Enterprise IT Watch Blog


May 19, 2010  10:52 AM

Microsoft: 0, VirnetX and i4i: 490 Million

Melanie Yarbrough Profile: MelanieYarbrough
A modern day David and Goliath?

A modern-day David and Goliath?

Microsoft’s had a busy week so far, and it’s only Tuesday. A settlement was reached yesterday in the VirnetX patent suit, which began in February 2007.

The Facts: Infringed Patents

1. U.S. Patent No. 6,502,135: for “a method of transparently creating a VPN between client computer and target computer.” The jury granted VirnetX $71.75M.

2. U.S. Patent No. 7,188,180: for a “method for establishing a VPN using a secure domain name service.”The jury granted VirnetX $34M.

Microsoft has maintained that neither of these patents was infringed and further, that the patents themselves are invalid. Soon after the ruling was declared, VirnetX filed another suit against Microsoft citing the same patents were infringed, but by Windows 7 and Windows Server 2008 R2—released after the initial suit was drawn. (The original trial was aimed at Windows XP, Vista, and Microsoft’s Live Communication Server and Office Communication Server.) The settlement includes Microsoft’s licensing of the VirnetX technology, originally developed for the CIA, placing them in the company of major names that also use VirnetX such as Google, HP, AT&T and more.

VirnetX isn’t alone, either. Microsoft has been ordered to dish out a total of $490M, for VirnetX and another patent lawsuit—this one dealing with Word and Excel’s XML technology—from Toronto-based i4i. This one seems a little more personal; i4i’s chairman Louden Owen has claimed their win as “a war cry for talented inventors whose patents are infringed.” Though Microsoft continues to appeal the decision—and continues to be rejected—future versions of Word and Excel will be lacking the custom XML-based capabilities. Versions of Word distributed prior to January 11, 2010 are not affected; all other versions will have their custom XML tags removed. Microsoft’s Gray Knowlton suggests using Content Controls to reimplement any of your solutions that use Custom XML Tags.

Is this just another case of patent trolls—or more articulately, non-practicing entitiesfiling patents for future lawsuits such as these? It would appear not, depending on your opinion of the PTO, as Microsoft’s repeated attempts to discredit the patents they’re accused of violating have been thwarted by the U.S. patent office itself. From CampusTechnology: On Tuesday [May 11, 2010], i4i announced that the United States Patent and Trademark Office (PTO) had validated i4i’s patent on certain “custom XML” technology. This XML-based technology creates a metacode map to manipulate a document’s structure without reference to content. It allows a document such as a Word file to be converted to XML without loss of content.

Microsoft remains firm in its stance that the so-called custom XML technology is obscure and therefore fair game. Nevertheless, all versions of Word released after January 11, 2010 will strip documents of their custom XML upon opening (a build-upon of the patch for Word 2007 released earlier this year). Never fear: in April, i4i outlined how their x4w software will swoop in and save your custom XML tags. They’re hardly the heroes, however, adding an additional step and software to purchase for the end user.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

May 18, 2010  2:30 PM

Virtualization as a security testing platform?

Kevin Beaver Kevin Beaver Profile: Kevin Beaver

Virtualization has many obvious benefits, but the one that stands out to me is being able to use it for security vulnerability testing. One of the things that has frustrated me the most over the years is how security testing tools will junk up your system – especially Windows. Install enough vulnerability scanners, network analyzers and so on over time and you’ll undoubtedly be cussing like a sailor when system slow downs, instability and blue screens of death creep into your work. Oh, not to mention the ever-frustrating situation whereby your anti-virus software “cleans” your vulnerability testing tools right off of your system!

The neat thing with virtualization software such as VMWare Workstation, VirtualBox and the lesser-known Windows XP Mode in Windows 7 (that I recently wrote about for SearchEnterpriseDesktop.com) is that you can create a virtual security testing environment to muck up as much as you’d like without having to worry about affecting your day-to-day productivity by creating problems on your local system. When problems do arise in your virtual environment, you can simply fall back to an older image that works, or just quickly recreate a new one.

I know it seems like it’d be easier to have a dedicated computer to run your security tests from. However, doing everything on one system increases efficiency when you need to be mobile and share files between the host and virtualized systems. Plus, it gives you an excuse to invest in a high-end  laptop that you may not be able to justify otherwise.

Kevin Beaver is an independent information security consultant, keynote speaker, and expert witness with Principle Logic, LLC and a contributor to the IT Watch Blog.


May 18, 2010  8:40 AM

The Art of Virtual Storage

Kevin Beaver Guest Author Profile: Guest Author

Today’s guest post is from Graeme Elliott, a Sydney-based Storage Architect for a large financial firm and leader of the Sydney Tivoli Storage Users Group. Elliott will be starting his own blog on IT Knowledge Exchange shortly, to be titled The Art of Storage.

Virtual Storage is the “art” of moving the “smarts” (Mirroring, Snapshots, Replication etc.)  from a standard storage array’s controller and placing them into an appliance. This appliance is placed in the data path between the Host and the Storage Array. Even though these virtual appliances are in path there is generally only a  minimal performance hit and in some cases, a performance boost due to the appliance’s caching algorithms.

The storage from the backend storage array is now presented to the virtual appliance just like any other host.  The virtual appliance can further carve up or merge this storage as desired into “virtual disks” that can be allocated to your hosts. From the Hosts’ perspective, these virtual disks are just like any other disk.

The advantages of doing this are tremendous.

  • All that you need to worry about when acquiring storage arrays is storage and performance (no smarts required)
  • Span “virtual disks” across multiple arrays or Raid Groups
  • Only need to the use the host drivers for the Virtual Appliance, not for the specific storage array vendor
  • Storage from arrays can be placed in pools on the Virtual Appliance allowing for a tiered approach to allocations

Another major benefit of these “virtual appliances” -and one that in my experience usually drives the initial purchase-is the data migration features offered. Being able to migrate data between storage arrays while the host is online is highly beneficial in most organizations when it comes time to lifecycle a storage array.

In my “ideal” storage environment, I would have a virtual storage appliance between all hosts and their storage. This provides a consistent and fast method for storage administrators to provision storage while also providing a consistent presentation of this storage to the hosts no matter what backend storage vendor or storage array model is used.

There are always downsides for technologies like this and virtual storage is no different. Troubleshooting performance is more complex as host data can now reside across multiple backend storage array Raid Groups and LUNs, spread across multiple storage arrays or be shared with other hosts on a backend LUN.


May 17, 2010  3:02 PM

The Mystery of the Russian Server Room (PLUS a Server Room Hall of Shame Slideshow!)

Michael Morisy Michael Morisy Profile: Michael Morisy

A week ago, after coming across some rather graphic server room pictures (SFW unless your office believes in the sanctity of server equipment), I asked the community for its favorite server room DIY or horror stories, promising the winner fame and fortune (or at least some free swag). Well, we have a winner: IT Knowledge Exchange member Batye’s tale of a Russian server room that might’ve stumped the Hardy Boys. As thanks, we shipped Batye free copies of:

And below, our retelling of Batye’s chilling tale, plus a server room Hall of Shame slideshow!
MOSCOW – IT was six years ago when Batye’s brother asked him for a quick favor: His Russian friend’s servers were acting up. Everything would work fine and as expected and then, inexplicably, they couldn’t ping one of the machines. A few hours later, however, the server would mysteriously come back, reset.

This went out without any apparent cause: Total breakdown in communication, only to return again later. It wasn’t a virus, and all the hardware seemed to be fully functional, until it completely disappeared.

The facility was quite modern: Secure parking, video security, armed guards with AKM’s and Saigas. The office even required passing a facial recognition scan to access the facilities. After having a specialized name badge made up, complete with his photo and a unique barcode, he was given access to the server room, the epicenter of the irregular crashes.

The scene made our leaked server room pics look like a networking Taj Mahal: The server room was a refinished washroom/utility closet. Nobody had bothered to put in server racks, leaving the high-end equipment and air conditioner to sit directly on the floor amid moldy walls and leaky pipes.

The problem quickly became apparent: Anytime someone flushed the toilet, water (one prays) from the leaking pipes got on the UPS. The UPS’ surge protection would kick in, automatically powering itself down along with the servers connected to it, hence the disappearing pings.

A few hours later, the air conditioner would dry up the flushed water and the UPS would reset itself, and all would be more or less right with the world again – until someone else needed to go.

Blame the setup on new fangled IT theories: The server room was managed by a 17-year-old kid, the son of one of the company’s executives.


May 14, 2010  11:00 AM

IT Twitter Top 10: Virtualization Edition

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

If you want some 140-character goodness all about virtualization, check out these accounts to keep track of what’s going on.

1. @virtnews: Get the latest news on virtualization software from the top virtualization blogs across the internet including VMware, SearchServerVirtualization, and Virtualization.com, conveniently organized on their webpartner site.

2. @VMware: Receive updates on events, products, and troubleshooting.

3. @vmwarecares: Ask your questions about VMware and get answers from the community and experts. Their profile boasts “human assistance”; can’t beat that!

4. @SMBVirtualization: Everything you could possibly need aside from the hardware, this feed is chockfull of white papers, blog posts, videos and instructional material geared specifically toward small- to medium-sized businesses.

5. @ServerVirt_TT: Get the best server virtualization info from the site editor of SearchServerVirtualization.com, Colin Steele.

6. @brianmadden: He’s a virtualization blogger providing updates on virtualization software and services as well as links to his latest blog posts.

7. @govirtual: Virtualization.info’s official Twitter account.

8. @scott_lowe: He’s an IT professional who specializes in virtualization and VMWare who’s very active with his followers. Send him a question!

9. @ThatFridgeGuy: Rod Gabriel sends out bite-sized insights on the IT world.

10. @stevie_chambers: If you can’t get enough of his equally entertaining and informative website, check out his tweets.

Then of course, there’s always us: Follow ITKE on Twitter for a new IT relevant topic each month. Who are some of your favorite virtualization pros to follow on Twitter? Let us know in the comments section!

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


May 13, 2010  8:49 AM

Supercharging your flash drive with VMWare ESXi

Michael Morisy Michael Morisy Profile: Michael Morisy

While VMWare’s slimmed down, bare-metal server virtualization product ESXi has caused some amount of consternation among certain fans of the Linux console that its older, slightly heftier brother ESX offers, the lightened requirements have allowed some pretty cool virtualization tricks, as SearchServerVirtualization’s Alex Barrett reported:

IT professionals on virtualization’s bleeding edge have begun to experiment with a new method of deploying a hypervisor to a server: installing a slimmed-down hypervisor such as VMware ESXi on a USB flash drive or secure digital (SD) card.

“People will need to get used to a more ESXi way of doing things,” said Simon Seagrave, the author of the virtualization TechHead blog. He uses the slimmed-down ESXi in his home lab and has grown fond of it.

Virtual-environment-on-a-stick! If you want to play along at home, VMInfo offers a handy, full-color PDF guide (Warning: PDF) while the popular virtualization blog Yellow-Bricks offers a handy guide that breaks down putting VMWare onto a USB drive into 13 (relatively) easy steps.


May 12, 2010  9:37 AM

Your Guide to Virtualization Blogs

Michael Morisy Melanie Yarbrough Profile: MelanieYarbrough

Aside from simply sounding cool, virtualization is the most efficient way to, well, be efficient: Server virtualization cuts down on how many servers you have laying around, desktop virtualization can cut helpdesk overhead and network virtualization helps keep it all organized without the messy wires getting in the way. Interested in having your cake and eating it too? Then check out these helpful blogs. Care to share your own virtualization goodies? Let us know in the IT Knowledge Exchange forums and hear where other IT professionals get their news, or e-mail me directly and we can add your suggestions to our list.

From the Inside: Editorial & User Blogs

  • Search Server Virtualization: Search Server Virtualization editors outline how industry changes and announcements affect how your company uses virtualization.
  • Virtualization Pro: SearchVMWare editors provide the grittier bits of the business side along with resources you need to check out.
  • Irregular Expressions: User Dan O’Connor reveals vulnerabilities and exploits while sharing virtualization tips and tricks.

From the Outside

  • VMBlog: David Marshall keeps track of all things virtualization so you don’t have to.
  • Virtualization.Info: Virtualization news headlines compiled and explained in one place.
  • AMD’s Virtualization Blog: Best practices for products and services offered by AMD.
  • Scott Lowe’s Blog: Contributor to SearchVMware and SearchServerVirtualization, here he blogs about his personal and professional IT experiences, focusing on virtualization, storage and servers.
  • Virtual Lifestyle: Joep Piscaer has the virtual cred to back him up; he’s received the highest of recognitions from VMware for his work.
  • Virtualize: Martijn Lohmeijer takes us through the steps of implementing VMWare Virtual Infrastructure. Learn what to expect and avoid from his firsthand experience.

Tired of reading? Get weekly updates podcast-style from the team at Search Server Virtualization or watch some (Virtualization) TV that won’t rot your brain.

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.


May 11, 2010  10:16 AM

Photocopiers: The latest threat to data security?

Michael Morisy Michael Morisy Profile: Michael Morisy

This came out in April, but I missed it until it came through over the NAISG  mailing list: CBS did a nice investigative piece on how much confidential, legally protected information was set free via unwiped copy machines, many of which keep copies of all the copies they’ve ever made, easily accessible by secondary-market buyers with the right technical know-how.
[kml_flashembed movie="http://www.youtube.com/v/iC38D5am7go" width="425" height="350" wmode="transparent" /]


May 10, 2010  6:07 PM

FDCServers responds: Pics don’t represent our data center, come and see for yourself!

Michael Morisy Michael Morisy Profile: Michael Morisy

Peter from FDCServers just left a voicemail response to the IT Watch Blog’s questions about the alleged pictures circulating of FDCServers’ server environment, saying that yes, the pictures were of FDCServers’ servers, but most of them weren’t from the colocated data center they host, but rather the NOC and repair centers where FDCServers fixes up whatever ails your favorite boxen. Furthermore, he said the pictures were taken by a competitor, which would obviously imply some ulterior motives.

Don’t believe him? Go see for yourself: He invited interested customer or potential customers to tour the data center, an invitation that has generally been extended by FDCServers. Interested in taking him up on it? Try asking via their contact page.

The transcription of his full voicemail:

Hi Michael, this is Peter at FDCServers. You left a voicemail asking about the pictures that are circulating the Internet that are supposed to represent our data center. Some of them, some of them are not. Some of them are, some of them are not. Basically does pictures were taken by person that works for a competitor. Most of the pictures that he snapped are actually parts and machines that are sitting in our work benches or workshops in the NOC area where our guys basically repair servers. All of our data centers are actually accessible for tours, so obviously if that was the true state of our facilities then nobody would be hosting with us. On the contrary, the Chicago warehouse over 6,000 servers and our Chicago facility is sold out due to demand. As you can imagine just for the fact that those pictures are taken by somebody who works for a competitor, they were taken out of context and they do not represent you know the state of our facility. There was a picture of some ducked tape drives was a machine that a customer sent over and those drives were sitting on a workbench, and those pictures were not of working environment of FDCServers. As I said, anybody is welcome to come take a tour to see for themselves to see if those pictures represent the true state of our facility or not. If you have any other questions feel free to give me a call at [redacted]. Thanks a lot. Have a nice day.


May 10, 2010  10:34 AM

FDCServers’ colocation data center gives new life to the term “boxen”

Michael Morisy Michael Morisy Profile: Michael Morisy

Update: FDCServers responds, saying a) yes, those pictures are of servers in our building; b) they are of our NOC and our repair center, and are not in production environment; c) they were taken by a competitor. Read the full response here.

Mike Bailey (real name or nom de plum?) writes that he got to take an inside tour of FDCServers‘ Chicago datacenter, and has posted some server porn pictures sure to shock, horrify and/or amuse:

I went to the FDC Datacenter around the end of October after my friend who has a colocated server there asked me to help bring it back online. Not a dedicated server, a colocated server. It had been down for roughly 10 hours, and FDC’s technicians had no idea what was wrong with it. The machine wouldn’t post, and the fdc techs insisted my friend (who lives several states away) would need to supply replacement hardware to get the machine to post. After talking to him for several hours, and assuming fdc’s techs themselves were right, my friend insisted that he would pay me to go to the datacenter and troubleshoot the issue.

The problem turned out to be a busted PCI-E bus, but the colocation facility hosted servers holding the power supply in with ducktape, ports completely askew and some downright bushy wiring. I called FDCServers to see if they’d confirm it was, indeed, their location, but they haven’t returned my message yet.

They do, however, host their own gallery of data center pictures, which show a generally more organized side of things:

So are cardboard cases standard operating procedure for colocation facilities? Have you seen your own data center hacks that trump these? Shouldn’t someone call the fire marshal? I’d love to hear your thoughts on these pressing questions at Michael@ITKnowledgeExchange.com: I’ll happily keep your information private if requested, and we’ve got a free T-Shirt for the best data center hack we come across.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: