In 2005 when I was CEO of web application security vendor Kavado, Cisco revealed a security vulnerability in their operating system (IOS) that could allow a hacker to take control of any product running IOS where web management was turned on. The attacker didn’t even need direct access to the server; just the IP of the target device. For example, using a now well known technique called cross site scripting, a hacker could inject random code into the Cisco device via its web interface, and then reset the password to gain full administrative privileges. That means that the hacker controls that device, and soon your entire network. Today, four years later, Cisco revealed that this vulnerability still exists. Apparently security isn’t that important to Cisco as a switching company – besides, the firewall will protect you, right? Oh yeah, if it’s a Cisco firewall it runs IOS too.
Now imagine that you’ve bet the farm on Cisco and have deployed their Unified Computing Solution – with management controlled dependent upon (yes, you guessed it) – IOS. That’s right, not only have you exposed all of your networking devices, but now because the manager for the entire system that controls visibility and access to your Cisco servers and FCoE storage is on an IOS powered switch, you’ve lost control over your entire data center. A hacker could potentially start re-directing corporate data somewhere else, or minimally wreak havoc by turning applications on and off.
Time to pack up and go home, because your days of gainful employment are over!
You don’t have to put all of your eggs into one vendor’s basket, and there’s no call to compromise on security. There are providers that deliver a complete and secure standards based solution without locking you into proprietary schemes. In fact, companies like Virtuoso have proven out the dramatic and immediate game changing benefits of unified computing solutions. However, one must be certain that the selected unified computing solution is complete. It should employ a secure method that physically isolates the command and control structure managing the compute, networking and storage elements from the operating system(s), virtualized environment(s) and associated applications. This requires an entirely different “from the ground-up” architecture versus the patch work approach or bundles of existing parts and professional services offered by the big switch and server vendors. Beware, buying “big” doesn’t mean buying smart.
Just last month, I discussed the ramifications of security in a unified computing world with Chris Preimesberger of eWeek. Reportedly, Cisco’s response to Chris when he asked them about the glaring lack of a security strategy was: “…in a UCS deployment, customers are expected to use their own existing server, storage and management security vendor—not one provided by Cisco itself”.
That says it all.
Wednesday, June 24, 2009
Sunday, June 21, 2009
Add Liquid & Stir
You may have noticed that relationships amongst IT vendors are really stirred up. Companies who were formerly "close collaborators" are now quietly aligning themselves for direct battle. Some attribute this to Cisco's entry into the server space while others believe that it's due to a larger need for vendors to expand their addressable markets into adjoining areas in pursuit of continued growth. I believe that both of these are actually symptoms of a more fundamental and quite logical next step in the evolution to the dynamic data center.
IT vendors have been pitching the concept of "dynamic" or "agile" data center for years, but delivering on the vision on piece meal basis. In almost every instance, solutions essentially introduced software based control over a very specific sub-set of data center operations. Enough to make a targeted difference but not enough to solve the overall problem. For example, Layer 4-7 application switches (i.e. load balancers) delivered the ability to quickly re-route traffic destined for one server group located within a specific data center to another server group that could be located in a different data center - all based on based on server availability. But when you think about it, this approach relies upon the need to have alternate completely pre-configured data center resources (well beyond the receiving servers) ready and waiting to be called into action. So, the switching of the inbound traffic is dynamic but really worthless to you unless you have the rest of the underlying IT infrastructure waiting for it. Can you imagine how many dollars are wasted annually (real estate, power, professional services, equipment, etc) on these partial solutions? Very inefficient, expensive and truly manual.
The ideal approach is one in which all underlying physical IT data center resources and their interdependency's can be manipulated via software as building blocks, and the system itself can autonomically provision and/or reconfigure itself in response to corporate policy and real-time business needs. No more overbuilding, lots of corporate savings and most importantly dramatic increases in customer satisfaction.
The recognized power of this approach is the real underlying cause for all the vendor stir. If you dig a bit further, you'll discover a lot of buzz centered on Liquid Computing. Liquid has this powerful software based approach available today while everyone else is just starting to think about. That's why I say, add Liquid and stir.
IT vendors have been pitching the concept of "dynamic" or "agile" data center for years, but delivering on the vision on piece meal basis. In almost every instance, solutions essentially introduced software based control over a very specific sub-set of data center operations. Enough to make a targeted difference but not enough to solve the overall problem. For example, Layer 4-7 application switches (i.e. load balancers) delivered the ability to quickly re-route traffic destined for one server group located within a specific data center to another server group that could be located in a different data center - all based on based on server availability. But when you think about it, this approach relies upon the need to have alternate completely pre-configured data center resources (well beyond the receiving servers) ready and waiting to be called into action. So, the switching of the inbound traffic is dynamic but really worthless to you unless you have the rest of the underlying IT infrastructure waiting for it. Can you imagine how many dollars are wasted annually (real estate, power, professional services, equipment, etc) on these partial solutions? Very inefficient, expensive and truly manual.
The ideal approach is one in which all underlying physical IT data center resources and their interdependency's can be manipulated via software as building blocks, and the system itself can autonomically provision and/or reconfigure itself in response to corporate policy and real-time business needs. No more overbuilding, lots of corporate savings and most importantly dramatic increases in customer satisfaction.
The recognized power of this approach is the real underlying cause for all the vendor stir. If you dig a bit further, you'll discover a lot of buzz centered on Liquid Computing. Liquid has this powerful software based approach available today while everyone else is just starting to think about. That's why I say, add Liquid and stir.
Friday, June 12, 2009
Which Fighter is right for you?
I’ve been on the road across the US and Europe for the past several weeks briefing major analyst groups (Yankee, IDC, 451, Gartner) and certain leading edge enterprise data center operators about the benefits of deploying a properly designed unified computing system. It turns out that several of these folks actually read this blog (gasp), and I was asked on more than one occasion to delve further into my opinions of the serious flaws and lack of execution that I see vacant in Cisco’s vision and HP’s releases. I (humbly) accommodated, but more importantly, seized the opportunity when I could to offer a demonstration of a live production UCS system so that I could show how these major oversights are the product of systems that “look like” UCS and in other cases fell short and could lead to security issues. It was priceless to see the facial reactions as they saw how through powerful software control, very complex data center environments (switching, computing, storage and all associated physical and logical connections) could be deployed at once - in minutes - and visualized in seconds. How virtualized environments and associated applications could be interchanged with entirely different bare metal environments and configurations at the touch of a software button, and how the entire standards based ecosystem was designed to defend itself from attack and self-heal. You could actually see the lights turn on in their heads as they realized that solutions marketed to them from the big infrastructure players were missing major pieces of the puzzle (you know, like being able to configure and provision storage). That’s because in some cases what’s being marketed is the perception of a unified computing solution and in other cases the offering isn’t yet complete or mature. I suppose that explains why Cisco alone has visited the Liquid Computing website from its corporate locations more than 70 times since May!
So, what defines a mature unified computing system? A flexible, dynamic and secure system that brings together standards based (compute, network and storage) capabilities under the software driven command and control of a single architecture. Guess what, I’ve just loosely described the fly-by-wire system of a modern jet fighter, where standard parts are controlled by software that makes decisions far faster and more accurately - without error - than a human being can. In fact, a human being cannot actually fly a jet fighter without the assistance of software control, and it’s the software control that delivers all of the benefits. Without it, the sum of all the other parts is no more or less than an ordinary plane.
So, do you want to continue buying parts and going into battle with Snoopy’s Dog House or are you ready to look at an F-117 Stealth Fighter for about the same price?
So, what defines a mature unified computing system? A flexible, dynamic and secure system that brings together standards based (compute, network and storage) capabilities under the software driven command and control of a single architecture. Guess what, I’ve just loosely described the fly-by-wire system of a modern jet fighter, where standard parts are controlled by software that makes decisions far faster and more accurately - without error - than a human being can. In fact, a human being cannot actually fly a jet fighter without the assistance of software control, and it’s the software control that delivers all of the benefits. Without it, the sum of all the other parts is no more or less than an ordinary plane.
So, do you want to continue buying parts and going into battle with Snoopy’s Dog House or are you ready to look at an F-117 Stealth Fighter for about the same price?
Subscribe to:
Posts (Atom)
