|Read the Digest in PDF.
You need the free Adobe Reader.
In this issue:
Browse through our useful links.
See our article archive for complete articles.
Sign up for your free subscription.
Visit our Continuous Availability Forum.
Check out our seminars.
Check out our writing services.
Check out our consulting services.
The Hackers Are Always Smarter
Malicious infections of our mobile devices, personal computers, and data-processing systems will always be with us. No matter how many barriers we may place to thwart malware infections, hackers always seem to find a way. As is often said, we must be successful in combating their efforts 100% of the time. A hacker only has to be successful once.
The power of hacking was demonstrated recently in a very unlikely place - the Apple App Store. The App Store has been recognized for years as a safe haven for malicious-free apps. Apple has a very exhaustive vetting program to prevent malware from infecting its apps.
However, hackers finally broke in. They found that Chinese app developers were downloading counterfeit copies of the Apple development tools from local file-sharing servers. It was too cumbersome for the developers to download the tools internationally due to China's poor international Internet services. A clever hacker posted an infected copy of the tools on one file-sharing server and voilà - infected apps in the Apple App Store.
Apple has now moved to ensure that copies of its tools are easy to download for all developers. The hackers were successful just once. That's all it took!
Speaking of malicious intent, “The Fraud Blocker: Catching the Wrongdoers” is the presentation I will be giving at the 2015 NonStop Technical Boot Camp, to be held in San Jose, California, from November 15 through November 18.- Bill Highleyman, Managing Editor
Apple fans claim that Android’s open nature makes it far more susceptible to attacks by hackers. Apple’s ecosystem is well-known for never allowing malicious apps to reside in its iOS App Store. So long as an iPhone, iPad, MAC, or Apple Watch user purchases his apps from the Apple App Store, he is assured that his device will not be infected with some hacker’s malware.
This secure feeling suddenly changed in September, 2015, when thousands of Apple apps were found to be infected. The infections all occurred in China, which is Apple’s second largest market. The infection, called XcodeGhost, hit hundreds and possibly thousands of Chinese iOS apps. The malware affected hundreds of millions of Chinese citizens.
The Apple App Store had been almost entirely free of malware. This is the first large-scale attack on the popular software outlet. Prior to this attack, there have been only five malicious apps that have ever been found in the App Store.
It is unclear how the altered code withstood Apple’s famously tough app approval process. Developers face long delays getting their apps approved and often have to wait a week or more for reviews of updates to their applications.
In a previous issue of the Availability Digest, we published the article entitled “The Big One – Are You Ready?” The article describes a catastrophic earthquake that may possibly wipe out a major portion of the Pacific Northwest coast of North America, including the data centers of large companies headquartered in the region. Japan recently experienced its “big one,” and its data centers survived with very little damage.
Many lessons can be learned from the Japanese experience with the Great East Japan Earthquake. The first lesson is not to build data centers in earthquake-prone areas. However, in the U.S., there are already many data centers in these areas. They should all have a remotely located backup data center in a safe environ.
If a data center is to be built in an earthquake zone, it should be built according to earthquake building codes. This includes building, floor, and equipment isolators to reduce the effect of shaking on the IT equipment. Furthermore, all equipment should be attached firmly to the floor.
A data center in such an area must be prepared for limited power availability for a long period of time. It would be wise to negotiate in advance with local regulators for relief from power restrictions that might be imposed following a severe earthquake.
Many organizations offer availability advice and services. Those who want to specialize in high- and continuous availability should be familiar with these organizations and should take advantage of what they offer. This article, written by our guest author, Terry Critchley, is a summary of some of the more pertinent groups.
The organizations described include the Reliability Information Analysis Center, the Uptime Institute, the Availability Digest, the IEEE Reliability Society, the Storage Networking Industry Association, the Service Availability Forum, OpenSAF, Carnegie Mellon Software Engineering Institute, the Recovery-Oriented Computing project, Business Continuity Today, the Disaster Recovery Institute, the Business Continuity Institute, the Information Availability Institute, the International Working Group on Cloud Computing Resiliency, the Test Maturity Model Integrated Foundation, the Center for Software Reliability, and CloudTweeks.
This material is taken from Mr. Critchley’s excellent book entitled “High Availability IT Services,” CRC Press, 2015.
The Uptime Institute is a consortium of companies that engages in education, publication, consulting, certifications, conferences, and seminars for the enterprise data-center industry and for data-center professionals. Founded in 1993, it is headquartered in New York City and has offices in San Francisco, Washington, D.C., Boston, Seattle, Denver, London, São Paulo, Dubai, and Singapore.
The Uptime Institute offers widely adopted Tier certification for data centers via the creation and administration of its Tier standards. The standards fall into two categories – data-center topology and data-center operational sustainability.
The Tier Standard for Topology forms the basis for comparing the functionality, capacity, and expected availability of a particular site infrastructure. It defines four classifications (Tiers I through IV, with Tier IV being the highest rating) based on increasing levels of redundant capacity components and distributed paths.
The Tier Standard for Operational Sustainability is a set of data-center facility management practices that help support the business objective, independent of site infrastructure. Its focus is on day-to-day decisions, practices, documentation, and team effectiveness.
The uptime of a data center is the resultant combination of both the Tier of the site topology and the level of operational sustainability.
A challenge every issue for the Availability Digest is to determine which of the many availability topics out there win coveted status as Digest articles. We always regret not focusing our attention on the topics we bypass.
Now with our Twitter presence, we don’t have to feel guilty. This article highlights some of the @availabilitydig tweets that made headlines in recent days.
Sign up for your free subscription at http://www.availabilitydigest.com/signups.htm
Would You Like to Sign Up for the Free Digest by Fax?
Simply print out the following form, fill it in, and fax it to:
+1 908 459 5543
The Availability Digest is published monthly. It may be distributed freely. Please pass it on to an associate.
Managing Editor - Dr. Bill Highleyman firstname.lastname@example.org.
© 2015 Sombers Associates, Inc., and W. H. Highleyman