Astaro Smart Installer is a blank thumb drive onto which administrators can download system images for individual Astaro products. A server will then recognize the drive as a CD with system images to integrate into a graphical user interface. The system saves time and money otherwise used ordering or creating CDs to upgrade new or broken applications.
Like version 1.3, Astaro Command Center version 1.4 details the health of each system device, enabling administrators to see which gateways require immediate attention or action (by threat level, license, or CPU/memory/disk usage).
Astaro 1.4 differs in that it divides security administration access into two levels: that for managers and that for unit managers. Managers can oversee system security from a centralized point and also grant or restrict each unit from access to data outside itself.
Changes to Astaro Security Gateway include improved email security and a switch in database management from MySQL to PostgreSQL.
During the week of LinuxWorld, Johnnie Konstantas, a marketing VP at Varonis Systems, a data governance software provider, talks about the company’s release of DatAdvantage and approaches to data governance within a company.
What does DatAdvantage do?
Johnnie Konstantas: The focus … was to automate user-to-data mapping such that only the right users have access to only the data they need at all times. A sophisticated mathematical engine computes permissions revocations so that user access to data is always warranted by business need. DatAdvantage also ensures that data use is business warranted by providing the means to continuously monitor what users are doing with the permissions they have. DatAdvantage logs every user’s every “file touch” (i.e., open, delete, create, rename) and provides this information as part of a consolidated and searchable record.
Why is data governance so important, even more so than it was five years ago?
Konstantas: IT managers are currently responsible for controlling access to business-critical and sensitive data — 80% of which takes an unstructured form (i.e., documents, spreadsheets, presentations, image and multimedia files, source code). A system of data governance that includes people, processes and technology for ensuring that access is warranted is the only way to implement access controls that are consistently applied and enforced through data growth and change. The rate at which unstructured data is created outpaces that of five years ago. Digital images from scanners and cameras, portable audio files, podcasting and Web content are being added to the scores of documents and spreadsheets that are produced for business communication. All of this now “business relevant” data must be protected, and access to it controlled as it is for documents and software code. In the next three years, the rate of data creation will increase still.
What trends has Varonis seen in data access rights within a company?
Konstantas: As a general trend, companies are seeing the need for unstructured data management become more acute as data growth explodes. IT operations are turning to Varonis to automate a process which is largely manual and quite costly. The steps taken for data management auditing and control for unstructured data are being rolled into the thinking, models and projects for overall data governance.
How should a company think about data governance to make the most of DatAdvantage?
Konstantas: Since most enterprises have not reviewed their data entitlement settings in some time (the process is almost impossible without Varonis which automates it), step one is to have IT review and clean up unwanted access controls. Then the data management shift from IT staff to data stewards can take place. A good governance environment has a specialized team in charge of entitlement management, but also involves IT in auditing the process.
How does data governance overlap with data security? How does DatAdvantage differ from data center security software?
Konstantas: Data governance as a model and framework includes the safeguarding of data that is business-sensitive. IT greatly reduces the risk of data loss and misuse by revoking unwarranted permissions and limiting control according to a business’s need-to-know. Data governance comprises much more than security, however; it ensures that data stewards rather than IT staff manage entitlements to data and determine which data is worthy of archiving, deleting, preserving and protecting. The two products in Varonis’ data governance suite provide the means to both manage entitlement to and determine treatment of data. DatAdvantage helps IT remove excess permissions and identify data business owners. Varonis DataPrivilege puts data stewards in charge of their data by giving them the means to manage all entitlement requests and to audit data use.
Ganglia, community partner to GroundWork Open Source, releases cluster monitoring product Ganglia 3.1 at LinuxWorld Conference & Expo this week in San Francisco. Ganglia is a distributed monitoring system for high-performance computing systems such as clusters and grids. The central feature of Gangila 3.1 is that it allows administrators to create customized “metric modules.” Admins can create a module from metrics for CPU, network, disk and memory that they select à la carte, allowing for a tailored monitoring environment.
“I would hope that [Ganglia 3.1] changes business practices for the better, making clusters easier to use and more expandable,” said Ganglia developer Brad Nicholes. “We want to make sure that whoever needs to monitor data has the resources they need to do so.”
Previously, an administrator could create a metric module but could not integrate it into the Ganglia interface.Ganglia 3.1 allows an administrator to expand a cluster by adding custom metric modules on an as-needed basis. Ganglia 3.1 uses the round-robin scheduling algorithm, which enables admins to tailor the collected data to company’s needs.
Nicholes noted that it is important to upgrade all gmon agents, tools which allow a GUI to “talk” to the various components of a cluster, at the same time.
If you would like to use Ganglia with GroundWork Open Source’s GroundWork Monitor, GroundWork offers a Ganglia Integration Module that allows Monitor to provide multiple role status views, dashboards, reports, notifications and configuration tools.
Software company Splunk creates products that aid companies primarily in log file management – collecting information about the data in their systems and continuously reporting it back. At this year’s LinuxWorld Conference & Expo, Splunk will highlight several further-reaching data management products: Splunk for Virtual Server Management, Splunk for Change Management and Splunk for Server Management.
The products, in providing fuller access to information about what and how your system is doing, promise to make system management more practical and security maintenance more immediate.
The products being released this week at LinuxWorld integrate log file management with a variety of other tasks. They can simultaneously manage log files and collect and manage messages, traps and alerts as well as statistics from all system areas.
As one administrator commented on the blog of Splunk CEO Michael Baum, “Log file management is DEAD.” It is becoming just one side of the larger task of system management. For help on configuring Splunk, check out this tip.
San Antonio, Texas-based Trusted Computer Solutions will release a group of security management features next week at LinuxWorld Conference & Expo that will perform pre-packaged assessments and configuration procedures so that IT managers won’t have to do so manually.
Called “lockdown profiles,” these features enable IT managers to quickly assess systems for security and compliance with four distinct sets of security standards: PCI DSS (credit card security standards), JAFAN (Joint Air Force Army Navy), DCID (Director of Central Intelligence Directive) 6/3, and CIP (Critical Infrastructure Protection). The four profiles are an addition to the company’s product Security Blanket Enterprise Edition.
They are also the most recent in a series of releases from TCS in the past year. The LinuxWorld release of Security Blanket Enterprise Edition will also be able to take snapshots of system security configuration and then provide those snapshots for simplified comparison to previous configurations.
I was relaxing, reading personal email on a leisurely Sunday afternoon when a note from a long-lost friend brought work, and Linux, front and center. The friend, from whom I hadn’t heard in years, reported that her husband, frustrated beyond belief with Microsoft Vista, just bought a new laptop specifically to test-drive Linux. “Which operating system?” I had to know. “Ubuntu,” she responded in a follow-up email. “We want to be ready to abandon ship when the next Microsoft OS comes out … or seriously consider jumping overboard.”
How can Microsoft be so kludgy as to create an operating system so bad that users race back to the previous OS (Windows XP), and Microsoft’s response is to discontinue support for XP? she asked.
“James [her husband] is learning to use Ubuntu. Actually he’s still learning to install it,” our friend writes. “So far, it recognizes that we have a printer but not that it ought to run it.”
As James struggles to learn Ubuntu, he keeps reminding himself that Vista “is a flaccid, overstuffed OS that has crashed in the middle of every task he’s tried to do. [Microsoft] will be lucky if the whole planet doesn’t go Mac and Linux.”
I’ll bet there are many Penguin fans out there who would be happy to help our North Carolina friend. Anyone?
The U.S. Navy’s cancelation of its $20 billion Zumwalt destroyer contract last week because of a 50% price hike is disappointing for the Linux community and surely must be for IBM The Armonk, N.Y.-based computer company developed Java-based, real-time capabilities to the Linux kernel specifically for the Zumwalt to ensure that all shipboard systems will run with precision timing, particularly battle systems. The Zumwalt’s unified computing system, developed by general contractor Raytheon Co.. in Waltham, Mass., runs on an IBM BladeCenter and IBM x86 servers on Red Hat Enterprise Linux.
Since the 2005-2006 Navy design undertaking, IBM has incorporated its technology in IBM WebSphere Real Time, a computing environment for running real-time Linux applications, and recently won an innovation award for its real-time kernel project at this year’s Red Hat Summit.
Now, after the completion of only two destroyers, the contract has been aborted, which surely means a hefty chunk of lost hardware sales for IBM but, more significantly, a step backward for shipboard computing technology, in general, and Linux in particular.
IBM spokesman Mike Darcy said he didn’t know the impact of cancelation on future IBM revenues but said that IBM will continue to work with other customers, defense and financial sectors among them, as interest “continues to grow” in real-time Linux operations.
“Real-time Linux will continue,” Darcy said. “This [the Zumwalt project] is a great showcase for Linux technology.”
Raytheon spokesman Jonathan Kasle agreed.
“We don’t believe the Navy can afford to put old technologies onto any ships,” he told the Boston Globe last week. “Zumwalt technologies advance mission capabilities to address current and evolving threats and support … lower ship personnel levels and lower operating costs. These technologies can be leveraged for future or existing ships.”
According to Darcy’s general reference to current “defense” customers, it appears that the military is already doing so. Let’s hope so. Reverting to old technology on new Navy ships is not the way to go.
Package management—the process of determining which update packages should be installed on a host and then downloading and installing those package—invites a dilemma : OSes need to updated, but the process of updating them can invite security breaches.
A recent study at the University of Arizona explored nine feasible attacks on the popular package managers APT and YUM. As part of their research, the study’s conductors posed as a group of administrators from a nonexistent company and leased a server from a hosting provider. Thousands of clients, including government agencies, downloaded upgrades, which prompted their operating systems to endlessly replicate data, misidentify dependencies, and install unnecessary software. It also left these clients vulnerable to other attacks on their systems, including hackers gaining root access to OSes, system crashes and erased files . Researchers concluded that many public storage spaces for upgrade downloads are in fact maliciously established “mirrors,” or software repositories , that have become infected with sources of attack. You can prevent most of these issues by downloading from only signed metadata repositories, the study counseled. A signature verifies that the repository was created benevolently.
Protecting against mirror threats
In response, readers suggested a number of additional ways to protect a package manager from such threats.
- An OpenSUSE page suggested its internally developed tool, download redirector.
- One blogger wrote that the risks posed by infected repositories are not great enough to merit changes to package manager security.
- Another acknowledged the risk and argued that simply allowing the number of open source package manager products available to increase will maintain or improve current open source package manager security.
- A Gentoo administrator promoted rotating mirrors to ensure security.
Package manager security, as pointed out by this report, is crucial to the success of your operating system. With the present drive for continuous upgrades for your data center, you may feel pressure to download from the most accessible source available. Don’t: the risk of downloading insecure software is greater than the time it will take to check out the above links.
For more on package managers, check out these links: How to manage software on Ubuntu Server with “aptitude” and “apt-get”
Managing Software on Ubuntu Server Edition
This probably comes as no surprise to faithful Enterprise Linux Log readers, but the use of open source software grew at a whopping 55% a year. No kidding. That figure is courtesy of a study by well-known Linux author and consultant Bernard Golden, CEO of San Carlos, Calif.-based Navica Inc. for O’Reilly Media and released this week during the ongoing OSCON convention in Portland, Ore.
The 47-page Open Source in the Enterprise report based its growth SourceForge.net’s estimates on the number of open source software downloads, which, according to the site, grew from 12,500 to nearly 200,000 between 2000 and 2007 and are predicted to grow to 1 billion or more annually over the next year or two, according to the report.
Although admittedly imprecise, another growth indicator is an estimate that open source skills are requested in 5% to 15% of open IT jobs. According to a federal government study, 2.3% of jobs in large enterprises are IT related and 1.3% or more than half of all IT jobs involve open source to some extent, although both totals are higher than average in technology companies, the study concluded.
The O’Reilly Media report also found that, although only about half of the businesses queried knew they were using open source software in the enterprise, in fact, nearly all of them were using open source products in one form or another, sparking the need for an action plan to deal with it, the report said.
Despite company concerns that open source is risky without vendor support, open source use has grown because of its relative low cost, easy access and great licensing terms, all of which add up to a compelling value proposition, Golden wrote.
There are six key drivers for open source adoption including agility and scalability, breaking vendor lock-in, quality, security, low cost, national sovereignty/independence issues and innovation, he said.
Open source drivers
To cite a few examples, San Francisco-based Coverity Inc. found the Linux kernel averaged 0.17 bugs per thousand lines of code compared wwith a Carnegie Mellon study that detected 30 to 40 bugs per thousand in commercial software.
Open source also fosters innovation by spreading the cost of research and development and enlisting assistance from the broader open source community. For example, JP Morgan Chase began work on what is now called Advanced Messaging Queuing Protocol (AMQP) with the goal of speeding transaction processing times for financial institutions but decided to open the project to others and forgo intellectual property rights in order to save development and software costs.
Available for download from the O’Reilly Web site, the report is probably more helpful to a company considering open source adoption rather than one than is an open source evangelist. The only thing is: a billion downloads from SourceForge by this year or next? Seems like a stretch to me. And, by the way, the report may be downloadable and concern open source — but it’s not free.
“You are a brand,” Steve Yegge, technology prodigy and renowned industry blogger, told listeners in a podcast on software marketing last July. Yegge stressed that branding is essential for open source technologies that strive to compete with Microsoft and other proprietary vendors.
Corporate software vendors like Microsoft have been all over the branding game for a while, but open source vendors have been slower to embrace dogmatic self-promotion.
There is still a gap between IT consumers’ perceptions of open source software and the ideological fuel driving the work of its developers. Corporations are hesitant to weaken their brand appeal by associating their software with open source.
As pointed out in a recent article on customer relationship management software branding, the danger for open source in this environment is that it’s a buyer’s, rather than a seller’s, market. The saying “If you build it, they will come,” doesn’t hold anymore, says Yegge.
Open source’s next big move will not be the decision on whether to go commercial. Rather, it will be its ability to produce an identity that buyers — ideological and commercial — can brand as a positive thing.