Data Center Post

How to Achieve Efficient Functionality in the Data Center

2012-02-29T04:57:00.000-08:00

- Barry Gorsun, CEO at MRV Communications (www.mrv.com), says:

The increased use of streaming, Over-the-Top applications combined with the growing cloud trend is causing an ever-increasing demand for network bandwidth…and service providers aren’t the only ones struggling to keep up. Data center collocation companies, internet exchange carriers, web service companies, cloud and content providers, and large enterprise data centers are also straining to maintain the high bandwidth, low latency, reliability and survivability required to support these popular services, especially in densely-populated areas.

When it comes to high density transport in the data center, the majority of data center and IT managers will list space, power and cooling as their top concerns. Data centers are facing increased costs in both real estate and power supply and require a solution that will save space and power while also granting the flexibility needed to scale their network for next-generation services today and for the bandwidth demands of the future. With network traffic growing exponentially, how can operators maintain efficiency and high quality-of-service for 10G services without losing any functionality?

The solution lies in addressing the functionality of the network by improving density, power efficiency, ease-of-use, flexibility and inventory management. It’s time to start deploying solutions that do more with less. By incorporating multi-service platforms into the network, data centers can achieve optimum performance, increased efficiency and productivity without compromising quality or responsiveness, or increasing capital or operational expenses.

In many networks, optical applications overlap and usually result in additional CAPEX investments. A multi-service transport platform can support multiple functions enabling chameleon-like application transformation and offer full support for industry protocols and data rates in a modular, managed and economical package. Furthermore, unique power management features allow operators to reduce utilities costs by turning off unused equipment to extend life span and reduce cooling costs.

By deploying space and power efficient multi-service transport solutions, data centers will be able to realize simplified operations and more efficient management of the network, therefore enabling data centers to cost-effectively meet today’s need for high density 10G Metro Optical Transport.

Application Release Automation: The Critical Link

2012-02-28T04:54:00.001-08:00

- Jason Liu, CEO of UC4 (www.uc4.com), says:

According to Gartner, over the next four years, 25 percent of large IT organizations that develop custom applications will establish release teams that span application development and production and are focused on continuous delivery. With some release processes having as many as 400 different automation tasks, an ARA tool adds reliability to the deployment process-- with less custom scripting and by documenting variations across environments to reduce configuration errors and downtime.

UC4, the largest independent IT Process Automation software provider, continues its momentum and solidifies a strategic growth area with the acquisition of Ventum, a software provider specializing in application release management. Application Release Automation (ARA) will be a focal point for UC4 going forward given the market’s expansion prospects and UC4’s now industry-leading product. It enables IT and application development organizations to combine agility with central management, security, and control.

UC4’s ONE Automation platform is well suited to address the growing demand for application release automation accelerated by new technologies and models such as cloud and virtualization. With the acquisition of Ventum, UC4 now has an end-to-end solution that unifies the application release process with operational IT process automation in the datacenter. The UC4 automation engine provides a seamless way to deploy and maintain applications and their infrastructure.

Ventum’s enterprise release management software adds key capabilities to UC4’s solution:

Application and component modeling minimizes failures by identifying unmet dependencies
Test environment scheduling ensures required test and staging environments are available at the right time, preventing unnecessary project delays
Centralized approval process eliminates errors and provides great visibility into the release process
Resource conflict identification eliminates process resource contention

Already integrated with UC4’s Application Release Automation, Ventum’s solution enables release managers to initiate a deployment using UC4’s automation engine from within Ventum’s user interface. Tighter integration is currently being developed to provide even greater efficiencies and cost savings.

Breaking Down Cost, Complexity and Operational Barriers to Coud-based Storage Solutions.

2012-02-27T10:58:00.000-08:00

- Ash Ashutosh, CEO of Actifio (http://www.actifio.com/), says:

Actifio™, the Protection and Availability Storage (PAS) Platform Company, recently announced a collaboration with IBM to deliver new virtualized storage offerings that help service providers get their clients into the cloud.

To date, service providers and Value Added Resellers (VARs) have been unable to deliver on the promise of the economics of the cloud due to their use of traditional technologies and IT architectures that create silos of physical infrastructure and applications. By combining server, storage and data management virtualization technologies, with a purpose-built Service Level Agreement (SLA)-driven operational model, Actifio and IBM will be able to deliver solutions that break down the cost, complexity and operational barriers to cloud-based storage solutions.

As a result, service providers can offer a wide range of cloud storage services cost-effectively to end-users while realizing strong margins and improved SLAs associated with cloud applications.

“The combination of Actifio and IBM enables us to deliver a more robust set of cloud services to our customers,” said Actifio customer and NaviSite President R. Brooks Borcherding. “It allows us to deploy a more cost effective network, better manage our data, and deliver new self service enhancements. As a result, our customers gain increased visibility and management control over their cloud storage environments from NaviSite.”

“2012 is the year when the critical mass of technologies and market momentum comes together to deliver on the promise of the cloud. End-to-end virtualization of the IT stack delivered by the Actifio and IBM solution is key to transforming IT into a cloud service, private or public, delivered at an unprecedented low cost point,” said Ash Ashutosh, Founder and CEO of Actifio. “With technology crossing the tipping point, VARs can become service providers and, along with existing service providers, deliver differentiated data management services quickly and cost-effectively, supported by IBM’s global delivery capabilities.”

The Potential Ramifications of Platform-Based Vulnerabilities on Cloud Computing

2012-02-24T11:57:00.000-08:00

- Lori MacVittie, senior technical marketing manager at F5 Networks (www.f5.com), says:

What do these two vulnerabilities have in common? Right, they’re platform-based vulnerabilities. Meaning they are vulnerabilities peculiar to the web or application server platform upon which applications are deployed. Mitigations for such vulnerabilities generally point to changes in configuration of the platform – limit post size, header value sizes, turn off some value in the associated configuration.

But they also have something else in common – risk. And not just risk in general, but risk to cloud providers whose primary value is in offering not just a virtual server but an entire, pre-integrated and pre-configured application deployment stack. Think LAMP, as an example, and providers like Microsoft (Azure) and VMware (CloudFoundry), more commonly adopting the moniker of PaaS. It’s an operational dream to have a virtual server pre-configured and ready to go with the exact application deployment stack needed and offers a great deal of value in terms of efficiency and overall operational investment, but it is – or should be – a security professional’s nightmare. It’s not unlike the recent recall of Chevy Volts – a defect in the platform needs to be mitigated. The only way to do it, for car owners, is to effectively shut down their ability to drive while a patch is applied. It’s disruptive, it’s expensive (you still have to get to work, after all), and it’s frustrating for the consumer. For the provider, it’s bad PR and negatively impacts the brand. Neither of which is appealing.

A vulnerability in the application stack, in the web or application server, can be operationally devastating to the provider – and potentially disruptive to the consumer whether the vulnerability is exploited or not.

STANDARDIZATION is a DOUBLE-EDGED SWORD
Assume a homogeneous cloud environment offering an application stack based on Microsoft ASP. Assume now an exploit, oh say like Post of Doom, is discovered whose primary mitigation lies in modifying the configuration of each and every instance. Virtualization of any kind provides a solution, of course, but introduces the possibility of disruption in the impact to consumer applications from the configuration change. A primary mitigation for the Post of Doom is to limit the size of data in a POST to under 8MB. Depending on the application, this has to potential to “break” application functionality, particularly those for which uploading big data is a focus. Images, video, documents, etc… These all may be impacted negatively, disrupting applications and angering consumers.

Patching, of course, is preferred, as it eliminates the underlying vulnerability without potentially breaking applications. But patching takes time – time to develop, time to test, time to deploy. The actual delivery of such patches in a PaaS environment is a delicate operation. You can’t just shut the whole cloud down and restart it after the patches are applied to the base images, can you? Do you wait, quiesce the vulnerable images and only force the patched ones when new instances are provisioned? A configuration-based mitigation, too, has these same issues. You can’t just shut down the whole cloud, apply the change, and reboot.

It’s a delicate balance of security versus availability that must struck for the provider, and certainly their position in such cases is one not to be envied. Damned if they do, damned if they don’t.

Then there is the risk of exploitation before any mitigation is applied. If I want to wreak havoc on a PaaS, I may be able to accomplish simply by finding one with the appropriate platform vulnerable to a given exploit, and attack. Cycling through applications deployed in that environment (easily identified at the network layer by the IP ranges assigned to the provider) should result in a wealth of chaos being wrought. The right vulnerability could take out a significant enough portion of the environment to garner attention from the outages caused.

Enterprise organizations that think they are immune from such issues should think again, as even a cloud provider is often not as standardized on a single application platform as an enterprise is, and it is that standardization that is at the root of the potential risk from platform-based vulnerabilities. Standardization, commoditization, these are good things in terms of many financial and operational benefits, but they can also cause operational risk to increase.

MITIGATE in the MIDDLE
There is a better solution, a better strategy, a better operational means of mitigating platform-based risks.

This is where the role of a flexible, broad-spectrum layer of security applies. One that enables security professionals to broadly apply security policies to quickly mitigate potentially disastrous vulnerabilities. Without disrupting a single running instance, an organization can deploy a mitigating solution that detects and prevents the effects of such vulnerabilities. Applying security policies that mitigate such vulnerabilities before they reach the platform is critical to preventing a disaster of epic (and newsworthy) proportions.

Whether stop gap or a permanent solution, by leveraging the application delivery tier of any data center – enterprise or cloud provider – such vulnerabilities can be addressed without imposing harsh penalties on applications and application owners, such as requiring complete shutdown and reboots.

Leveraging such a flexible data center tier insulates the platform from exploitation while insulating customers from the disruption required to mitigate immediately on the platform layer, allowing time to redress through patches or, at least, understand the potential implication to the application from the platform configuration changes required to mitigate the vulnerability.

In today’s data center, time is perhaps the biggest benefit afforded to IT by any solution, and yet the one least likely to be provided. A flexible application delivery tier capable of mitigating threats across the network and application stack without disruption is one of the few solutions available that offers the elusive and very valuable benefit of time. Providers and enterprises alike need to consider their current data center architecture and whether it supports the notion of such a dynamic tier. If not, it’s time to re-evaluate and determine whether a strategic change of direction is necessary to ensure the ability of operations and security teams to address operational risk as quickly and efficiently as possible.

Essentials of New Data Center Construction

2012-02-23T06:13:00.000-08:00

- Stefan Jern, CEO of Flexenclosure (www.flexenclosure.com), says:

A WELL DEFINED PROJECT AND A TURNKEY PARTNER IS ESSENTIAL.

One of the biggest challenges for data centre and IT managers is to secure a process for the sourcing, and to whom to give the responsibility for building the data centre.

When building a data center, one may believe that somebody can do the design, somebody can build parts of the solutions and a third party may do installations. However, without deep knowledge of the complete solution, the design will not be optimal. On the contrary, there are clear risks for project delays, cost escalations and other problems.

The conclusion is that somebody with experience and knowledge of the all the components and services need to lead that kind of project for it to be successful. The project needs to be well defined, and there must be an experienced turnkey partner in charge who can handle all the phases, from design all through construction, installation, commissioning, project execution and handover.

IT and data center managers have a plethora of suppliers to choose from when sourcing a new data center. There are many players but not that many with long experience. My advice to a data centre manager would be to always check the track record of the supplier.

When it comes to the timeline, a proximal project time from order to commissioning and acceptance test on site should not be longer than 26-30 weeks. Depending on the size of the scope it could be done in as little as 20 weeks. That should be the objective.

The choice should not be made entirely on the cost on the paper, but also what the cost will be in the long term. Is the solution energy efficient and what will be my total cost of ownership? Is the design optimal for my needs and are there risks in the time plan? A pre-fabricated solution will provide a reliable solution and very short time to market while a turnkey solution from an experienced supplier will give security and low project risk.

Choose a turnkey provider that will take all aspects in to account – all the way from choosing the right energy efficient component to the design of the cooling system. A modular design is preferred. There needs to be predictability in terms of time plan, quality and customer satisfaction.

Why look for “right quality”? The answer is to mainly reduce the risks for power failure or other risk factors for sensitive equipment. The optimal choice in this regards is pre-fabricated modules that are factory built and fully equipped in a secure environment. That will both reduce the time for the data centre to be built, minimize the long term cost.

A very important aspect of a data centre and its total cost of ownership is the energy efficiency, which will have a huge impact over time. Green data centers are already a concept. However, there is more to be done in regards to developing data centers with operating expenses (OPEX) and total cost of ownership (TCO) in mind. Means for this are energy efficiency throughout the solution as well as introducing renewable energy sources also for data centers.

Finally, some advice on maintenance: To avoid operational interruptions of the switching station and to get the operations up and running as quickly as possible after a temporary breakdown, the supplier should offer proactive and reactive support.

To facilitate the problem analysis during incidents, the supplier should offer support through remote access, e.g. for the following sub systems: access system, CCTV system and control system. For the other sub-systems, such as cooling system, fire fighting system, UPS and AVR, there should be telephone support.

Some sub-systems need maintenance more than once a year; one example is the cooling system. The supplier often assists with this in close cooperation with the client, since the customer normally has some own sort of facility management, either through an internal department or through an external partner.

Replacement of vital parts of the equipment is necessary to remain in operation. In this respect, you should expect from your supplier that they will advise you how to procure the right amount of the vital parts that you need, with instructions for replacement of vital parts that could be troublesome to get correctly installed.

By Stefan Jern, CEO, Flexenclosure (www.flexenclosure.com), a Swedish supplier of green power management solutions and pre-fabricated modular data and energy centres.

Forensic Archive Boosts Information Management for the Data Center

2012-02-22T04:42:00.000-08:00

- Jim McGann, VP of Information Discovery, Index Engines (www.indexengines.com), says:

Email is the most common source of evidence when facing legal and other regulatory investigations. Managing and preserving email in a defensible manner is critical to support lawsuits and investigations. Botched collection of email has been known to lose cases and also result in significant sanctions and fines.

Forensic level culling and archiving of email is required to ensure both accuracy and defensibility when collecting and preserving sensitive corporate records on legal hold. Forensic archiving does not convert email but saves it in its original bit-level format and extracts it from the email database (i.e. MS Exchange, IBM Lotus Notes). The sophistication of forensic archiving cannot be easily replicated nor can its significance be disputed when dealing with key evidence in an important lawsuit.

With that in mind, Index Engines, a New Jersey based software manufacturer specializing in information management products, released the new Octane Forensic Archive for Litigation Hold. This new forensic archive indexes MS Exchange and IBM Lotus Notes email, allowing for full content and metadata culling. Indexing of the email database is performed using a unique bit for bit indexing process. MAPI based crawling tools are not utilized as they are slow and cannot process any content that does not have a viable crawl path (i.e. corrupt or partial EBD’s as an example). Bit level indexing will process the entire email database including deleted email residing in the tombstone or dumpster. This approach ensures comprehensive access to all email and not limited to what MAPI based tools can crawl.

Once email is culled, and tagged as responsive, it can be extracted from the database. Index Engines has the ability to extract email from disk, forensic images or even backup tapes. Extracted email is not converted to eml or msg formats, it is preserved in its bit format. Extracting John Doe’s mailbox will only extract the specific bits that define this mailbox and hold it in a culled forensic image. No other ESI collection platform can preserve email in this manner since they do not have bit level knowledge of the database structure.

The new Octane Forensic Archive for litigation hold demonstrates Index Engines’ dedication to solutions for cost effective, secure collecting and preserving of ESI. As well as, the unique ability to have detailed, bit-level knowledge of email databases which allows us to introduce this new breakthrough in forensically sound email collection and preservation.

About the Author
Jim McGann is the eDiscovery expert and VP of Information Discovery for Index Engines (www.indexengines.com). Based in New Jersey, Index Engines’ patented discovery platform provides corporate and legal clients with comprehensive insight into their data to simplify information discovery, classification and management. Email Jim at jim.mcgann@indexengines.com.

Consider Single Sign-On to Improve Your Data Security

2012-02-21T05:39:00.000-08:00

- Evelina Ander, Marketing Manager at Yubico (www.yubico.com):

Strong two-factor authentication is vital for securing access to SAML-based single sign-on servers and mission-critical applications that house sensitive data. To provide a high level of security to their clients, SSO Easy recently chose our YubiKey small driverless USB-token to simplify the process of logging in with a One-Time Password (OTP).

SSO Easy has integrated YubiKey support in EasyConnect and this Single Sign-On server product makes SAML 2.0 and SAML 1.1 project implementations easier, faster, and more cost effective. The integrated YubiKey-SSO Easy solution provides a solution that is easy and cost-effective enough for small organizations, and robust and scalable enough to meet enterprise client needs.

In general, the high cost and complexity of traditional two-factor authentication technologies and enterprise class SAML servers have limited the adoption. But integrations like ours with SSO Easy make single sign-on, secure easy and affordable for a much wider range of organizations that house large amounts of data.

The joint YubiKey and SSO Easy solution works out-of-the-box, leveraging existing APIs. Free trials of the complete, integrated solution are available through SSO Easy. Free Trials are typically completed in about one hour.

Yubico (www.yubico.com) is the leading provider of simple, open online identity protection. More than a million users in 100 countries rely on the YubiKey for online identity protection with simple and secure access to computers, networks and online services.

Stop Arc Flash in its Tracks: Six Tips for Mitigating Data Center Explosions Before They Happen

2012-02-17T04:38:00.000-08:00

- John Collins, segment manager of data centers with Eaton Corporation (http://www.eaton.com/), says:

Arc flashes—the fiery explosions that can result from short circuits in high-power electrical devices—kill hundreds of workers in the U.S. every year and permanently injure thousands more. They can also wreak financial havoc in the form of fines, lawsuits and damage to expensive equipment.

There are many mitigation strategies, but one of the most effective ways to combat these dangerous events is to anticipate and eliminate the conditions that cause them. The following explores six solutions that enable data centers to spot potential arc flash dangers before they have a chance to do harm, and keep personnel safely away from live connections.

Perform a Hazard Analysis. Every arc flash mitigation program should begin with a hazard analysis aimed at calculating how much energy an arc flash could release at various points along the power chain. Accuracy is essential with such measurements, so data center managers who lack direct and extensive experience with arc flash incident energy assessment should always seek assistance from a qualified power systems engineer.
Install remote monitoring, control and diagnostics software. Today’s sophisticated power management systems equip administrators to perform many administrative tasks remotely. They also equip companies to remotely de-energize electrical equipment before data center staff approach it.
Employ remote racking devices. Traditionally, technicians have had to stand close to equipment with live, electrical connections when racking and un-racking breakers. Remote racking devices enable operators to perform these extremely dangerous tasks from a safe distance.
Monitor insulation integrity. Deteriorating insulation is the leading cause of arc-producing electrical failures. Identifying and repairing compromised insulation before it fails can help avert arc flash explosions. Predictive maintenance systems provide early warning of insulation failure in medium-voltage switchgear, substations, generators, transformers and motors.
Monitor pressure junctions. Most electrical equipment contains pressure junctions, such as shipping splits, load lugs and compression fittings. Over time, vibration and thermal cycling can loosen these connections. When current flows through a loosened connection, it can cause overheating and eventually produce an arc flash. Using non-contact thermal sensors called pyrometers; however, data centers can monitor pressure junctions continuously and receive advance notification of loose connections before they become so loose that they create an arc flash explosion.
Use infrared (IR) windows. Using contactless IR thermography technology, IR windows enable technicians to perform IR scans without removing switchgear side panels, lessening the likelihood of arc flash events caused by accidental contact with live bus.

Closing Thoughts
Arc flash events in industrial environments can do calamitous harm, ranging from disabling or fatal injuries to heavy fines and financially ruinous lawsuits. Yet, far too few data center operators fully appreciate either the hazards arc flashes pose or the frequency with which they occur.

Fortunately, with a few proven technologies and techniques, IT and facilities managers can dramatically mitigate arc flash dangers before they happen. Though no combination of countermeasures can totally eliminate arc flashes, a proper hazard analysis, strict monitoring regimen and the remote execution of potentially dangerous procedures can help organizations make arc flash incidents both significantly less likely to happen and drastically less harmful when they do.

Requirements for Capacity Management in Data Center Virtual Environments

2012-02-16T06:06:00.000-08:00

- Bryan Semple, CMO at VKernel (http://www.vkernel.com/), says:

Any data center with a virtualized environment has a real need for effective capacity management. This white paper discusses the reasons why capacity management is critical to achieving the benefits of server virtualization and outlines the three key requirements to consider when evaluating capacity management systems.

Why Capacity Management in Virtualized Environments
A major advantage of virtualized environments is their ability to improve resource utilization by running multiple virtual machines (VMs) on the physical servers in a shared infrastructure. With such an architecture, utilization can increase from as low as 10% for dedicated servers to 60% or more for virtualized servers. The enhanced resource efficiencies make it possible to more fully utilize ever-increasing server power and provide significant savings in capital expenditures, power consumption, rack space and cooling.

This concept of greater efficiencies through resource-sharing is not new. Mainframe systems have long employed time-slicing to enable multiple applications to run concurrently. With mainframe systems, the dedicated and quite sophisticated “capacity planning” is performed by the operating system, which ensures that no application can cause any others to suffer from resource contention issues. The high cost of mainframes created a strong incentive for IT departments to maximize mainframe resource utilization by running as many concurrent applications as physically possible.

Today’s server virtualization solutions operate in a similar manner. Hypervisors enable multiple virtual applications to run on the same physical x86 server, with all sharing the common CPU, memory, storage and networking resources. Through the magic of the hypervisor, each application operates as if running alone on a dedicated server. As with the mainframe, however, each virtual machine is actually sharing resources with other virtual machines. And as with the mainframe, the multiple applications sometimes contend for shared resources causing performance to degrade, especially during peak periods.

The goal with both mainframes and virtualized servers is the same: optimize resource utilization without degrading performance to maximize cost-saving efficiencies. Organizations undertaking server consolidation projects invariably experience such savings—at least initially. Where their data centers had been filled with row after row of underutilized servers, each running a single application, the post-consolidation data center may have seemed almost deserted with the reduction in the number of racks required. A very successful consolidation effort, for example, might be able to run as many as 10 or 20 different applications on each server, thereby requiring only 1/10TH the number of servers. Fewer servers consuming less space and power and requiring less cooling led to significant savings.

This dream of dramatic savings through consolidation and virtualization has the potential to become a real performance nightmare, however, without good capacity planning and management. The key to successful capacity management, therefore, is to ensure satisfactory application performance (prevent the nightmare) while maximizing efficiencies and savings (preserve the dream).

At a high level, managing virtualized server capacity is not that much different from managing mainframes, which also have shared CPU, memory and storage resources. But looking deeper at the details reveals some dramatic differences that might make the mainframe’s systems engineer (read: capacity manager) feel completely unqualified to deal with the complexity inherent in open systems capacity management in virtualized environments.

Clearly, for an organization to benefit the most from its virtualized infrastructure, robust capacity management must be an integral component of that infrastructure. Leading analyst firms Gartner, Forrester and others all concur on this need. In Jean-Pierre Garbani’s report titled I&O’s New Capacity Planning Organization, for example, the Forrester analyst states emphatically: “Capacity management and planning are the keys to virtualization.”

Distributed Resource Schedulers Are Not Capacity Managers
An obvious question to ask here is: “Don’t applications like distributed resource schedulers solve the capacity management problem?” And the answer is an emphatic no. DRS applications are intended to balance the load virtual machines place on a hardware cluster. So just as a hypervisor provisions and balances the resources a virtual machine is able to consume on a single host, distributed resource schedulers perform the same provisioning and balancing across a cluster of hosts.

Balancing load across resources in an environment is important. But a balanced environment can still lack sufficient capacity or have too much capacity. In addition, virtual machines in a balanced environment can still be impacted by performance problems caused by the noisy neighbor problem, or the underlying resource availability of the host it is running on. So while operating distributed resource schedulers is good practice, system administrators need more management capabilities at the host, cluster and data center to fully and effectively plan and manage capacity.

Capacity Management Challenges will Only Increase
While daunting already for some today, the capacity management challenges faced by most IT organizations are certain to increase. The following trends are driving the need for more sophisticated capacity management solutions:

• Environment scale – Relentless growth in applications will cause virtualized environments to become increasingly larger and denser, making capacity management more complex.
• Mission-critical applications – The growing number of critical applications will all require enhanced performance monitoring.
• Multi-hypervisor deployments – The use of multiple hypervisors will require an agnostic approach to capacity and performance management.
• Cost optimization – With the “low fruit” savings from initial server consolidation projects now in the past for most organizations, future savings will need to come from cost optimization initiatives. And while chargeback is not as effective as initially thought at curbing waste, CFOs will continue to demand annual improvements.
• VM mobility – Mobility among private, public and hybrid clouds and even among development, production and DR environments, will add complexity to the decision-making process for determining the optimal allocation of VM capacity and workloads.

All of these trends combine to make maintaining the control over and the predictability of virtualized capacity increasingly challenging.

The Cost of Delay
Many organizations do not yet have a purpose-built capacity management system for their virtual environments, relying instead on other tools to somehow perform this essential function. Without dedicated and sophisticated capacity management, however, one of two scenarios inevitably unfolds: either the environment is so over-provisioned that there are no performance issues (and no one has yet caught on to the tremendous waste!); or administrators are using spreadsheets and other manual procedures in a daily struggle to maintain service levels by constantly reallocating an increasingly complex array of resources (often by trial-and-error!).

Delaying the inevitable need to implement fully-effective capacity management has real costs to an organization that often manifest as:

• Application performance problems as VMs contend with each other for resources
• Hours spent firefighting either perceived or actual problems throughout the virtual environment
• Loss of confidence in virtual infrastructure performance
• Wasteful resource allocations that undermine the cost-saving advantages of virtualization
• Over-purchasing of server hardware, memory or storage on a routine basis
• Hours of staff time spent maintaining spreadsheets for management reporting (time spent not being able to work on more productive projects)
• Incorrect sizing of new servers during a hardware refresh by paying a premium for:
     o Expensive scale-up systems when scale-out systems are more efficient
     o Excessive support for scale-out systems where scale-up systems are more appropriate
     o Purchasing the latest CPUs for maximum clock speed when slower, earlier generation (and far less expensive) CPUs will suffice
     o Purchasing the latest, highest-density memory when far more economical lower density memory is sufficient for the actual VM load.

But perhaps the greatest cost of delay is not getting started aligning IT services with costs. Public clouds now provide alternatives for internal IT consumers to shop for services. These data points create the perception that public cloud services are “cheaper” and these beliefs are difficult to counter when IT has yet to develop a workable cost model for its services.

Even ignoring the public cloud “competition”, few IT executives are currently not focused on maximizing resource utilization to drive down capital and operational expenditures. Virtualization provides the ability to begin aligning IT costs to the services provided. But it is critical to begin this journey with a full understanding of the linkages among capacity, performance and cost. And this is perhaps the biggest reason not to delay implementing a genuine and capable capacity management system. Senior IT management is focusing on the problem throughout IT. Solving the problem sooner rather than later in virtualized infrastructure just makes sense.

Requirements for Capacity Management Solutions
What are the requirements for capacity management in a virtualized environment? At a high level, a capable capacity management solution must:

• Offer enterprise-wide visibility into performance, capacity, cost and resource efficiency of the entire virtualized infrastructure
• Provide actionable intelligence from this information
• Be simple to deploy, operate and maintain

Enterprise-Wide Visibility
Performance, capacity, cost and resource efficiency are all intertwined in a virtual environment. Without sufficient capacity, performance suffers. With too much capacity, infrastructure costs soar. Even with the right amount of capacity, efficiency can still suffer if virtual machines are consuming more expensive resources than are required.

Therefore, performance, capacity, cost and resource efficiency must be viewed across the enterprise in a holistic fashion to provide visibility for the administrator, as well as to provide information that is both sufficient and accurate enough to facilitate fully-informed decision making. Such visibility requires roll-ups of information across:

• Data centers
• Different types of hypervisors
• Different resource pools, such as CPU, memory, storage and networking

Simply being able to roll-up information up is not enough, however. As environments scale, functionality must be added to view all of this information in a meaningful way.

Cost
Understanding the virtual environment cost structure is critical as enterprises move toward the cloud. Because the cloud enables self-service portals, end users can quickly drive up operating costs in the absence of a thorough understanding of the underlying costs. Indeed, the sheer ease with which virtual environments enable the deployment of virtual machines has led to virtual machine sprawl. Understanding the cost component of a virtual environment is, therefore, essential to good capacity planning. Support for cost visibility requires:

• Chargeback (or at least “showback”) capabilities by customer for either allocated or utilized resources

• Robust reporting and potential integration with financial management systems

Chargeback/showback may encounter some significant organizational and computational limitations, however. These include:

• Financial systems that lack the ability to integrate chargeback information

• Generally accepted accounting principles that make chargeback difficult

• Budgeting cycles that are based on assumptions of fixed costs, not variable consumption models. IT customers faced with a consumption-based chargeback models must then confront the challenge of estimating uncertain computational demand.

• IT charging back for services may not be “politically palatable” for an organization

• Determining the chargeback amounts is also a non-trivial exercise if the intention is to get an accurate model of pricing

• Finally, chargeback is a measure of the price IT is charging for services and is not necessarily a measure of the actual cost to deliver that service. The actual cost to deliver all services at a high level is the total cost to own and operate all IT infrastructure divided by the number of virtual machines on that infrastructure. IT needs to focus on its actual costs, not the costs charged. This makes chargeback, without cost awareness, less beneficial as a management tool.

The barriers to chargeback are many. Nevertheless, this should not prevent IT from being on the path to understand and manage its cost structure. A key element to this is to implement a cost index that reflects the cost to IT to deploy a VM. Cost indices are a fairly new and advanced tool for IT. Using a cost index, the systems administrators can identify their most expensive virtual machines based on resource consumption, cost of the underlying hardware and density of deployment relative to other virtual machines. By identifying the most expensive virtual machines, actions can be taken to reduce costs or at least understand the impact on overall efficiency. Combining cost indices with cost visibility provides a solid foundation to lower IT costs over time and to understand the main cost drivers throughout the IT infrastructure.

Resource Efficiency
Understanding efficiency in virtualized environments is critical because wasted or under-utilized resources are what drive up capital and operational expenditures. More importantly, since one of the original goals for virtualization was server consolidation and efficiency improvements, poor efficiency of the virtualized environment undermines this fundamental and worthy goal. Of course, IT can perform chargeback or showback, yet still have tremendous inefficiencies throughout the environment. Chargeback can, however, be a tool to help reveal such inefficiencies.

How is virtualized resource efficiency monitored and analyzed?

• The cost index, introduced above, is a way for IT teams to understand the relative costs of operating a virtual machine. While one VM could be expensive to operate relative to others, it could be operating efficiently with the underlying system being the actual culprit driving up the costs. A capacity management system must, therefore, be able to rank the indexed virtual machine costs accordingly.

• Over-allocating VM resources is a major source of inefficiency. Over-allocation occurs when applications have more CPU, memory or storage than needed to perform adequately. The capacity management system must be able to identify over-allocations continuously, preferably by monitoring for peak and average values of resource utilization across CPU, memory and storage. As some hypervisor vendors shift to consumption-based models for licensing, removing over-allocated memory will become an increasingly important aspect of cost control.

• Wasted resources occur in virtualized environments from normal operations. These wasted resources include zombie VMs, abandoned VMs, unused templates and unused snapshots. Capacity management systems must effectively distinguish these wasteful resources from similar resources that are actually in production use.

Actionable Intelligence
While enterprise-wide visibility is the first major requirement for a capacity management, generating actionable intelligence from the data collected is just as important. Capacity management is essentially an analysis problem. Correctly performing capacity and performance management requires the analysis of about 20 different metrics per virtual machine at the VM, host, cluster and data center levels taken in at least five minute intervals. For a simple 100 virtual machine environment, for example, this requires the analysis of 100 VMs x 20 metrics x 12 samples/hour x 24 hours x 4 levels of analysis, yielding about 2 million data points per day. Given the sheer volume of data, it is not difficult to see why manual processes simply fail to scale. The better capacity management solutions are able to perform this multi-variable analysis on a massive scale.

The visibility requirement of capacity management solutions demands a significant amount of computational horsepower simply to make sense of the wealth of data. The need for creating actionable intelligence requires even more computations to enable system administrators to move beyond basic visibility into various problems and efficiency issues to being empowered to take action to address the underlying cause(s), either in a manual or automated fashion.

For performance issues, actionable intelligence involves:

• Root cause analysis of the problem with specific recommendations that do not require any additional analysis for how to clear the problem

• Impact analysis to point out any related virtual objects that might be affected by an issue

• Automated actions to clear performance issues, such as moving a virtual machine to a different cluster, or working with native distributed resource schedulers to accomplish the task

• Automated resizing of a virtual machine within the limitations imposed by the operating system(s) or corporate policies, with or without a restart

For cost accounting and efficiency, actionable intelligence involves:

• Specific recommendations for ways to improve efficiency and lower costs

• Automated zombie destruction, template cleansing and abandoned VM clean up, especially for QA environments that potentially contain thousands of virtual machines

• Automated downsizing of virtual machines within the limitations imposed by the operating system(s)

• Automated reporting of cost and efficiency numbers for key stakeholders in a variety of formats

Visibility without actionable intelligence, while a step in the right direction, leaves the administrators, especially in larger environments, with a significant labor burden to maintain efficiency and performance of their virtualized infrastructures.

Starts to Work Out of the Box
Why does a capacity management system have to be hard to deploy? It doesn’t. Here are some reasons ease of deployment and use are important requirements:

• Lack of dedicated capacity planners – Most virtualization teams, even very large ones, do not have dedicated capacity planners. Any application to manage capacity and performance must, therefore, be useable by all team members without significant training.

• Lack of capacity management skills in the existing team – Capacity management is an analytics problem. It is certainly possible to develop this skill set on a virtualization team without a dedicated capacity planner. But there currently exists no formal certification authority similar to vExpert for managing capacity. Even with sufficient training, the scale of the analytics problem would still require a sizable investment in software (whether bought or built) to mine the raw metrics data generated by the hypervisors.

• Return on investment – Long deployment times and high training costs both diminish the return on the investment in a capacity management system. The better systems are able to recover their purchase price in just a few months.

• Pace of expansion – Virtualized environments are in a constant state of change, which normally involves both reconfiguring and expanding resources. If the capacity management solution cannot keep pace with the expansion, or requires constant configuration changes to do so, it will eventually need to be replaced.

• “Expert in the Box” – Similar to having a vExpert on staff to address technical issues, the capacity management solution needs to function like an expert itself from day one and it should not require an expert operator to get great results—ever.

The specific requirements for a capacity management system to work “out of the box” are:

• Little to no configuration or maintenance required for operation

• A minimal learning curve for basic operation with intuitive interfaces to facilitate usage by part-time capacity planners

• Automation to support repetitive tasks

• Automatic creation of user views to eliminate the need for manual customization

• Pre-configured and easily configurable customizable reporting for different audiences

Conclusion
Capacity management for virtualized environments is an absolute necessity in any infrastructure of reasonable scale. Virtualization has reintroduced the mainframe model of computing, but with significantly more complexity for sharing CPU, memory, storage and networking resources. While implementing a capacity management solution could be postponed, most environments will incur some very real and potentially substantial costs by doing so. Robust capacity management systems—those that meet the requirements outlined here for enterprise-wide visibility, actionable intelligence and “out of the box” productivity—pay for themselves almost immediately, with the cost savings continuing to accumulate year after year. It is perhaps the best investment an organization will ever make to get the most from its virtualized infrastructure.

SDN and The Evolution of Data Center Networks for Big Data

2012-02-15T07:12:00.000-08:00

- Sandy Orlando, vice president of marketing with IP Infusion (www.ipinfusion.com), says:

The tidal wave of Big Data is washing over today’s businesses. Big Data is not only measured in the quantity of data traversing the network, but according to Forrester, it is defined as the techniques and technologies that make handling data at extreme scale economical.

Big Data will drive new productivity growth and revenue potential. For example, McKinsey Global Institute predicts that Big Data will result in significant financial value across all sectors, generating over $300 billion in US health care, over $100 billion for service providers, and 60 percent increase in margins for retail.

How can today’s networks cost-effectively handle the high volume of interactive, multimedia traffic? Just adding more bandwidth will not solve the problem. The value chain of network providers spanning the mobile network, through Carrier Transport, to the Data Center must rethink networking to make it more cost effective and efficient to accommodate Big Data.

Big Data Requires Big Changes in the Network
How much data are we actually talking about with Big Data? The size of the datasets varies by sector, but they range from a few dozen terabytes to multiple petabytes. Moreover, Big Data introduces new technologies such as Hadoop and MapReduce. Unlike previous data transfer technologies that moved gigabytes of data in a single job, MapReduce can move multi-petabytes of data.

Big Data requires that the networking industry accelerate change, moving from legacy technologies in data transport such as SONET/SDH to a high-value-per-bit and lower-cost-per bit technologies such as Carrier Ethernet. In the data center, networking switching is moving rapidly to 10-40 Gbps and Ethernet is rapidly replacing older Storage Area Networking (SAN) technologies.

Migrating to Ethernet as an underlying transport will benefit all aspects of the transmission of Big Data. However, Ethernet on its own is not sufficient to handle the torrent of Big Data. Network architectures also need to change to become flatter and more flexible. For example, in today’s typical data center, the network architecture consists of one or more L3 core routers, multiple L3 access routers, L2 aggregation switches, load balancers, as well as top-of the rack switches. A hierarchical network forces data center operators to oversubscribe network resources up to 200:1. Taking advantage of new 10 and 40 Gbps Ethernet and higher performance silicon will improve price performance, but true innovation comes from creating a flatter network using software-defined networking technologies.

The Future of Big Data Networking is Software
The key to delivering higher-performance, more optimized networks is a software-defined networking architecture using a centralized control plane and fast forwarding data planes based on merchant silicon. The Open Networking Foundation (ONF) is championing the standardization of this approach.

Key software networking vendors, such as IP Infusion, have been offering modular, portable routing/switching software for more than a decade to leading network equipment manufacturers. Leveraging the innovations provided by SDN, network equipment providers can optimize the price-performance of Ethernet networks. Implementing a hybrid approach to SDN, preserves existing investment in legacy infrastructure and ensures a smooth transition to this new network paradigm.

Software Defined Networking is in its infancy, but the growing demands of Big Data will continue to drive new innovations in networking. Today, service providers and data center operators can exploit Ethernet to offer more economically attractive mobile and Big Data transport services. In the near future, the network equipment industry will accelerate the adoption of SDN to support Big Data. The successful companies will ride the wave of Big Data, transform their networks, and capitalize on new business opportunities.

Changemark Viewer Provides Key Features for Modern Workers

2012-02-14T07:00:00.000-08:00

- Gary Heath, CEO, Informative Graphics Corporation (www.infograph.com), says:

In the digital age, the need to stay connected to our workplace has increased substantially. The introduction of easy-to-carry smartphones and tablets, coupled with the rise of Wi-Fi in every coffee shop, airport and hotel, has made us around-the-clock workers who expect access to needed documents, media, and information at all times. New technology and increased connection speeds have also made a broader spectrum of data types, adding video.

In response to the needs of this new plugged-in generation, IGC has focused on creating products that match the kind of content users need and give them the ability to do work that used to require a full workstation and full access to the file system and/or ECM system. To that end, the new Brava suite includes the Brava!® Changemark® Viewer for smartphones and video support for the Brava Enterprise Flash client.

The Brava Changemark Viewer, available in an HTML version for all smartphones and as an app for the iPhone, allows workers to quickly view and reply to comments and even see a zoomed view of the document area in question. This allows traditional, in-office workers to communicate effectively with a team member who is travelling, helping to eliminate long gaps in the review and approval cycle. Future releases of Brava will bring more robust functionality for tablets, where the larger screen-size makes more traditional view and markup tasks more realistic than the standard 3- to 4-inch phone screen.

As the use of video for marketing, training and other business communication has risen sharply, IGC saw the need to add video support to Brava. The latest Brava Enterprise enables annotation and collaboration on video clips in the latest cut of the Flash client, allowing corporate users to add comments and markups to any video clip. The Brava Flash client supports any video format playable by the Flash Player, including H.264, a popular mpeg format.

Technology will continue to evolve, especially around new media like video and touch-enabled devices. IGC will continue to offer the best viewing and collaboration software for the enterprise, delivering efficient, secure access to needed content no matter where you are.

About the Author
Gary Heath, CEO and Co-Founder of IGC, has more than 20 years of experience in developing enterprise applications. Incorporated in 1990, IGC is a leading developer of viewing, annotation, and redaction software. Since IGC’s inception, Gary’s leadership and innovation have been key drivers of the company’s growth. Under that leadership, IGC pioneered the concept of simple document security with its Visual Rights technology and introduced Redact-It, a software solution which removes privacy and sensitive content from documents. Email him at garyh@infograph.com.

“Rack n’ Roll” – Refresh Your Network with Minimum Investment and Downtime

2012-02-13T05:00:00.000-08:00

- Elyse Ge Hylander, product line manager of enterprise solutions at CommScope (http://www.commscope.com/), says:

As data centers face ever-increasing growth, IT demands, and evolving technologies, IT administrators and facility and data center managers are challenged with responding to the rapid growth of their facilities and the businesses they support. Furthermore, rising operating expenses are driving data center operators to maximize their utilization of space, power and cooling through higher density server deployments, which introduces the challenge of managing larger bundles of cabling within the server cabinet.

It is safe to say that the data center is the heart that pumps the blood throughout an enterprise, and a new data center presents the unique opportunity to design a network that maximizes the best of today’s technology while providing a clear path to the future. Increased bandwidth demand is an overall priority for data center capacity; however, choosing the right way to evolve a data center encompasses a wide range of opinions.

To further add to these challenges, most network infrastructure is incapable of adapting to growth demands and evolving technologies with minimal investment and downtime. Traditionally, patch panels are installed inside the server cabinet and connected to the network via permanent horizontal cables. Servers are then loaded one at a time. As such, data center managers face the lack of agility to quickly deploy server racks and the associated cabling required accommodating growth needs. They are also challenged with the ability to accommodate upgrades to their existing infrastructure.

To address these issues, CommScope developed the InstaPATCH® ZERO server cabinet solution—the first pre-terminated server cabinet solution on the market. The cabinet features up to six cord cassettes that are pre-installed and configured in the zero U space of a 42U 600-mm wide and 1200-mm deep customized server cabinet jointly developed by Rittal and CommScope. It provides connectivity in an integrated, modular system that enables rapid, plug-and-play server cabinet deployment and facilitates best practices in intra-cabinet cable management. Positioned above the cabinet is a short, 4U equipment rack mounted to the overhead pathway. It segregates permanent cabling from cabinet and save space for active equipment by placing patch panels or interconnect equipment above the cabinet or rack.

InstaPATCH ZERO expedites server deployment by simply rolling in the loaded cabinet and plugging it into the network infrastructure. For non-greenfield data centers, customers dramatically reduce downtime during a technology refresh while preserving their investment in the network infrastructure. Connecting servers is a matter of pulling the cords from the cassettes and plugging them into the servers. The built-in patch cords are always the right length for server connections. Any cord slack stores neatly inside the cassette.

The data center network infrastructure generally lasts between seven and 10 years; however, the refresh cycle for servers and switches are every two to four years. Given the “connectivity-bus” like architecture along with the “roll in and plug-in” capability offered by the InstaPATCH ZERO solutions, customers no longer need to choose between minimizing downtime and preserving investment.

InstaPATCH ZERO Server Cabinet Solution instantly turns static equipment into a Living Infrastructure—an approach to designing, deploying and evolving data centers that encompasses a comprehensive portfolio of structured cabling solutions and planning tools. These solutions and tools can help customers drive efficiency through flexibility in addressing unanticipated changes in network design and priorities.

What makes this ideal is that there is no similar product on the market. The current method is to order patch panels, patch cords, patch cord managers and install all these parts in the production data center. The InstaPATCH ZERO cabinet is orderable with two, four, or the maximum of six cord cassettes pre-installed at the factory, simplifying ordering and installation since there is only one package and one part number.

Data center managers now have access to a turn-key solution designed for rapid server deployment and change management. By helping them with rapid deployment, CommScope helps them realize a higher investment value by saving time, money, space while also enabling them to plan for tomorrow’s growth.

Need an E-Discovery GPS? Put Yourself in the Driver’s Seat with Avansic Tracker

2012-02-10T07:15:00.000-08:00

- Dr. Gavin W. Manes, President and CEO of Avansic (www.avansic.com), says:

As any IT or data center manager knows, there is an enormous amount of electronic information associated with any given user or company. Keeping that information safe and intact is the most important job of a data manager. Since digital information is now ubiquitous in business, it is a major component of any potential litigation. And since data centers are a key player in handling electronic data that may be needed for a lawsuit, many have already encountered the navigational complexities of e-discovery.

In our experience, clients have found that they felt out of the loop and disconnected from their own case. This sense of disorientation is particularly stressful in the midst of a lawsuit, so we created Avansic Tracker, an electronic tool for tracking progress on e-discovery cases.

Avansic Tracker helps users visualize the progress of an e-discovery case through all stages, from preservation through processing and data-export. Since processing is the most complex stage of e-discovery, Tracker includes specific updates for the stages of culling, filtering, de-duplication and export (load-file creation). The tool provides a visual representation of each case and its stages, and even provides specific status for each custodian and data set. That way, if a particular part of the case is slowing down the overall progress, clients and their Case Managers can take action to move forward.

There are several other features that help put clients in command of their complex e-discovery cases. For instance, Avansic Tracker can be configured to send an email notification when the process advances from one stage to the next. And, addressing the security concerns that are always prevalent among the legal community, Avansic Tracker is designed to ensure that no identifying or privileged case information is ever exposed.
Avansic Tracker puts clients in the loop about their case and provides transparency about the often-complex process of e-discovery. If you need a road map for eDiscovery, the software will get you from Point A to Point B and you won’t have to stop and ask for directions!

About the Author:
Dr. Gavin Manes is a nationally recognized expert in e-discovery and digital forensics. He is currently the President and CEO of Avansic, a firm that provides ESI processing, e-discovery, and digital forensics services to law firms and companies across the nation. He holds a Ph.D. in Computer Science from the University of Tulsa.

Cloud Server Access Control Without Sacrificing the Flexibility and Ease-Of-Use

2012-02-09T06:39:00.000-08:00

- Stina Ehrensvard, CEO and founder of Yubico (www.yubico.com), says:

While the cloud is delivering on its promise of quick, easy access to a wide range of resources, the question of just who is accessing this information is still a big issue for organizations who want to leverage cloud-based solutions.

Making a key play in the game, we recently announced a partnership with CloudPassage, the leading cloud server security provider, designed to deliver strong, secure authentication and protection of administrative network access in the cloud.

CloudPassage required a strong two-factor authentication mechanism for its Halo platform to protect access to servers in public clouds. Halo users needed a fast, effective, and reliable solution that could be deployed as quickly as Halo itself and chose our YubiKey® unique one-time password (OTP) USB key.

GhostPorts allows systems administrators to temporarily open up a server management port for a designated adminstrator with the Yubikey providing very tight access control. With GhostPorts, users can gain authorized access to their cloud servers from anywhere, easily and securely. Together we're protecting customers with two-factor authentication that is easy to manage, while keeping their servers secure in dynamic cloud environments.

Rand Wacker, vice president of product management for CloudPassage, told us, "Security is a paramount concern for companies making the move to the cloud, and it’s our job to give our customers confidence that their servers are protected."

Through our partnership, Yubico and CloudPassage are enforcing cloud server access control with two lines of authentication without sacrificing the flexibility and ease-of-use that users require and expect of the cloud.

CloudPassage (www.cloudpassage.com ) is the creator of Halo™, the industry's first and only security and compliance platform, purpose-built for elastic cloud environments.
Yubico (www.yubico.com ) is the leading provider of simple, open online identity protection. More than a million users in 100 countries rely on the YubiKey for online identity protection with simple and secure access to computers, networks and online services.

Rethinking Virtualization Strategies

2012-02-08T05:34:00.000-08:00

Q&A with Kent Christensen, practice manager with Datalink (http://www.datalink.com/):

Chris MacKinnon (DCP): Why are unified virtual infrastructures useful in today's enterprise data centers?

Christensen: A dramatic transformation in the way Information Technology (IT) departments operate has put their directors and managers at a crossroads. On one side, IT administrators are under pressure to deliver higher levels of service and be more responsive to enabling competitive business objectives. On the other side, IT departments are equally pressured to limit budgets, “do more with less,” and show positive ROI from optimization initiatives.

Savvy IT leaders are beginning to resolve both sides of this conflict by rethinking their virtualization strategies. Virtualization was originally a way to improve utilization of physical servers. Now it’s being expanded to turn entire data centers into dynamic, agile, services-oriented architectures — ones that accelerate business objectives and competitiveness.

Data center virtualization is a rare opportunity for IT. The potential cost savings are tremendous. The efficient sharing of physical server, storage, and network resources translates into far lower capital purchases and operating expenses. Wasteful application “silos” are eliminated. Data centers can support more applications, implement them faster, and maintain higher service levels. Data center virtualization also gives IT managers and admins powerful new tools for resource scheduling, data protection, and disaster recovery. And while the prospect of low-cost, no-fuss cloud computing from outside vendors is tempting, it’s not ready for prime time due to serious performance and security issues.

Instead, an IT department can use data center virtualization to build its own private cloud, delivering the same economies and efficiencies to the organization. Then, once the public cloud matures, IT can buy resources from third parties as needed to meet unexpected demands or offload resource-intensive tasks.

MacKinnon: Why should data center and IT managers care about unified virtual infrastructures ? How can they benefit from them?

Christensen: Virtualization across the data center can provide notable savings on floor space, power, and cooling costs, as well as utilization of existing assets across servers, storage, and networks. While the financial benefits alone are compelling, the largest gains can be obtained by reducing complexity and streamlining the speed at which IT accelerates the business.

Instead of building separate infrastructures according to the needs of individual applications, data center virtualization lets you build a dynamic platform of infrastructure that supports all applications. Abstracting applications from physical resources gives you managed capabilities that you can’t get from physical hardware. These include:

- The ability to migrate live applications from one physical server to another without disruption
- Increased availability for applications during hardware failure
- Resource scheduling and load balancing across existing infrastructure
- Improved backup and disaster recovery
- Increased performance, scale, and security
- Integration with storage and network infrastructures

The result is a platform that will support many—if not most—IT applications. The availability, performance, and security are provided by the platform, which reduces the need to build those services into each individual application. The resulting common infrastructure is much more flexible and agile. This is also the framework for expanding to an internal private cloud infrastructure.

MacKinnon: Where should unified virtual data center infrastructures rank in terms of overall priority in the data center?

Christensen: A recent survey (Source: Gartner Executive Programs - January 2012) by Gartner called out that cloud computing ranks #3 on a list of top ten priorities for CIOs in 2012.

What are the biggest challenges for data center and IT managers when it comes to unifying and virtualizing their data centers?
There can be a lot of obstacles to building a virtual data center. Virtualization is still new in many ways and not fully understood outside of the core IT group. There can be disagreements due to the number and complexity of solutions, and the fact that they cross multiple disciplines. As you map out your virtualization strategy, consider the barriers to adoption, both inside and outside your organization.

Internal barriers fall into two groups: politics and culture, and new ways to think about IT. Most organizations use a variety of applications running on different platforms. Each has its own requirements for networking and storage resources and may have different requirements for access and availability. Multiple applications and technologies can lead to isolated islands of data and potential interoperability issues. In addition, the stakeholders who helped build those applications likely have entrenched policies and attitudes that are not easily changed. As a result, many organizations have a number of different virtualization initiatives directed by different groups within the company. Server teams may not be in sync with application administrators, and storage or networking teams may take a completely different and uncoordinated approach. A unified approach may disrupt the “corporate culture” and can create some internal conflict where decisions could potentially be based on relationships and alliances rather than sound business principles.

Virtualization also requires new skills. Many people need time to think it through. But thinking is good because building an internal cloud requires a lot of planning based on an understanding of exactly what the business needs. It’s an incremental process, taking the time to think through where you want to go and how you will accomplish it.

External barriers largely come from disagreement within the industry on how to proceed. No two storage or network virtualization vendors agree on how to design and deploy a virtualization strategy. Reliable interoperability standards have not yet emerged. That’s why it’s prudent to work with a vendor-agnostic consultant such as Datalink. Whereas many manufacturers can only push their products and services, we look at a plethora of options, making our customer’s success our first priority.

MacKinnon: How can data center and IT managers overcome those challenges?

Christensen: The first and most important step is to create a vision and lead to that vision. As a board or CEO considers outside service providers (or cloud providers) as experts at delivering IT services internal IT organizations are challenged with creating a competitive operation. The opportunity for IT leadership is to think and act like a service provider to the organization. What are the services the organization needs not only maintain existing operations but gain a competitive advantage? And how can IT most efficiently deliver those services to the organization reliably and efficiently.

If you look at a cloud service provider as an example, many IT organizations come to the logical conclusion that they can provide services more reliably and at a reduced cost by building a highly efficient internal or private cloud that is designed to support the organization.

Armed with a goal to create a highly competitive and efficient operation IT leaders need to provide leadership to break down existing silos or thought, design and even procurement and raise the bar of IT to what is required to holistically deliver the services the organization requires. This is where a unified data center architecture can accelerate the mission to create unified orchestrated data centers that are both highly efficient and agile to drive business needs.

MacKinnon: What advice can you give to IT and data center managers that have a plethora of similar solutions to choose from?

The challenges with building an internal private cloud are threefold. One is that no single vendor or solution delivers complete unified private cloud architecture. As a result, organizations either need a partner that can assemble a complete solution or IT has to continue to sort out the solutions themselves. An integrator like Datalink with experience in delivering complete unified architectures and helps align best of breed solutions against the organizations requirements.

The second is that a pre-defined private cloud architecture in most cases will not fit a particular organization’s objectives. Many times, IT will determine they do need agile unified resources with which are elastic and measures but chose, for example, to limit the use of self service or charge back. So working with an integrator that can align objectives is important.

Finally, it’s important to recognize that most organizations cannot simply stop existing operations and transform over night. A flexible solution should be able to both leverage existing infrastructure and grow as the business objectives dictate. Working with a solution that can migrate you toward an IT as a Service private cloud vs. selling you a complete solution all at once is the most common approach.

SSDs: An Essential Component Of An Efficient, Innovative Data Center

2012-02-07T04:24:00.000-08:00

Q&A with Robert Jenkins, CTO of CloudSigma (www.cloudsigma.com):

Chris MacKinnon (DCP): Why is SSD storage useful in today's data centers?

Jenkins: A typical enterprise is managing more and more data all the time: according to Gartner, data worldwide is currently growing at a minimum rate of 59 percent annually. Data is so essential to most enterprises’ daily operations that their infrastructures must keep up with heavier workloads or else risk jeopardizing companies’ bottom lines. Enterprise data centers need a solution that satisfies their needs for increasing storage capacities while maintaining optimal performance. Solid State Drive (SSD) storage is part of that solution, helping eliminate storage bottlenecks.

For enterprise data centers, a major obstacle to efficient workload management is the inability of typical magnetic disk storage to handle flurries of Input/Output (I/O) operations caused by spikes in server activity. A highly viable solution to enterprise server strain is the strategic implementation of SSDs to house high-priority data, expand caching, etc. SSDs, which have no moving parts, are a perfect solution for I/O traffic spikes and other strains on server productivity because they help eliminate the potential for traffic bottlenecks. They also excel at random I/O operations that magnetic storage struggles with, making them ideal for databases, for example. SSDs thus create a healthier infrastructure with less risk of downtime, more accessible data, better performance, less CPU wait time and more predictable system performance.

MacKinnon: Why should data center and IT managers care about SSD? How can they benefit from it?

Jenkins: Data center and IT managers need to look into SSD storage as a viable solution to server inefficiency and sluggishness. By investing in SSD, they can expect to achieve a more performance-driven infrastructure that’s better suited to the needs of the modern enterprise. These same benefits hold true for operations in a cloud environment, and Infrastructure as a Service (IaaS) providers are realizing the same advantages of investing in SSD as part of a competitive offering for their customers. By placing the most critical data on SSDs, data center managers and public cloud IaaS providers effectively eliminate storage bottlenecks and reduce variable performance in server environments, producing infrastructures far more competent at handling large volumes of information flow.

MacKinnon: Where should SSD storage rank in terms of overall priority in the data center?

Jenkins: The importance of SSD storage is arguably subject to the individual needs of the enterprise. The more data processing needs an organization has, the more it needs a solution like SSD storage. Any organization utilizing databases and other operations requiring low latency random I/O activity will see significant benefits from incorporating SSD storage into their infrastructure architecture. That being said, SSDs are an essential component of an efficient, innovative data center that can keep up with the demands of any enterprise. Nearly all enterprises will benefit from using SSD storage, what varies is the correct trade-off point between SSD and magnetic storage. Similarly, access to SSD capabilities is paramount for an IaaS provider that hopes to provide its customers with the kind of robust public cloud infrastructure that companies demand today.

If enterprise data centers and IaaS providers want to remain relevant in an age of big data, they need to seriously consider incorporating SSDs. With digital data expected to grow 48 percent this year from 2011 according to IDC, premium storage capabilities are all the more important. SSD storage is simply the best way to keep scaling storage solutions while maintaining or enhancing performance levels. SSD is therefore a significant contributor to an enterprise’s competitive edge.

MacKinnon: What are the biggest challenges for data center and IT managers when it comes to SSD storage? How can data center and IT managers overcome those challenges?

Jenkins: The biggest challenge involved with implementing SSD storage is overcoming the cost barrier. In most cases, the high cost of SSDs is mitigated by the increase in performance yielded and the higher levels of competitiveness achieved for the provider. SSD storage should best be viewed as an investment. The short term cost-benefit ratio might not be as obvious as the long term. Regardless, data center managers will notice immediately the performance benefits of SSD, which are then passed on to the enterprise. Without time-wasting bottlenecks and performance lag, companies can complete tasks more efficiently and avoid incurring latency, therefore saving on other resources like CPU and making up the cost. Saved CPU time alone can recover a significant proportion of the higher SSD storage cost. Additionally, the lower power footprint of SSD storage and lower heat emissions reaps further savings for companies managing their own data centers. Ultimately, if an enterprise can better execute its core business operations, then SSD storage is worth the extra expense.

A further consideration is SSD storage lifetime, which previously had been limited. The falling cost and improved management systems on drives means that the cost per GB of write activity on SSD is falling rapidly and is already a fraction of what it cost only one or two years ago.
One effective way for enterprises IT managers to overcome the cost barrier is to seek out IaaS providers who offer SSD capability, rather than trying to maintain in-house hardware with expensive SSDs. IaaS offerings provide the equivalent or better services as in-house hardware, and at a more manageable price point. Turning CAPEX into OPEX is particularly appealing when considering SSD storage options.

Some IT managers are wary about IaaS because they view it as incapable of meeting their hardware demands. However, today’s most cutting edge IaaS providers offer optimal scalability, flexibility and performance, in part thanks to SSD capability.

MacKinnon: What advice can you give to IT and data center managers that have a plethora of similar solutions to choose from?

Jenkins: Some alternative options could include extra standard magnetic disk drives and/or hybrid drives. Standard magnetic disk drives are adequate for lower-priority data storage, and are best implemented in conjunction with SSDs, which are suited for higher-priority data, where instant access is necessary to optimize performance levels. Enterprises who try to manage more data by adding more magnetic drives will face storage sprawl, under- and over-provisioning of resources and a poor cost-benefit ratio. A server system entirely outfitted with magnetic disk drives is simply not prepared to handle the large amounts of data flow that today’s enterprise must manage.

Hybrid drives, which incorporate both a hard drive and flash memory (or in some cases SSD), have not really been implemented on a large scale for enterprise data centers, and with fairly good reason. Primarily, hybrid drives are not especially suited for enterprise-class servers because data retrieval is not optimal; there is a slower data search time with a hybrid drive because its data storage is dynamic, i.e. the data moves around frequently. Hybrid drives are slowly entering the enterprise market, but it remains to be seen whether this technology could be an adequate competitor to pure SSD.

There is currently no better solution for enterprise data centers than to strategically implement both traditional magnetic drives as well as SSDs. This ensures that priority data is accessed quickly and efficiently, thereby creating a performance-driven infrastructure with the highest cost-benefit ratio.

When evaluating any storage solution, a true total cost of ownership (TCO) calculation should be employed. This is particularly true when considering SSD storage where power and cooling savings can be significant. Each enterprise then needs to calculate the commercial benefit of increased performance and the business opportunities that SSD can help them deliver on. Combining the two processes will result in the right mix of SSD and magnetic storage solutions.

When working in a cloud environment, the most effective way to deliver the benefits of SSD storage to an enterprise is via an IaaS provider. This relationship maximizes the benefits for the data center manager, the IaaS provider and ultimately the enterprise IT manager. For data center managers, IaaS delivery ensures that their servers will provide an efficient and effective service for enterprises at a fraction of the cost of in-house hardware. IaaS providers who offer SSD capability therefore have a distinguishing competitive edge in the market. The enterprise IT manager sees both the cost and performance benefit; they no longer have to manage their own expensive in-house hardware, which can be very distracting from the business’ core competencies, and the public cloud-delivered infrastructure service carries with it the benefits achieved through data center SSD implementation, plus the added bonus of high cost-effectiveness. SSD storage is the key solution for IaaS providers who hope to provide the greatest storage and performance capacity on the market today.

WAN Virtualization Delivers Needed Bandwidth for Cloud Computing

2012-02-06T07:53:00.000-08:00

- Keith Morris, vice president of marketing at Talari Networks (http://www.talari.com/), says:

Is yours one of the more than 50 percent of enterprises currently "on the road" to deploying cloud? Perhaps you began your cloud experience by introducing one or more private cloud applications, and are now considering adding public or hybrid cloud to the mix.

The movement toward cloud computing in its various forms requires an increase in WAN bandwidth, although this isn’t typically the first thing on data center managers’ priority lists. For data center managers who are responsible for connectivity to multiple remote offices, however, enterprise users who have become accustomed to LAN-like speeds and performance will likely start submitting fix-it tickets if they experience performance or latency issues. Many of today's applications are interconnected as well, and when they communicate across long distances, such as data center to data center, then slowdowns or outages are inevitable, without sufficient bandwidth to support all the traffic.

So the question becomes: What kind of connectivity do you use at the data center to give the remote offices sufficiently reliable high bandwidth options to connect to the centralized services?

To ensure consistent, high network performance, the majority of today’s enterprises generally utilize the most reliable forms of WAN connectivity, such as MPLS. Unfortunately, this comes at a cost. MPLS, when compared to abundant and inexpensive public links, can be 30-100X more expensive. Yet, public connectivity (such as ADSL, cable, Internet, etc.) lacks the reliability and performance predictability required to ensure enterprise-class performance of applications, cloud or otherwise.

Data center and IT managers should therefore take a look at WAN Virtualization as a method to ensure predictable WAN performance at a reasonable cost. WAN Virtualization addresses private, public and hybrid cloud access, performance, scalability and cost issues by enabling public Internet WAN bandwidth to operate at private WAN reliability levels. Available as both single- and dual-ended appliances that detect packet-based or flow-based traffic, depending on vendor approach, WAN Virtualization combines multiple sources of public and private WAN bandwidth running in parallel into a single virtual WAN. Well-designed solutions constantly monitor for packet loss, latency and jitter across all possible paths and select the best available path, enabling this virtual WAN to deliver the same or better levels of performance and predictability as more expensive, private WAN connectivity.

One of the biggest challenges for IT or network managers to overcome regarding the deployment of WAN Virtualization may be the WAN’s perceived lowly status when compared to “sexier” technologies also competing for budget allocation. It’s like a real estate agent asking you, a prospective home buyer, to check out the electrical wiring as the strongest feature in the house you’re considering. Who thinks about wiring when there are more important considerations like which wall will best house the flat screen, and is there room in the garage for the family’s bicycles, a workbench and two to three cars.

Our enterprise customers’ experiences have proven consistently that the positive results of pilot projects silence skeptics and naysayers. By achieving typical savings between 40-90 percent on their monthly WAN connectivity costs—while at the same time adding substantial bandwidth without sacrificing reliability—the data center manager of the pilot project meets little resistance to expanding deployment across his or her global data centers and remote sites.

Enterprise WAN traffic volume is forecast to increase at an average annual rate of 30 percent or more, according to the 2010 Cloud Networking Report by independent industry analyst, Jim Metzler of Ashton, Metzler and Associates. This volume is being driven by a number of factors, including the increasing deployment of cloud applications. This volume also requires more bandwidth. As many are finding, adding expensive bandwidth to the WAN is not an affordable answer. Because of its ability to aggregate multiple links to ensure expected levels of WAN performance quality and predictability, WAN Virtualization introduces a level of flexibility for data center managers to take advantage of new advancements in technology without having to constantly replace the infrastructure supporting these advancements. Therefore, WAN Virtualization is likely to factor as one of the data center’s higher priorities in 2012.

About Talari Networks, Inc.: Talari Networks' WAN Virtualization solutions bring Internet economics to corporate WANs by transforming broadband and other affordable Internet links to deliver business-class reliability and performance predictability at consumer prices. Talari delivers a network with 30 to 100 times the bandwidth per dollar, ongoing WAN costs reduced by 40% to 90%, and greater reliability than existing corporate WANs. In 2011, Talari was named a Gartner Cool Vendor and its Mercury T750 won Best of Interop--Performance Optimization. For more information, please visit www.talari.com.

The Cloud API is Pseudo-Consolidation of Infrastructure

2012-02-04T12:31:00.000-08:00

- Lori MacVittie, Senior Technical Marketing Manager at F5 Networks (www.f5.com), says:

In most cases, the use of the term “consolidation” implies the aggregation (and subsequently elimination) of like devices. Application delivery consolidation, for example, is used to describe a process of scaling up infrastructure that often occurs during upgrade cycles. Many little boxes are exchanged for a few larger ones as a means to simplify the architecture and reduce the overall costs (hard and soft) associated with delivering applications. Consolidation.

But cloud has opened (or should have opened) our eyes to a type of consolidation in which like services are aggregated; a consolidation strategy in which we layer a thin veneer over a set of adjacent functionalities in order to provide a scalable and ultimately operationally consistent experience: an API. A cloud API consolidates infrastructure from an operational perspective. It is the bringing together of adjacent functionalities into a single “entity.” Through a single API, many infrastructure functions and services can be controlled – provisioning, monitoring, security, and load balancing (one part of application delivery) are all available through the same API. Certainly the organization of an API’s documentation segments services into similar containers of functionality, but if you’ve looked at a cloud API you’ll note that it’s all the same API; only the organization of the documentation makes it appear otherwise.

This service-oriented approach allows for many of the same benefits as consolidation, without actually physically consolidating the infrastructure. Operational consistency is one of the biggest benefits.

OPERATIONAL CONSISTENCY
The ability to consistently manage and monitor infrastructure through the same interface – whether API or GUI or script – is an important factor in data center efficiency. One of the reasons enterprises demand overarching data center-level monitoring and management systems like HP OpenView and CA and IBM Tivoli is consistency and an aggregated view of the entire data center.

It is no different in the consumer world, where the consistency of the same interface greatly enhances the ability of the consumer to take advantage of underlying services. Convenience, too, plays a role here, as a single device (or API) is ultimately more manageable than the requirement to use several devices to accomplish the same thing. Back in the day I carried a Blackberry, a mobile phone, and a PDA – each had a specific function and there was very little overlap between the two. Today, a single “smart”phone provides the functions of all three – and then some. The consistency of a single interface, a single foundation, is paramount to the success of such consumer devices. It is the platform, whether consumers realize it or not, that enables their highly integrated and operationally consistent experience.

The same is true in the cloud, and ultimately in the data center. Cloud (pseudo) consolidates infrastructure the only way it can – through an API that ultimately becomes the platform analogous to an iPhone or Android-based device.

Cloud does not eliminate infrastructure, it merely abstracts it into a consolidated API such that the costs to manage it are greatly reduced due to the multi-tenant nature of the platform. Infrastructure is still managed, it’s just managed through an API that simplifies and unifies the processes to provide a more consistent approach that is beneficial to the organization in terms of hard (hardware, software) and soft (time, administration) costs.

The cloud and its requisite API provide the consolidation of infrastructure necessary to achieve greater cost savings and higher levels of consistency, both of which are necessary to scale operations in a way that makes IT able to meet the growing demand on its limited resources.

The Mobile Chimera

2012-02-04T12:29:00.000-08:00

- Lori MacVittie, Senior Technical Marketing Manager at F5 Networks (www.f5.com), says:

The chimera is a mythological beast of scary proportions. Not only is it fairly large, but it’s also got three, independent heads – traditionally a lion, a goat, and a snake. Some variations on this theme exist, but the basic principle remains: it’s a three-headed, angry beast that should not be taken lightly should one encounter it in the hallway.

Individually, one might have a strategy to meet the challenge of a lion or a goat head on. But when they converge into one very angry and dangerous beast, the strategies and tactics employed to best any one of them will almost certainly not work to address all three of them simultaneously.

The world of mobility is rapidly approaching its own technological chimera, one comprised of three individual technology trends. While successful stratagem and tactics exist which address each one individually, when taken together they form a new challenge requiring a new strategic approach.

THE MOBILE CHIMERA
Three technology trends - VDI, mobile, and IPv6 - are rapidly converging upon the enterprise. Each is driven in part by the other, and each requires in part functionality and support of another. Addressing the challenges accompanying this trifecta requires a serious evaluation of the enterprise infrastructure with an eye toward performance, scalability, and flexibility, less it be overwhelmed by demand originating both internally and externally.

Mobile
The myriad articles, blogs, and editorial orations on mobile device growth have to date focused on the need for organizations to step up and accept the need for device-ready enterprise applications. This focus has thus far ignored the reality of the diversity of the device client base, the ramifications of which those with long careers in IT will painfully recall from the client-server era. Thus it is no surprise that interest in and adoption of technology such as VDI is on the rise, as virtualization serves as a popular solution to the problem of delivering applications to a highly-diverse set of clients.

But virtualization, as popular a solution as it may be, is not a panacea. Security and control over corporate resources and applications is a growing necessity today because of the ease with which users can take advantage of mobile technology to access them.

Access control does not entirely solve the challenges of a diverse mobile client audience, as attackers turn their attention on mobile platforms as a means to gain access to resources and data previously beyond their reach. The need for endpoint security inspection continues to grow as the threat posed by mobile devices continues to rear its ugly head.

VDI
It was inevitable that the growth of mobile device usage in the enterprise continued to grow that so, too, would the solution of VDI grow as the most efficient way to deliver applications without requiring mobile platform-specific versions. The desire by business owners and security practitioners to keep data securely within the data center "walls", too, is a factor in the rising desire to deploy VDI. VDI enables organizations to deliver applications remotely while maintaining control over data inside the data center, preserving enforcement of corporate security policies and minimizing risk.

But VDI deployments are not trivial, regardless of the virtualization platform chosen. Each virtualization solution has its challenges and most of those challenges revolve around the infrastructure necessary to support such an initiative. Scalability and flexibility are important facets of VDI delivery infrastructure, and performance cannot be overlooked if such deployments are to be considered successful.

IPv6
Who could forget that the Internet is being pressured to move to IPv6 sooner rather than later, in part because of the growth of mobile clients? The strain placed on service providers to maintain IPv4 support as a means to not "break the Internet" can only be borne so long before IPv6 becomes, as has been predicted, the Y2K for the network.

The ability to deliver applications via VDI to mobile devices will soon require support for IPv6, but will not obviate the need to support IPv4 just yet. A dual stack approach will be required during the transition period, putting delivery infrastructure again front and center in the battle to deploy and support applications for mobile devices.

With all accounts numbering mobile devices in the four billion range across multiple platforms and effectively 0 IPv4 addresses left to assign to those devices, it should be no surprise that as these three technology trends collide the result will be the need for a new mobility strategy.

This is why solutions are strategic and technology is tactical. There exist individual products that easily solve each of these problems individually, but very few solutions that address the combined juggernaut that is the three combined. It is necessary to coordinate and architect a solution that can solve all three challenges simultaneously as a means to combat complexity and its associated best friend forever, operational risk.
A flexible and scalable delivery strategy will be necessary to ensure performance and security without sacrificing operational efficiency.

The Ascendancy of the Application Layer Threat

2012-02-04T12:26:00.000-08:00

- Lori MacVittie, Senior Technical Marketing Manager at F5 Networks (www.f5.com), says:

Many are familiar with the name of the legendary Alexander the Great, if not the specific battles in which he fought. And even those familiar with his many victorious conquests are not so familiar with his contributions to his father’s battles in which he certainly honed the tactical and strategic expertise that led to his conquest of the “known” world.

In 339 BC, for example, then Macedonian King Phillip II – the father of Alexander the Great – became engaged in a battle at Chaeronea against the combined forces of ancient Greece. While the details are interesting, they are not really all that germane to technology except for commentary on what may be* Phillips’ tactics during the battle, as suggested by the Macedonian author Polyaenus:

In another 'stratagem', Polyaenus suggests that Philip deliberately prolonged the battle, to take advantage of the rawness of the Athenian troops (his own veterans being more used to fatigue), and delayed his main attack until the Athenians were exhausted.

This tactic should sound familiar, as it akin in strategy to that of application DDoS attacks today.

THE RISE of APPLICATION LAYER ATTACKS
Attacks at the application layer are here to stay – and we should expect more of them. When the first of these attacks was successful, it became a sure bet that we would see more of them along with more variations on the same theme. And we are. More and more organizations are reporting attacks bombarding them not just at the network layer but above it, at the transport and application layers.

Surely best practices for secure coding would resolve this, you may think. But the attacks that are growing to rule the roost are not the SQLi and XSS attacks that are still very prevalent today. The attacks that are growing and feeding upon the resources of data centers and clouds the globe over are more subtle than that; they’re not about injecting malicious code into data to be spread around like a nasty contagion, they’re DDoS attacks. Just like their network-focused DDoS counterparts, the goal is not infection – it’s disruption.

These attacks exploit protocol behavior as well as potentially missed vulnerabilities in application layer protocols as a means to consume as many server resources as possible using the least amount of client resources. The goal is to look legitimate so the security infrastructure doesn’t notice you, and then slowly leech compute resources from servers until they can’t stand – and they topple.

They’re Phillip’s Macedonians; wearing out the web server until it’s too tired to stand.
These attacks aren’t something listed in the OWASP Top Ten (or even on the OWASP list, for that matter). These are not attacks that can be detected by IPS, IDS, or even traditional stateful firewalls. These technologies focus on data and anomalies in data, not behavior and generally not at the application protocol layer.

For example, consider HTTP Fragmentation attacks.

In this attack, a non-spoofed attacker establishes a valid HTTP connection with a web server. The attacker then proceeds to fragment legitimate HTTP packets into tiny fragments, sending each fragment as slow as the server time out allows, holding up the HTTP connection for a long time without raising any alarms. For Apache and many other web servers designed with improper time-out mechanisms, this HTTP session time can be extended to a very long time period. By opening multiple extended session per attacker, the attacker can silently stop a web service with just a handful of resources.

Multiple Methods in a Single Request is another fine example of exhausting a web server’s resources. The attacker creates multiple HTTP requests, not by issuing them one after another during a single session, but by forming a single packet embedded with multiple requests. This allows the attacker to maintain high loads on the victim server with a low attack packet rate. This low rate makes the attacker nearly invisible to NetFlow anomaly detection techniques. Also, if the attacker selects the HTTP method carefully these attacks will bypass deep packet inspection techniques.

There a number of other similar attacks, all variations on the same theme: manipulation of valid behavior to exhaustion of web server resources with the goal of disrupting services. Eventually, servers crash or become so slow they are unable to adequately service legitimate clients – the definition of a successful DDoS attack.

These attacks are not detectable by firewalls and other security infrastructure that only examine packets or even flows for anomalies because no anomaly exists. This is about behavior, about that one person in the bank line who is acting oddly – not enough to alarm most people but just enough to trigger attention from someone trained to detect it. The same is true of security infrastructure. The only component that will detect such subtle improper behavior is one that’s been designed to protect it.

* It was quite a while ago, after all, and sources are somewhat muddied. Whether this account is accurate or not is still debated.

Mature Security Organizations Align Security with Service Delivery

2012-02-04T12:23:00.000-08:00

- Lori MacVittie, Senior Technical Marketing Manager at F5 Networks (www.f5.com), says:

Everyone, I’m sure, has had the experience of calling customer service. First you get the automated system, which often asks for your account number. You know, to direct you to the right place and “serve you better.” Everyone has also likely been exasperated when the first question asked by a customer service representative upon being connected to a real live person is … “May I have your account number, please?”

It’s frustrating and, for everyone involved, it’s cumbersome.

That’s exactly the process that occurs in most data centers today as application requests are received by the firewall and then passed on to the service delivery layer.

Traditional data center design segregates security from service delivery. There’s an entire complement of security-related components that reside at the perimeter of the network, designed to evaluate incoming traffic for a wide variety of potential security risks – DDoS, unauthorized access, malicious packets, etc… But that evaluation is limited to the network layers of the stack. It’s focused on packets and connections and protocols, and fails to take into consideration the broader contextual information that is carried along by every request. It’s asking for an account number but failing to leverage it and share it in a way that effectively applies and enforces corporate security policies.

It’s cumbersome.

Reality is that many of the functions executed by firewalls are duplicated in the application delivery tier by service delivery systems. What’s more frustrating is that many of those functions are executed more thoroughly and to better effect (i.e. they mitigate risk more effectively) at the application delivery layer.

What should be frustrating to those concerned with IT budgets and operational efficiency is that this disconnected security strategy is more expensive to acquire, deploy, and maintain. Using shared infrastructure is the hallmark of a mature security organization; it’s a sign of moving toward a more strategic security strategy that’s not only more technically adept but is financially sound.

SHARED INFRASTRUCTURE
We most often hear the term “shared infrastructure” with respect to cloud computing and its benefits. The sharing of infrastructure across organizations in a public cloud computing environment nets operational savings not only from alleviating the need to manage the infrastructure from the fact that the capital costs are shared across hundreds if not thousands of customers.

Inside the data center private cloud computing models are rising to the top of the “must have” list for IT for similar reasons. In the data center, however, there are additional technical and security benefits that should not be overlooked. Aligning corporate security strategy with the organizations’ service delivery strategy by leveraging shared infrastructure provides a more comprehensive, strategic deployment that is not only more secure, but more cost effective.

Service delivery solutions already provide a wide variety of threat mitigation services that can leveraged to mitigate the performance degradation associated with a disjointed security infrastructure, the kind that leads 9 of 10 organizations to sacrifice that security in favor of performance. By leveraging shared infrastructure to perform both service delivery acceleration as well as security, neither performance nor security need be sacrificed because it essentially aligns with the mantra of the past decade with regards to performance and security: crack the packet only once.

In other words, don’t ask the customer for their account number twice. It’s cumbersome, frustrating, and an inefficient means of delivering any kind of service.

The Three Axioms of Application Delivery

2012-02-04T12:19:00.000-08:00

- Lori MacVittie, Senior Technical Marketing Manager at F5 Networks (www.f5.com), says:

Like most technology jargon, there are certain terms and phrases that end up mangled, conflated, and generally misapplied as they gain traction in the wider market. Cloud is merely the latest incarnation of this phenomenon, and there will be others in the future. Guaranteed.

Of late the term “application delivery” has been creeping up into the vernacular. That could be because cloud has pushed it to the fore, necessarily. Cloud purports to eliminate the “concern” of infrastructure and allows IT to focus on … you guessed it, the application. Which in turn means the delivery of applications is becoming more and more pervasive in the strategic vocabulary of the market.

But like cloud and its predecessors, the term application delivery is somewhat vague and without definition. I am not going to define it, in case you were wondering, because quite frankly I’ve watched its expansion and transformation over the past decade and understand that application delivery is not static. As new technology and deployment models arise, new techniques and architectures must also arise to meet the challenges that naturally arise along with those applications.

But how, then, do you know what is and is not application delivery? If it can morph and grow and transform with time and technology, then anything can be considered application delivery, right?
Not entirely. Application delivery, after all, is about an end-to-end process. It’s about a request that is sent to an application and subsequently fulfilled and returned to the originator of the request. Depending on the application this process may be simple or exceedingly complex, requiring authentication, logging, verification, interaction of multiple services and, one hopes, a wealth of security services ensuring that what is delivered is what was intended and desired, and is not carrying along something malicious.

A definition comprising these concepts would be either be far too broad so as to be meaningless, or so narrow that it left no room to adapt to future technologies. Neither is acceptable, in my opinion. A much better way to understand what is (and conversely what is not) application delivery is to learn three simple axioms that define the core concepts upon which application delivery is based.

APPLICATION-CENTRIC
“Applications are not servers, hypervisors, or operating systems.”
Applications are not servers. They are not the physical or virtual server upon which they are deployed and from where they draw core resources. They are not the web and application servers on which they rely for application-layer protocol support. They are not the network stack from which they derive their IP address or TCP connection characteristics. They are uniquely separate entities that must be managed individually.

The concrete example of this axiom in action is health-monitoring of applications. Too many times we see load balancing services configured with health-checking options that are focused on IP or TCP or HTTP parameters. Ping checks, TCP half-open checks, HTTP status checks. None of these options are relevant to whether or not the application is available and executing correctly. A ping check assures us the network is operating and the OS is responding. A TCP half-open check tells us network stack is operating properly. An HTTP status check tells us the web or application server is running and accepting requests. But none of these even touches on whether or not the application is executing and responding correctly.

Similarly, applications are not ports, and security services must be able to secure the application, not merely its operating environment. Applications are not – or should not – be defined by their network characteristics, and neither should they be secured based on these parameters.

Applications are not servers, hypervisors, or operating systems. They are individual entities that must be managed individually, from a performance, availability, and security perspective.

MITIGATE OPERATIONAL RISK
“Availability, performance, and security are not separate operational challenges.”
In most IT organizations the people responsible for security are not responsible for performance or availability, and vice-versa. While devops tries to bridge the gap between applications and operations-focused professionals, we may need to intervene first and unify operations. These three operational concerns are intertwined, they are interrelated, they are paternal triplets. A DDoS attack is security, but it has – or likely will have – a profound impact on both performance and availability. Availability has an impact on performance, both positive and negative. And too often performance concerns result in the avoidance of security that can ultimately return to bite availability in the derriere.

Application delivery recognizes that all three components of operational risk are inseparable, and they must be viewed as a holistic concern. Each challenge should be addressed with the others in mind, and with the understanding that changes in one will impact the others.

OPERATE WITHIN CONTEXT
“Application delivery decisions cannot be made efficiently or effectively in a vacuum.”
Finally, application delivery recognizes that decisions regarding application performance, security, and availability cannot be made within a vacuum. What may improve performance for a mobile client accessing an application over the Internet may actually impair performance for a mobile client accessing the application over the internal data center network. What is appropriate authentication methods for a remote PC desktop are unlikely to be applicable to the same user requesting access over a smartphone. The various components of context provide the means by which the appropriate policies are enforced and applied at the right time to the right client for the right application.

It is context that provides the unique set of parameters that enfolds any given request. We cannot base decisions solely on user, because user may migrate during the day from one client device to another, and one location to another. We cannot base decisions solely on device, because network conditions and type may change as the user roams from home to the office and out to lunch, moving seamlessly between mobile carrier network and WiFi. We cannot base decisions solely on application, because the means and location of the client may change its behavior and impact delivery in a negative way.

When you put these axioms into action, the result is application delivery. A comprehensive, holistic and highly strategic approach to delivering applications. It is impossible to say application delivery is these five products delivered as a solution because whether or not those products actually comprise an application delivery network depends on whether or not they are able to deliver on the promise of these three axioms of application delivery.

Removing Data Waste from Virtualized Storage

2012-02-03T06:10:00.000-08:00

Brad Bonn and Alex Rosemblat from VKernel (www.vkernel.com):

Forgotten data objects from virtual machines can clog up virtualized storage. Cleaning up this waste will reclaim storage that can then be reused.

Optimizing resource usage in a virtual environment is significantly more challenging than in a physical environment when it comes to efficiency. The ability to create virtual machines rapidly, while a key driver for enhanced agility and return on investment; is also the main cause of this challenge. To further intensify the problem, related data objects such as snapshots or additional VM images are sometimes created for each VM, increasing the amount of storage usage created by virtualization. Unused snapshots, templates, abandoned VM images and Zombie VMs all contribute to wasted CPU, memory, throughput and most importantly, storage resources. Yet locating and reclaiming these resources is not always a simple task. This whitepaper walks through each of the data objects that can create waste and describes how to clean up unused data objects so as to increase data center ROI.

Types of Waste that Occur in Virtual Infrastructure

Abandoned VM Images

When a VM is deleted from VMware vCenter, Microsoft Systems Center, Red Hat Enterprise Management (RHEM) or another VM management console, it must also be deleted from the disk. Otherwise, the VM listing is no longer present in the management console, but the accompanying VM image still exists in storage. If this scenario occurs, the result is an abandoned VM image which resides in storage and consumes space but is no longer in use. Theoretically, proper operating procedures should ensure that each time a system administrator deletes a virtual machine from the management console, that administrator also repeats the same action with the storage array. But this is not always the case.

Due to a variety of reasons, a VM image may not get deleted from storage although it has been deleted from the management console. This can occur when:

A VMware vMotion storage fails and a file is not completely moved to another datastore. In this case, it is possible that either the old VMDK file will be left where it was, or that the new partially copied VMDK file will be placed on the new datastore. In either case, vCenter will not know about the file. vMotion storage can fail if the new host doesn’t have the same configuration as the old one did, or if there wasn’t sufficient disk space. Additionally, some users configure vMotion to be completely automated, so unless an error log is checked, it would be difficult to know that a vMotion had failed.
System administrators manually copy and paste VM images to move them and forget to delete the old file.
VM images are copied in lieu of using templates and a VM image that isn’t necessary is not deleted.
A third party backup or storage snapshot taking tool is duplicating VM image files. The management console will not know about additional VM image files created in this way.

Finding this Waste:
Detecting abandoned VM images is accomplished through a reconciliation of VMs listed in the management console and the VM images reported within storage. These files are not easy to identify manually since importantly, the VM image name may not always match the VM name. These VM image files are often called orphaned files or orphaned VMs.

Sources of Savings:
Finding and deleting orphaned VMs is important to reclaim and free up storage. Also, deleting these files will liberate software licenses which can be reused.

Powered-Off VMs
Powered-off VMs are just what the name implies: VMs that are powered-off. There is nothing wrong with a VM powered-off unless it is an indication of a VM that is no longer required. The longer a VM has been powered down and not used, the more likely it is no longer needed. It is also possible that a zombie (also known as an idle) VM is identified and rather than being deleted is powered-off to be dealt with later. As this file is no longer in use, it will then become a powered-off VM and still take up storage resources which could be reclaimed.

Finding this Waste:
Reporting on the number of days a VM has been powered-off is the starting point to determining whether a VM is still required. Once the candidate list of powered-off VMs that are no longer needed is identified, some amount of detective work and cross referencing the VM with an inventory report will be required prior to deleting the file.

The key to detecting powered-off virtual machines that are no longer used is the ability to exclude a VM from the analysis going forward if a VM administrator determines that the powered-off image is needed. Otherwise, any reporting mechanism on powered-off VMs will eventually become cluttered with long unused powered-off VMs obscuring the next level of detail and hiding powered-off VMs that need to be deleted.

Sources of Savings:
Deleting powered-off VMs is important to not only free up storage space, but also to release any software licenses that the VM is taking up.

Unused Snapshots
Snapshots are a state of a virtual machine at a particular time and are used for backup and recovery purposes. A snapshot is similar to a desktop recover point. VM administrators typically will make a snapshot of a VM image prior to updating or changing a particular VM to provide for rollback should the upgrade not go according to plan.

Once the patch has been successfully applied, system administrators are supposed to incorporate the snapshot back into the VM configuration which will remove the snapshot and make the changes permanent.

Theoretically, this sounds easy. But there are a few key issues with snapshots that can make managing snapshots particularly troublesome for administrators:

Snapshots can take up all the available storage without an administrator knowing it.
Some environments have multiple snapshots for a particular VM
Finding what snapshots are in storage, when they were made, and if they are still being used requires additional work and tools to report on.
Snapshots for a VM that has been deleted may remain, and will be difficult to cross-reference to the VM that no longer exists.
The SAN can take its own snapshots with its software.
System administrators simply forget about snapshots that were taken, or the snapshot was taken by another user and not reported.

Finding this Waste:
The key to finding unused snapshots is to look at the age of the snapshot and then remove the older snapshots for a particular VM when it has been deemed that that snapshot is out of date.

Sources of Savings:
Deleting unused snapshots will free up storage space.

Unused Template Images
A template is a base image that is used to quickly create virtual machines that are identical. Templates drive compliance for operating system images, patch levels and installed software. Each time the operating system or application changes, a new template needs to be created. If a template that is out of date is not deleted, it will consume storage resources unnecessarily. Unused template images can become a significant source of wasted storage.

Finding this Waste:
The key to finding unused templates is to look at the age of the template and then check to see that the template is still valid.

Sources of Savings:
Deleting unused templates will free up storage space.

Zombie (also known as Idle) VMs
Zombie VMs are virtual machines that are still running but have reached the end of their production lifecycle. This is most likely to happen in volume in environments where:

VMs are created by end users themselves.
Where a communication loop has not been closed between an end user and a system administrator and the end user has not informed the system administrator that a particular VM is no longer being used.
QA or development teams can spin up VMs on their own without central administration oversight.
End customers can deploy VMs automatically in cloud initiatives.
Applications running on a VM are offline and the application owner has not yet noted that the applications are down.

Finding this Waste:
Zombie VMs are tough to detect. They are powered on and appear to have a load on them. However, as a Zombie, the load may be low. But even low load is not a reliable way to close in on a potential Zombie VM. The deviation of the load over time is the best way to separate a Zombie, for example, from a DNS server that simply rarely has a load on it.

Once the list of potential Zombie VMs is identified, cross referencing the VM information with inventory information is the next step to determine if a VM is truly a Zombie or is doing useful work. VMs that appear to be Zombies but are not should then be tagged as such to prevent them from being identified over and over again as potential Zombies. Importantly, if the Zombie VM is simply powered-off instead of being deleted, it will still take up storage resources, and will be noted as a powered-off VM.

Sources of Savings:
Cleaning up Zombies frees up CPU, memory, throughput, and storage for reuse. In addition, each operating Zombie VM consumes licenses for operating systems and other software that could be used elsewhere.

Application Delivery: The Fourth Data Center Tier

2012-02-02T05:24:00.000-08:00

Question and answer with Lori MacVittie, senior technical marketing manager at F5 Networks (www.f5.com):

DCP: Why is application delivery useful in today's enterprise data centers?

F5: Application delivery focuses on ensuring applications are fast, available, and secure. It is a critical data center tier in most enterprise data centers today, even if it comprises only load balancing, a core service, to assure availability. Application delivery enables the use of acceleration, optimization, and security techniques to improve the end-user experience while also maximizing efficiency of application-supporting infrastructure.

Application delivery implements a virtualized layer that mediates between clients and the resources – typically applications - located within the data center to which those clients desire access. This is useful because it provides the means by which policies focused on performance, security, and availability can be applied to an application in a flexible, consistent way based on the unique conditions associated with a request. Delivery policies can be dynamically applied based on not only the user, but location, type of device, and application as well as network conditions at the time of the request. This allows organizations to enforce and leverage policies that protect the applications, the network, and the user while ensuring the best performance possible.

DCP: How can data center and IT managers benefit from it?

F5: Application delivery provides a shared infrastructure upon which application delivery policies can be deployed and managed more efficiently.

For example, it is often the case that access management solutions must be integrated into the architecture to enforce access policies. This requires additional hardware, software, and integration. By consolidating access management with other application delivery services, the complexity of such an architecture is eliminated, which reduces the time required to deploy application delivery related policies as well as the chance of misconfiguration that can lead to unauthorized access or unintended denials of access. It also allows delivery-related services to scale along with the applications, ensuring that the services upon which applications rely to manage access and security do not become a bottleneck or fall victim to attack.

Application delivery offers IT managers and operations a strategic point of control at which application delivery can be more efficiently managed without impacting the application infrastructure. It eases the transformation from traditional, static data center models to more fluid and volatile modern data centers based on virtualization and cloud computing models by providing a layer of control that isolates end-users and operations from the network and application changes occurring from rapid provisioning and migration.

DCP: Where should (application delivery) rank in terms of overall priority in the data center?

F5: At the top, of course! Seriously, it should rank high in overall priority because of the critical nature of the services it provides. At its most simplistic, the load balancing services provided by application delivery are an integral component to today’s data centers and are the foundation for scalability and availability of both traditional and virtualized applications. The application delivery tier is also both the first and last lines of defense against attacks, preventing network and application-layer attacks from reaching applications and their supporting infrastructure, most of which cannot withstand the high volume of connections and traffic being generated by modern miscreants. Application delivery is a critical component to the successful deployment and adoption of a variety of enterprise services including VDI, Exchange, web applications, and even DNS services. Having a flexible application delivery tier in place before applications are developed or deployed enables IT the ability to design more flexible and dynamic architectures that will scale more efficiently and cause less disruption when new or modified delivery policies must be deployed, such as when new mobile devices require support or a new attack has been discovered which required immediate redress.

DCP: What are the biggest challenges for data center and IT managers when it comes to application delivery?

F5: Integration. Application delivery encompasses a wide variety of technologies – acceleration and optimization, web application security and access management, load balancing and secure remote access. The broad spectrum of services that can be included under the application delivery umbrella is often confusing, and the need to integrate each of those services and technologies into a comprehensive architecture in the data center is a significant challenge. That challenge is not just at the network layer, where topological challenges abound, but at the application layer when two separate devices must be integrated to provide a seamless authentication and authorization experience for end-users without losing necessary security and audit information required for compliance and by corporate policy.

After implementation, there are still many challenges to overcome and the biggest revolves around understanding the applications they are tasked with delivering and security well enough to monitor, manage, and apply the right policies to ensure successful delivery. Operations must understand the business and operational requirements with respect to performance, availability, and security before they can codify them into deployable application delivery policies.

Something as simple as the choice of load balancing algorithm can dramatically impact performance and availability of applications. Choosing the right one is a matter of understanding the application, its usage patterns, and business requirements – characteristics that are generally understood by developers and business stakeholders. Data center and IT managers must ensure that those within the organization with the domain expertise are included early in the deployment process to ensure the right application delivery policies are deployed for each application.

DCP: How can data center and IT managers overcome those challenges?

F5: Data center and IT managers can overcome these challenges by initiating conversation earlier in the application development and/or deployment process. By including delivery requirements up front, operations and developers can more clearly determine where in the data center architecture services should be implemented. Creating a team responsible for performance and availability specifically can be of aid here, as there are a wide variety of application delivery services that can assist and assure both, both choosing the right service for a given application and delivery scenario is imperative to ensuring success in meeting the challenge.
6. What advice can you give to IT and data center managers that have a plethora of similar solutions to choose from?

Shorten the list of possible solutions based on a few key criteria and then evaluate in the environment in which the solution will be deployed. Key criteria for application delivery includes speeds and feeds, of course, but goes well beyond such simplistic characteristics. Given today’s emerging data center models, it is important to consider the scalability model of the solution – i.e. how does the solution scale both applications and services as well as itself? Consider the services available as well as the extensibility. Is the solution a platform or a product? If it is a platform, what delivery services can be deployed on it, if it is a product ask about integration with other solutions.

Management and integration with other data center solutions is also a critical factor to evaluate. Today’s data centers are becoming more automated and self-sufficient, but that occurs because of integration and collaboration in the infrastructure. Rapid provisioning that enables auto-scaling, for example, requires collaboration between load balancing services and server provisioning systems, so pre-packaged integration is a must for application delivery. Flexible management, too, via scripting and standards-based interfaces is increasingly important to enable automated deployment and custom integration.

Look for solutions that are service-oriented, that can enable the data center transformation arising from virtualization, consumerization, and cloud computing in the most efficient manner possible for IT as well end-users. The solution providing the least amount of disruption to IT and the business will enable a smoother transition as technology morphs and imposes additional burdens on IT.

Application delivery as a market can be a confusing one, with the term being used to describe a variety of services as well as an overarching strategy. Focusing on key characteristics of application delivery – an application-centric model that is contextually aware and mitigates operational risk (performance, availability, and security) – will enable data center and IT managers to better evaluate whether a solution is really focused on application delivery or merely on individual pain points within that demesne.

The key word in application delivery is “application.” The focal point of all application delivery should be the application – from security to performance to end-user experience to scalability.

Keeping IT Cool While Cutting Costs

2012-02-01T06:20:00.000-08:00

- Dr. Eldad Levy, CEO, and Sofi Shtern, applications engineer at

CAS Ltd. (http://www.cas.co.il/old), say:

Data and communication intensive firms are facing a thermal crisis as their data centers are driven to deliver ever increasing performance. As power consumption per rack has risen dramatically, managers have turned to CFD (computational fluid dynamics),thermal software, to identify optimum cooling solutions.

Optimizing data center design is a challenging task, frequently requiring dozens of simulation models to zero in on an optimum solution. A fast, highly accurate CFD tool is a must.

Israeli consulting and thermal modeling firm, CAS Ltd uses CoolitDC from Daat Research (http://www.daat.com/), a powerful, user-friendly software that handles complex problems accurately and with a minimum of computing resources—only a laptop is required. Models often can be changed with just a few mouse clicks and the answer quickly recalculated. CoolitDC helped boost performance, efficiency and reliability of data centers at France Telecom (brand name Orange), one of the world’s largest telecommunications companies and at IDF (Israel Defense Force) Data Centers.
At the Orange site in Israel, two data centers had been built originally to handle low power density racks. Performance enhancements implemented over the years had pushed temperatures, at some points in the room, to borderline conditions. The inflow temperature of some racks reached 30 deg C, though the recommended maximum temperature was no more than 27 deg. C. As a result, the racks were populated only up to 2/3 their height because the upper area was too hot.

Each data center contained 80 racks cooled by four CRACs (Computer Room Air Conditioners) mounted in pairs at opposite ends of the room and pumping cold air under the floor. Cold air passed through the perforated tiles, entered the racks and then returned to the CRACs.

As with all their analyses, CAS engineers start by constructing a model of the existing data center and then calibrate the model by comparing its predictions against actual measurements. Typically models vary from actual by only a few percent.

To minimize redesign costs, CAS engineers initially investigated various options to optimize cooling using the existing equipment. The thermal simulations quickly showed that the data center was already at maximum cooling capacity and simple solutions, such as reshuffling servers and plugging air leaks, were insufficient to bring the temperatures down. Adding more powerful new equipment without making serious changes was completely out of the question.

The CAS solution was to create a “cold aisle” by enclosing the space between the two hottest center rack-rows with walls, doors and a ceiling. Inside the aisle, six in-row cooling units were added. To the client’s delight, the proposed solution proved very effective and equally important, was easy and inexpensive to implement.

At the IDF sites, the critical and often mobile nature of the military application demanded exceptionally high reliability from the data centers, which had to run cool even under harsh conditions, and made it impossible to incorporate spare capacity for backup.

A typical site consisted of a 16 x 12 m room containing 8 rows of racks cooled by 4 CRACs. This configuration did not provide uniform cooling and the tops of some racks exceeded allowable temperatures.

CAS investigated establishing a different mix of cold and hot aisles, reducing the air leakage and replacing missing blanking panels which were impacting the efficiency of cold aisle due to mixing of hot and cold air. In some instances, cold aisles not well sealed, were resealed to insure that no uncontrolled mixing of hot-cold air took place. Many other potential solutions were evaluated in a brief span of time: concentrating high power dissipating racks in one place, trying different perforated tiles to increase the airflow, checking different tiles arrangements, etc. All this required computing dozens of different cases in order to arrive at the optimal solution. Speed of modeling, both in making model changes and in actual computing of cases was of the essence.

A solution developed for one IDF data center required completely sealed cold aisles which eliminated all hot spots without any additional cooling equipment. In fact, the simulation showed that CRAC supply temperatures could be increased from 12 deg C to 15 deg. C. while still keeping inlet temperatures under 25 deg C. The design change resulted in over 12% energy savings which more than paid for the consulting effort.

In both the military and telecom applications, CFD thermal analysis eliminated guess-work in developing optimum solutions. Multiple “what if” scenarios were developed and modified with a few clicks of the mouse. Best of all, the investments paid for themselves through lower cooling requirements, energy savings, and reduced downtime.