Nanosecond Storage Performance Latencies? Get Ready

Predictable and persistent microsecond storage performance will usher in new possibilities in application development and capabilities in the data center.

In its natural state, nitroglycerin is extremely sensitive to shock and prone to unexpected explosions. Alfred Nobel invented a process to stabilize this volatile compound into a more practical form -- dynamite -- and helped usher in a new era of development by enabling hydropower, oil exploration, transcontinental railroads, and many other innovations of the Industrial Revolution. 

Likewise in the enterprise, the inability of random access memory (RAM) to retain its contents in the event of power loss precluded its use for primary data storage, despite its high performance characteristics. But the enterprise is finding its stabilizing element.

The current generation of Intel Xeon processors are able to support up to 1.5 TB of memory each. In true "virtuous cycle" fashion, VMware recently announced support for up to 12 TB of RAM per host in its flagship product, vSphere 6, to take full advantage. Driven by the possibilities afforded by this trend toward expanding server memory footprints, independent software vendors are making an effort to harness the potential of this resource to increase application performance. However, most attempts up to this point have also significantly affected IT operations and services.

There has been a range of different attempts to solve this problem, with varying results:

• Memory-caching libraries: Implementations using memory-caching libraries are able to use vast amounts of memory to accelerate data. Unfortunately, this method requires the user to change the application, which clearly isn't a walk in the park and limits its reach.
  
• In-memory applications: Some vendors embraced the large memory trend early on and did the heavy lifting for their user bases. Did they solve the volatile nature of memory? Unfortunately not! For example, although SAP HANA is an in-memory database platform, logs have to be written outside the volatile memory structure to provide ACID (atomicity, consistency, isolation, durability) guarantees for the database transactions to be processed reliably. 
  
  In fact, SAP recommends using local storage resources, such as flash, to provide sufficient performance and data protection for these operations. Virtualizing such a platform becomes a challenge as mobility is reduced due to the use of isolated server-side storage resources which impede the operations and clustering services that virtualized data centers have relied on for almost a decade.
  
• Distributed fault tolerance memory (DFTM): Solutions that enable DFTM allow every application in the virtualized data center to benefit from the storage performance potential of RAM with no operational or management overhead.

In many ways, the introduction of DFTM solutions is comparable to the introduction of vSphere High Availability (HA). Before vSphere HA, the architect had to choose between application-level HA capabilities or clustering services such as Veritas Cluster Server or Microsoft Clustering Services with each solution impacting IT operations in their own way.

vSphere HA empowers every virtual machine and every application by providing robust failover capabilities the moment you configure a simple vSphere cluster service. Similarly, DFTM solutions defuse the volatile nature of memory by providing fault tolerant write acceleration, synchronously writing copies of data to acceleration resources on multiple hosts to protect against device or network failure.

The net effect is that you are able to get predictable and persistent microsecond storage performance. Further, with new developments popping up in the industry every day, it is not strange to wonder when we will hit nanosecond latencies for storage performance. When the industry can ponder the possibility of these types of speeds, we can absolutely and fundamentally change what applications expect out of storage infrastructure.

Application developers used to expect storage platforms to only provide performance in the millisecond range. This hindered innovation: Lack of storage performance was perceived as a barrier that prevented code improvement beyond a certain point. For the first time, storage performance is not the bottleneck and, with memory as a server-side acceleration resource, extremely fast storage is affordable.

Now the real question becomes: What if you can have a virtual data center with millions of IOPS available at microsecond latency levels? What would you do with that power? What new type of application would you develop, and what new use cases would it enable? If we can change the core assumption around the storage subsystem and the way it performs, then we can spur a new revolution in application development and open a new, exciting world of possibilities.

IoT Adds New Wrinkle To MDM, BYOD

For the past few years, BYOD and MDM has focused on smartphones and tablets. Now, companies like AirWatch are turning their attention to the Internet of Things.

VR, Smartwatches, Wearables: 8 Cool Gadgets From MWC

(Click image for larger view and slideshow.)

Every year, CIOs and IT managers are confronted with an ever increasing number of mobile devices used by their workers within their enterprises. In addition, these employee-owned devices are used to access, store, and work with corporate data, creating a huge potential for cybertheft.

Now, however, it's not just smartphones. Executives and employees have access to a wide array of tablets, laptops, smartwatches, and Android Wear gadgets, as well as a growing number of devices that can be categorized as the Internet of Things. Mobile Device Management (MDM) has grown to a $2 billion industry in just a few years, and it's expected to grow to $4 billion by 2019.

If you're looking for a leader in this ever expanding industry, my money is on AirWatch. The 12-year-old Atlanta-based company was acquired last year by VMware in a $1.5 billion deal.

AirWatch has found a degree of success in selling its MDM tools to large corporations, governments, security firms, schools, and other organizations eager to better manage mobile devices, including smartphones, tablets, and laptops.

MDM was a hot topic at MWC earlier this month.

(Image: Pablo Valerio)

Most other MDM products come from device manufacturers such as Samsung's Knox, which offers two-way support for AirWatch, and Blackberry. Other software vendors playing in this field include MobileIron and Good Technology.

While in the past few years the challenge was to control the explosion of those mobile devices and the BYOD phenomenon, companies such as AirWatch now see IoT as the biggest management issue for all players in the ecosystem.

Other vendors are trying to capture a piece of this lucrative market, and some are proving successful, but right now AirWatch seems to be king. The company's showing at Mobile World Congress in Barcelona seems to prove that point, especially with a new Google partnership, and the creation of a new group that looks to make applications safer for work and easier for IT to approve.

First, AirWatch and Google announced their partnership at the MWC to bring Android for Work to the AirWatch platform.

Android for Work lets users of smartphones with Android OS 5.0 (Lollipop) have a separate work profile with security, management, and application support built-in. There is a downloadable app for users of previous versions. In the enterprise, IT managers can use the features to interface with popular MDM solutions.

[Read about Android for Work.]

But the big announcement during the MWC was the launch of ACE (App Configuration for Enterprise), which included AirWatch, along with Box, Cisco, Workday, and Xamarin. The idea behind ACE is to provide app developers a set of tools and guidelines to make their applications enterprise and MDM friendly.

These tools will enable them to create security and management features that enterprise IT managers require in order to certify that applications are safe for use within the company, school, or government organization.

Another important topic of discussion at the show was the management of IoT devices.

MDM companies are looking at IoT as the next big challenge for organizations, and similar to the BYOD revolution a few years ago. IoT devices can potentially create the biggest security challenge as they connect to corporate and public networks, and they need to be managed efficiently.

In September John Marshall, AirWatch's senior vice president and general manager, said during the AirWatch Connect conference in London:

The future is all about the Internet of Things, it is all about data, is all about information, all about management, and it is all about location, so when you walk into a certain area you are going to get, and provide, information. When companies plan for the IoT they need to think how they can better secure the devices, serve their users, and make sure that it makes them more productive while managing the IoT properly.

MDM has grown from being a basic set of rules related to the use of personal smartphones at work to the full management of every kind of mobile device, such as tablets, laptops, and even eBook readers. Now, with the introduction of wearables and IoT devices, together with the data they collect, the challenges for MDM services and IT departments will be more complex than ever, and this is only the beginning.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Android, iOS, Windows Phone: What's Best For BYOD?

Enterprises grappling with the Bring Your Own Device (BYOD) trend have moved from talking about "if" they should allow employees to use their personal devices at work, to "how" these personal devices can be managed while still protecting data. Knowing which security features are standard on each smartphone operating system is a step in the right direction for IT organizations.

BYOD environments require heightened security on all the available platforms in smartphones and other devices. For IT departments, this means evaluating each mobile operating system, and keeping up to date on changes in Apple's iOS, Google Android, and Microsoft's Windows Phone platforms.

IT organizations have limited scope to monitor employee-owned devices, often relying on the built-in security features on the devices to prevent data from accidentally going public.

Smartphones, tablets, and other devices have some built-in security measures, such as data encryption and other technologies that can help find lost or stolen devices. Many of these features are preloaded to protect sensitive data stored on the device, but the question remains: Are these features robust enough to protect the data?

Data security comes down to each organization's willingness to invest in -- or have a budget allocated for -- new security solutions such as EMS, MDM, and others.

However, investing heavily in one or more of these solutions does not guarantee that employees will volunteer to enroll their devices to be monitored by an organization, or encourage workers to share private information such as current location. On the following pages we look at the three major employee-owned device platforms -- Android, iOS, and Windows -- to help you ascertain what they offer in out-of-the-box security.

Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys

On the heels of Heartbleed and other vulnerabilities, many enterprises are not confident in the ability of digital certificates to protect their data, Ponemon report says

Security professionals are losing confidence in the ability of digital certificates and encryption keys to protect their data, according to a study published Wednesday.

The Ponemon Institute released its bi-annual Cost of Failed Trust report, a survey of 2,300 IT security pros across the globe. This year's results indicate that over the next two years, the risk facing every Global 5000 enterprise from attacks on keys and certificates is at least $53 million (USD), an increase of 51 percent from 2013.

The study, which was developed in conjunction with encryption vendor Venafi, says that the number of keys and certificates deployed on infrastructure -- such as Web servers, network appliances, and cloud services -- grew more than 34 percent over the last two years, to almost 24,000 per enterprise. Some 54 percent of respondents admitted to not knowing where all keys and certificates are located and how they're being used.

Virtually all of the respondents said their organizations have responded to multiple attacks on keys and certificates over the last two years. Incidents involving enterprise mobility certificates were assessed to have the largest total impact, at over $126 million among the 2,300 respondents.

Security researchers are reporting an increasing number of attacks on enterprises, principally man-in-the-middle attacks, that use false or compromised digital certificates to fool devices into giving up data or credentials. Researchers at Intel in December posted a blog stating that stealing certificates to sign malware will be "the next big market" for cyber criminals.

One of the key reasons for the growing problem is the rapid proliferation of keys and certificates across the enterprise, says Kevin Bocek, vice president of security strategy at Venafi. As enterprises take on new, network-based applications and technologies -- such as cloud services and mobile systems -- they increase the number of keys and certificates they use while losing visibility of where they are.

"Most of the key management systems we've seen to this point have provided vaults for storing the keys, but they don't really provide much more than that," Bocek says.

Venafi used the release of the Ponemon study as a platform for the launch of Venafi TrustNet, a new reputation service that helps enterprises gauge the trustworthiness of digital certificates and see where their own certificates are being used. The new service could help enterprises identify and stop the misuse of their certificates by attackers, Bocek says. 

IBM Watson: 10 New Jobs For Cognitive Computing

Computing power meets the human-like capacity to speak, seeing, reason, and learn. That's what cognitive computing is all about, as exemplified by the category leader, IBM Watson. But is this practical technology that can affordably handle important tasks?

Even before it acquired the AlchemyAPI platform last week, IBM's Watson business unit was busy adding language, speech, machine vision, and decision services aimed at powering breakthrough applications. AlchemyAPI expands and accelerates those efforts, bringing Watson a portfolio of language- and image-processing services, machine understanding of eight human languages, and, most particularly, a following of more than 40,000 developers who call on its application programming interfaces.

But a bundle of services won't necessarily add up to a useful cognitive computing app. The big idea with cognitive computing -- computing that can learn and improve, not just follow instructions -- is scaling up and accelerating human expertise. For example, our times have brought a deluge of information, so one big play for cognitive computing is quickly combing through troves of timely and potentially relevant information that even armies of humans couldn't possibly sort through in a matter of seconds.

[Read about the hottest skills IT pros need.]

For example, Watson powers medical diagnostic apps that "read" through the millions of research papers and clinical trials published each year to surface relevant insights on patient-specific treatments. Watson-based financial services apps introduced at ANZ Bank in Australia and CaixaBank of Spain offer investment advice, quickly combing through tens of thousands of potential investments and suggesting best-fit options based on customer-specific profiles detailing their life stage, financial position, and risk tolerance. Insurer USAA has adapted the IBM Watson Engagement Advisor, a learning app for complex service-and-support roles, to help veterans answer complex questions and find appropriate resources when they're considering leaving the military.

These are just a few examples of cognitive computing apps that are emerging, but read on for a peek at new types of applications and evolved applications that IBM expects Watson to power in 2015 and beyond.

Deconstructing Threat Models: 3 Tips

There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.

There are a lot of theories about creating threat models. Over the years, I’ve used threat models in many ways at both the conceptual and application level. Their utility often depends on the context and the job to which they are applied.

Deconstructing the purpose of threat models requires taking a step back to examine their value with respect to any risk situation, concentrating on who, what, how, when, and why:

• Who is the entity conducting the attack, including nation states, organized crime and activists. 
• What is the ultimate target of the attack, such as credit card data or computer resources. 
• How is the method by which attackers will get to the data, such as SQL injection or buffer overflows. 
• Why captures the reason the target is important to the attacker. Does the data have monetary value, or are you just a pool of resources an attacker can leverage in pursuit of other goals?

Simply put, a threat can be described as who will target what, using how in order to achieve why.

What and How: Threat models typically put most of the emphasis on what and how. Looking at the what and how allows you to identify potential bugs that will crop up in the design, regardless of who might be conducting the attack and their motivation. However, the challenge with focusing solely on what and how is that they change over time.

Who and Why: Unlike what and how, who and why tend to be fairly constant. The assumption is that is doesn’t really matter who or why – the focus should be on stopping the attack. However, focusing on who and why can lead to new ideas for overall mitigations that provide better protection than the point fixes identified by how.

For example, we knew that attackers using advanced persistent threats (APT) (who) were fuzzing (how) Flash Player (what). To look at the problem from a different angle, we decided to stop and ask why. It wasn’t solely because of Flash Player’s ubiquity. At the time, attackers were focusing on Flash Player because they could embed it in an Office document to conduct targeted spearphishing attacks.

Targeted spearphishing is a valuable attack method because hackers can directly access a specific target with minimal exposure. By adding a Flash Player warning dialogue to alert users of a potential spearphishing attempt in Office, we addressed the issue that made Flash Player of value to them and therefore made the attack less effective. After that simple mitigation was added, the number of zero-day attacks dropped and forced the attackers had to develop new exploit methods.

When: Examining the when can also be extremely useful. Most people think of threat models as a tool for the design phase. However, threat models can also be used in developing incident response plans. You can take any given risk and consider, "When this mitigation fails or is bypassed, we will respond by...”

Threat Model Flexibility
Having a threat model for an application can be beneficial in controlling both high-level (who/why) and low-level threats (how/what). That said, the reality is that many companies have gotten away from traditional threat models. Keeping a threat model up-to-date can take a lot of effort in a rapid development environment, as Adam Shostack covers in his blog post, The Trouble with Threat Modeling.

Unfortunately, there is not a one-size-fits-all solution to this problem. From experience, the best approach has been to try and keep the spirit of threat modeling, while being flexible on the implementation. In order to achieve this, consider three factors:

1. There should be a general high-level threat model for each overall application. This high-level model ensures everyone is headed in the same direction, and it can be updated as needed for major changes to the application. A high-level threat model is good for sharing with customers, helping new hires understand the security design of the application, and serve as a reference for the security team.
2. Threat models don’t have to be documented in the traditional threat model format. The traditional format is very clear and organized, but it can also be complex. The goal of a threat model is to document risks and formulate plans to address them. For individual features, this can be a simple paragraph that everyone can understand. Even writing, “this feature has no security implications,” is informative.
3. Put the information where developers are most likely to find it. For instance, if you use the simplified format referenced above, then it is easier to place the threat information in line with mitigation exists. The threat information can be included directly in the specs, in the code comments or with threat unit tests. This can help eliminate cross-referencing issues when formal threat models exist as completely separate documents.

The concept of threat modeling still serves a valid purpose by helping to ensure the design is sound. By examining the who, why, and when, the traditional approach to threat modeling can be made more effective at identifying high level mitigations and responses.  By being flexible with the approach to documentation, security information can be captured where developers are most likely to find, use, and maintain it.  These steps can help threat modeling evolve alongside our development processes.

'Wave 2' Wireless Deployments Power Education In Houston

In Houston, "Wave 2" wireless networking deployments are helping one community college revamp how students and faculty view education, especially with video.

7 Weird Wireless Concepts That Just Might Work

(Click image for larger view and slideshow.)

A modern university campus doesn't work without wireless networking. With the latest evolution in wireless standards -- 802.11ac "Wave 2," set to begin deployment this year -- network architects and admins at colleges and universities are looking forward to less congestion, better performance, and more innovative course offerings on wireless nets.

First-generation 802.11ac -- Wave 1 -- access points and devices are already in the field providing up to 1.3 Gbps speeds to devices. Wave 2 access points will deliver up to 2.34 Gbps speeds and they'll do something even more important for network administrators: They'll deliver those speeds to more than one device at a time.

Wave 1 access points are only able to connect at highest speed to one client at a time. SU-MIMO (Single-user Multiple Input/Multiple Output) uses multiple channels and frequencies at once in order to gain throughput speeds greater than that allowed over any single channel -- but to only one attached device at a time.

All the other devices connected to the access point will do so at reduced speeds comparable to 802.11n (433 Mbps or less). Wave 2 allows multiple clients to attach at the highest speeds through MU-MIMO (Multi-user MIMO) though the number of high-speed clients at any one time isn't infinite. Even so, network administrators at colleges and universities are beginning to plan for the expansion.

MU-MIMO allows more wireless clients to connect at full speed.

(Image: Image courtesy of Cisco via Cisco Blogs)

Kyle Cooper is Senior Network Architect at Houston Community College, a large community college system in Houston.

HCC serves about 115,000 students each year and has about 6,500 faculty and staff scattered across the Houston area in 26 campuses. In an interview with InformationWeek, he talked about why HCC is planning a Wave 2 deployment.

"Wireless is still reaching the catalyst moment where the promises that Wave 2 can bring will make the Achilles' heels of wireless less an issue," Cooper said. "In peak time the common areas and high-density areas receive so much traffic that the multi-user MIMO of Wave 2 lets us not over-provision the common areas quite so much."

As in so many organizations, one type of data is driving much of the demand for greater bandwidth at HCC. "In the classroom environment, the faculty has the need for more pervasive video use. This opens up the possibility to do more video interaction between student and faculty," Cooper said.

Renee Patton, Director of Education at Cisco, spoke with InformationWeek and said that Houston Community College's experience is not unique.

"Video is the big driver for bandwidth. When we talk to customers they're astounded by the video streams coming over their networks," Patton said during a telephone interview. "We're talking about lectures on the Web, but Netflix and gaming devices are driving huge bandwidth as well," Patton explained, saying, "They're often surprised because they plan on the educational stuff, but they're seeing students with their own requirements as well. They want the quality to be at least as good as what they're bringing from home."

[Want to know about another industry going mobile? Read Mobile Devices Replace Blueprints On Construction Sites. ]

One of the points made by both Cooper and Patton is that the number of attached devices, and the demand each places on the network, has grown much faster than the number of people in the user population.

"Students can be bringing seven or more devices from home and trying to connect each of them to the network. The sheer demand on the network can be huge," Patton said.

Cooper agreed with that analysis, adding, "When you talk about a collaborative classroom environment and you have 30 to 40 people in the classroom, all of them trying to stream video, it has a huge impact on the bandwidth to the room."

The advances in wireless networking do have implications for the rest of the networking infrastructure.

"We're standardizing so every AP location has two CAT6a cable drops," Cooper said. "We're planning on every Wave 2 AP needing 10 gig interconnects." Those cables will be carrying both data and power to many devices -- electrical power at a higher wattage than many other PoE devices and 10 Gigabits per second of data at distances of up to 100 meters. Patton acknowledged that, saying, "Wave 2 does have increased power requirements, but we're dealing with that and it can use the same cables."

Education is far from the only market to be waiting for Wave 2 082.11ac.

It is, however, the market that may sit most precisely at the intersection of high user density and consistent quality requirements. Kyle Cooper succinctly explained why it's important for network architects like him to get that intersection right. "We really need to get to a place where students and staff can use the network as a tool without it becoming an obstacle."

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.