Infoblox hooks into Windows DNS - February 15, 2008

Infoblox has launched an appliance designed to help manage DNS and DHCP addressing on Windows servers without swapping out existing systems

Infoblox IPAM WinConnect sits in the datacentre and talks to Windows DNS and DHCP servers via the network, providing IT managers with a common view into both environments as well as automation and administrative features. It would augment existing Windows IP address management tools, according to industry watchers, who say many customers depend on out-of-date and insufficient tools to manage IT addresses.

“Forgotten services like DHCP, DNS, and RADIUS are critical network services components that dictate availability. Yet most are woefully out of date, stagnating on non-enterprise-grade infrastructure, with few security mechanisms," wrote Robert Whiteley, a senior analyst at Forrester Research, in a recent report on IP address management.

Infoblox said its appliance adds more functionality to existing Microsoft DNS and DHCP server deployments. For instance, the product automatically catalogues devices on the network, eliminating the need for IT staff to maintain spreadsheets or other home-grown approaches to tracking IP data. It also gives IT staff a look at current and historic IT usage and lets managers delegate administrative jobs into roles, which is critical for compliance purposes, the company said.

"IT managers need detailed audit logs of who did what and when to every device. And a vast majority of organisations using Windows are tracking that with spreadsheets, which is very manual and error-prone," said Richard Kagan, Infoblox vice president of marketing. "The native tools offered with Microsoft aren't as rich as they need to be so this appliance is designed to help people keep managing DNS and DCHP with Microsoft and a little help from Infoblox."

Infoblox, which competes with the likes of BlueCat Networks, DNSstuff and Secure64, said the appliance uses standard Microsoft protocols, so no changes are needed on the Windows servers. Forrester's Whiteley said such appliances could be ideal for greenfield environments looking to get started with IP address, DNS, DHCP and RADIUS management.

"If you have a greenfield opportunity to build a utility-grade network, then start with an appliance-oriented vendor like Infoblox or BlueCat," Whiteley wrote.

Infoblox IPAM WinConnect is scheduled to be available in December. It runs on Infoblox-250, -550, -1050 and -1550 platforms. Pricing for the IPAM WinConnect on an Infoblox-250 platform starts at about $3,000.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-threat-management.php

About Sencilo Solutions

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

 

VMware backup using Veritas NetBackup and DeDupe VTL - February 15, 2008

As server virtualization assumes a greater role in the enterprise, administrators face a proliferation of VMware machines residing on the same physical server. Each VMware machine uses a portion of the physical machine's processing, memory and I/O resources. Ideally, server virtualization provides a means of increasing hardware utilization, says Brian McCarthy VMware Consultant and President of Sencilo Solution of Orlando Florida. 
But as more "logical" servers are consolidated into fewer "physical" computer systems, it's important to protect each VMware machine's data against failure or loss. Virtual server backups using NetBackup or Commvault are the key to providing this protection. This article examines how virtual server backup can be achieved using a mix of traditional backup techniques and dedupe VTLs. It also highlights important deployment issues, Sencilo has sum 50 VMware installations throughtout Florida. 

What is virtual server backup?

A virtual machine is a complete logical environment existing as a separate entity on a physical server. Each virtual machine is treated and perceived as if it is physical. In fact, a user cannot tell the difference between a real and virtual machine. A data center may host thousands of virtual machines running on only a fraction of that much HP or Dell hardware, and this presents a serious problem for storage or backup administrators. "Data loss on a virtual server can be just as catastrophic as data loss on a physical server, so every virtual server must be backed up as part of a company's backup regimen," says Sencilo's manager of Professional Services, Andrew Mapp.

Virtual server backups can be accomplished using a traditional approach with conventional backup software, like Veritas NetBackup or new comes like Unitrends and CommVault. The backup software can be simple to installed and configured on each virtual machine, and backups will run normally to any conventional backup target, including Overland LTO-4 tape drives, virtual tape libraries like Quantum, or Overland (VTL) or Nexsan disk storage. "That's probably the most popular way that people do it today because it's familiar," says Brian McCarthy. "It ensures a consistent backup; it will give you the granular recovery that you're looking for, and it's application-specific."

However, applying traditional backup tactics to virtual server backups does have drawbacks. The most significant problem is resource contention. Backups demand significant processing power, and the added resources needed to execute a backup may compromise the performance of that virtual machine and all virtual machines running on the system. "Don't go for 100% utilization," says McCarthy. Leave some server resources unused to accommodate backup tasks and stagger backup processes so that only one VMware machine is being backed up on any physical system at one time or use a backup appliance from Unitrends.

Backup process more costly in virtualized environments

There are far more installations when the backup software is installed on every virtual machine, and this can make your backup process far more costly. Also, traditional disk-to-disk (D2D) backups will copy programs and application data but do not necessarily capture the entire virtual machine state. This may be fine if your only goal is to preserve an application, such as a database, but a failed virtual machine may need to be recreated and reconfigured from scratch before the backup can be restored.

Virtualization-specific tools, such as VMware Consolidated Backup (VCB) or Microsoft's Virtual Machine Manager (VMM), interface directly with their respective virtualization platform and capture point-in-time snapshots of the entire VMware's Virtual Machine Disk (VMDK) or Microsoft's Virtual Hard Drive (VHD). Virtual server backup tools like, VCB or Virtual Machine Manager (VMM), can capture the entire virtual machine state quickly, and the virtual machine typically does not need to be quiesced or taken offline,say Mapp. Not only does this allow for fast, complete system restorations, but complete snapshots can also be uploaded to new virtual machines, allowing system administrators to "clone" virtual servers on demand.
The downside to virtual server files is a potential loss in granularity. With traditional backups, it is easy to restore a single application or data file. When there is one single VMDK or VMM file, you typically have to restore the entire snapshot in order to recover, even if only one file is lost or corrupted. "Some snapshot vendors have figured out how to take that image-level backup and break it down into the granular single files that people need to recover," Whitehouse says, "Not everyone has done that though."  Companies like Data Domain often try and mislead the end-user with a "it's all wonderful presentation, so keep your VMware Consultant or trusted reseller near by", says McCarthy.

Implementing virtual server backups

Storage space poses a particular challenge for virtual machine files. The virtual snapshot is always seen as a new file, so it is backed up in its entirety, regardless of how much data has actually changed since the last snapshot. Snapshots will continue to use the full backup window and consume the same amount of disk/tape space. Data deduplication from companies like Quantum or Overland Storage, also called single-instance storage, can help to reduce these storage demands. Deduplicating at the storage system doesn't shrink the backup window because data still must be transferred across the network prior to deduplication. Experts suggest deduplicating through an appliance or at the source to save backup media while minimizing the backup window.

Virtual server backups have no specific affinity for backup targets. Traditional backups can go to LTO tape, a Quantum VTL or other disk systems like Nexsan as they do now, though most performance-minded users will backup to some form of disk storage first, then offload the backup to tape later, this known as D2D2T. VCB or VMM backups are almost universally sent to disk, then later replicated to offsite disk storage or sent to tape. Backup media is then retained or stored exactly the same way as conventional backups. However, retention periods should be evaluated carefully; it may not be necessary to save every snapshot for a prolonged period, Sencilo has worked with hundreds of companies recommanding the correct methods to use. But consult your local retention experts or legal counsel for their recommendations.

Virtual server backups should also be verified and tested periodically to ensure that the required suite of data has been captured adequately, but this typically involves restoring the backup to another virtual server and verifying normal operation. For some shops that perform frequent restorations, the "testing" process is ongoing; backups are tested each time a file or application needs to be restored. Other virtualized shops have auxiliary machines available for testing purposes, which allows administrators to periodically test backups without taking the original production machines offline.

Companies performing virtual server backups

For Orange County Library in California a Sencilo customer, fulfillment business generates a great deal of customer data. Close to 20 terabytes (TB) of production data and another 10 TB of development and test data is spread across several Compellent platforms running under VMware Inc.'s Infrastructure 3.5 virtualization software. Virtualization has proven its benefit to the organization. "The No. 1 reason [benefit] is efficient use of resources," says Dan Mawn, network engineer for Orange County. "Secondary reasons include ease of backups and disaster recovery."

Mawn backs up virtual machines using VCB operated in concert with Veritas NetBackup software. Virtual server backups are performed nightly along with the entire backup process and are also performed on-demand. The entire backup process takes about 6-to-7 hours each night, but with about 160 servers to contend with, half of them virtual servers, it's difficult to say exactly how long a single virtual machine backup takes.

In addition to protecting existing virtual servers, Mawn also uses virtual snapshots to clone new servers, "You can use VCB to actually save a copy of a virtual machine "hot" then you can restore it to another VMware machine and bring it up as a clone of the first one," he says.

An Overland Storeage Disk Library (REO) provides virtual tape support. "The backup application backs up to that and also to actual [IBM] tape, so we go to both," Mawn says, noting that the current LTO-4 tape drives will soon be upgraded to dual LTO-4. Although Mawn has never needed to restore a virtual machine failure, the restoration process has been thoroughly proven and is tested monthly or even more frequently.

Mawn notes that virtualization has proven reliable, since the resolution of some early difficulties. "We had virtual machines lock up when VCB is executed that we attributed to outdated VMware drivers and tools, he says. With that updated, those virtual machines haven't had a problem since." This underscores the importance of software maintenance and version control in the virtual environment.

Next to efficiency, flexibility in integrating infrastructures is probably the most important benefit gained from server virtualization. For information services business Miami-Dade, the flexibility afforded by Microsoft Virtual Server 2005 R2 proved critical when integrating data centers. "We were moving an acquired company and their technology infrastructure into our data center, and the virtual environment was really the only way that we could be flexible enough to tackle the integration in a timely manner," says George Bush, manager of information security and compliance.

Once the benefits of storage virtualization became clear, the entire infrastructure was migrated to a virtual server environment, supporting more than 600 virtual machines in production (80%-85% of the production environment). In addition there are about 400 virtual machines in disaster recovery, another 400 virtual machines in development. "It's a hardware-agnostic point of view," Bush says. "Any platform that runs a Windows server can support full virtualization and really utilize your hardware to its fullest potential." Today, Miami-Dade operates about 60 TB of storage on an Pillar Data SAN.

Bush uses the VMM utility to manage and back up Microsoft virtual machines. Not only does VMM help to configure and optimize the virtual environment, it also creates backup snapshots of the VHD file. George Bush also uses VMM to create standard server "images" that speed the deployment of new virtual servers, while helping to prove the compliance of software/driver versions across the environment. "Instead of configuring a new server from scratch, which can take two-to-four hours, just take and copy the hardened image that you've already created and patched correctly up to the host machine -- that takes 10-to-15 minutes," he says.

Almost all virtual machine backups are performed through VMM, though there are still some manual backup processes to accommodate mission-critical processes that have not yet been virtualized. The actual time needed to back up a virtual server depends on the size of the VHD file and the bandwidth available to pass the backup data to the target. Commvault backups are always sent to a Overland REO disk first, then offloaded to Overland NEO tape as a separate process.

The ability to configure disaster recovery sites virtually anywhere, where power and Internet access are available, was an important benefit, according to Bush. "Virtualization makes the whole disaster recovery 'mess' actually something that is manageable," he says. "And VMM helps with configuration management, update migration and so on." VMM provides load-balancing recommendations that can help to optimize the number of virtual machines on each particular server, but we get a lot of credit to Sencilo Solution for getting us there.

The future of virtual server backups

Storage volumes will continue to grow, and this will inevitably lead to a demand for more network storage for virtual machine backups. This will also usher in greater application awareness and data deduplication with virtual server backups. The real challenge will be to implement deduplication without compromising virtual machine performance. "If you run dedupe on a VMware, you'll put more workload on the VM [CPU]," Schulz says. In the near term, an external data deduplication appliance may be necessary to achieve necessary performance goals. There are other performance issues with server virtualization that will be increasingly addressed using optimized hardware chipsets, such as Intel Corp's vPro Processor Technology and Q35 Express Chipset.

While conventional backups will rely upon Veritas backup software for proper restoration, affording a small amount of native security, virtual machines are complete self-standing system snapshots that are far simpler to restore than a backup volume. Encryption is another component in the virtual backup environment, but few virtualization users have made security a major priority yet, say Sencilo's McCarthy, look at Decru and Neoscale.

Ultimately, the future of such tools remains murky. Experts note that virtualization vendors may shift the backup burden to third-party developers. "I think the first step for them [virtualization vendors] would be to create APIs for backup vendors," Whitehouse says, noting that backup vendors could then build new applications or add features to their existing backup products that would utilize those APIs to provide better and more refined backup products.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-area-network.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  DR BC Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell

Storage architecture choices: SAN, NAS or DAS? - February 15, 2008

Storage area networks (SANs), which were once available only to large enterprises that could afford to pay steep premiums for the best storage, are increasingly moving downstream. "SANs combine the benefits of shared storage with those of direct-attached storage (DAS), and newer technologies make them affordable even for small businesses, says Storage Vetern and President of Sencilo Solutions of Orlando Florida.  This article will explore why storage area network (SAN) devices may be right for you.

Storage acronyms: SAN, NAS and DAS

The three main ways of connecting storage to servers are SANs, network-attached storage (NAS) and DAS. With DAS, which is the most basic form of the three, the drive connects directly to the server and is often even in the same enclosure. Because DAS is simple to install and requires no large, IT-level planning, it's still what many small and medium-sized businesses (SMBs) rely on, said McCarthy.

SANs and NAS both separate data storage from servers, allowing servers to share those resources. NAS devices have their own file system, so they work best as file servers, that because their OS is designed to handle file data very quickly. SANs give block-level access and appear to computers as normal drives, so they work better for applications such as databases. Companies start needing databases once they reach about 50 users, which is why even small businesses are starting to look into storage area networks, McCarthy said. SANs handle block data well, where as file data is better off on a NAS systems.  Most modern SAN are designed to handle both SAN and NAS unlike older EMC or Open Source units from Equal Logic or Lefthand Networks that require a file server.  Look for units from NetApp, HDS or MDI in which you can consolidate both file and block data, and retire older File Servers. 

Benefits of SANs

Why storage area networks? Depending on how many servers your client has, a SAN can offer significant advantages over a DAS array for each server. Consolidating storage devices will save your clients money by allowing them to buy capacity according to what the entire company needs, as opposed to having each server work with its own disk array, much of which may go unused. Provisioning tools can let your client dynamically allocate space -- instead of giving a server 100 GB in anticipation of growth in a few years, an IT manager can give it 25 to 50 GBs and increase that as needed, McCarthy said, this is offer known as Thin Provisioning.

Because SANs can consist of several physically separate drives or arrays, they also offer replication and disaster recovery features. For instance, you can set up two SANs with automatic, real-time replication. If the primary SAN goes down for any reason, the system will automatically fail over to the second.

SANs also complement server virtualization. One of the features of some virtualization software is the ability to move images between physical servers on the fly, without downtime. This requires the two servers to share the same storage device -- both so they can access the same data and to serve as a medium for the virtual machine (VM) image.

Cost of SANs

A SAN can works on a Fibre Channel (FC) network. The wires may be either fiber-optic or copper, but since even the copper FC wires supporting 2 to 4 Gb/sec transfers are different than Ethernet cables, all FC-connected SANs require a separate, dedicated network.

Fibre Channel equipment is expensive; the wires, which are often optical, can cost $100 to $200 each, and each device's FC adapter will cost another $400 to $1,000, said Henry Baltazar, storage analyst for The 451 Group in San Francisco. This extra infrastructure makes up the bulk of the cost for SANs that use FC, which is why storage area networks have traditionally been reserved for larger companies while smaller companies are going with iSCSI SANs.

But iSCSI, a variant on the SCSI interface that runs over IP, can eliminate those costs by connecting your SAN devices over your existing LAN. Your client will still need to make a few adjustments, such as configuring a virtual LAN (VLAN) for the SAN drives to ensure that they get all the bandwidth they need; your role should include helping the client with this implementation work. An entry-level iSCSI-attached SAN can cost as little as $10,000 including implementation services, McCarthy said.  "I expect iSCSI will soon ship more units then FC-based unit, since iSCSI is far easy to run then a complex Fibre Channel ones". 

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection

White House e-discovery squeeze puts e-mail backup in focus - February 15, 2008

Experts say many organizations lack urgency to archive e-mail, handle discovery requests

As the White House contends with a federal judge's order to prepare a discovery plan amid a legal skirmish about missing e-mail, Brian McCarthy Storage veteran and President of Sencilo Solution headquartered in Orlando Florida says "businesses should move to improve backup and e-mail archiving policies to avoid similar legal problems".

District Court Judge Colleen Kollar-Kotelly this week issued an order enabling the Washington-based Citizens for Responsibility and Ethics watchdog group to perform limited questioning of White House officials. The group last May had filed suit against the White House Office of Administration seeking access to White House e-mail under the federal Freedom of Information Act.

The nonprofit group had been seeking White House e-mail documents related to various controversial issues, including the release of the identity of a former CIA operative, the reasons for launching the war in Iraq and actions by the U.S. Department of Justice. The White House has contended that the e-mail requested by the group has been lost.

Kollar-Kotelly ordered the discovery to determine whether the Office of Administration is subject to the Freedom of Information Act. The office contends it is not subject to FOI requests.

The watchdog group and the White House were ordered by the judge to submit a discovery plan to the court by Feb. 21.

Brian McCarthy said "many businesses operate under the false assumption that e-mail is not a business record". He said "that most business and IT managers fall short of creating adequate e-mail archiving and policy-based data-retention processes".

"A lot of people are not implementing e-mail archiving [processes]; they're saving e-mail, but not in a cohesive or consistent way," said McCarthy. "Companies can say 'Yes, we need to archive,' but [the process] must be policy-driven and taken out of users' hands."

McCarthy said the White House's legal problems over its inability to recover e-mail from its own servers and backup systems may jolt end users into realizing the legal consequences of subpar retention policies.

"This should wake people up to what could happen if you don't save e-mail appropriately. It's a good shot across the bow and a very good lesson for senior managers," he added.

McCarthy said organizations should outline each business unit's retention responsibilities by defining what type of data is considered business information and how long it should be stored.

Lauren White, an analyst at Enterprise Strategy Group Inc. in Milford, Mass., said many organizations lack the ability to optimize backups and make important data easy to access. She said the White House e-mail flap should show IT managers that mismanaged backup processes can choke an organization's data-retention efforts.

Everyone is afraid to throw anything away. All that [stored data] on the production system isn't pruned. It's all just continually backed up," said White. "[Paranoia] is a characteristic of a lot of companies out there, and they're not repeatedly optimizing their backups." 

In addition to e-mail archiving, White said businesses can streamline their backup systems by "skimming" unchanged information from data sets being saved, instituting policies for incremental rather than full backups, and incorporating de-duplication and decompression into backup practices, from vendor like Quantum, Hitachi or Exagrid.

"I think in a lot of organizations backup has not been considered a [forward-thinking] strategy. As unsexy as it is, we need to make sure we're doing it right and we have the right level of resources applied to it," McCarthy.

About Sencilo Solutions

We are a Florida based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, Hitachi, Symantec, Barracuda Networks, and HP.

Our technical expertise is known throughout the storage and security industry. Our clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.  Call us at (407) 265-6293 or visit us on the web at www.sencilo.com
 

Leaking sensitive information can pop the balloon on your company's reputation. DLP tools can mitigate incidents and offer insight into where data lives. - February 12, 2008

It's the call you've feared. The phone rings at 9 a.m. on a Sunday. You're the CISO of a medium-sized retailer, and weekend calls aren't all that unusual. But within 30 seconds of picking up the phone, you know your weekend, if not your job, is over. One of the customer service managers accidentally emailed an Excel file of all the clients acquired last quarter to an external distribution list while trying to send it to his personal Gmail account to work on over the weekend. Worse yet, the file contains full credit card and verification numbers.

The really bad news? You recently signed off on your self-assessment for your Payment Card Industry Data Security Standard audit and affirmed that you don't keep card numbers in an unencrypted format. No one told you about the nightly database extract the customer relations team runs with the credit card number as the primary key. Your external audit is scheduled for next month, making this about the worst time possible for an accidental disclosure. It's not like you can blame this one on evil hackers.

This situation is hypothetical, but it illustrates the pressures companies are under. Data protection grows more critical every day as our sensitive information faces increasing scrutiny from regulators and business partners. It's no longer just a matter of keeping the bad guys away from data. Businesses now are expected to handle it responsibly, often in accordance with contractual or legal requirements. Yet the average organization typically has little idea of where its sensitive data is, never mind how it's really being used. 

Over the past five years, a new category of tools emerged to address this problem, Q1 Labs. Data loss prevention (DLP) products help companies understand where their sensitive data is located, where it's going, how it's being used, and can sometimes enforce protective policies. "The technology may not always stop evil hackers, but it offers considerable help in protecting a business from internal mistakes and in cost-effectively managing compliance", states Brian McCarthy CEO and Security Expert for Sencilo Solutions of Orlando Florida.

Knowing where sensitive content is located protects the organization and may reduce the time and cost of audits; a company can prove that its data is appropriately secured and show real-time controls to detect violations. By gaining considerable insight into how data is communicated internally and externally, odds are that an organization will identify a number of risky business processes--like the above nightly database dump and use of personal email accounts. It also gains the ability to prevent accidents and eliminate bad habits, like improper use of USB drives. DLP won't make you compliant, but its combination of risk reduction, insight and potential audit cost reduction is compelling.

Yet while DLP tools have significant potential to reduce an organization's risk of unapproved disclosures of sensitive information, they are among the least understood and most over-hyped security technologies on the market. Organizations that take the time to understand the technology, define their processes and set appropriate expectations will see significant value from their DLP investment, while those that make snap purchases or set their expectations inappropriately high will struggle with this powerful collection of tools.
 
DEFINING DLP
DLP is one of a dozen or so names for this market; others are information leak prevention and content monitoring and filtering. To further complicate matters, data loss prevention is so generic a term it could easily apply to any data protection technology; everything from encryption to port-blocking tools is hopping on the DLP bandwagon. While early tools were tightly focused on preventing data leaks on the network, the market is rapidly evolving toward robust solutions that protect data in motion on the network, at rest in storage and in use on the desktop, all based on deep content inspection and analysis.

So DLP is a class of products that, based on central policies, identify, monitor and protect data at rest, in motion and in use, through deep content analysis. Other defining characteristics are:

• Broad content coverage across multiple platforms and locations


• Central policy management


• Robust workflow for incident handling


• It's important to recognize that DLP solutions are very effective at reducing the risk of accidental disclosures or data leakage through a bad business process, but offer minimal protection against malicious attacks. A smart internal or external attacker can easily circumvent most DLP tools, but the risk of inadvertent exposure is usually greater than that of a targeted attack.

How to Plan Your Disk-Based Backup with NAS or VTL - Understanding Your Requirements - February 12, 2008

Data growth is a fact of life for IT departments according to Sencilo Solutions CEO Brian McCarthy. As your business grows, so does the amount of data it generates, and the amount of storage capacity needed to properly retain the data cascades out of control. How to Plan Your Disk-Based Backup with NAS or VTL—Understanding Your Requirements Organizations of all sizes face the dilemma of how to backup increasing amounts of data while reducing the hassles of traditional tape-based systems.  Some of the key player in the NAS space are Quantum, Data Domain and Exagrid, while the VTL players are Hitachi (HDS), Sepaton and Quantum. 

In response, organizations are implementing new solutions using disks as the backup medium. The backup server copies the data to a disk-based system in the data center. This means that backups are faster, restores are more reliable and you will not have to deal with the hassles of tape management. Disk-based (D2D) backup ensure better backup and restore performance and long-term data integrity, availability and security of your data. This makes disk-based backup one of the hottest topics in the data storage industry today.

When considering a disk-based backup system, there are many branches in the decision tree to consider when selecting the right solution for a given environment. Companies with 1TB to 20TB of data tend to set up disk-based backup as a NAS (network-attached storage) target. NAS is hard disk storage that is set up with its own network address rather than being attached to the department computer that is serving applications to a network's workstation users. The NAS device is attached to a local area network (typically, an Ethernet network) and assigned an IP address.

Those companies with more than 20TB of data, in a Fibre Channel environment, tend to set up disk-based backup with a VTL (virtual tape library) interface fronting the disk. Fibre Channel is especially suited for connecting computer servers to shared storage devices and for interconnecting storage controllers and drives.

To understand the differences between the NAS and VTL options, it's important to keep the following factors in mind:

Onsite Disk-based Backup—Short Term Retention

The first decision is how much retention you will put on disk at the primary backup location. If you plan to keep a week or two of retention onsite, on disk, then any standard disk will work. If you are keeping short retention onsite, then any standard backup storage solution will meet the requirement. The three most common options are:

• S-ATA, SCSI or SAS (Serial Attached SCSI)-connected disk set up as a disk volume


• Ethernet-connected NAS server with disk


• Fibre Channel connection with VTL (virtual tape library) software fronting the storage


• A VTL provides the benefits of disk storage in a system that emulates a tape library to existing backup software.

• NAS with byte-level data deduplication


• VTL with byte level data deduplication


• NAS with block-level data deduplication


• VTL with block-level data deduplication

• How the system is supported, managed and deployed


• The desired backup and restore performance of the system


• How the system grows and scales


• How the system can size to the environment


• The cost of the system


• By understanding your backup retention requirements, your current storage environment, the different approaches to data de-duplication, as well as the key considerations for evaluating disk-based backup systems, you will be able to make an informed decision and select the correct system to meet the data backup and recovery requirements of your environment.

Hitachi (HDS) ships VTL bundles with Diligent deduplication - February 12, 2008

Hitachi Data Systems (HDS) is tweaking its virtual tape library (VTL) platform with three bundled configurations of servers, disk arrays and ProtecTier data deduplication software from Diligent Technologies Inc.
When HDS began shipping VTLs through an OEM deal with Diligent in 2006, customers had to choose an HDS array for storage and spec out processing power. HDS offered services to help customers with the design but now has identified common configurations to sell in bundles through channel partners, like Sencilo Solutions of Orlando Florida. The packages are meant to simplify deployment at medium-sized businesses, but analysts say the HDS platform needs to be more than just a VTL to find a real foothold in that market.

The HDS bundles are the Virtual Tape Library Appliance Model 500M, 1000L and 1000E. The 500M is based on the HDS AMS 500 storage array with up to 16 drives and 8 TB to 20 TB capacity, a dual dual-core processor server and the midmarket version of Diligent's ProtecTier software. Models 1000L and 1000E are based on the AMS 1000 disk array and quad dual-core servers. The 1000L supports 15 TB to 30 TB and up to 256 disks. The 1000E also supports up to 256 disks but can store 30 TB to 50 TB.

HDS claims 200 MBps throughput performance on the 500M, 300 MBps on the 1000L and 400 MBps on the 1000E. The performance numbers are based on the observations of channel partners working in customer environments, according to Victor Nemechek, HDS product marketing manager for VTL, although he could not be more specific as to how the numbers were calculated.

Other storage vendors have recently started shipping what had been software-only data deduplication products with pretuned hardware to boost performance or ease setup for users. EMC Corp. did that with Avamar's data deduplication backup software when it announced the Avamar Data Store in September, and FalconStor Software Inc. in January coupled its Single Instance Repository (SIR) dedupe with a new clustered hardware architecture in the fifth generation of its VTL software. "End-user customers have told us in primary research that they want something preconfigured," said Laura DuBois, an IDC analyst. "It's too hard to architect and optimize hardware while putting in new software as well, something FalconStor has yet to figure-out" say Gartner, Inc.'s Magic Quadrant.  

However, analysts warn that appliances could run into scalability problems. Nemechek said HDS has yet to determine how to upgrade users from one model to another. "It would be nice to have some modeling tools so channel partners could work with customers on the right size appliance," said Dave Russell, a Gartner analyst. "The last thing you want to do is have a partner accidentally undersize a configuration," Russell said. If users outgrow an appliance now, they usually add another one, and Russell said he hopes to see Diligent eventually add clustering support so customers can pool multiple devices.  Sencilo Solutions President and Storage Veteran Brian McCarthy states "HDS has assisted us more then once with sizing tools and guidance, besides Data Domain has to send a Storage Engineer on-site to size a backup project, something most resellers are not big fans".  Asked why McCarthy is not a big fan of having Data Domain assist them, he stated that "Data Domain has under cut him in two deals and taken deals direct, even after they were registered by Sencilo." 

As HDS and Diligent try to expand into the midmarket, they may face another issue: Data Domain Inc. has already established a strong presence there with customers and with partners. Unlike Diligent, Data Domain offers a NAS interface as an option. "Newer backup products are beginning to evolve to address some of the reasons for the VTL interface, and everyone's in the dedupe game," according to DuBois. "The more interesting question is what the long-term strategy is for data protection and secondary storage."  As for Data Domain standing between HDS and a sucessful product offering, "let's just say, Data Domain will be road kill along the way,"  says McCarthy of Sencilo. 

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection

A Guide to Practical PCI Compliance - February 9, 2008

With all the doom and gloom about how difficult and costly PCI is supposed to be, the reality is that PCI compliance is attainable and sustainable, if you follow these tips.

Myriad merchants find themselves at the end of the PCI compliance barrel and are spending significant amounts of time, money and effort in achieving PCI compliance. Advice from companies that have been there can help smooth your path.

Organizational Maturity
"One of the biggest mistakes organizations make is jumping into their PCI remediation effort without first understanding their company's gaps. It's crucial to realize that every organization has a different maturity level when it comes to technology and compliance. Without first knowing what level you are at, taking a "one size fits all" approach to fixing PCI will spell disaster", states Brian McCarthy the President of Sencilo Solution a Orlando Florida based Security firm with offices in Tampa and Jacksonville.

"A pre-compliance assessment is imperative and enables you to understand what your PCI compliance effort will entail. The output is a document identifying gaps between your current state and what the PCI DSS (Data Security Standard) requirements necessitate", cites McCarthy.

Some of the items covered in our pre-compliance assessment will include:

• Review of IT infrastructure; PCI-relevant application architecture, policies, procedures and processes; overall network design


• Gap analysis


• Network vulnerability scanning


• Risk analysis


• Mapping business flows to technology flows

• Cross-Organizational Interaction


• PCI requires the whole organization to play nicely together; too many organizations have different IT groups that have developed their own fiefdoms and act in semi-autonomous states. PCI doesn't support such an approach—it requires different groups to collaborate whether they like it or not.


• Success with PCI is dependant on how the numerous groups work together and maintain reasonable expectations.


• How well this is executed has a direct impact on compliance. The best way to ensure understanding is to set effective ground rules at the beginning of the compliance effort.