Tag Archive for Cloud computing

| July 1, 2014
Comments Off on Another Cloud Implosion

Another Cloud Implosion

Another Cloud ImplosionCode Spaces, formerly a popular cloud-based source code hosting service run by AbleBots from New Jersey was forced to close. Infosecurity reports that after an attacker managed to get access to its Amazon (AMZN) Web Services EC2 control panel and delete most of its customers’ data.  According to an explanation on the Code Spaces website, the firm was a victim of DDoS with the apparent attempt to extort “a large fee to resolve the DDOS.”

As the firm attempted to restore control of its machines, the attacker escalated the attack, the site says;

hanging out a closed sign

… the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artifacts from the panel … We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances. In summary, most of our data, backups, machine configurations, and offsite backups were either partially or completely deleted.

Code Spaces marketed itself as a trusted provider offering “Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management” and a “full recovery plan” with full redundancy, duplication, and distribution of the data across three different geographical data centers if things went wrong. According to the Infosecurity blog despite the marketing hype the Code Spaces sites is folding up its tent and hanging out a closed sign by saying;

cost of refunding customers who have been left will put Code Spaces in an irreversible financial position Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of on-going credibility.

rb-

Another high-profile Cloud Computing service goes bust. Last year when Nirvanix went belly up I wrote about the need for a cloud exit plan. Calum MacLeod, vice president of EMEA at Lieberman Software told CIO.com that security incidents like this are avoidable if companies take effective steps. He suggested firms should implement:

  • Certificate-based authentication along with normal user IDs and passwords,
  • Whitelist applications,
  • A schedule for changing Credentials every few hours for critical applications,
  • Continuous discovery of the systems and applications to check if there were any changes to account settings, like happened to Code Spaces where new privileged accounts were created to allow the attack to continue.

He concludes that the Code Spaces incident reads like a cyberattack 101 scenario, where the failure to properly manage privileged credentials ultimately was the cause of the breach.

Other suggested measure for organizations using AWS would be to enable multi-factor authentication for admin logins. Alternatively, to prevent the wholesale loss of files Amazon Glacier could be used for longer-term data archival, to augment regular offline backups.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| June 19, 2014
Comments Off on Facebook Challenges Cisco

Facebook Challenges Cisco

Facebook Challenges CiscoJulie Bort at the BusinessInsider says Facebook is challenging the stagnate network giant Cisco (CSCO). Facebook’s (FBNajam Ahmad, leader of the OCP networking project announced a product that should have Cisco shaking in its boots. Mr. Ahmad told the New York Times, “The bigger strategy here is to get computer networking out of the black box, black operations part of the world.

Facebook logoFacebook introduced the new top-of-rack Wedge switch in 2013. The Wedge release made good FB’s promise to disrupt the $23 billion Ethernet switch market, now dominated by Cisco. Wedge is part of the Open Compute Project (OCP). The author says is OCP one of the most important tech projects Facebook has ever created. OCP began in 2012 as a radically new way to build and buy computer hardware. It creates free and “open source” designs where anyone can contribute to the designs and use them for free.

Open Compute Project

The hardware OCP designs range from computer servers to hard drives to the racks that hold them all. While Facebook still leads the project, it has grown into an industry phenom. In 2013, the article says Facebook saved “over $1 billion” by using the hardware invented by Facebook.

Cisco logoAnd a year ago, OCP announced plans to build a network switch. And not just any network switch, but one designed as a software-defined networking (SDN) device. BI explains that SDN is a new way to build networks that threaten Cisco, or at least Cisco’s 60+% profit margins. SDN takes the fancy features baked into network equipment – things like security, management – and puts them into the software. This turns the hardware into something that dumbly moves bits of information around. The hardware switch becomes easier to move around and manage, and far less expensive, all things that cloud computing does better.

Software-defined networking

Cisco has already recently released its own SDN product line Cisco Open Network Environment (ONE). Ms. Bort (and others) contend these products encourage customers to keep buying Cisco’s high-performance but expensive gear by including features that will only work with said Cisco’s products. No doubt many enterprises will want that. But Facebook’s switch is a threat for a lot of reasons.

  • Facebook is already testing it in its own data centers, one of the most demanding environments around, it said.
  • Wedge is “open source.” Cisco gear is somewhat like Apple’s (AAPL) gear. Cisco controls and keeps secret every part of it from the operating system to the custom processors.

Open Compute ProjectThe Wedge is different. Everything from the software to the choice of processor Intel (INTC), AMD (AMD), or ARM (ARMH), is “open source” meaning others can see and use or modify the design. As Facebook’s Yuval Bachar and Adam Simpkins explain in a Facebook post about the Wedge switch:

Traditional network switches often use fixed hardware configurations and non-standard control interfaces, limiting the capabilities of the device and complicating deployments. … Unlike with traditional closed-hardware switches, with “Wedge” anyone can modify or replace any of the components in our design to better meet their needs.

Facebook Wedge Switch

Standard parts

EnterpriseTech explains the Wedge switch was built using standard parts. It uses Broadcom’s (BRCM) popular Trident-II switch ASIC, which can provide sixteen 40 Gb/sec ports, which could easily be expanded to 32 ports. The ports can also be equipped with splitter cables, breaking them down into 10 Gb/sec ports that would boost the effective port count to 64 ports in a 1U enclosure. The Wedge switch has a compute element, which is a microserver based on an unspecified Intel processor (most likely an eight-core “Avoton” C2000 processor) that adheres to Facebook’s “Group Hug” microserver specification. Finally, the Wedge switch uses a Facebook homegrown version of Linux.

OCP has already attracted some big players beyond Facebook, too, including Microsoft (MSFT), Intel, Goldman Sachs, Rackspace (RAX), Bloomberg, and many others. It’s worth noting that enterprises cannot buy this switch from Facebook. They would have to order it from a custom manufacturer, just like all other OCP designs. But if this switch does well for Facebook, enterprises will be encouraged to try SDN. And up-and-coming competitors to Cisco, like Arista and Big Switch are involved in OCP and are standing by to cash in.

rb-

Facebook is not alone. Google (GOOG) and Amazon (AMZN) have done the same thing after being frustrated by the slow pace at which incumbent tech companies move. By comparison, the Asian contractor manufacturers that Facebook has used for its open hardware have moved disarmingly quickly, according to Facebook’s Ahmad.

Is this an industry inflection point? There is a school of thought out there that believes we are. They compare today’s networking environment to the phone era when Lucent and Nortel were at their peak and failed in the face of the newfangled softswitch. The Cisco Smartnet annual fee on top of any hardware you buy from them sounds exactly like the kinds of pricing practice those who remember, saw in the voice industry when it was a duopoly of Nortel and Lucent.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| June 5, 2014
Comments Off on Sears Converts Stores to Data Centers

Sears Converts Stores to Data Centers

-Updated 07-12-16- Data Center Frontier reports that Sears ultimately decided to spin off its Sears and Kmart stores as a real estate investment trust (REIT) rather than converting them into data centers.

Sears Converts Stores to Data CentersThe blinking blue lights of servers soon fill the aisles that previously offered the Blue Light Special according to an article in Data Center Knowledge by Rich MillerSears Holdings (SHLD) has formed a new unit to market space from former Sears and Kmart retail stores as a home for data centers, disaster recovery space, and wireless towers.

Ubiquity Critical EnvironmentsWith the creation of Ubiquity Critical Environments, Sears hopes to convert the retail icons of the 20th century into the Internet infrastructure to power the 21st-century digital economy. The article says Sears Holdings has one of the largest real estate portfolios in the country, with 3,200 properties spanning 25 million square feet of space. That includes dozens of closed Sears and Kmart stores. Sean Farney, the COO of the newly formed Ubiquity believes the firm has a great asset on its hands he told DCK.

It’s an amazing real estate portfolio … The goal is not to sell off properties. It’s to reposition the assets of this iconic brand. The big idea is that you have a technology platform laid atop a retail footprint, creating the possibility for a product with a very different look to it.

SearsCOO Farney is an industry veteran who previously managed Microsoft’s huge Chicago data center, and then ran a network of low-latency services for the financial services firm Interactive Data. He told DCK, he sees an opportunity to build three lines of businesses atop the Sears portfolio: data centers, disaster recovery sites and “communications colocation” in which Ubiquity leases rooftop space to wireless providers.

Ubiquity will be able to leverage real estate at both closed stores and some that are still operating, depending on the opportunity. The first step has been to evaluate the portfolio and identify properties that could work as data centers. The article reports that Chicago engineering firm ESD has conducted “data center fitness tests” on promising properties to size up their power, fiber, and risk profiles. Ubiquity is also working with Newmark Grubb Knight Frank to market the portfolio to the brokerage community.

Data centerThe first Ubiquity project will be a Sears store on the south side of Chicago, nestled alongside the Chicago Skyway. The 127,000 square foot store will be retrofitted as a multi-tenant data center. Ubiquity’s Farney says he already has a commitment for the first tenant at the site on East 79th Street, which has 5 megawatts of existing power capacity and the potential to expand. “It’s a building that’s lit very well, from both a fiber and power perspective,” Mr. Farney told the author. “It’s going to be great data center building.”

Mr. Farney acknowledges that many of Sears’ mall-based retail locations aren’t viable for data center usage. “I don’t think the industry is yet ready for a mall-based data center,” he said. “That may take some time. The stand-alone location is optimal.”

Cell towerUbiquity has those stand-alone facilities, along with distribution centers and some parcels of vacant land. ”There are closed Kmarts that are stand-alone, 200,000 square-foot properties with good fiber and power and 10 acres of parking,” said Mr. Farney. “These are owned assets.”

The article cites the COO who says Ubiquity has flexibility in how it works with tenants. It could finance a buildout and then hand over a wholesale data center to an enterprise or managed hosting provider or could opt for a powered shell solution for a tenant, depending on the customer’s needs.

After initially focusing solely on data centers, Ubiquity has expanded its strategy Mr. Miller explains. Although mall-based stores may not be right for data centers, they could be ideal for disaster recovery facilities, Mr. Farney said. That includes mall stores that have closed, as well as those that have downsized to a smaller retail footprint. In either scenario, a separate workspace could be created with an exterior entrance to restrict access, while still allowing employees to take advantage of nearby stores and eateries. Mr. Farney believes this makes sense for the client.

Disaster recovery sitesThere are compelling reasons why this is a great model … It used to be the business continuity centers were located in an industrial park. The customer has evolved to the point where they want a sexier location, where they can have access to a Starbucks and other retail, because it’s possible they may be there for weeks or months. Sears and Kmart stores are located in just such retail locations in major malls.

The COO also predicts that customers are ready for a more distributed approach to business continuity.

In the past, customers had a single monolithic recovery center … Now, after (Hurricane) Sandy, there’s a need for multiple locations, because you don’t be tied to one location in a regional disaster. There’s a desire to have multiple locations spread costs across multiple areas. The Sears footprint really fits that.

Then there’s wireless, which the article says is the most exciting opportunity. Mr. Farney says that seventy percent of the U.S. population lives within 10 miles of a Sears or Kmart store.

When malls were being built, they gravitated to the intersection of freeways and highways, and Sears got entry to all of them … These rooftops have proximity to the greatest mass of consumers available. As wireless users grow, the size of the cell is shrinking, creating holes in coverage. Having rooftop access to the cars and pedestrians around the malls is important. The Sears portfolio can capture that … There’s tons of interest. I will put as many of the rooftops in play as I can.

 rb-

This is a rather innovative and out-of-the-big-box thinking and smart use of space for a company with a huge real estate portfolio. 

Sears’ solution to the problem of now-vacant retail buildings isn’t to sell them off for scrap and hope for the best but to hang on to its assets and find a way to make them more profitable. Every struggling company and town in this country could learn a lesson from Sears.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| June 3, 2014
Comments Off on The Evolution of Backup

The Evolution of Backup

The Evolution of BackupHave you ever stopped to think about how the technology for data protection has evolved? Backup has been around, in one form or another, since 3000 B.C. It has evolved and adapted to take advantage of improvements in technology platforms. Storage vendor Axcient traces the evolution of backup technology from clay tablets to the cloud in this infographic.

Axcient traces the evolution of backup and key events in backup methods.

Axcient infographic the evolution of backup

According to CrunchBaseAxcient is an entirely new type of cloud platform. Their technology stack eliminates data loss, keeps applications up and running, and makes sure that IT infrastructures never go down.

Axcient is designed for today’s always-on business, The system replaces legacy backup, business continuity, and disaster recovery software and hardware. They claim it reduces the amount of expensive copy data in an organization by as much as 80%.

By mirroring an entire business in the cloud, Axcient makes it simple to access and restore data from any device. They claim that with a single click their app can configure failover systems, and virtualize your entire office – all from a single deduplicated copy.

rb-

The key to any successful Business Continuity Plan is a solid, verified backup plan. The impact of a major data loss on a SMB can be devastating. The actual numbers are debatable, however, it seems that a significant number of firms go out of business after a major data loss. 

There are many new ways to backup your data, from Acronis, Axcient, Barracuda (CUDA), EMC (EMC), ExagridHP (HPQ), IBM (IBM), Symantec (SYMC), Veem what is important is that you have a plan, execute it and test it. 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Data protection | Tags: , , , , , , , , , , , ,
| January 30, 2014
Comments Off on Cyber Attacks on Schools

Cyber Attacks on Schools

Cyber Attacks on SchoolsCloud services and data-management systems are multiplying in the edu market. Schools, districts, and states are using online networks to store student data such as records PII, medical records, attendance, and grades. Putting all of this data online is scary enough, these systems are designed to allow parents (and attackers) to get to data from a home PC.

More convenient for teachers and parents

vulnerable to cyber attacksEducation Week explains that the switch to online data is often more convenient for teachers and parents. But these changes can also make state agencies, districts, and schools vulnerable to cyber attacks. The author cites the August 2013 DDoS attack on the Kentucky Department of Education’s statewide Infinite Campus information network as a precursor of things to come. The Kentucky agency was able to fight off the DDoS attack before any data was compromised but school DDoS attacks are occurring more often as they get easier to execute. David Couch the Kentucky Department of Education’s chief information officer said.

What I understand from what I’ve seen is that [DDoS attacks are] a commonality now … I think most organizations have to add to their tool suite a way to detect them.

Online attacks

DDoS attackGCN reports another edu DDoS attack. This one is on OnCourse Systems for Education a SaaS that provides software services to K-12 schools. The firm became the victim of UDP flood from Germany and the Netherlands. The firm tried to fly under the radar, Mark Yelcick, chief technology officer and partner at OnCourse said.

This was the first DDoS attack at OnCourse, and we never thought that we would be a target … There’s no money or assets to be gained by attacking an SaaS provider of K-12 educational systems. We felt that the firewall, intrusion protection and DDoS protection from our data center provider would be enough.

DDoS mitigation platformIn order to turn back the tide of rouge packets, OnCourse brought in Prolexic. Prolexic has solutions tailored for the education market. The company engaged its emergency services, routing traffic through Prolexic’s 1.5 Tbps cloud-based DDoS mitigation platform and stopping the attacks. CTO Yelcick said, “We simply cannot afford downtime brought about by a DDoS attack.”

Because DDoS attacks can target any IP address, it’s impossible to completely prevent them, so for districts and the companies that offer data management services, the focus is on battling these attacks as they come.

battling these attacks as they comeWe have to be prepared and understand the environment that we are operating in so we’re prepared to address these issues as they come up,” says Infinite Campus CEO Eric Creighton, the victim of the Kentucky DDoS attack.

Attackers are after student PII

Part of predicting and combating cyber attacks is understanding why people order these attacks in the first place. When the target is a network that stores student grades and attendance information, the immediate thought is that a student is responsible. However, Mr. Creighton says that students rarely attempt attacks and, in his experience, have never succeeded.

Report card“I don’t think these are attacks attempting to get data … There’s no jackpot of valuable data –there’s no payload here.” CEO Creighton may be spinning the results. rb- I wrote about schools collecting and losing PII here.

One reason that schools and districts are targeted is that their systems are designed for convenient access. Easy access for parents and teachers, makes for easier targets. Marcus Rogers, a professor, and chair of the cyber forensics program at Purdue University told Education Week.

For a lot of these attacks, the intended victim or goal is something bigger than the school. Obviously schools want to protect their data, but the bigger threat is when they use those networks now to go out and attack a power plant or a stock exchange or an air traffic control systems. That’s when the stakes go up.

Caused by a BYOD device

Kentucky education officials believe that the attack on their systems was triggered by a beacon. They hypothesize that a beacon was unknowingly placed on a student’s mobile device, which he or she took with them to school. Viruses can cause a device to send out a beacon, instructing thousands of other devices to attack the network the device is connected to. In Kentucky, officials say that this won’t stop individual districts from implementing bring-your-own-device programs. However, schools can decrease the chances of an attack by making sure that these student devices are properly protected according to Education Week. CIO Couch believes schools will start to protect themselves.

I think what you’re going to see is districts making sure that before people plug into their network they have up-to-date, good virus protection … I think you’ll start to see that in K-12.”

Purdue’s Rogers says that even when schools know best practices for avoiding and combating attacks, such measures are often cost-prohibitive. “A lot of times the schools know what to do, but at the end of the day if they’re trying to get library books, a firewall is not going to be their big concern.”

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries   Recent Entries »