It’s always fun to get new things, but before you go plugging all those enterprise holiday gifts into your data center, be sure you have them optimized for security. Server hardening is essentially creating a security baseline before introducing new machines that haven’t been configured with security as a priority to the mix. IT Knowledge Exchange recently moved its servers from hosted to in-house, replacing all of our hardware with brand new servers, so this is a subject we’ve been dealing with firsthand. After moving our infrastructure to our Tier1 data center and adding some redundancy, we were curious as to what our users are doing in their own data centers. We asked our members and here’s what we got:
In the aftermath of the latest installment of the WikiLeaks saga, at least one company is coming out clean and happy: TeleCommunication Systems Inc., a provider of military-grade technology, was awarded a $49M contract with the Department of Defense. The Mission: Provide technology training to the government’s cyber security workforce. (Can anyone cough and simultaneously say, “After the fact”?)
The partnership with the DoD comes directly from the higher-ups, with support from Obama’s government workforce development effort and Cyber Security Coordinator Howard Schmidt backing the deal. Part of the five-year contract, which includes five option periods, is TCS’s Art of Exploitation University program, launched in May. The Annapolis-based company’s AoE University has already enrolled 1,500 students since its launch, teaching the gamut from computer network security, information assurance, network defense, penetration testing, forensics analysis to cyber intelligence. Hopefully the hands-on learning and real-life simulations will include the proper response to burning Lady Gaga CDs?
As 2010 comes barreling to an end, we decided it would be a good idea to take a breath, take a look back, and try and identify the key IT trends coming around the corner at us in 2011. It’s true, 2010 has already been such a huge year in IT: Oracle acquiring Sun, everyone jumping on the tablet bandwagon (Has RIM ever developed a product line so quickly?), the endless Mark Hurd drama … and we have a feeling next year isn’t going to be any quieter. So here’s what we see down the pipe. Have some ideas of your own? Think mine are off? E-mail at Michael@ITKnowledgeExchange.com.
Network security is one of those topics where everyone has an opinion, but there’s no way to know what’s right until you try it. We’ve tried to alleviate the need to frantically practice trial-and-error on every last network security product for the enterprise by polling IT Knowledge Exchange members. And here’s what you had to say: Continued »
While most people fret about the hundreds of dollars now on their credit cards for the holiday season, Juniper has dropped $95M for Altor Networks, a virtualization security vendor. This partnership is preceded by the companies’ previous involvement with one another, providing virtualization services and technology to the enterprise. Mark Bauhaus, executive VP at Juniper Networks, says that the acquisition is part of Juniper’s goal of expanding its data center and cloud security offerings:
[It] will enable customers to deploy a consistent set of security services across their physical and virtual infrastructure, while delivering lower TCO.
This is Juniper’s second acquisition in the past two months, after the $152M acquisition of Wi-Fi vendor Trapeze Networks. The goal is to expand what executive VP of Fabric and Switching Technologies David Yen calls its “end-to-end networking product portfolio.” And it seems that joining forces with Altor is a means to that end, adding introspection technology as well as policy and compliance aspects for the entire enterprise or virtualized data center infrastructure.
With competitors such as VMware and Cisco also creating extensions from physical to virtualized systems, is the acquisition enough for Juniper to keep up?
Following up on our piece explaining how to access certain Marine Corps’ password-protected materials, we received another e-mailed response to a few of our questions which shed a little on the situation. In addition, in a surprisingly transparent move, password protection was completely removed from many of the documents. We should note, however, that while the e-mail below states no documents from after 2005 were available, we found one (unclassified) manual from October 2007.
The e-mail in full below.
WikiLeaks’ data dumps have been called “unprecedented” a number of times in the past few weeks and months, as hundreds of thousands of pages of once internal documents have found their way to the web. Unfortunately, data leakage is nothing new, and has cost millions if not billions over the years in stolen identities, lost revenue and fines. What is new is how the data leakage has been disseminated: Not over shadowy back channels or black markets, but out in the open in the public eye. WikiLeaks now seems poised to give the same treatment to a private company, but even if they weren’t, someone else will or already is using similar attack vectors at major companies around the world. The only difference is that in the WikiLeaks case, the public is made well aware of it after the fact.
Here are some tips to helping minimize possible damage on your own network.
Buy versus Build Dilemma
Users responded with a middle-ground instead: Buy existing unused space and build within. Technochic’s company removed the raised flooring and installed chimney racks. Now they’re able to install racks as they go, saving money on cooling costs and diminishing the initial investment for a new data center space. Labnuke99 had a similar experience finding that happy middle ground; now his company has a personally owned, designed and managed solution without the monthly cost of a data center lease.
Who knew that Goldilocks was about data centers…
So many aspects of operation fall under the data center’s jurisdiction. How do you wrap your head around a task as daunting as designing and developing a data center? IT Knowledge Exchange members didn’t even flinch at this one, instead offering great insight and a spectrum of concerns necessary to creating an efficient data center checklist.
Green is the new black when it comes to data center operations, so be sure to consider how to improve your current cooling costs and methods. Every decisions affects another decision: Your backup methods and policies affect the amount of power your servers need which affects cooling costs. Then there are more fundamental checkpoints such as ensuring that the new data center is compatible with existing hardware and software.
Member BigKat got specific, listing the necessary nitty gritties: Regularly updated list of hardware and software, including model and version numbers and vendors’ contact and contract numbers; procedures for requesting and installing temporary keys to authorize new computers; and an up-to-date list of in-house IT contact information for support.
Rechil and StevenG7 emphasized the importance of KISS: Keep it simple, stupid. Steve lived it:
I was involved in the design of a large “simple” enterprise data center 12 years ago; in 12 years the total downtime (both scheduled & unscheduled) was about one hour. It was replaced by a new “tier 3″-class data center costing 20 times more and 20 times more complex; and it’s 20 times less reliable. (During a t-storm this summer, none of the 3 redundant generators could be started; it took 7 hours to restore power to the floor). It is so needlessly complex that none of the designers or vendors have been able to figure out why it is so unreliable.
Carlosdl was kind enough to compile some great resources from right around ITKnowledgeExchange:
- Common data center setup mistakes
- Basics for Data Center planning
- Data Center Standards
- Building a Data Center from the ground up
- Physical and logical security for new datacenter
- Sun Microsystems Data Center Site Planning Guide (pdf)
- Cisco Data Center Infrastructure 2.5 Design Guide (pdf)
- HIGH PERFORMANCE DATA CENTERS – A Design Guidelines Sourcebook
Vent Session: Data Center Edition
From bosses to lack of foresight, it seems the main hindrance in the data center (and all of IT) is money. Whether you’re building a new data center or managing a well-seasoned one, looking ahead to problems that may snowball will be your best pathway to cost-efficiency.
Still Want More?
Check out these data center pros on Twitter for updates and resources:
@datacenter: Google anything on the data center these days, and chances are you’ll get a handful of links to Data Center Knowledge. Check out Rich Miller on twitter for bite-sized updates on all thing data center.
@DataCenterGuru: Gabe Cole on data center design, development, financing and operations. What more could you ask for in 140-character bits?
@datacenterpulse: For multimedia updates on what’s going on in the data center globally.
@DCThinkTank: Hang out and chat about what’s going on in data center news all over the world and the Internet.
@ecoINSITE: Green data centers are all the rage. Get the latest info and, well, insight.
Or check out some of the lists from @DataCenter for specific groups of data center-related information:
While WikiLeaks has been garnering headlines for leaking tens of thousands of pages of sensitive documents, there’s a quieter internal leaker that has so far gone unnoticed: Google Cache and lax security practices at the United States Marine Corps. Thanks to an anonymous tipster, we discovered dozens of internal documents (and possibly many, many more) available to anyone via the simple Google Query: “site:cio.usmc.mil“.
What the results show are various documents, presentations and other files that are tucked securely away on the United States Marine Corps’s IT servers … unless you click for the Google Cached version which often shows you a complete copy of the spreadsheet, PowerPoint or Word document. Sometimes the Cached version calls on an image still on the military’s secure servers, but simply clicking “Cancel” when prompted for a username and password takes you to the un-redacted documents. It’s basic Google Hacking at its most elementary, and more advanced cyber sleuths might find more.
While we didn’t see any classified or highly sensitive documents in our own searches, we did find:
It’s been a common sight at trade shows for a few years now: The data center in a box, letting the proud owner haul 2000 cores or petabytes of data around the country on a moment’s notice in a utilitarian, affordable package. Sun’s sells them, Microsoft’s got ’em and Intel’s been pushing a data center-in-a-box standard to chop prices and, presumably, stuff more of its chips in them.
Data centers-in-a-box are a nice, tidy package, as Jeremiah Owyang explained when the products first cropped up a few years back:
This first one is the new Sun Data Center in a box, called Project Blackbox seen on 237 in East Palo Alto. This data center is what marketers call a “Solution Sell” when you bundle up services, hardware, software and support and repackage and apply to a business pain. These data centers contain web services, routers, networking equipment, storage, and sometimes remote power. You just plug it in for remote locations, high growth areas, or even for disaster computing needs (if your primary data center goes down, drop one of these in asap).
The products are relatively inexpensive, dependable, predictable and come in the same packaging each time. In other words, a lot like fast food. And like fast food, Continued »