Read the Digest in PDF. You need the free Adobe Reader.

The digest of current topics on Continuous Availability. More than Business Continuity Planning.

BCP tells you how to recover from the effects of downtime.

CA tells you how to avoid the effects of downtime.

http://www.availabilitydigest.com/

 

Follow us

@availabilitydig


The articles you read in the Availability Digest result from years of experience in researching and writing a variety of technical documents and marketing content. It’s what we do best, and we provide our services to others who value high-quality content created by IT specialists. Ask us about

• articles  white papers  case studies  web content  manuals  • specifications  patent disclosures

 

In this issue:

 

   Never Again

      Malware Attacks Apple Apps

   Best Practices

      Japan's Data Centers Survive Their Big One

   Availability Topics

      Availability Organizations

   Product Reviews

      The Uptime Institute

   Tweets

      The Twitter Feed of Outages

 

 

Browse through our useful links.

See our article archive for complete articles.

Sign up for your free subscription.

Visit our Continuous Availability Forum.

Check out our seminars.

Check out our writing services.

Check out our consulting services.

The Hackers Are Always Smarter

Malicious infections of our mobile devices, personal computers, and data-processing systems will always be with us. No matter how many barriers we may place to thwart malware infections, hackers always seem to find a way. As is often said, we must be successful in combating their efforts 100% of the time. A hacker only has to be successful once.

The power of hacking was demonstrated recently in a very unlikely place - the Apple App Store. The App Store has been recognized for years as a safe haven for malicious-free apps. Apple has a very exhaustive vetting program to prevent malware from infecting its apps.

However, hackers finally broke in. They found that Chinese app developers were downloading counterfeit copies of the Apple development tools from local file-sharing servers. It was too cumbersome for the developers to download the tools internationally due to China's poor international Internet services. A clever hacker posted an infected copy of the tools on one file-sharing server and voilà - infected apps in the Apple App Store.

Apple has now moved to ensure that copies of its tools are easy to download for all developers. The hackers were successful just once. That's all it took!

Speaking of malicious intent, “The Fraud Blocker: Catching the Wrongdoers” is the presentation I will be giving at the 2015 NonStop Technical Boot Camp, to be held in San Jose, California, from November 15 through November 18.

- Bill Highleyman, Managing Editor

 

 

 


 

  Never Again

 

Malware Attacks Apple Apps

 

Apple fans claim that Android’s open nature makes it far more susceptible to attacks by hackers. Apple’s ecosystem is well-known for never allowing malicious apps to reside in its iOS App Store. So long as an iPhone, iPad, MAC, or Apple Watch user purchases his apps from the Apple App Store, he is assured that his device will not be infected with some hacker’s malware.

 

This secure feeling suddenly changed in September, 2015, when thousands of Apple apps were found to be infected. The infections all occurred in China, which is Apple’s second largest market. The infection, called XcodeGhost, hit hundreds and possibly thousands of Chinese iOS apps. The malware affected hundreds of millions of Chinese citizens.

 

The Apple App Store had been almost entirely free of malware. This is the first large-scale attack on the popular software outlet. Prior to this attack, there have been only five malicious apps that have ever been found in the App Store.

 

It is unclear how the altered code withstood Apple’s famously tough app approval process. Developers face long delays getting their apps approved and often have to wait a week or more for reviews of updates to their applications.

 

--more--

 

Best Practices

 

Japan’s Data Centers Survive Their Big One

 

In a previous issue of the Availability Digest, we published the article entitled “The Big One – Are You Ready?” The article describes a catastrophic earthquake that may possibly wipe out a major portion of the Pacific Northwest coast of North America, including the data centers of large companies headquartered in the region. Japan recently experienced its “big one,” and its data centers survived with very little damage.

 

Many lessons can be learned from the Japanese experience with the Great East Japan Earthquake. The first lesson is not to build data centers in earthquake-prone areas. However, in the U.S., there are already many data centers in these areas. They should all have a remotely located backup data center in a safe environ.

 

If a data center is to be built in an earthquake zone, it should be built according to earthquake building codes. This includes building, floor, and equipment isolators to reduce the effect of shaking on the IT equipment. Furthermore, all equipment should be attached firmly to the floor.

 

A data center in such an area must be prepared for limited power availability for a long period of time. It would be wise to negotiate in advance with local regulators for relief from power restrictions that might be imposed following a severe earthquake.

 

--more--

 

Availability Topics

 

Availability Organizations

 

Many organizations offer availability advice and services. Those who want to specialize in high- and continuous availability should be familiar with these organizations and should take advantage of what they offer. This article, written by our guest author, Terry Critchley, is a summary of some of the more pertinent groups.

 

The organizations described include the Reliability Information Analysis Center, the Uptime Institute, the Availability Digest, the IEEE Reliability Society, the Storage Networking Industry Association, the Service Availability Forum, OpenSAF, Carnegie Mellon Software Engineering Institute, the Recovery-Oriented Computing project, Business Continuity Today, the Disaster Recovery Institute, the Business Continuity Institute, the Information Availability Institute, the International Working Group on Cloud Computing Resiliency, the Test Maturity Model Integrated Foundation, the Center for Software Reliability, and CloudTweeks.

 

This material is taken from Mr. Critchley’s excellent book entitled “High Availability IT Services,” CRC Press, 2015.

 

--more--

 

Product Reviews

 

The Uptime Institute

 

The Uptime Institute is a consortium of companies that engages in education, publication, consulting, certifications, conferences, and seminars for the enterprise data-center industry and for data-center professionals. Founded in 1993, it is headquartered in New York City and has offices in San Francisco, Washington, D.C., Boston, Seattle, Denver, London, São Paulo, Dubai, and Singapore.

 

The Uptime Institute offers widely adopted Tier certification for data centers via the creation and administration of its Tier standards. The standards fall into two categories – data-center topology and data-center operational sustainability.

 

The Tier Standard for Topology forms the basis for comparing the functionality, capacity, and expected availability of a particular site infrastructure. It defines four classifications (Tiers I through IV, with Tier IV being the highest rating) based on increasing levels of redundant capacity components and distributed paths.

 

The Tier Standard for Operational Sustainability is a set of data-center facility management practices that help support the business objective, independent of site infrastructure. Its focus is on day-to-day decisions, practices, documentation, and team effectiveness.

 

The uptime of a data center is the resultant combination of both the Tier of the site topology and the level of operational sustainability.

 

--more--

 

Tweets

@availabilitydig - The Twitter Feed of Outages

 

A challenge every issue for the Availability Digest is to determine which of the many availability topics out there win coveted status as Digest articles. We always regret not focusing our attention on the topics we bypass.

 

Now with our Twitter presence, we don’t have to feel guilty. This article highlights some of the @availabilitydig tweets that made headlines in recent days.

 

--more--

 

 

 

 

Sign up for your free subscription at http://www.availabilitydigest.com/signups.htm

 

Would You Like to Sign Up for the Free Digest by Fax?

 

Simply print out the following form, fill it in, and fax it to:

Availability Digest

+1 908 459 5543

 

 

Name:

Email Address:

Company:

Title:

Telephone No.:

Address:

____________________________________

____________________________________

____________________________________

____________________________________

____________________________________

____________________________________

____________________________________

____________________________________

The Availability Digest is published monthly. It may be distributed freely. Please pass it on to an associate.

Managing Editor - Dr. Bill Highleyman editor@availabilitydigest.com.

© 2015 Sombers Associates, Inc., and W. H. Highleyman