Tag Archive for Networking

| July 28, 2009
Comments Off on Feds to Test IPv6

Feds to Test IPv6

Feds to Test IPv6NetworkWord is reporting that the U.S. government has reportedly launched a comprehensive product testing program for IPv6. The new program, USGv6 Test Program, will be run by the National Institute of Standards and Technology (NIST) will require all network hardware and software vendors to pass IPv6 compliance and interoperability tests before they can sell their products to the U.S. federal government market.

NIST logo

The NIST IPv6 test plan covers basic IPv6 functionality as well as related standards such as IP Security (IPsec), Internet Key Exchange (IKEv2 ), Dynamic Host Configuration Protocol (DHCPv6), Open Shortest Path First (OSPFv3), Border Gateway Protocol (BGP4+) and multicast requirements in MLDv2.

The USGv6 program will allow vendors to run IPv6 compliance tests in their own labs as long as it is accredited by NIST, but they must run IPv6 interoperability testing in someone else’s lab. Erica Johnson, Director of the University of New Hampshire InterOperability Laboratory told NetworkWorld, “The way that the NIST profile is going to work is that conformance testing can be done in an accredited first-party [vendor], second-party [buyer] or third-party [independent] lab…But the interoperability testing must be done in a second-party or third-party lab.”

The time frame for the USGv6 Test Program is tight. NIST is expected to publish this week [July 31] the final version of its IPv6 test specifications aka Special Publication 500-273 and to finalize its test plan in November 2009. Testing labs are to be accredited before the end of the calendar year. Network vendors will have six months to get their routers, operating systems, firewalls and other security systems through IPv6 testing before the federal government’s July 2010 acquisition deadline.

By July 2010, federal agencies will be required to buy only hosts, routers, and network security systems that have been tested for IPv6 compliance. Vendors must issue a “Suppliers’ Declaration of Conformity” that states host and router products have been tested for IPv6 compliance and interoperability, while security products must undergo functional IPv6 testing. All of the testings must be done in NIST-accredited labs.

rb-

It’s about time – I have included IPv6 requirements in RFP’s for over 6 years. It is amazing to watch the vendors tap-dance around what IPv6 compatibility means. Only some of these products from Cisco or Foundry Brocade are IPv6 compatible depending on the image you buy. I guess the real trick will be to get a “Suppliers’ Declaration of Conformity” if you are not a Fed.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| July 18, 2009
Comments Off on Weak PBX Passwords Cost $55 Million

Weak PBX Passwords Cost $55 Million

Weak PBX Passwords Cost $55 MillionThe U.S. Justice Department unsealed indictments against three Filipino residents on 06-12-2009 for an international PBX hacking scheme. According to Security Fix, the three are accused of hacking into thousands of private telephone networks in the U.S. and abroad, and then selling access to those networks at call centers in Italy that advertised cheap international calls and used the profits to help finance terrorist groups in Southeast Asia.

broke into PBX and voice mail systems, mainly by exploiting factory-set or default passwordsThe U.S. government alleges that the people arrested in the Philippines were responsible for hacking private branch exchange (PBX) systems and voice mail systems owned by more than 2,500 companies worldwide. The indictments allege that between October 2005 and December 2008, Manila residents Mahmoud Nusier, Paul Michael Kwan and Nancy Gomez broke into PBX and voice mail systems, mainly by exploiting factory-set or default passwords on the systems. According to Erez Liebermann,  assistant U.S. attorney for New Jersey, “The default passwords were left open in most of these PBX systems.”

The government charges that Italian call center operators paid the hackers $100 for each hacked PBX system they found. The defendants are charged with computer hacking, conspiracy to commit wire fraud, and access device fraud. The case was filed in the U.S. District Court of New Jersey, the home of long-distance provider AT&T. The documents allege the thieves used the hacked PBX systems to relay more than 12 million minutes in unauthorized international phone calls, or $55 million worth of telephone charges.

According to Reuters the defendants allegedly sold access to the compromised systems to 40-year-old Pakistani Mohammed Zamir, the manager of a call center in Brescia, Italy. Italian authorities arrested Zamir and at least four other Pakistani men operating call centers throughout Northern Italy. According to the AP and Carlo De Stefano, head of Italy’s anti-terrorism police unit, much of the proceeds were sent to the Philippines and may have been forwarded to Islamic extremist groups in the region, including Al-Qaeda-linked Abu Sayyaf. “There are strong suspicions and some clues, but nothing concrete,” De Stefano said.

Rb-

No matter the system (TCM, VoIP, SIP, T’s) sloppy installation practices can make any type of system vulnerable. That’s why I always include a requirement that all manufacturer and VAR account passwords be changed before the equipment is brought on-site and that they are changed by the Owner at the time of acceptance of the system. I have started to back this up by tying this requirement to their PLM bond requirements.

We also recommend to our clients that they disable international calling by default on their system and only allow it as required, based on the concept of least privilege.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| June 20, 2009
Comments Off on Low Cost Desktop Virtualization

Low Cost Desktop Virtualization

Low Cost Desktop VirtualizationOn Thursday (06-18-09) LG and NComputing announced an agreement where the Korean manufacturing giant will include NComputing’s desktop virtualization hardware on a new line of LCD monitors slated for release in June 2009.

NCompNComputing logouting’s desktop virtualization product includes both a proprietary hardware access device and Vspace desktop virtualization software. The hardware piece will be integrated with the LG monitors that will enable a single PC or server to be virtualized. Two LCD sizes will be available in the U.S. on the LG SmartVine N-series line: a 17-inch and 19-inch monitor. The monitors can also be used as traditional monitors that connect using VGA.

LG logoLG is integrating the access device into these monitors themselves,” Stephen Dukker, chair and CEO of NComputing says. “So, instead of being a stand-alone, PC-like device, it becomes an all-in-one computing device, and you just plug your keyboard, mouse, and microphone into the monitor,” he says. The solution will be priced below $200 and will offer both NComputing’s L series which connects via Ethernet and the X series access device, which requires a local PC connection.

Rb-

The partnership is the next act in the migration away from desktop PCs to portable computing (laptops, netbooks, and mobile devices). The traditional PC makers don’t realize that desktop virtualization allows the owner to save money throughout the life-cycle of the device.

There are savings in upfront acquisition costs; there are operational savings by reducing the management costs and the risk of obsolescence. Long-term savings can include reduced power consumption and e-waste problems. NComputing indicates that by using LG’s monitors, customers can lower their computer hardware costs by 60%, maintenance costs by 70%, and electricity costs by 90%.

The combined capabilities of the two firms should make the rest of the industry take notice of their progress (or lack). LG shipped more than 15 million monitors in 2008, and NComputing claims over a million seats sold in over 140 countries. NComputing won the Wall Street Journal Technology Innovation award, the Gartner Cool Vendor Award, and the Frost and Sullivan Green Computing award. NComputing CEO Stephen Dukker was previously co-founder and CEO of low-cost PC maker eMachines.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| June 11, 2009
Comments Off on Server Sales Slide

Server Sales Slide

Server Sales SlideLike most of us (except the bankers) global sales of servers have taken a beating since the first quarter of 2008. Server sales have declined by over $3 billion due to the economic slowdown meltdown recession and the growth of virtualization. Today, the global server market stands below $10 billion.

Global Server Sales

IBM logoSince Q1 of 2008 IBM‘s server revenues have declined over $1 billion from $3.946 billion to $2.913 in Q1 2009. Big Blues’ market share also declined from 30% to 29.3% during the same period. On the other hand, HP (HPQ) revenues grew from $2.904 billion to $3.624 billion and grew their market share to 29.3%, matching IBM in Q1 2009. Dell’s (DELL) revenues dropped from  $1.590 billion in 2008 Q1  with a 12.1% market share to revenues of $1.093 billion and an 11% market share in Q1 2009.

HP logoAccording to the ChannelInsider article:

  • No quick recovery for server sales until the general economy recovers (CI)
  • End-users continue to extend the life of existing servers (CI, other sources)
  • Servers remain among the least profitable for solution providers (CI: Market Pulse)
  • Demand for conventional and blade servers by end-users continues to shrink (CI: Market Pulse)
  • The popularity of data center virtualization technologies have had the collateral effect of shrinking server hardware demand (CI)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| May 23, 2009
Comments Off on Energy Star for Servers Released

Energy Star for Servers Released

Energy Star for Servers ReleasedThe U.S. Environmental Protection Agency released an Energy Star specification for computer servers on May 15, 2009. This new specification covers standalone servers with one to four processor sockets is in part a reaction to estimates that by 2011, IT equipment is expected to account for 3 percent of all U.S. electricity consumption, according to the EPA.

EPA logoAndrew Fanara of the Energy Star product development team helped spearhead the process of getting a spec for servers told DataCenter News. “EPA believes this new server spec is an important first step to help attract attention to the need and opportunity to cut cost and save energy in federal data center facilities, especially during a time of tight budgets,” Fanara told GCN.

The new specification includes:

  • Power supply efficiency requirements which should increase efficiency and reduce waste heat
  • Power consumption limits for when the server is idle
  • Single-socket server are limited to 60 watts
  • 2-3 socket servers are limited to 151-221 watts
  • Allowances for additional installed components
  • Power and performance data sheet  detailing power consumption  in a common format
  • Ability to report energy-related statistics to data center management software.

Vendors Respond to Energy Star for Servers

HP logoMajor server manufacturers are already submitting their products for Energy Star approval. HP says that two of its most popular servers, the DL360 and DL380 G6 are now Energy Star compliant with more servers added to the list soon.

IBM‘s next-generation Power6 processor has power management abilities that let it drop down to a 100-watt level.

IBM logoJay Dietrich, program manager at IBM’s corporate environmental affairs group told GCN,“Overall, we think that there has been good progress on the server requirements, and we think EPA has done some good work in getting that specification focused on the issues.”

NDell logoot to be left out, Dell launched an energy-efficient server line in December. Dell touts it’s PowerEdge Energy Smart 1950 III and 2950 III servers as the Dell green alternatives.

Sun Microsystems has touted the energy efficiency of its UltraSparc T1 “Niagara”-based servers for a while . The Niagara CPU typically uses 72 watts of power at 1.4 GHz.

Criticism of Energy Star for Servers

Sun logoThe new Energy Star criteria has its critics. The biggest complaint is that a qualifying server need only show energy efficiency when it’s in idle, powered on but doing no work. This is like comparing the mile per gallon of a Hummer and a Prius sitting at a stop light. Both use a similar amount of fuel idling, not going anywhere. Many argue that the amount of energy spent idling is less important than how many miles per gallon the vehicle gets while driving, doing its work.

However, firms are becoming increasingly aware of this issue and are addressing it. Organizations are deploying virtualization to cut underutilized servers to get as much performance per watt as possible from their hardware. In most IT organizations there are underutilized servers which spend a great deal of time idling, so idle server power consumption is relevant but not the whole story. Servers are not like desktop or laptop computers because they are not meant to be idle. Instead, they are designed to be highly utilized and available. “A heavily utilized server is much more energy effective than a small server running at very low utilization rates,” Albert Esser, vice president of data center infrastructure at Dell told GCN.

Subodh Bapat, a distinguished engineer at Sun explained to Data Center News another drawback to the program: It doesn’t take into account how many cores per processor a machine has. “The fact is, when you go from a server that has four processors with two cores each to two processors with four cores each, you save energy. That’s not recognized by the spec,” he said. “If you’re shipping a server with one processor, it doesn’t matter if you have one core or two cores or four or eight. You still get the same idle power allowance. There’s no benefit for the fact that you can do, say, eight times work with a fewer number of watts.”

“This is a great first step, but it’s not a complete spec,” says Bapat. “It’s a good start toward finding out which servers are better than others on an energy basis.” Bapat wasn’t entirely critical about the Energy Star program for servers. For example, a compliant server must be capable of measuring real-time environmental data . “Transparency is always a good thing. Energy Star requires the ability to report power consumption data pretty much across the range of utilization and at all times that the server is on. If you want to know how much [power is being consumed], you should be able to ask it and it should tell you. That’s a very useful feature.”

EPA Responds

Energy Star logoThe Tier 2 Energy Star specification will cover servers with more than four processor sockets, blade servers and fault-tolerant machines is expected in October 2010. The Tier 2 spec will also define a metric that compares server performance with energy consumption. EPA’s Fanara speculates that finding the magic numbers,  could take a while. The EPA is developing an Energy Star spec for data center facilities and is collecting data from volunteering data centers now. Mr. Fanara said his group also hope to have a framework document for an Energy Star for data storage equipment out in June 2009.

EPA introduced Energy Star in 1992 as a voluntary program to reduce greenhouse gas emissions through energy efficiency. The Energy Star label can be found on more than 50 kinds of products, new homes and commercial and industrial buildings. Energy Star is the EPA labeling program designed to help consumers pick out energy-efficient products. If a manufacturer qualifies its product, it can place an Energy Star label on it, and the product information can also be displayed on the manufacturer’s and the Energy Star Website.

rb-

I agree with Sun’s Bapat that the current version of the Energy Star requirements for servers is a good first step. Just like any 1.0 version release, there is still a lot of work to be done.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »