|Read the Digest in
You need the free
In this issue:
Browse through our useful links.
See our article archive for complete articles.
Sign up for your free subscription.
Visit our Continuous Availability Forum.
Check out our seminars.
Check out our writing services.
Check out our consulting services.
When Do Security and Availability Overlap?
What does system security have to do with availability? We certainly attribute data theft to security vulnerabilities, but that doesn’t affect the availability of a system. The system continues to provide services to its users even as the security attack is underway.
However, there are many cases in which security attacks can affect the availability of systems. DDoS (Distributed Denial of Service) attacks are one of the most prevalent forms of attacks that can take down a system. The Stuxnet and Flame viruses shut down much of the Iranian nuclear development program for a while.
Now we have ISIS. In this issue of the Availability Digest, “ISIS Turns to Cyber Warfare” describes recent attacks this year made by ISIS against Western targets. Eleven French TV stations were disabled and displayed only an ISIS logo. The home pages of over 19,000 French web sites were similarly infected. ISIS even managed to hack the Facebook page and the Twitter account of the U.S. Central Command, the agency responsible for coordinating the air attacks against ISIS in Syria and Iraq.
We now include security threats in our seminars on high availability. Contact us if you are interested in scheduling a seminar.
Dr. Bill Highleyman, Managing Editor
To add to its aggression in Iraq, Syria, and other areas, ISIS is attempting to spread its influence through the Internet. ISIS has opened a new front in its attacks against the West – cyber warfare. It has managed to hack thousands of web sites and social media to post threatening messages, including the Facebook page and Twitter account of the U.S. Central Command. ISIS even was able to take down eleven French TV channels for almost 24 hours.
Many of the hacked systems were thought to be exceptionally secure. We can only assume that these attacks will continue, as it appears that ISIS has created an impressive hacking capability that can overcome even the most secure cyberattack defenses.
ISIS is clearly in a position to use its hacking capabilities for recruitment, threats, data mining, fund raising, networking, propaganda, and disinformation.
On Monday, October 20, 2014, the Bank of England suffered a serious outage that affected the online transfer of funds for most of the day and the closing on home purchases for over a day. Though the system had a backup, IT staff decided not to fail over because the backup had not been thoroughly tested.
This outage was a particularly embarrassing incident for BoE, which only recently had warned U.K. banks that they were susceptible to failures because of their use of legacy systems developed in the last century.
The reluctance for banks to replace legacy core systems makes problems inevitable. Most U.K. banks (as well as banks around the world) still use legacy systems that continue to meet their original functionality. The banks' disinclination to change these systems has led to several major banking outages. Most banks are adding middleware front-end systems to their core systems rather than replacing the core.
The BoE appears not to be an exception to this observation. As a result of an independent Deloitte report following the outage, BoE has said that it will strengthen its crisis management procedures. Hopefully, this includes the periodic testing of its backup systems to avoid failover faults.
Virtualization has enabled IT infrastructure to become a utility platform. Resources are pooled and are applied to computational loads only as needed. The result is an unparalleled efficiency in the use of compute, storage, and networking infrastructure in a data center. However, a cloud needs constant managing as its application mix changes and as application workloads grow.
Public cloud providers require a competent staff that can closely monitor all aspects of their data centers and can respond effectively to any change in needs. Their pricing models ensure that they can provide the highest level of service.
However, data centers of private companies are administered by a smaller staff of technicians who have a lot to do besides manage virtualization challenges. Even worse, companies are continually reducing their IT budgets and asking their IT staff to do more with less. In this article, we look at the challenges faced by companies that run their own private clouds.
In order to continue to meet the business continuity needs of the enterprise, a great deal of monitoring is required. Monitoring is complex and demands the 24x7 attention of experienced staff. There are, however, tools available to aid significantly in this task.
VMTurbo is a monitoring and management tool that maintains a virtualized data center in the “Desired State.” VMTurbo defines the “Desired State” of a virtualized environment as that which eliminates inefficiencies without compromising application performance.
Maintaining the Desired State is typically a complex, time-consuming, and error-prone job requiring the skills of highly experienced engineers. Virtualization monitoring tools alert you when you have a problem and allow you to investigate. VMTurbo is a proactive management tool that automatically maintains the virtualized environment in the Desired State. It prevents problems rather than issuing alerts indicating that there are problems. VMTurbo continuously monitors resource usage and automatically reassigns VMs to compute clusters to maintain corporate policies.
VMTurbo can be deployed in about thirty minutes, meaning that operations staffs and engineering teams can quickly test and verify how VMTurbo can control their virtualized environment. VMTurbo claims that its customers typically increase VM density by 20% to 40% without risking degradation in their environments. They further claim that many VMTurbo customers have reduced their infrastructure and licensing costs by 40% to 70%.
VMTurbo offers some free services, including a Virtual Health Monitor and a Business Impact Assessment.
A challenge every issue for the Availability Digest is to determine which of the many availability topics out there win coveted status as Digest articles. We always regret not focusing our attention on the topics we bypass.
Now with our Twitter presence, we don’t have to feel guilty. This article highlights some of the @availabilitydig tweets that made headlines in recent days.
Sign up for your free subscription at http://www.availabilitydigest.com/signups.htm
Would You Like to Sign Up for the Free Digest by Fax?
Simply print out the following form, fill it in, and fax it to:
+1 908 459 5543
The Availability Digest is published monthly. It may be distributed freely. Please pass it on to an associate.
Managing Editor - Dr. Bill Highleyman firstname.lastname@example.org.
© 2015 Sombers Associates, Inc., and W. H. Highleyman