January, 2009

The Super Bowl and server virtualization: Don’t drop the ball!

Are you ready for some server virtualization? This year, the Super Bowl will be running on one of IBM’s smallest systems, the BladeCenter S. The system will support security and credentialing for 60,000 temporary employees and approximately 11,000 attending members of the media who have converged on Tampa Bay, where the Pittsburgh Steelers play the Arizona Cardinals on Sunday in Super Bowl XLIII.

The technology won’t be very visible to the 70,000 patrons expected on-site or viewing virtually, although one NFL IT executive said it will improve BlackBerry service. “The executives using their BlackBerrys will have an efficient and reliable connection” said said Jeff Huffman, IT manager for the New Orleans Saints.

The Saints, although not playing in the Super Bowl this year, are the NFL’s top pick for experimenting with the BladeCenter S in their small IT department of four. All 32 NFL teams plan to move to the system as their servers reach end of life. “We needed more reliability, we needed to be running better and faster. If Drew Brees wants his paycheck, he wants his paycheck — we couldn’t have server downtime,” Huffman told me today.

Even as professional football heats up this weekend, the teams will find cooling benefits in the blade technology. Huffman’s data center is a “converted conference room,” so condensing and modernizing equipment is crucial. “We’ve cut our servers down from 16 to one, so we aren’t using nearly as much electricity to cool them as we were before,” Huffman said.

So what kind of a Sunday victory will have Huffman hot under the collar? A Pittsburgh native, he’s a Steelers fan.

Heartland ‘low and slow’ data breach not likely at SMBs?

Reporters hear this a lot when it comes to SMB security: The security risks facing small and medium-sized businesses (SMBs) are often identical to those at big companies, only different in scale. The spam and viruses coming through email are as much a plague on SMBs as they are on the big guys. Ditto for worms and bots.

But the malware that surreptitiously burrowed into Heartland Payments Systems Inc. months ago and was just now discovered to have stolen a massive amount of credit and debit card data?

“I don’t think that would happen at an SMB,” says Rick Caccia, a VP of product marketing at security vendor ArcSight Inc. SMBs see their share of “smash and grab” attacks, where some malware breaks through a firewall and steals a bunch of information or infects a bunch of computers. “It’s a big pain for awhile, but then you clean up afterwards.”

But the type of “low and slow” attack perpetrated on Heartland, where intruders plant a bit of malware that quietly collects information, wakes up and spits back credit card numbers to some domain, is not a top risk item for SMBs, contends Caccia, who ran the email and security products for SMBs and large companies at Symantec prior to joining ArcSight.

Never say never, says Caccia, but size matters in data breaches. “That’s a kind of attack you wouldn’t put in a law firm. You’re going to get like, 50 credit card numbers.” Where’s the criminal return on investment? In contrast, Heartland processes more than 100 million credit card transactions per month.
But there is a “low and slow” attack that SMBs do need to worry about, he says.

“The [Heartland] attack is similar to these botnet infections where users go to a bad website and pick up a new bot.” Like the low-and-slow attacks, the bots are hard to catch, says Caccia.

“They just don’t send much traffic, so the antivirus vendors can’t create signatures for them. They sort of lay there quietly, wake up and spit out some spam,” he said.

The data breaches most likely to affect SMBs, he contends, bubble up from within, from malicious or ignorant users accessing data they shouldn’t.

“Despite the flash, I am not sure all these credit card harvesting [schemes] are actually something they have to worry about,” Caccia says.

Do you agree that you don’t have to worry about the Heartland-type data breach? Do you go after bots — and if so, how is it part of your SMB security strategy?

Hyper-V update: Yes, it works with Linux

The Hyper-V experiment continues. My three Server 2008 VMs are extremely stable — no crashes at all, nine days continuous running. I made a number of restarts to address various upgrades and all three VMs came back automatically. Am also using a VM to test Windows 7, and no problems there either.

Now addressing how well Hyper-V handles Linux. Ubuntu 7.1 desktop installed with no problems at all, although still working on networking. My Linux skills are pitiful, so I draw no conclusions yet about whether the networking issues are related to Hyper-V or user error. Perhaps I’ll have to install the Unix services roll on the base server. Am also installing a more recent version, 8.1, and will probably throw a Linux server up there, too. From a CPU and disk perspective, no problem — this machine still has a gear or two on the upside.

I am running out of memory, however, now that I have 6 VMs on this 8GB machine. The culprit: SQL Server on the base machine. Why did I install that? I’ve been trying to get System Center Essentials (SCE) on to the base machine and that requires SQL Server. This is a very tangled web Microsoft has woven: you need SQL Server and Windows Server Update Services to run SCE. SQL Server, no big deal; WSUS, something of a project, as it involves Group Policy. So far I haven’t gotten SCE to install and may abandon the whole project.

It does point out an interesting conundrum: Hyper-V manager manages memory for VMs. Is it more efficient than the base OS is? In other words, if SQL Server were running in a VM, would it be using as much memory? Sounds like my next experiment.

Shut up and tweet: Finding the business benefits of Twitter

I’ve succumbed to the call of the “tweet.” In the Web 2.0 checklist of the best, I can add Twitter to the short list with the likes of Facebook, LinkedIn and Yammer. And although the novelty still lingers, the whole thing seems like a lot of work. But is this constant connectivity beneficial in the business world?

Many execs are unsure about Twitter (what are the business benefits? Is it too time-consuming? Is it actually effective?). Further, with ROI more important than ever, the inability to measure Twitter’s influence and success is unsettling. Without a way to track ROI, how can anyone justify spending time throwing around status updates?

From a companywide perspective, the thought of being in constant contact with your peers and colleagues is attractive – but only if everyone is using it. If it’s just you and your five closest work buds in a Yammer social circle, where’s the business value in that? Shouldn’t this be about connecting with people you wouldn’t normally get the chance to share ideas with? But if the entire company connects and shares insight and ideas – well, then we may be on to something.

The Twitter turn-on for me was the spider-web effect. If I can follow a certain number of knowledgeable, credible people in my field (and get them to follow me) I’m exposed to their followers, possibly their followers’ followers and so on. So now, rather than just asking my team of co-workers if they know of a CIO with a PMO I can tap for article insight, I can tweet about it. With the right followers (and a little luck), I can find a CIO directly who wants to talk about PMOs. I can find out what people are saying about it, test the waters for interest levels, make connections – all in 140 characters or less. But, again, that’s with the right followers, and finding them can be tricky.

For now, I’m embarking on a Twitter trial (a Twial?) to weigh the business benefits. I invite you to follow me and share your thoughts on Twitter (or below): a beneficial trend?

Is a Windows 7 migration inevitable for XP users?

So Windows 7 is out in beta. My colleague Mark Schlack took it for a test drive and wasn’t impressed (see Windows 7migration: First thoughts). Yet at some point, if you’re still a Windows XP user, you’re probably going to have to plan a Windows 7 migration, unless you decide to start now and go for Vista (Win7 won’t be out before the end of the year, at the soonest). Windows XP support starts to wane in April, and by 2014 it ends entirely. Gartner recommends you make your switch by 2012.

Now some XP users told our reporter Christina Torode that they’re sitting tight (see Windows XP users weigh dwindling support vs. Windows 7 migration). Some expect Microsoft will extend those Windows XP support deadlines due to customer pressure. I’ve certainly met many more midmarket CIOs who remain with XP than those who have gone through a Vista migration. Very few see anything worth migrating for.

Yet if Microsoft sunsets XP as planned, they’ll all have some re-engineering to do. Windows 7 is built on the same kernel as Vista, so if your apps won’t work on Vista, you’ve only bought yourself some time, not a pass on re-engineering. Unless, of course, you are going to explore some Microsoft alternatives.

So XP users, unite: Are you going to clamor for extended support? Plan for a Windows 7 migration now? Start to work in Vista machines as you upgrade your hardware, as one analyst recommends in our article on migration tips? Go Linux? Let’s discuss.

Should midmarket companies have one virtualization environment?

A lot of budget-strapped CIOs are going to be telling their systems and storage directors to take another look at consolidation this year. These days, consolidation means virtualization. Only recently, that mainly meant VMware ESX. That is still the weapon of choice for many reasons, but suddenly Microsoft actually has a competitive product.

After a pretty feeble offering with Virtual Server 2005, Microsoft went the hypervisor route and now offers that as a built-in feature (excuse me, a “role”) on Server 2008 Enterprise Edition. Make that your base install and you can then put any version of Windows and some versions of Linux in VMs on the same box. I’ve been playing with it on a quad-core AMD box with 8 gigs of memory and hey, it actually works! Two years ago, Hyper-V vs. ESX was a silly conversation about marketing. Now you can actually start to compare them and make decisions about how to use them.

In my case, I put three guests (a domain controller, a file server and one just idling while I figure out System Center Essentials) on Hyper-V without the box breaking a sweat. More to the point, I didn’t break a sweat, either. Even a non-MCSE guy like me could do it. No muss, no fuss. If you have admins who can install and configure Windows Server, they can work this.

There are a lot of holes in the Hyper-V story. As of 2009, it’s not going to get you close to a fully dynamic data center. You can’t move VMs around willy-nilly. There aren’t the same kind of admin tools for DR or test/dev labs or many other of the niceties that VMware and many third parties now have.

Pricewise, it might not be that big a bargain, either. Enterprise Edition can run you as much as $3,999, which isn’t very different than buying VMware VI3 and one copy of Server 2008 Standard. The devil will be in the details of your volume purchase agreements as far as that goes – depending on the support agreements, VMware could actually cost less. Eric Seibert on Server Virtualization Blog recently remarked that the many differences between the products makes comparing them, especially from a cost point of view, an apples-to-carrots comparison.

As for performance, I haven’t seen any face-offs yet between Hyper-V and Server 2008. But if you’re trying to quickly collapse a lot of low-effort servers, maybe you don’t care about the ultimate in benchmark scores.

So it comes back to what it often does when choosing between Windows and something else: familiarity, integration and ease of use. In midmarket companies, you can’t always afford overspecialized IT staff. Maybe you don’t have budget or headcount for VMware specialists. Maybe you’d rather use your existing ESX licenses for more hard-core uses like email and ERP. Maybe you want to use similar tools to manage your physical and virtual servers.

The point is, CIOs will want to take a close look at the tradeoff between having one virtual environment (whether that’s Microsoft or VMware) or tiering their virtual environments. And finally, they have a reason to do that.