and reuse programs on its Web site.

Fortinet Branches Into Wireless With Enterprise WLAN

Michael Brandenburg — Mon, 01 Mar 2010 09:30:00 -0500

Security vendor Fortinet has announced its first entry into the enterprise WLAN market space with its FortiAP access points. The company has extended the operating system of its FortiGate security appliances to serve as controllers for these deployed, thin access points, adding another dimension to Fortinet's already multitasking appliances.

Fortinet's initial wireless offering will feature the 200 series of indoor access points, with both single and dual radio 802.11a/b/g/n models, the AP-210 and AP-220 respectively. Both models will offer 2x2 Multiple In/Multiple Out (MIMO) and switchable 2.4 or 5 Ghz primary radios. The second radio in the AP-220 model can be configured to provide concurrent access on both frequencies or serve as a dedicated wireless monitor, searching for rogue access points or other intrusion attempts. The Fortigate appliances, from the FortiGate-60 Series and up, will provide centralized command and control for the local access points, acting as wireless controllers and wireless intrusion prevention solutions. Pricing for the new access points has not been released and are expected to ship in Q3 2010.

Fortinet's leap in the WLAN market is a logical direction for the company, as a number of the recent high profile security breaches have used WiFi as the attack vector. Fortinet is well respected in security circles and will bring that strong security posture to the wireless network. In stark contrast to the other start-up WLAN vendors , the company can come into the market with at least some brand recognition and an established customer base of its appliances.

While prospective customers can buy Fortinet's wireless solutions without wondering if the company will be around years from now, there is more to enterprise wireless networks than security policies. It is not yet clear whether Fortinet's products will include important enterprise features such as wireless meshing or 3G WAN back-up. This could cause existing customers to pause before upgrading to 802.11n on their incumbent wireless platform.

Virsto Shrinks Virtual Storage

David Greenfield — Fri, 26 Feb 2010 10:28:41 -0500

Any day now, storage managers should get happier - a lot happier. Virsto Software is due to ship Virsto One, the first hypervisor-based storage solution that aims at reducing the size of VMs while improving their performance. This implies a lot of things, one of which is that it will radically shrink the size of VMs by 80 or 90 percent. For an IT organization swamped in VMs, that can only be a good thing.

Most data storage technologies deployed with virtual servers today were not designed specifically for server virtualization, but were based on assumptions true for physical servers. Today's virtualized environment exposes several critical challenges for IT. For one, virtual machine (VM) sprawl can consume 30 percent or more storage than physical servers. What's more, storage performance problems can reduce server I/O throughput by up to 80 percent. An increase in storage management complexity leads to increases in administrative headcount and application performance issues and ultimately to excessive storage capital and operating costs.

Virsto claims to tackle each of these problems. Virsto One drastically reduces the complexity of storage for virtual servers and delivers innovation and benefits by reducing storage sprawl by cutting VM image space consumption by up to 90 percent, according to the vendor, through unlimited high-performance, thin provisioned, VM-optimized snapshots and clones. It also simplifies storage management, enabling quick, simple automatic VM storage provisioning, instantaneous clone creation and off-host snapshot backup.

Virsto One also increases storage performance, providing VM-optimized flow control to eliminate the performance-sapping I/O blender, potentially more than doubling I/O rates and eliminates excessive storage costs and improving the economics of virtualization by reducing the number of terabytes and disk spindles required for VM application support. This enables the use of low-cost commodity storage hardware and reduces the operating expense of VM storage management.

Virsto's move is a smart one. Organizations are creating VMs faster than they know what to do with them, and any move to reduce the size of those VMs should be welcomed by storage managers. With that said, organizations will want to keep an eye on Virsto's performance claims, particularly as they deploy I/O heavy applications, such as Exchange. With Virsto One, I/O requests are ordered so that there are fewer disk reads. In theory, fewer disk reads should dramatically improve subsystem performance. Makes sense. Of course, introducing any layer in the I/O subsystem could have adverse effects if not properly designed. How the software works in practice remains to be seen. Virsto One is available now, and pricing is set for $1,250 per physical server.

VMware Acquires EMC Management Apps

Mike Fratto, Editor — Fri, 26 Feb 2010 08:00:00 -0500

EMC announced that VMware has agreed to acquire management apps from EMC's Ionix division, beefing up VMware's management offerings. The applications are Application Discovery Manager, Server Configuration Manager, Server Manager and IP from FastScale, which provides thin provisioning of virtual machines. The deal is closing at $200 million, and EMC and VMware expect to close in Q2 2010.

It's no secret that VMware has been building on its hypervisor product line with management products such as Site Recovery Manager, which automates and streamlines site recovery, Orchestrator, which automates VM workflows and ConfigControl, which tracks and monitors configurations and dependencies. VMware has also been aggressively integrating their management applications like vCenter and hypervisor products with all comers through their extensive APIs. The breadth and maturity of the product lines keeps VMware ahead of other hypervisor vendors like Citrix, Microsoft and Oracle.

According to Ben Verghese, chief management architect in the Virtualization and Cloud Platforms Business Unit, "[IT as a service] starts with efficient pooling of infrastructure to create on-demand virtualized capacity, add automation based on industry-wide and user-local policies, self-service access to a catalogue of IT services, charge-back and usage reporting, and you achieve public-cloud economics with private cloud control." AKA, the private cloud for enterprise IT.

The acquired products fill gaps in VMware's management capabilities with Service Manager, which provides integrated server management, including change management, SLA management, virtualized application provisioning and which bridges the gap between physical and virtual application deployments. Shekar Ayyar, VP of Strategy and Corp Development summed up the acquisition like this: "The assets we got from EMC fill those goals. It's simplifying management rather than adding complexity. You can do more with VMware and use that as the basic operating system for the data center."

As VMware moves deeper into the management space, they run the risk of competing with systems management vendors like BMC, CA, HP and IBM, as well as newer vendors that also offer virtual management applications that integrate with VMware and other hypervisors. Ayyar contends, however, that VMware is not trying to replace or compete with systems management vendor products. Rather, VMware is going to provide the tools and services to manage a VMware environment with integration points exposed to systems management vendors that are adept at managing large, heterogeneous environments.

"The purpose of tools you get from CA, HP, BMC, etc are systems management tools in a heterogeneous environment. Our approach is the reverse, which is that the creation of an internal cloud gives customers the benefits of continuity, compliance, etc, without having to create large, complex overlay management systems. Customers will still need those large systems management tools. VMware still provides integration points," Ayyar confirmed.

Companies that buy systems management products typically buy them for the situations that Ayyar lays out--large heterogeneous environments. But there will be some overlap between functions that VMware's new management products will provide and modules, often licensed separately, that are provided by systems management vendors. VMware will have to convince systems management vendors that it's worth their time to integrate with VMware's management application stack.

Download the latest issue of Network Computing to find out the tools you need to tame multivendor virtualized environments--before they eat you alive. (Registration required.)

Gigamon GigaVUE Stamps, Slices, and Masks At 10Gbps

Mike Fratto, Editor — Thu, 25 Feb 2010 08:00:00 -0500

Capturing data for security, application performance, or just plain old monitoring, is a requisite function for IT. As network speeds increase, the need to capture data at line rate increases accordingly, so it's natural that network taps will increase in capacity. However, not all analysis methods need access to the full packet. Gigamon has enhanced its GigaVUE-2404 platform to time-stamp packets using a GPS time source, slice off the payload and mask bit patters in the payload prior to sending the packets to the destination analyzer. The more packet-processing that can be done prior to sending the data to analyzers, the more control efficient and effective your monitoring becomes by filtering out noise and unnecessary data.

Time-stamping in a distributed enterprise, or even in a single instance, is important to know when frames have arrived at various points. Coordinating time-stamps across instances is necessary to adequately trace packet flow. Removing an intervening time server should make time-stamping more accurate, particularly when getting down into the millisecond and sub-millisecond range.

More important is the ability to slice off data from the payload, particularly useful in cases such as application performance management where the payload is not important. GigaVUE has been able to capture a portion of a packet or frame, but that was typically at fixed lengths. For example, you might set the capture limit to 128 bytes under the assumption that length will capture header data even into the TCP or UDP payload. The new slicing mechanism is smarter than that. For example, the data portion of an HTTP payload--the bytes after the HTTP headers--can be sliced off regardless of where the HTTP header boundary is. Similarly, the encrypted payload on VPN or SSH traffic, which isn't of much value anyway, can be removed. Gigamon is currently supporting common application protocols like FTP, HTTP and VoIP. More complex application like Oracle RDBMS protocols are in the works.

The GigaVUE can also mask data in application payloads as well to keep sensitive information from unauthorized eyes. For example, an HR web application may have sensitive employee information in the payload that network administrators don't need to see. Masking that data prior to analysis lets administrators do their work without exposing sensitive information. Like slicing, the masking functionality is dynamic and flexible so that patterns can be located wherever they reside in the payload rather than at fixed locations.

GigaSMART Release 7, also announced, provides new monitoring capabilities in the management UI as well as allowing dynamic cross GigaVUE connections so that packets captured on one GigaVUE can be output to a monitor port in a different GigaVUE. Existing customers with active maintenance can upgrade at no cost.

F5 Enters The Virtual ADC Market With LTM Virtual Edition

Mike Fratto, Editor — Wed, 24 Feb 2010 14:00:00 -0500

F5 Networks is dipping its toe into the virtual application delivery controller market with a free 90-day trial edition of their Local Traffic Manager, Virtual Edition (LTM VE). LTM VE is a VMware virtual appliance that is targeted at non-production developer use. F5 does plan on releasing a production version of LTM VE in the first half of 2010 and is withholding pricing until that product is available.

Following on the heels of Citrix Systems' May 2009 announcement of it Netscalar VPX virtual appliance, LTM VE, which currently only runs on VMware's vSphere ESX4, ESXi 4 and Workstation 7, is a fully functional LTM virtual appliance that is rate limited to 1Mbps throughput. The 90-day trial includes access to F5's support site and web-based support.

The first thing to note about LTM VE is that this current version is not to be used in a production deployment. The purpose is to provide developers and IT administrators a way to test web applications against an LTM deployment prior to installing a new web application or upgrading an existing one. The LTM VE runs all of the iRules--custom rules that manipulate IP traffic--that the hardware LTM runs. LTM VE supports F5's API, iControl as well. Developers can test web traffic in a mirror of their live environment. With the 90-day trial, using LTM VE is a good way to try out the product before buying.

Mandar Ghosalkar, application infrastructure manager for Byer California, a clothing manufacturer, is an F5 customer and is trialing LTM VE. "Want to move the development environment. We have many projects that need to be tested with full environment. We'd like to get our developers off the BigIP hardware to keep them separate from production systems," Ghosalkar said in a phone interview.

What aren't available today are modules like the WEB Accelerator and Application Security Manager which enhance LTM. F5 is evaluating making those modules available in the future, and we think they should. Even though some of the modules have production value, some like Application Security Manager and Access Policy Manager do alter the application experience, and having a fully functional virtual test bed would be useful.

There is potential beyond development uses. Ghosalkar said they are planning on implementing a disaster recovery plan. Whether the DR site is hosted in-house or at a co-location provider, a virtual appliance is more flexible and less expensive than deploying redundant hardware. The requirement, of course, is whether the coming production version of LTM VE can support their processing demands. Packaging a virtual ADC is also a selling point that Citrix and Expand networks claims as an advantage with their virtual appliances.

The interesting aspect of virtual ADC is that ADC processing can be split between hardware and software appliances. For example, CPU-intensive processes like compression and SSL termination can be performed on an hardware ADC, while application specific processing can be managed in a virtual appliance. Tightly coupling the ADC with the application--servers, databases, etc., makes application mobility much more robust.

I tested LTM VE on my development machine and I am pretty impressed with how well it ran. I installed LTM VE into VMware's Workstation 7 on a Dell Optiplex running Windows XP on a dual core CPU and 2 GB or RAM. You'll need 10GB of space--not all at once--for LTM VE as well. The virtual appliance comes with three interfaces defined. F5's suggestion is for the management interface on the LAN and the two other interfaces on the virtual network. I moved the interfaces around so I could host my web server and LTM VE on the Optiplex and access it from the LAN. Once the installation was complete, setting up LTM is straight forward. All of the templates and wizards available on the hardware version of LTM are available. I set-up a HTTP server using the Generic HTTP template. It took about five minutes, and I was load balancing through LTM VE. LTM VE ships with templates for common applications like Sharepoint and Outlook WebAccess.

Editing iRules is fairly straightforward once you root around F5's DevCentral and locate the appropriate documentation. iRules uses TCL as the base scripting language and provides enhanced functions specific to BigIP and LTM. If you are familiar with scripting languages like Perl or PHP, picking up the basic syntax of TCL is going to be a snap. Obviously, I can't see the performance impact of various optimization options on an application, nor can I extrapolate performance numbers to a real deployment, but I wouldn't expect to do so with a development version of LTM VE.

If you are an F5 customer, LTM VE is worth checking out in your environment. I suspect other ADC vendors will be coming out with virtual versions of their products. The application deployment benefit is compelling and the ability to try before you buy without having to invest in a test bed should help you make better purchasing decisions.

Dot Hill Doubles Fibre Channel Bandwidth

Edward J. Correia — Wed, 24 Feb 2010 12:45:00 -0500

Storage hardware OEM Dot Hill Systems today unveiled the 3000 series, an all-new line of rack-mounted storage area network arrays that support the 8Gb/s Fibre Channel speed variant as well as dual-interface models that add 1Gb/s iSCSI support, effectively bridging the two protocols without the need for a second network. The 3000 series is available now to OEMs and will begin shipping under the Dot Hill brand next week.

The new 3000 series doubles the specified throughput of Dot Hill's 2000-series arrays. The 3730 (3.5-inch) and 3720 (2.5-inch) are a pair of dual-port 8Gb/s Fibre Channel 2U arrays that respectively can handle 12 and 24 drives each. The 3930 and 3920 are dual-interface models, with 1Gb/s iSCSI interface upgradeable to 10Gb/s.

"This lets you introduce iSCSI into an established Fibre Channel space without having to disrupt it," said Andy Mills, Dot Hill's vice president of marketing and business development, speaking of companies who'd like to migrate to from Fibre Channel iSCSI or vice versa. "We're cost effectively bringing Fibre Channel into the low-end space. This reduces the number of channels needed because you can pump more data through and reducing the complexities of maintaining multiple storage networks."

Mills said the move also is "designed to 'uplife' our 4Gb/s Fibre Channel products firmly into the 8Gb/s generation" and "reinvent the entry level," with street prices expected to be less than US$15,000 for a system fully loaded with serial ATA (SATA) drives and a Fibre Channel host connect, or around $20,000 for the faster 6Gb/s SAS (serial-attached SCSI) drives.

"Choice is always good when it comes to storage," said George Crump, founder and chief steward of Storage Switzerland and Network Computing contributor. "I'm always nervous about iSCSI-only solutions, so if you can get Fibre Channel and iSCSI in the same box, not needing a separate network is a good thing, assuming the technology works." Crump confirmed that the pricing is where it needs to be. "This is very interesting. If you want Fibre Channel performance, you've got a cost effective 8Gb solution."

Dot Hill also has added remote replication capabilities to AssuredRemote, its optional embedded array-to-array copy tool, which simplifies off-site data storage. "For the SMB, remote replication for disaster recovery has been an expensive luxury," asserted Hill. "But with remote replication, AssuredRemote allows you to place one array in a primary location and another in a secondary location. You don't need to install any additional software or maintain a server. It's all done transparently inside the box." Mills inferred that RemoteAssured, which is currently available only to OEMs, will be offered to the public in a few weeks in the forthcoming R-series arrays.

With the growth of server virtualization, and its requisite storage needs, organizations have increasingly looked to transition storage systems from the relatively expensive and inflexible Fibre Channel technology to an emerging standard such as iSCSI, says Mills. Until now, the only option has been to employ parallel storage networks. "There's a cost implication with that," he said, adding that since iSCSI uses Ethernet, a dual-interface array lets companies keep Fibre Channel and add on more flexibly. "With two host connects, you can provision Fibre Channel, and as you employ server virtualization, which uses iSCSI more and more, you can mix SATA with SAS and do a data-in-place migration and you're not disturbing the infrastructure."

Dot Hill's 3000 series arrays are expandable with JBODs (just a bunch of disks), and can control a maximum of 144 drives totaling 192TB. General availability is set for March 5.

SaaS Collaboration Software Gets Upgrade

Sharon Fisher — Tue, 23 Feb 2010 11:00:00 -0500

Central Desktop has launched Central Desktop 2.0, the latest version of the company's SaaS collaboration product. The 2.0 version offers tighter integration with e-mail and an upgraded user interface. The software lets users create collaboration workspaces that include components such as discussion forums, blogs and wikis. Users can also create and track tasks, exchange messages and files and link to outside services such as Twitter and Facebook.

Central Desktop 2.0 lets users post messages to a workspace via e-mail. For example, if a user posts a comment in a workspace, an e-mail is sent to other coworkers who belong to that workspace. With the new integration, coworkers can reply via e-mail and their comments will be posted to the workspace without the need to log in to the site. Central Desktop CEO Isaac Garcia says this was a popular request among customers. Users can also design new workspaces and save them as templates that other employees can use. The new version gives users more choices in the use of pictures, avatars and colors. Other new features include a viewer for 189 types of files of up to one gigabyte.

The new interface is "much better and easier to understand," says Grant Simmons, director of SEO project management for The Search Agency Inc., a 150-employee search marketing and optimization company. Simmons introduced Central Desktop to his company 14 months ago, after having used it at a prior job. "There is no perfect project management system, but this is pretty good," he says.

The software is intended for small and mid-size businesses, particularly for companies with 100 to 300 employees. Garcia says Central Desktop has about 2,800 clients and 125,000 users, including companies such as Netflix, as well as many others who use a free version of the software.

The new version is available now. It costs $99 for a single user or $10 per month per user with a minimum of 50 users and an annual contract. Organizations can upgrade licensed users in increments of 50. The software runs on Internet Explorer, Chrome, Firefox and Safari, and also offers a plug-in for Microsoft Outlook. Later in the year, Central Desktop expects to offer a marketplace to let users trade workspace templates outside their own organizations. The company also plans to support WebDAV and offer enhanced support for users that access Central Desktop via mobile phones.