headtop

September 2008 Entries

Tips on Consolidation, Dedupe, Data Reduction & Other Ways To Make The Most Of Your Storage - September 28, 2008

Orlando Florida -- With today’s challenging budgets, it’s becoming increasingly difficult to secure the dollars needed to procure new technologies. But some technologies are too essential for the enterprise, leaving little wiggle room for skimping on resources for these technologies.  Also by working with a vendor that has a working knowlege of what it takes to consolidate, automate, protect and make sure you are in compliance with your data.

Take storage, for example: An increasing dependence on storage within the enterprise and its importance in meeting regulatory data storage and archival requirements mean that, even under the onslaught of budget challenges, enterprises cannot afford to take monetary shortcuts with their storage infrastructures, says Brian McCarthy President of Storage Reseller Sencilo Solutions in Lake Mary, Florida.

So, what’s Joe Administrator to do when management clamors for budget cuts even as requirements for maintaining storage infrastructures continue to increase? Well, one general solution is to leverage new storage technologies that allow administrators to get more out of their existing storage assets. And thankfully, there are a number of approaches that allow administrators to wring more returns out of their existing storage assets.

What, then, are the main challenges facing administrators today when it comes to storage? Most experts agree that one of the main challenges is the ongoing growth of data. Tom Grave, director of product management for Diligent Technologies (www.diligent.com), a wholly owned subsidiary of IBM, says handling rapid data growth; managing costs, backup, and recovery operations; and implementing offsite data protection are all challenges administrators are facing. In addition, he adds, recent trends in regulation and compliance are also playing a larger role. Resources are also an issue: According to Christophe Guittenit, founder and CTO of Seanodes (www.seanodes.com), today’s primary challenge for administrators is dealing with flat budgets as storage needs continue to increase.

Reclaim Unused Space

One way to get more out of existing storage assets is to ensure those assets are fully utilized. In terms of storage, the internal disks in application servers are usually unused, says Guittenit, who adds, “This requires the addition of new storage hardware frequently, both network dedicated to storage and disk arrays.” One way to do this is by using technologies that allow administrators to reclaim the large untapped storage capacity embedded in application servers to cover storage needs. Typically, this type of technology works by using software to convert internal disks and direct-attached storage into shared storage that can be used to store more data.

Andrew Mapp says this approach reclaims bought and unused storage capacity in application servers and turns them into a highly efficient, reliable, virtual networked storage device. In essence, this approach enables the use of heretofore untapped sources of storage in the enterprise: It’s all about making use of what’s already readily available within enterprise server internal disks and DAS.

The SME Challenge

One of the main challenges for SMEs is a lack of time and attention, due to the fact that SMEs lack the IT resources to scale up their business for maximum operational efficiency and better performance, says michael Eitenbichler. This, he adds, is necessary as the need to store more data becomes essential in order to stay competitive. So, even though most companies are now managing more than 30 times the amount of data they had less than 10 years ago, this means more data to manage and more complex technologies to learn.

“Ongoing administration and maintenance of the existing storage infrastructure can consume the lion’s share of most organizations’ IT budgets and time,” says Eitenbichler. And, he adds, with budgets remaining flat and data requirements increasing, the need for better storage resource management has become a business priority.

Eitenbichler points to five major methods administrators can use to reduce the costs of managing their existing storage assets and protecting their data: consolidation, centralized backup, deduplication, thin provisioning, and data life cycle management (see the “Managing & Protecting Data Cost-Effectively” sidebar for more information).

Saving Space

Quantum Corp.’ Grave says two technologies at the top of the list of approaches that help users do more with their existing storage infrastructures are deduplication and virtualization. Deduplication technologies find and eliminate redundant data within a storage repository, adds Grave, so the primary value proposition of deduplication is to maximize storage utilization.

In fact, says Carter George, vice president of products with Ocarina Networks (www.ocarinatech.com), data reduction techniques such as compression, deduplication, and more advanced storage optimization can allow an administrator to store as much as 10 times more data on the storage that they already have. For example, adds George, administrators can use caching and the use of memory for file-based storage, while solid-state disks are poised to emerge as the fastest drives in a storage system.

In terms of utilization, adds George, the keys are better utilization of free space and better utilization of the space needed for data. “The key technology for free space management is thin provisioning,” he adds. This technology, says George, virtualizes the view of disk space to users and allows free space to be allocated and managed more efficiently. He adds that storage optimization is the key technology for utilization of the space needed for data storage. By using this technology, users can shrink existing files by as much as 90%, thus enabling the storage of up to 10 times more data on disks already owned by the enterprise.

Improving Performance

Beyond utilization, all administrators also want to improve the performance of their storage infrastructures. Jon Affeld, senior director of product marketing at BlueArc (www.bluearc.com), points to a number of techniques that can be used to enhance performance, including striping, tiering, caching, and upgrading.

Striping data across LUN groups and disk arrays allows administrators to do more work in parallel and bring more resources to bear for specific tasks, adds Affeld. An example, he says, is a database striped across several hundred disk drives all acting as a logical unit.

Tiering means creating different tiers of disk media and storage arrays optimized to different tasks, he adds. The use of caching technology to preload commonly used data and files can deliver speedier access. Finally, he emphasizes, upgrading to the latest firmware or technology possible for existing equipment can also improve performance.

“Look for products that are modular, easily scalable, and allow upgrading with data in place and minimal disruption to service,” says Affeld.

At the end of the day, there are a number of technologies that can enable administrators to get more from what they already have in place. In a sense, the challenge for administrators has moved beyond figuring out which primary storage solutions to choose to determining what technologies are required to effectively manage and enhance the performance and utilization of what’s already in place. 

Managing & Protecting Data Cost-Effectively

Brian McCarthy of Sencilo solutions (www.sencilo.com) points to a list of five methods SME customers should focus on to reduce the costs of managing and protecting data:

1. Consolidation. Moving data onto centralized storage systems can help administrators avoid the fragmented capacity that leads to extra maintenance work, low disk utilization, and huge backup headaches.

2. Centralized backup. SMEs should look at disk-to-disk-to-tape backup solutions that initially store data on disk drives and eventually migrate it to tape for long-term data retention. Ensuring successful backups on a nightly basis is “mission-critical,” says Eitenbichler.

3. Deduplication. Using de-duplication allows administrators to drastically reduce the amount of data stored on disk-based backup systems at data reduction ratios of 20:1 or even 40:1.

4. Thin provisioning. This technique eliminates wasted capacity by automatically sizing storage capacity needed by application requirements.

5. Data life cycle management. It sounds simple, but keeping an inventory of storage devices onsite, available capacity, and growth trends can allow administrators to delay additional purchases for several months. 
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/data-compression.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ

Best Practices for Data Reduction - Ocarina Networks - September 27, 2008

 Storage optimization vendor says its ECO System delivers 10:1 data reduction ratios

Tampa Florida -- The explosion of data and storage, and the requirement that information be stored in an economical manner that allows for easy retrieval and recovery has fueled a boom in tools and tactics to compress, de-dupe, and generally reduce the amount that is being dumped on disk drives, tapes, and other types of storage systems.

Data reduction startup Ocarina Networks , which emerged from stealth mode earlier this year, has expanded its ECO System storage optimization offering with a host of new features and the ability to shrink a wider range of file types in order to appeal to more companies and industries. It promises to deliver a 10-to-1 reduction in the data footprint of files.

"We shrink things more than any other competing technology," boasted Carter George, vice president of products and technology, to Byte and Switch, "and we do it with your existing storage technology and processes. We work on the files you already have and on the technology you already have."

Ocarina takes a three-step ECO process to compress files. Carter says most files like email, photos, videos, music, and every document created in Microsoft Office are already compressed when they're saved, and it's hard to shrink files that have already been compressed. So Ocarina identifies a file type and decompresses it to its original raw format in a process it calls "Extract," which is done in the background and can be managed through policies. It then "Correlates" and checks to see if the data is duplicated so it can eliminate copies, such as a photo that is stored, then used in a PowerPoint presentation, and later used in a company white paper. Then it "Optimizes," using a content-aware compressor and more than 100 algorithms to shrink around 500 files types, and writes the de-duped and compressed data back to disk.

The compression appliance was originally targeted at online photo-sharing sites, but now includes a batch of new file types to serve the media and entertainment, oil and gas, and medical image archive markets. New features include one-step file migration and optimization, time-sequenced file versioning and viewing, and virtual global namespaces.

Ocarina is competing in a market with a number of strong competitors, including Data Domain Inc. (Nasdaq: DDUP), NetApp Inc. (Nasdaq: NTAP), Riverbed Technology Inc. (Nasdaq: RVBD), and a host of others that offer data de-duplication. Larger storage vendors have, or will soon include, these optimization capabilities in their products, which will pose another challenge to Ocarina.

Gartner Research vice president David Russell says Ocarina's "secret sauce" is the ability to crack up proprietary and already compressed files and work its compression magic on a variety of raw formats: "A lot of vendors are already doing data de-duplication, but Ocarina is taking it a little bit further by being able to handle multiple workloads. The current state of the art in data de-duplication and data reduction is becoming compelling for users with a growing amount of data to store."

Advances in this area will be transformational, Russell believes, and the industry is just at the beginning of what it should able to accomplish in terms of shrinking data across all workloads. The challenge for these niche vendors, however, is whether they're offering a product or a feature that in the long run will be incorporated into larger storage systems. "The conventional trend in technology is that products like these end up as features," he says.

George understands that challenge and says Ocarina is prepared to go the partnership route. The company has inked deals with Hewlett-Packard Co. (NYSE: HPQ) and Isilon Systems Inc. (Nasdaq: ISLN) and expects to announce several more before year's end. "We're talking to every major file server vendor right now, and we're happy to be an arms merchant for storage vendors."

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/data-compression.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ

Data Compression for Primary Storage - Medical Imaging to benefit - September 27, 2008

Orlando Florida -- Primary data reduction startup Ocarina Networks disclosed plans at Storage Decisions this week to add data migration features, snapshots, support for virtual global namespace and file compression by industry type to its compression appliance.

The product upgrade is the first major enhancement to the Ocarina ECO System compression appliance since the startup emerged from stealth in April. Ocarina's initial launch was aimed mainly at photo-sharing websites, and now it is expanding into the entertainment, oil and gas, and medical imaging markets.

ECOmove is a new utility designed to help users migrate data from primary storage to nearline compressed archives. "Generally, data is left on Tier 2 storage only 30 to 90 days," said Carter George, vice president of products for Ocarina. "But it takes 18 months to make a movie, and some movie studios that have our product want to be able to keep all files associated with a project online for the duration of that project." Ocarina claims to be able to further compress even already compressed file formats, such as JPEGs, allowing for the retention of more multimedia data on disk.

ECOsnap creates what George called "archive-appropriate snapshots." That means "it's not copy-on-write or snapshots for backup. This reads a file and shrinks it, and then instead of storing a new shrunk file, consolidates it together with existing versions in the archive." The feature is similar to NetApp's space-efficient snapshots, but for photos. "It creates a time-sequenced archive with a time-slider user interface so that, for example, movie artists can say, 'show me this scene as it looked three months ago,'" George said.

ECO System now supports virtual global namespaces based on its ability to put pointers to compressed data in "suitcases" within a file system. The new virtual global namespace allows customers to create a "suitcase of suitcases" so they can store and manage pointers to all files in a large file system.

As Ocarina looks to branch out into new market segments, it's adding compression support for new types of files used in different industries, including AVI, Maya and RenderMan files for the entertainment industry, online seismic data applications for the oil and gas industry, and X-Ray, MRI and PET scan images for the healthcare market.

Currently, Ocarina reduces only still images with video support planned for the next release in early 2009.

Ocarina adds new storage partners

Ocarina hasn't named any customers yet, but George said the vendor is making headway adding storage partners in the NAS space, including Hewlett-Packard, Isilon and Ibrix. HP will integrate Ocarina's compression with its ExDS9100 clustered NAS system when it's released later this year. "We currently have two systems installed with Isilon and four with HP," George said.
Gartner analyst David Russell predicts Ocarina's compression won't be a standalone product for long. "[Primary storage data reduction] is a feature that over time might become like compression in tapes," he said. "Starts as a standalone product, then becomes a feature and now even the cheapest autoloader has compression – you'd probably have to look up how to turn it off."

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/data-compression.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in Cost Cutting storage, security and managed services solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, Data Domain, EMC, Hitachi, Symantec, HDS, IBM, Commvault, Xiotech and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, storage virtualization installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral Green Simpana Offerings Projects: BC DR planning Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication thin provisioning DXi Global Compression DDX virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ SSD Solid state disk SANmelody FalconStor tier zero Xiotech ISE nx4 ax4 greenBytes ZFS Sun Top 10 ROBOBak managed services hosting cloud grid Datacore Compellent compellant equallogic lefthand networks don't buy storage stop buying storage itguardian cherub networks Arkeia Network Backup appliance Data Recovery Backup Health IT Healthcare IT Digital Hospital Allscripts

Penetration Testing and Best Practices - September 16, 2008

Orlando Florida -- Penetration testing is an important means of assessing the strength of an organization’s information security program. A security system may look good from the inside, but a test is an excellent way to determine if it will hold up under pressure. These tests can range from simple port scans to all-out hacking attacks. However, since security depends on people, not just on technology, social engineering is one possible tool for use in penetration tests. Deception is a common means of breaching a security system, and a social engineering test can ascertain the strength of policies and how well employees follow those policies.

"However, the use of social engineering in penetration tests raises ethical issues because humans are being used for research purposes," says Brian McCarthy CEO and well known Security Professional for Sencilo Solutions in Lake Mary Florida. Abuses such as Nazi experiments on prisoners and the Tuskegee Syphilis Study have led to a body of widely accepted guidelines for the ethical use of human subjects in research. I will draw upon human research principles and a few sample cases to identify ethical guidelines for the use of social engineering in penetration testing.

Cases

Piggybacking: A security consultant wearing a suit and tie, and carrying a briefcase, stands at the front entrance to a corporation. He waits for an employee to unlock the door with her ID scan and follows her in.

Shoulder Surfing: A security consultant notices employees standing outside a door smoking on their break. He walks over and mills about looking over his shoulder as employees enter the keypad code to reenter the building. With that information he lets himself in.

Computer Technician: Two security consultants walk into an office wearing “Computer Doctors” jumpsuits. They tell the administrative assistant that they have an order to fix the system. The assistant says, “Mr. Smith did not tell me about this, and he’s on vacation today and can’t be reached.” They reply, “We’re booked for the next two weeks. The system is overheating and could melt down at any moment. If it burns up because we were not allowed to work on it, somebody’s going to get fired. Are you sure you didn’t forget the order?” The assistant nervously lets them in.

Bribery: A security consultant posing as a representative of another company approaches an employee outside of work and offers him $50,000 to get some memos concerning the company’s plans for a new product.

The cases described in the previous column have been deliberately ordered from least to most ethically troubling. I would argue that there are morally relevant differences between the shoulder-surfing and piggybacking cases on one hand, and the computer technicians and bribery cases on the other. For one, the latter two penetration-testing cases expose the employee being tested to significant psychological stress. The employee in the computer technician example is worried about losing his job, while the one is the bribery example is faced with an offer to do something illegal.

Moreover, the deception in the latter two cases is established by verbal manipulation. Why is this relevant? After all, all cases involve some level of misrepresentation, and we can just as easily misrepresent ourselves with our appearance and actions as we can with our words.

The difference is that when the deception is established verbally, the deceiver is plugging into deep-seated psychological triggers humans use to establish trust with others. Con men are good at playing on these triggers, and while people can be expected to follow procedures, they cannot be expected to resist the kind of psychological manipulation employed by skilled manipulator. We would say the same thing of an attractive consultant soliciting an executive to see if he would exchange sex for secrets. The enticement is unfair. Moreover, the episode will undermine the employee’s trust in the company.

There is also the question of the professionalism on the part of the consultant when he moves from providing security advice to acting. Once the deceiver starts the charade, he will not know how much acting will be needed to get the employee’s cooperation. At some point the question becomes whether the consultant is measuring the strength of the company’s security policies, or his own acting skills. The consultant has put himself or herself into a compromising situation that could undermine faith in the profession as a whole.

Finally, what is the employer going to do with the employee in the bribery case if he agrees? The employer cannot trust the employee anymore, yet if he fires the employee, he can be accused of entrapment.

The first and most obvious warning is that bad penetration testing in general is pointless unless the organization has implemented the best available security measures it can manage. Why bother testing security if even a simple vulnerability analysis or common sense assessment shows gaping holes? A penetration test of obviously flawed security is a waste of time and money.

In a Network World column published in 2000, I pointed out that deception techniques should be used only with a great deal of preparation of the staff. When preparing for a penetration test that involves social engineering, everyone in the organization should be thoroughly trained to understand the techniques of social engineering before beginning the tests.

The key points were as follows (from my article):
* The entire organization can prepare for social engineering simulations as a team; no one is subjected to attempted deception without knowing that the experience was part of a training and awareness exercise.
* Even if someone falls for a trick, the emotional effect is far less than if the same error occurred without preparation.

I think that preparing staff for the onslaught of skilled social engineers has many benefits. We can frame the exercises as a form of game or contest: who will be the best at spotting the confidence tricksters? Who will be quickest to foil their nefarious plans?

Role-playing games are an excellent way of changing beliefs, attitudes and behavior: having staff members take up the roles of social engineer and defender - and then reversing roles - is not only amusing, but it also has a long-term effect on people’s perceptions. It’s much easier to remember a social interaction we’ve experienced personally than to pay attention to abstract words. We can even turn the event into an opportunity for a good deal of fun and laughter, making security and secure behavior a positive experience instead of the usual drudgery.

Moreover, in addition to risk avoidance (reducing the likelihood of hurt feelings, frustration and anger), solid preparation can result in increased vigilance at all times. Once staff members are sensitized to the social engineering tricks they’ve experienced in role-playing games, they are more likely to recognize them in strangers. Having practiced alerting the security team to apprehended breaches, they will find it easier to take the initiative later when they spot real breaches.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/services-penetration.php
 

About Us
 

Sencilo Solutions is a Florida-based integrator specializing in network storage and information security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
 
Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Kissimmee, Lakeland, Maitland, Cape Canaveral, Lake Mary
Other products include Barracuda Networks Security RSA Encryption Cisco Decru Neoscale Compliance vs. Gartner Magic Quadrant SSL VPN SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare data leakage enVision Data Loss Prevention Encryption and Key Management CA Symantec Juniper Penetration testing Digital data forensics cyber forensics data recovery services Best Practices

 

 



headerbottomrounded