Categories

• Automation
• Compliance
• Consolidation
• Data Protection
• Networking News
• News
• RAID
• Security News
• Sencilo News
• Storage News
• Uncategorized
• Vendor News
• Virtualization

Archived by Date

• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

Connect to HealthIT News

Tier Zero Storage - Solid-state Disk technology now topping 1M IOPS - November 1, 2008

Lake Mary, Florida -- Texas Memory Systems this week unveiled its largest solid-state drive (SSD) storage system -- the RamSan-5000, a stack of 10 RamSan-500 units that can be managed centrally and the vendor claims can deliver an aggregate 1 million IOPS.
The performance figure is based on the 100,000 random read IOPS benchmark TMS claims for the RamSan-500. The RamSan-5000 stacks 10 of the devices into a 40U appliance. Each individual RamSan-500 remains a separate logical unit, but all can be managed through the same software GUI. TMS said the system uses 3,000W of power.

This management GUI provides monitoring and reporting on the system, as well as the ability to initially carve out LUNs within each device (each RamSan-500 must present at least one LUN). Then OS-based volume managers would connect those LUNs to hosts.

TMS said it has installed the system in one customer data center, though the customer has not been named or its particular application for the system identified. The customer uses the system for "a database application with high-speed ingest and a lot of people querying and accessing the system simultaneously," which is "usually the case" among SSD users, said TMS marketing director Woody Hutsell.

The RamSan-5000 costs $1.5 million, but users in performance-oriented environments will find the system cost-competitive with buying large numbers of disks to achieve high IOPS, Hutsell said. One example he cited was of a recent SPC-1 result submitted by IBM for SAN Volume Controller (SVC) 4.3, which claimed approximately 275,000 IOPS on a total of 61 TB of capacity for a price tag of $3.2 million.

"It all depends on how much capacity you need," said Brian McCarthy, CEO and President for Sencilo Solutions and leading supplier of network storage. "If you're buying 1,000 drives just for IOPS, SSDs really can be more cost-competitive [with Tier 1 arrays]."

Complicating looming SSD deployments are the Tier 1 storage array vendors who are placing SSDs behind their controllers. This allows the storage array software to position only high-priority data on the SSDs while migrating lower-priority data off SSDs to traditional hard disk drives.

With the RamSan-500, McCarthy said most rely on host-based tools, such as replication or mirroring, to provision and protect the system. However, some with SAN-based disaster recovery infrastructures have also duplicated writes to the RAM-SAN and their traditional disk array, "which is cheaper than mirroring the RamSan."

"Management software is important for SSDS to gain traction in a broader sense. I think ultimately that's the direction a lot of SSD vendors are going," McCarthy added. 

TSM is adding a new management feature called Turbo, which allows LUNs to be "locked" in battery-backed DRAM cache to boost performance of write-intensive data sets or frequently accessed metadata, such as database redo logs. The DRAM cache has redundant battery backup to protect it against a power loss and will also flush data automatically to flash disks with RAID 3 parity protection. The RamSan-5000 can accommodate between 160 GB and 640 GB of DRAM.

While this product will mainly appeal to the niche high-performance computing market for now, Storage Switzerland analyst George Crump says it's a good demonstration of the kinds of capabilities that could become mainstream in the next few years. "If you'd told me several years ago that I'd ever need hundreds of gigabytes of storage in my home, I would've thought you were nuts," he pointed out. "Today's niche could be tomorrow's general purpose application -- this system paves the way to get there."

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

About Us

Sencilo Solutions is a Florida-based integrator specializing in Cost Cutting storage, security and managed services solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, Data Domain, EMC, Hitachi, Symantec, HDS, IBM, Commvault, Xiotech and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, storage virtualization installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral Green Simpana Offerings Projects: BC DR planning Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication thin provisioning DXi Global Compression DDX virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ SSD Solid state disk SANmelody FalconStor tier zero Xiotech ISE nx4 ax4 greenBytes ZFS Sun Top 10 ROBOBak managed services hosting cloud grid Datacore Compellent compellant equallogic lefthand networks don't buy storage stop buying storage itguardian cherub networks Arkeia Network Backup appliance Data Recovery Backup Health IT Healthcare IT Digital Hospital Allscripts

---

Disaster Recovery Planning for Small Business - October 17, 2008

Orlando Florida --- The United States Small Business Administration calls small businesses the heart of the U.S. economy. According to research by the Office of Advocacy, small businesses create the majority of the nation’s new jobs and bring innovative ideas, products, and services to the marketplace. In 2007, there were nearly 32 million such organizations.

Needless to say, small businesses differ from their enterprise counterparts in many ways, from funding to infrastructure and staffing. At the same time, they also share some common challenges, including the need to ensure business continuity even in the wake of a disaster. After all, statistics paint a grim picture: half of all businesses never reopen after experiencing a catastrophic data loss and 90 percent close within two years, according to research firm Baroudi Bloor International.

What might cause significant data loss for a small business? Anything from a natural disaster to hardware or software failure, or even a simple human error, states Brian McCarthy CEO and data protection expect for Sencilo Solutions in Lake Mary Florida. Every minute that vital information or services are not accessible can put a ruinous strain on the bottom line of a “lean-and-mean” small business.

As a result, a growing number of today’s small companies are establishing and implementing a disaster recovery strategy. With best practices in place to guard against data loss and system downtime, these organizations protect business continuity and ensure rapid recovery from system crashes and other potentially disastrous events.

Back It Up

Data drives small business, and the ability to keep it always available is critical for a business’ success. To that end, organizations must regularly back up their data, using a tiered approach that saves data to disk as well as to tape for short- and long-term purposes. For quick recovery, disk is often the preferred media. For long-term storage and data archiving, tape is an effective option. Both methods play a major role in the backup strategies for many organizations.

Today’s most advanced backup tools for small businesses provide continuous data protection for an organization’s most valuable information, whether that data is on a Windows file server, a desktop or laptop, or a Microsoft Exchange, SQL, SharePoint, or other application server. New cutting edge tools have revolutionized data protection by eliminating backup windows and enabling small businesses to recover data in seconds. For example, while traditional approaches for backing up Exchange required a full data base backup and “brick level” mailbox backups, these tools offer a full, incremental, or continuous backup of Exchange and enable restores to a granular level--including down to an individual email—from a single database backup pass.

Also, because many small businesses rely on users to manually backup business-critical data to a server, a number of backup tools extend continuous disk-based protection and recovery to desktops and laptops virtually anywhere, whether in the office or on the road. For example 12,000 laptops are lost in U.S. airports each week, and two-thirds are never returned reported by absolute.com. In addition to improving data protection and efficiency, this capability enables users to restore their own files and maintains synchronization between multiple desktops and laptop so that the most up-to-date file versions are available on each computer. Users can also specify the files, email folders, and email attachments to be excluded from backups.

On-demand and pay-as-you-go data backup and restore services are increasingly popular among small businesses and can be easily utilized from anywhere through a Web browser. Software as a Service protect all files that have been selected for backup, collecting only changes to files after the initial full backup, then encrypted them and send them to be backed up at a secure off-site facility. Data can be restored using an online browser-based interface. By using this model for backup and restores, small organizations obviate the expense and hassle of dealing with support contracts and software licenses and businesses can potentially forego on the physical infrastructure needed for backup, allowing focus on their core business.

Recover It Fast

After a disaster, businesses are often left with anxieties and pressures to recover data quickly. While prevention of data loss is a must, system recovery is equally important. Traditional recovery methods, however, are cumbersome, with manual system rebuilds from bare metal taking hours or even days. Small businesses must be able to recover from system loss or disasters in minutes. What’s more, they need to be able to recover servers, desktops, or laptops to dissimilar hardware and in remote, unattended locations.

Consequently, many small businesses are also deploying system recovery tools that capture the operating system, applications, system settings, configurations, and files of a live system in a recovery point that can be saved to a wide variety of media or storage devices. An administrator can schedule how often data recovery points are created and can retain specific recovery points for different time periods in accordance with business needs.

Virtualization can help small businesses better leverage their disaster recovery strategy. With server virtualization technology, multiple operating systems can be run on a single server, which enables organizations to consolidate servers and make better use of existing hardware resources. This is particularly beneficial for organizations such as small businesses that typically lack a spare system to which to restore data.

Better yet, a growing number of disaster recovery tools actually streamline the process of converting physical recovery points to virtual servers, and vice versa. With these solutions, small business can easily and reliably convert entire systems at once or selective volumes at a time.

Finally, small businesses often work with a value-added reseller in assessing the organization’s disaster recovery strategy. These trusted, tech savvy advisors can offer invaluable guidance in selecting the most appropriate tools to support their client’s disaster recovery efforts.

As today’s data-driven global marketplace evolves, information volumes will continue to increase. At the same time, natural disasters, power outages, application failures, system crashes, and other potentially damaging events will likely remain a challenge for businesses of all sizes. Human error will never be eliminated. And downtime will likely become less rather than more acceptable.

Disaster recovery planning, in turn, will become a greater priority for small businesses as well as large enterprises. By leveraging next-generation data and system protection tools and service offerings, small businesses can prepare for disasters, allowing them to minimize downtime, and ensure efficient and rapid recovery.

 

Sencilo Solutions suggestion of top 5 tips for developing a Disaster Recovery Strategy:

1. Document!

Every element of your DR process is important. Make sure everything is documented and ensure it includes the locations of system and other critical disks and data. Key staff members—within IT and other areas of the organization—should be familiar with these documented storage locations.

2. Automate Processes

Establish an automated system to notify critical staff of a disaster by text, phone or email. Train your staff on the system to perform basic DR/back-up tasks unsupervised. Symantec recommends enterprises have a complete disk-based data protection solution across all environments, offices and hardware.

3. Back It Up

Backing up critical data seems like a no brainer. But if you neglect to do so, no matter how good your DR plan is it will be of no use. Don’t just back it up—test it!

4. Protect from the Inside

Internal theft is on the rise and usually undetected. Be sure to protect your company from random theft, vandalism and employee malice. Be aware of the data location, where it is sorted and where it is going. Place controls to automatically safeguard the data, according to corporate policy, like implementing a corporate policy that all traveling laptops are backed up.

5. Practice Makes Perfect…almost

Practice your DR plan on a quarterly basis, better yet, more frequently. This will strengthen your organization’s skills, help you figure out more efficient logistics, work out kinks in your system and give you the confidence that your plan will work in testing.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/back-up-restore.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in Cost Cutting storage, security and managed services solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, Data Domain, EMC, Hitachi, Symantec, HDS, IBM, Commvault, Xiotech and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, storage virtualization installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral Green Simpana Offerings Projects: BC DR planning Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication thin provisioning DXi Global Compression DDX virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ SSD Solid state disk SANmelody FalconStor tier zero Xiotech ISE nx4 ax4 greenBytes ZFS Sun Top 10 ROBOBak managed services hosting cloud grid Datacore Compellent compellant equallogic lefthand networks don't buy storage stop buying storage itguardian cherub networks Arkeia Network Backup appliance Data Recovery Backup Health IT Healthcare IT Digital Hospital Allscripts

---

HP and Ocarina Networks now offering Primary Storage Compression via Sencilo Solutions - October 17, 2008

Lake Mary, Florida -- Ocarina Networks today announced that it will implement its content-aware compression and deduplication for primary storage to optimize the storage capacity of the HP family of Scalable Network Attached Storage (NAS) platforms, including the HP StorageWorks 9100 Extreme Data Storage System (ExDS9100).

Ocarina's software stack for HP Scalable NAS offerings includes content-aware deduplication for primary storage, content-aware compression, as well as ECOsnap content-aware snapshots, allowing a customer to use the HP Scalable NAS offerings as a massive time-sequenced repository with as much as 200:1 data reduction over time. The resulting solution will include features unique for HP Scalable NAS products, including time-sequenced snapshots, metadata acceleration, and a global namespace that allows multiple HP Scalable NAS platforms to look like one larger pool of storage.

Ocarina is a leader in building storage features that use data reduction to deliver complete capacity optimized storage, says Brian McCarthy CEO and well known Storage Expert for more then 25 years. In customer implementations, Ocarina's storage optimization technology has helped customers store ten times more data on storage they already own, says McCarthy. Ocarina's award-winning self-optimizing, content-aware dedupe solution will support Scalable NAS products, offering customers comparable improvements in storage efficiency on a single integrated platform, unlike a Data Domain which requires propriety disks and complex electronics. 

HP StorageWorks NAS is part of the Ocarina ECOsphere, Ocarina's optimized storage partner program for combining Ocarina technologies with partner storage offerings to create capacity optimized storage solutions for customers.

"Ocarina's content-aware offerings coupled with the HP Extreme Data Storage solution represents a major step forward in addressing storage needs for online and digital media businesses," said Murli Thirumale, CEO of Ocarina Networks. "The combination of our primary storage dedupe and compression solution with HP's ExDS9100 forms a true capacity optimized Scalable NAS solution."

Integrated Platform Nails Dedupe for Primary Data

Unstructured data -- rich media files, email, compound business documents and PDF files -- pose a problem for simple dedupe solutions. Ocarina's content-aware solution is able to achieve results on these and other image-rich file types where traditional dedupe may disappoint. As a result, Ocarina is able to address the capacity optimized storage needs of markets like large Web 2.0 sites, seismic archives for oil/gas companies, image archives for healthcare, post-production graphics for movie studios and game developers, as well as the needs of the broad file/print marketplace. 

Ocarina's compression solution, which can run directly on up to all 16 blades of an HP ExDS9100 storage platform, offers up to 10:1 in initial data reduction on already compressed file types that are driving massive storage growth. When running Ocarina ECOsnap to create a time-sequenced repository, data reduction can climb to as much as 200:1.

"While data deduplication has transformed the way that backups are made and stored, the benefits of data reduction for archival and primary data could be significant as well," said Dave Russell, research vice president at Gartner. "The marketplace is ready for solutions that use data reduction techniques to address the capacity issues of all types of data. The idea of compression and dedupe integrated directly into the storage is one that many customers are going to find compelling."

The Ocarina-HP StorageWorks NAS Solution

Ocarina's technology will deliver three features for HP's Extreme Data Storage platform:
--  Ocarina ECOsnap: This time-sequenced hyper-compressed repository
    snapshot feature means users can keep a once-a-day snapshot of all their
    files for as much as ten years worth of data in a very small storage
    footprint. ECOsnap can extend Ocarina's 10:1 data reduction on the first
    snap of a set of files to up to 200:1 data reduction across a set of
    snapshots taken every day over a period of time.
--  Ocarina NameSpace: This feature allows a set of file systems to appear
    as one large volume, giving users a nearly unlimited pool of storage, which
    will appear as a unified, self-optimizing repository.
--  Ocarina Metadata Accelerator: This feature accelerates metadata
    performance for listing files and directories in a large repository.
   
Ocarina's relationship with HP includes a porting effort by Ocarina, as well as mutual support and escalation to ensure customers of the combined solution receive the support they need. Ocarina Storage Optimization solutions will be sold by Ocarina to be installed on HP Scalable NAS products, including the HP ExDS9100, as a validated application.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/data-compression.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in Cost Cutting storage, security and managed services solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, Data Domain, EMC, Hitachi, Symantec, HDS, IBM, Commvault, Xiotech and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, storage virtualization installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral Green Simpana Offerings Projects: BC DR planning Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication thin provisioning DXi Global Compression DDX virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ SSD Solid state disk SANmelody FalconStor tier zero Xiotech ISE nx4 ax4 greenBytes ZFS Sun Top 10 ROBOBak managed services hosting cloud grid Datacore Compellent compellant equallogic lefthand networks don't buy storage stop buying storage itguardian cherub networks Arkeia Network Backup appliance Data Recovery Backup Health IT Healthcare IT Digital Hospital Allscripts

---

Tips on Consolidation, Dedupe, Data Reduction & Other Ways To Make The Most Of Your Storage - September 28, 2008

Orlando Florida -- With today’s challenging budgets, it’s becoming increasingly difficult to secure the dollars needed to procure new technologies. But some technologies are too essential for the enterprise, leaving little wiggle room for skimping on resources for these technologies.  Also by working with a vendor that has a working knowlege of what it takes to consolidate, automate, protect and make sure you are in compliance with your data.

Take storage, for example: An increasing dependence on storage within the enterprise and its importance in meeting regulatory data storage and archival requirements mean that, even under the onslaught of budget challenges, enterprises cannot afford to take monetary shortcuts with their storage infrastructures, says Brian McCarthy President of Storage Reseller Sencilo Solutions in Lake Mary, Florida.

So, what’s Joe Administrator to do when management clamors for budget cuts even as requirements for maintaining storage infrastructures continue to increase? Well, one general solution is to leverage new storage technologies that allow administrators to get more out of their existing storage assets. And thankfully, there are a number of approaches that allow administrators to wring more returns out of their existing storage assets.

What, then, are the main challenges facing administrators today when it comes to storage? Most experts agree that one of the main challenges is the ongoing growth of data. Tom Grave, director of product management for Diligent Technologies (www.diligent.com), a wholly owned subsidiary of IBM, says handling rapid data growth; managing costs, backup, and recovery operations; and implementing offsite data protection are all challenges administrators are facing. In addition, he adds, recent trends in regulation and compliance are also playing a larger role. Resources are also an issue: According to Christophe Guittenit, founder and CTO of Seanodes (www.seanodes.com), today’s primary challenge for administrators is dealing with flat budgets as storage needs continue to increase.

Reclaim Unused Space

One way to get more out of existing storage assets is to ensure those assets are fully utilized. In terms of storage, the internal disks in application servers are usually unused, says Guittenit, who adds, “This requires the addition of new storage hardware frequently, both network dedicated to storage and disk arrays.” One way to do this is by using technologies that allow administrators to reclaim the large untapped storage capacity embedded in application servers to cover storage needs. Typically, this type of technology works by using software to convert internal disks and direct-attached storage into shared storage that can be used to store more data.

Andrew Mapp says this approach reclaims bought and unused storage capacity in application servers and turns them into a highly efficient, reliable, virtual networked storage device. In essence, this approach enables the use of heretofore untapped sources of storage in the enterprise: It’s all about making use of what’s already readily available within enterprise server internal disks and DAS.

The SME Challenge

One of the main challenges for SMEs is a lack of time and attention, due to the fact that SMEs lack the IT resources to scale up their business for maximum operational efficiency and better performance, says michael Eitenbichler. This, he adds, is necessary as the need to store more data becomes essential in order to stay competitive. So, even though most companies are now managing more than 30 times the amount of data they had less than 10 years ago, this means more data to manage and more complex technologies to learn.

“Ongoing administration and maintenance of the existing storage infrastructure can consume the lion’s share of most organizations’ IT budgets and time,” says Eitenbichler. And, he adds, with budgets remaining flat and data requirements increasing, the need for better storage resource management has become a business priority.

Eitenbichler points to five major methods administrators can use to reduce the costs of managing their existing storage assets and protecting their data: consolidation, centralized backup, deduplication, thin provisioning, and data life cycle management (see the “Managing & Protecting Data Cost-Effectively” sidebar for more information).

Saving Space

Quantum Corp.’ Grave says two technologies at the top of the list of approaches that help users do more with their existing storage infrastructures are deduplication and virtualization. Deduplication technologies find and eliminate redundant data within a storage repository, adds Grave, so the primary value proposition of deduplication is to maximize storage utilization.

In fact, says Carter George, vice president of products with Ocarina Networks (www.ocarinatech.com), data reduction techniques such as compression, deduplication, and more advanced storage optimization can allow an administrator to store as much as 10 times more data on the storage that they already have. For example, adds George, administrators can use caching and the use of memory for file-based storage, while solid-state disks are poised to emerge as the fastest drives in a storage system.

In terms of utilization, adds George, the keys are better utilization of free space and better utilization of the space needed for data. “The key technology for free space management is thin provisioning,” he adds. This technology, says George, virtualizes the view of disk space to users and allows free space to be allocated and managed more efficiently. He adds that storage optimization is the key technology for utilization of the space needed for data storage. By using this technology, users can shrink existing files by as much as 90%, thus enabling the storage of up to 10 times more data on disks already owned by the enterprise.

Improving Performance

Beyond utilization, all administrators also want to improve the performance of their storage infrastructures. Jon Affeld, senior director of product marketing at BlueArc (www.bluearc.com), points to a number of techniques that can be used to enhance performance, including striping, tiering, caching, and upgrading.

Striping data across LUN groups and disk arrays allows administrators to do more work in parallel and bring more resources to bear for specific tasks, adds Affeld. An example, he says, is a database striped across several hundred disk drives all acting as a logical unit.

Tiering means creating different tiers of disk media and storage arrays optimized to different tasks, he adds. The use of caching technology to preload commonly used data and files can deliver speedier access. Finally, he emphasizes, upgrading to the latest firmware or technology possible for existing equipment can also improve performance.

“Look for products that are modular, easily scalable, and allow upgrading with data in place and minimal disruption to service,” says Affeld.

At the end of the day, there are a number of technologies that can enable administrators to get more from what they already have in place. In a sense, the challenge for administrators has moved beyond figuring out which primary storage solutions to choose to determining what technologies are required to effectively manage and enhance the performance and utilization of what’s already in place. 

Managing & Protecting Data Cost-Effectively

Brian McCarthy of Sencilo solutions (www.sencilo.com) points to a list of five methods SME customers should focus on to reduce the costs of managing and protecting data:

1. Consolidation. Moving data onto centralized storage systems can help administrators avoid the fragmented capacity that leads to extra maintenance work, low disk utilization, and huge backup headaches.

2. Centralized backup. SMEs should look at disk-to-disk-to-tape backup solutions that initially store data on disk drives and eventually migrate it to tape for long-term data retention. Ensuring successful backups on a nightly basis is “mission-critical,” says Eitenbichler.

3. Deduplication. Using de-duplication allows administrators to drastically reduce the amount of data stored on disk-based backup systems at data reduction ratios of 20:1 or even 40:1.

4. Thin provisioning. This technique eliminates wasted capacity by automatically sizing storage capacity needed by application requirements.

5. Data life cycle management. It sounds simple, but keeping an inventory of storage devices onsite, available capacity, and growth trends can allow administrators to delay additional purchases for several months. 
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/data-compression.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ

---

Best Practices for Data Reduction - Ocarina Networks - September 27, 2008

 Storage optimization vendor says its ECO System delivers 10:1 data reduction ratios

Tampa Florida -- The explosion of data and storage, and the requirement that information be stored in an economical manner that allows for easy retrieval and recovery has fueled a boom in tools and tactics to compress, de-dupe, and generally reduce the amount that is being dumped on disk drives, tapes, and other types of storage systems.

Data reduction startup Ocarina Networks , which emerged from stealth mode earlier this year, has expanded its ECO System storage optimization offering with a host of new features and the ability to shrink a wider range of file types in order to appeal to more companies and industries. It promises to deliver a 10-to-1 reduction in the data footprint of files.

"We shrink things more than any other competing technology," boasted Carter George, vice president of products and technology, to Byte and Switch, "and we do it with your existing storage technology and processes. We work on the files you already have and on the technology you already have."

Ocarina takes a three-step ECO process to compress files. Carter says most files like email, photos, videos, music, and every document created in Microsoft Office are already compressed when they're saved, and it's hard to shrink files that have already been compressed. So Ocarina identifies a file type and decompresses it to its original raw format in a process it calls "Extract," which is done in the background and can be managed through policies. It then "Correlates" and checks to see if the data is duplicated so it can eliminate copies, such as a photo that is stored, then used in a PowerPoint presentation, and later used in a company white paper. Then it "Optimizes," using a content-aware compressor and more than 100 algorithms to shrink around 500 files types, and writes the de-duped and compressed data back to disk.

The compression appliance was originally targeted at online photo-sharing sites, but now includes a batch of new file types to serve the media and entertainment, oil and gas, and medical image archive markets. New features include one-step file migration and optimization, time-sequenced file versioning and viewing, and virtual global namespaces.

Ocarina is competing in a market with a number of strong competitors, including Data Domain Inc. (Nasdaq: DDUP), NetApp Inc. (Nasdaq: NTAP), Riverbed Technology Inc. (Nasdaq: RVBD), and a host of others that offer data de-duplication. Larger storage vendors have, or will soon include, these optimization capabilities in their products, which will pose another challenge to Ocarina.

Gartner Research vice president David Russell says Ocarina's "secret sauce" is the ability to crack up proprietary and already compressed files and work its compression magic on a variety of raw formats: "A lot of vendors are already doing data de-duplication, but Ocarina is taking it a little bit further by being able to handle multiple workloads. The current state of the art in data de-duplication and data reduction is becoming compelling for users with a growing amount of data to store."

Advances in this area will be transformational, Russell believes, and the industry is just at the beginning of what it should able to accomplish in terms of shrinking data across all workloads. The challenge for these niche vendors, however, is whether they're offering a product or a feature that in the long run will be incorporated into larger storage systems. "The conventional trend in technology is that products like these end up as features," he says.

George understands that challenge and says Ocarina is prepared to go the partnership route. The company has inked deals with Hewlett-Packard Co. (NYSE: HPQ) and Isilon Systems Inc. (Nasdaq: ISLN) and expects to announce several more before year's end. "We're talking to every major file server vendor right now, and we're happy to be an arms merchant for storage vendors."

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/data-compression.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ

---

Data Compression for Primary Storage - Medical Imaging to benefit - September 27, 2008

Orlando Florida -- Primary data reduction startup Ocarina Networks disclosed plans at Storage Decisions this week to add data migration features, snapshots, support for virtual global namespace and file compression by industry type to its compression appliance.

The product upgrade is the first major enhancement to the Ocarina ECO System compression appliance since the startup emerged from stealth in April. Ocarina's initial launch was aimed mainly at photo-sharing websites, and now it is expanding into the entertainment, oil and gas, and medical imaging markets.

ECOmove is a new utility designed to help users migrate data from primary storage to nearline compressed archives. "Generally, data is left on Tier 2 storage only 30 to 90 days," said Carter George, vice president of products for Ocarina. "But it takes 18 months to make a movie, and some movie studios that have our product want to be able to keep all files associated with a project online for the duration of that project." Ocarina claims to be able to further compress even already compressed file formats, such as JPEGs, allowing for the retention of more multimedia data on disk.

ECOsnap creates what George called "archive-appropriate snapshots." That means "it's not copy-on-write or snapshots for backup. This reads a file and shrinks it, and then instead of storing a new shrunk file, consolidates it together with existing versions in the archive." The feature is similar to NetApp's space-efficient snapshots, but for photos. "It creates a time-sequenced archive with a time-slider user interface so that, for example, movie artists can say, 'show me this scene as it looked three months ago,'" George said.

ECO System now supports virtual global namespaces based on its ability to put pointers to compressed data in "suitcases" within a file system. The new virtual global namespace allows customers to create a "suitcase of suitcases" so they can store and manage pointers to all files in a large file system.

As Ocarina looks to branch out into new market segments, it's adding compression support for new types of files used in different industries, including AVI, Maya and RenderMan files for the entertainment industry, online seismic data applications for the oil and gas industry, and X-Ray, MRI and PET scan images for the healthcare market.

Currently, Ocarina reduces only still images with video support planned for the next release in early 2009.

Ocarina adds new storage partners

Ocarina hasn't named any customers yet, but George said the vendor is making headway adding storage partners in the NAS space, including Hewlett-Packard, Isilon and Ibrix. HP will integrate Ocarina's compression with its ExDS9100 clustered NAS system when it's released later this year. "We currently have two systems installed with Isilon and four with HP," George said.
Gartner analyst David Russell predicts Ocarina's compression won't be a standalone product for long. "[Primary storage data reduction] is a feature that over time might become like compression in tapes," he said. "Starts as a standalone product, then becomes a feature and now even the cheapest autoloader has compression – you'd probably have to look up how to turn it off."

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/data-compression.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in Cost Cutting storage, security and managed services solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, Data Domain, EMC, Hitachi, Symantec, HDS, IBM, Commvault, Xiotech and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, storage virtualization installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral Green Simpana Offerings Projects: BC DR planning Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication thin provisioning DXi Global Compression DDX virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ SSD Solid state disk SANmelody FalconStor tier zero Xiotech ISE nx4 ax4 greenBytes ZFS Sun Top 10 ROBOBak managed services hosting cloud grid Datacore Compellent compellant equallogic lefthand networks don't buy storage stop buying storage itguardian cherub networks Arkeia Network Backup appliance Data Recovery Backup Health IT Healthcare IT Digital Hospital Allscripts

---

Penetration Testing and Best Practices - September 16, 2008

Orlando Florida -- Penetration testing is an important means of assessing the strength of an organization’s information security program. A security system may look good from the inside, but a test is an excellent way to determine if it will hold up under pressure. These tests can range from simple port scans to all-out hacking attacks. However, since security depends on people, not just on technology, social engineering is one possible tool for use in penetration tests. Deception is a common means of breaching a security system, and a social engineering test can ascertain the strength of policies and how well employees follow those policies.

"However, the use of social engineering in penetration tests raises ethical issues because humans are being used for research purposes," says Brian McCarthy CEO and well known Security Professional for Sencilo Solutions in Lake Mary Florida. Abuses such as Nazi experiments on prisoners and the Tuskegee Syphilis Study have led to a body of widely accepted guidelines for the ethical use of human subjects in research. I will draw upon human research principles and a few sample cases to identify ethical guidelines for the use of social engineering in penetration testing.

Cases

Piggybacking: A security consultant wearing a suit and tie, and carrying a briefcase, stands at the front entrance to a corporation. He waits for an employee to unlock the door with her ID scan and follows her in.

Shoulder Surfing: A security consultant notices employees standing outside a door smoking on their break. He walks over and mills about looking over his shoulder as employees enter the keypad code to reenter the building. With that information he lets himself in.

Computer Technician: Two security consultants walk into an office wearing “Computer Doctors” jumpsuits. They tell the administrative assistant that they have an order to fix the system. The assistant says, “Mr. Smith did not tell me about this, and he’s on vacation today and can’t be reached.” They reply, “We’re booked for the next two weeks. The system is overheating and could melt down at any moment. If it burns up because we were not allowed to work on it, somebody’s going to get fired. Are you sure you didn’t forget the order?” The assistant nervously lets them in.

Bribery: A security consultant posing as a representative of another company approaches an employee outside of work and offers him $50,000 to get some memos concerning the company’s plans for a new product.

The cases described in the previous column have been deliberately ordered from least to most ethically troubling. I would argue that there are morally relevant differences between the shoulder-surfing and piggybacking cases on one hand, and the computer technicians and bribery cases on the other. For one, the latter two penetration-testing cases expose the employee being tested to significant psychological stress. The employee in the computer technician example is worried about losing his job, while the one is the bribery example is faced with an offer to do something illegal.

Moreover, the deception in the latter two cases is established by verbal manipulation. Why is this relevant? After all, all cases involve some level of misrepresentation, and we can just as easily misrepresent ourselves with our appearance and actions as we can with our words.

The difference is that when the deception is established verbally, the deceiver is plugging into deep-seated psychological triggers humans use to establish trust with others. Con men are good at playing on these triggers, and while people can be expected to follow procedures, they cannot be expected to resist the kind of psychological manipulation employed by skilled manipulator. We would say the same thing of an attractive consultant soliciting an executive to see if he would exchange sex for secrets. The enticement is unfair. Moreover, the episode will undermine the employee’s trust in the company.

There is also the question of the professionalism on the part of the consultant when he moves from providing security advice to acting. Once the deceiver starts the charade, he will not know how much acting will be needed to get the employee’s cooperation. At some point the question becomes whether the consultant is measuring the strength of the company’s security policies, or his own acting skills. The consultant has put himself or herself into a compromising situation that could undermine faith in the profession as a whole.

Finally, what is the employer going to do with the employee in the bribery case if he agrees? The employer cannot trust the employee anymore, yet if he fires the employee, he can be accused of entrapment.

The first and most obvious warning is that bad penetration testing in general is pointless unless the organization has implemented the best available security measures it can manage. Why bother testing security if even a simple vulnerability analysis or common sense assessment shows gaping holes? A penetration test of obviously flawed security is a waste of time and money.

In a Network World column published in 2000, I pointed out that deception techniques should be used only with a great deal of preparation of the staff. When preparing for a penetration test that involves social engineering, everyone in the organization should be thoroughly trained to understand the techniques of social engineering before beginning the tests.

The key points were as follows (from my article):
* The entire organization can prepare for social engineering simulations as a team; no one is subjected to attempted deception without knowing that the experience was part of a training and awareness exercise.
* Even if someone falls for a trick, the emotional effect is far less than if the same error occurred without preparation.

I think that preparing staff for the onslaught of skilled social engineers has many benefits. We can frame the exercises as a form of game or contest: who will be the best at spotting the confidence tricksters? Who will be quickest to foil their nefarious plans?

Role-playing games are an excellent way of changing beliefs, attitudes and behavior: having staff members take up the roles of social engineer and defender - and then reversing roles - is not only amusing, but it also has a long-term effect on people’s perceptions. It’s much easier to remember a social interaction we’ve experienced personally than to pay attention to abstract words. We can even turn the event into an opportunity for a good deal of fun and laughter, making security and secure behavior a positive experience instead of the usual drudgery.

Moreover, in addition to risk avoidance (reducing the likelihood of hurt feelings, frustration and anger), solid preparation can result in increased vigilance at all times. Once staff members are sensitized to the social engineering tricks they’ve experienced in role-playing games, they are more likely to recognize them in strangers. Having practiced alerting the security team to apprehended breaches, they will find it easier to take the initiative later when they spot real breaches.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/services-penetration.php
 

About Us
 

Sencilo Solutions is a Florida-based integrator specializing in network storage and information security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
 
Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Kissimmee, Lakeland, Maitland, Cape Canaveral, Lake Mary
Other products include Barracuda Networks Security RSA Encryption Cisco Decru Neoscale Compliance vs. Gartner Magic Quadrant SSL VPN SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare data leakage enVision Data Loss Prevention Encryption and Key Management CA Symantec Juniper Penetration testing Digital data forensics cyber forensics data recovery services Best Practices

 

 

---

What Data Domain does not want you to know about - Storwize Primary Storage Compression Appliances - August 19, 2008

Orlando Florida – Storwize Inc., the only provider of real-time primary storage data compression solutions, today introduced the next generation edition of its award-winning STN-6000™ product family. The Storwize P Series encompasses a family of products tailored for different customer environments, ranging from entry-level operations, to data center environments with tens of thousands of users in the most data-intensive industries, as well as oil and gas exploration and financial services.
Storwize has transitioned to a 64-bit architecture and is rolling out its high end appliance, the STN-6800p completing its solutions coverage for all market segments. The STN-6800p is designed to work with large-scale enterprise storage platforms such as the NetApp FAS6070 and the EMC Celerra NSX.

The three P Series models are application agnostic and provide optimized solutions across a range of environments:
•  STN-6300p is the company’s entry-level model providing the same availability, reliability and efficiency of higher-end models
•  STN-6500p is optimized for enterprise environments
•  STN-6800p expands enterprise functionality to high-end environments performing large file processing on huge volumes of files

All three new models are also available in an optional High Availability configuration, which provides the highest level of mission critical information availability and ensures data integrity and business continuity.

“The P Series platform addresses all the distinct user requirements for cost, performance and application optimization across the full spectrum of IT users,” said Gal Naor, Storwize CEO. “Storwize now offers end to end solutions to all market segments from entry-level to high performance computing data center environments yielding dramatic data foot print reductions regardless of the vertical or data type at stake. Our customer successes validate the maturity, leadership and industry recognition that Storwize has well earned by creating the primary optimization market.”

According to Brian McCarthy President and a 25 year Storage veteran for Sencilo solutions of Orlando Florida, “Without question, Storwize is leading the way for primary storage capacity optimization and the P Series enhancements certainly raise the performance bar for this class of products. Most of the attention about data reduction technologies has been focused on secondary storage platforms but given the vast amounts of storage that companies are still struggling to manage, the substantial cost benefits of properly applied primary compression should cause IT departments everywhere to take a hard look at the advantages of the new STN-6000 Series.” 

The Storwize family of real-time compression appliances allows companies to extend the lifecycle of their data center. All appliances in the Series are transparent to end users and applications, ensure data integrity and are vendor-agnostic. Simple plug-and-play, the P Series products are complementary to other solutions and technologies intended to reduce storage consumption, such as de-duplication, virtualization and thin provisioning.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/data-compression.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ

---

How to deal with SQL Injection Attacks - August 17, 2008

Orlando Florida -- It’s not like SQL injection attacks are new. They go back to at least late 2004, when they appeared in Europe and Asia.  A German TV station was attacked, then a Taiwanese security magazine.  In 2006, Russian hackers broker into a Rhode Island government website and stole credit card data.

The attacks were proliferating.  In 2007, a hacker defaced the Microsoft UK web site.  Later on that year, the UN website was defaced with a SQL injunction attack.  Have they no shame?

In January 2008, tens of thousands of PC websites were defaced by automated SQL injection attacks that exploited the vulnerability of Microsoft SQL server.

In April 2008, the social security numbers of the sex offenders on the Sexual Offender Registry of Oklahoma were stolen by an injection attack.

In May 2008, a server farm in China used automated queries to Google’s search engine to identify SQL server websites that were vulnerable.

In July 2008, the Malaysian site for Kaspersky, a Russian computer security company, was hacked using a SQL injection.

From April 2008 to the present, there have been increasing SQL injection attacks exploiting the SQL injection vulnerability of Microsoft Internet Information Services and SQL server.

HOW THE INJECTION ATTACK WORKS

These attacks don’t require the hacker to have access to the server or, for that matter, the names of database fields.  The attack is on all text fields in all tables with a single hacked SQL request.  The attack attaches an html string to each field that activates a malware javascript file called from a remote location.  When that value is later displayed to a user of the hacked site, the script tries to gain control over the user’s system.  When in fact the purchase of a a Barracuda Web Site Firewall protects Web applications and Web services from malicious attacks, and can also increase the performance and scalability of these applications. The Barracuda Web Site Firewall offers every capability needed to deliver, secure and manage enterprise Web applications from a single appliance through an intuitive, real-time user interface.

The number of exploited web pages is estimated at 500,000 so far, and growing daily.  These attacks are across the board, against government sites and well as commercial sites, and against open source SQL as well as Microsoft SQL.  The attacking mechanisms can be manual or by automated spiders or by modified versions of popular software such as QuickTime and RealPlayer.

SQL is a rich and complex language, so there are many techniques by which the attack can be accomplished.  The common approach is for the hacker to modify a variable being passed from the user’s browser URL address line or from a form on the browser to a SQL search string which is being processed on the website.

With this approach, hackers or their automated spiders can inject draconian instructions into the SQL commands written for the site, and these can do any number of awful things, like stealing all the data from the SQL database, destroying the database altogether or modifying the records by adding references to remote malware that spreads the attack through innocent visitors using the site, in a kind of Trojan horse virus.

HOW DO YOU KNOW YOU’VE BEEN HIT

Don’t think you’re somehow exempt.  If you’re using SQL in any form you’re vulnerable.  Most websites are data driven these days, and most of those use SQL in one form or another.  The hackers and their spiders may very well visit an attack on your site any time.

It goes without saying you need to back up your SQL database, all of it, every day and keep those backups for perhaps a longer period of time than before.  If you have 10 days of backup but you don’t watch your site and 10 days go by, you won’t have a useable backup and you’ll be SOL.

How do you know you’ve been attacked?  "Well, the data on your screen is truncated and you get strange characters like hanging apostrophes and angle brackets on your screen where database information ought to be.  Sometimes you get wise guy jokes there too.  Don’t click on what appear to be links - that’ll get you in more trouble and infect your machine too", says Brian McCarthy President of a Security VAR in Central Florida Sencilo Solutions.

HOW TO DEAL WITH THEM

If you’ve been attacked, you need to go to Internet Information Services (IIS) on your server and cut user connections, and stop the site.  Then you need to find a good backup file to restore your database.  For that, you need to figure out when the attack happened so you can use a backup from before it happened.  "If you don’t have a good backup, you’ll probably have to clean the database manually to recover the data for your site," says McCarthy. 

That means stripping out all the bad values and references that were injected.  You have to painstakingly go through every field, record and table.  In a big database, this can take forever, and it’s tedious and gut-wrenching work.  Worse, it may not be a complete solution.  The injection values are usually injected at the end of the existing values in the field, but if the injection values are longer than the field, they may write over the existing values, and that means the original data is lost.

When you’re done, you would turn IIS back on and see if you’ve done a good job, and whether there is some other gift they left for you.  You don’t know until you bring the site up again and watch it work.

There are some scripts out there that say they can reverse the attack and clean the injected values out of your database. Here’s an example:

http://hackademix.net/2008/04/26/mass-attack-faq/#webdev

Different hackers inject different values, so there’s no guarantee that this will work.

Even assuming you can restore your database, you could have another attack any time with similar result.  So if you have a good backup file of your database, make a protected copy of it for future use if necessary.

CLOSING THE VULNERABILITIES

Beyond that, you or your web designers need to close the vulnerabilities.  You can do that in a variety of ways, all of which involve new coding.  Go slowly and carefully, file by file, so you do it right and don’t miss anything.

When you recode, you need to write routines to clean all the parameters that are being fed into your SQL queries.  To do this, you need to strip out any questionable SQL commands that could be part of an injection attack, including DECLARE, SELECT, SET, CAST, DROP, EXEC,”;”, “–”, INSERT, DELETE, XP_, VARCHAR and CHAR, among others.

WILL WE EVER CATCH THESE GUYS

Maybe not be in the meant time the Barracuda Web Site Firewall is a complete and powerful security solution for Web applications and Web sites. The Barracuda Web Site Firewall provides award-winning protection against hackers leveraging protocol or application vulnerabilities to instigate data theft, denial of service or defacement of your Web site.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
 
Sencilo Solutions is a Florida-based integrator specializing in network storage and information security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, RSA, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
 
Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Kissimmee, Lakeland, Maitland, Cape Canaveral, Lake Mary

Other products include Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp Compliance vs. Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare data leakage enVision Data Loss Prevention Encryption and Key Management CA Symantec Juniper Symantec Norton SPAM

---

NetApp Adds De-Dupe Capabilities for Primary Storage but Storwize has something Better - August 5, 2008

Orlando Flordia --Network Appliance (NSDQ:NTAP) this week is bringing its data de-duplication technology to a wider channel and customer base by making it available for use with a wide range of data management applications.
De-duplication, also called "de-dupe," removes duplicate information as data is backed up or archived. It can be done on the file level, where duplicate files are replaced with a marker pointing to one copy of the file, and/or at the sub-file or byte level, where duplicate bytes of data are removed, resulting in a significant decrease in storage capacity requirements.

NetApp has had de-dupe technology for a couple of years as part of the NetApp advanced single-instance storage (A-SIS) technology for its NearStore and FAS storage systems, said Ravi Thota, director of the vendor's product marketing for data protection and retention.

A-SIS was part of the company's SnapVault for NetBackup, an application on which it cooperated with Symantec (NSDQ:SYMC). However, Thota said, it was limited to the NetBackup environment only.

Starting this week, however, NetApp is making de-dupe available on its FAS and its NearStore R200 storage systems regardless of which data management software is used, Thota said.

"It has been tested with CommVault, but works with others," he said. "And it works not just with backups, but with archival and primary storage, and it works in both file and block environments."

When used with a NetApp storage device, the software enables de-dupe of data once it arrives at the device, Thota said. Because de-dupe is done at the storage device, it can work with any vendor's software, he said.

Merrill Likes, president of UpTime, an Edmond, Okla.-based NetApp solution provider, said he is glad to see NetApp finally opening its de-dupe technology to non-NetBackup environments. "It will be very important with VTL (virtual tape library) technology going forward," Likes said. But not all resellers agree, Brian McCarthy President of Sencilo Solutions and 30 year storage veteran says "several of his NetApp customer have turned off A-SIS sighting very poor performance and data recovery issues."  NetApp is just trying to play catch up and is doing a very poor job at it, says McCarthy.

However, Likes said he expects his customers to focus de-dupe on secondary storage for now, and stay away from using it with primary storage until the technology has a chance to prove itself, to this McCarthy agrees.  NetApp is actually letting customers know this in a written bulletin and asking them to sign it, that they are a where of low performance issues."

"If de-dupe is used on primary storage, there will be overhead when rebuilding the data if there is a problem," he said. "Secondary storage provides fairly linear access to data, but on primary storage, there is more random access to the data."

The de-dupe feature is available free-of-charge on NetApp's NearStore R200 appliance, and as a $3,000 option for its FAS appliances.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/data-compression.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection StorageX Brocade FAQ

---