Virtually hopeless

I don’t know if that’s CIOs, or the press, or both. Recently Byte & Switch, CMP Technology’s zine on storage networking, published a chef d’oeuvre on troubles with virtualisation. Some amazing thoughts by the captains of the industry. Take this one:


Time is definitely a major concern of ours,” said Jim Steinmark, director of architecture and engineering at Fidelity Investments. “One of the big challenges is the time that it is taking to get people to accept virtualization as a production-ready technology,” added the exec, who uses VMware, Citrix, and SoftGrid within his infrastructure. For this reason, Steinmark estimates that it probably takes 40 to 50 percent longer to get an application deployed on virtual machines than it would on physical servers. A complex virtual application shared by a number of different users, he said, could easily take a year to deploy.


The whole idea and practice of virtualisation is to implement an efficient hardware abstraction layer. Applications don’t know and don’t care if they are running in a virtual machine. Even detecting virtual environment is not a trivial task. How it will increase implementation time at all is beyond me. Any clues? Here’s another product of disturbed minds:


Another attendee, George Scangas, lead IT infrastructure analyst at Welch’s Foods, warned that developers are often the hardest group to get on board. “A lot of them are from the old school of thinking — they want to run [applications] on a physical box,” he added.


If developers have concerns like that, they are thoroughly unprofessional (Mr. Scangas’s colleagues definitely are).You cannot develop application for a box with redundant power supplies and six cooler fans inside. With few exceptions (like device drivers, operating systems and virtual machine hypervisors) applications have requirements like certain operatins system, runtime libraries, disk space and available RAM – nothing that cannot be provided in a virtual environment. And if there’s somebody who’s hard to get onboard, that is not developers or system administrators.

On giant databases

Why Wal-Mart, Tesco and other big retailers build giant databases that record every purchase and whatever else their customers are doing? Here’s how Peter Dorrington of SAS, a software vendor, puts it:


Not only do firms like Tesco have good operational systems that control their costs, but they understand their customers and can offer particular product mixes which are attractive to certain groups


So this is the big idea. Businesses are sold on the hope of better understanding their customer and therefore finding better ways of taking the business to new levels. In fact, the best they can hope for is running the business efficiently as it is – without transformations. Without data that is not in the database you cannot attract new customers. You don’t know how big is your customers’ appetite for schinkenspeck until you offer some. And the database will not tell you that it won’t be popular in Middle East because it’s neither halal nor kosher unless there is appropriate database field, and you ask. And asking the right question is the hardest bit.


Banks are legally obliged to keep all information about their customers’ transactions for a long period of time. That information is readily available but it doesn’t help developing new products, market expansions and major investments. This is where artificial intelligence can assist. AI is bound for a big comeback.


Meanwhile, we have systems ironically classified as business intelligence and giant databases. They are surrounded by aura of mystery. Here’s what Anthony Bianco writes in The Bully of Bentonville, a leftist anti Wal-Mart opus:


From their perch in the Glass center, Information systems technicians monitor the computer-to-computer interplay using software that enables them to anticipate glitches, or “exceptions”, as they’re known in digitese, and intervene to prevent them from occuring. “We are pretty near real time. We can tell people that they need to go do something and we are within hours, depending on the event”, said Linda Dillman, who, as Wal-Mart’s chief information officer, runs the Glass Center.


Funny as it is, this description of how Wal-Mart’s is running their RetailLink infrastructure also gives indication how distant from reality is the perception of the giant databases.

Virtual infrastructure v Terminal servers

Virtual infrastructure based on products like Microsoft Virtual Server, VMWare and Xen is the flavour of the month. People are talking about reduced cost of ownership, energy consumption and increased security risks resulting from use of virtualisation – all of which is questionable. But without a doubt virtual infrastructure, especially in the datacenter space, will change the way we do things today. System deployments will take much less time. Recovery procedures will change dramatically. In enterprise space, virtualisation will change networking and storage architecture as well: IP subnets will span multiple physical sites, and storage will become more flexible. I’m doing my reading on iSCSI – IP-connected storage is the way to go.


There are other effects of the emergence of vitualisation. Blade servers won’t ever become mainstream solution because of it, and possibly will die off altogether. And there will be a very interesting clash with terminal server solutions – technology space dominated by Citrix Systems, History of terminal servers is interesting: developed as a way of enabling multiuser access to systems, it evolved into bandwidth-saving way of using legacy applications, then to the core of thin client infrastructure (remember Oracle’s Network Computer?) and now it’s all of the above plus secure remote access mechanism and software distribution application delivery system. Virtual infrastructure hosting any modern OS has all the same features – but approach is different. Some may argue that terminal servers are utilising less resources since htey are using single OS image for all clients – which is probablu true, but becomes less of an advantage as both VM resource management ans sytems’ awareness of the virtual infrastructure improves. And terminal servers can become legacy systems themselves.

Security theatre

Steve Riley of Microsoft is a controversial figure. Some believe he’s a hacker and others that he’s a social engineer. Having argument with him is very difficult. Steve’s got great mind and unique aility to inspire people, get them thinking about information security. Recently I have read about security theater in his newsgroup posting, in response to suggestion to rename Administrator account as a security measure:


Rename it back to “Administrator” and set a long passphrase on it.

Changing account names is just security theater. Names are intended to be
public, there is no mechanism in place to prevent discovery of names. So
don’t treat such elements as secrets. The secret in a set of credentials is
the password.


Other elements of security theatre are, according to Steve, port hiding (another unneeded change from the default, a bad sysadmin practice), and outbound traffic control on personal firewall. I couldn’t agree more. Too many times I have seen Windows guest account disabed and renamed…


The term security theater appears to be coined by Bruce Schneier. It’s great. Much better than security through obscurity  – meaning the same, leaves no space for argument. It’s spot-on. Security theatre is the best way to create problems for yourself while not creating those for potential intruders.

Governments are hopeless at information security

One of the good things about BlackBerry – apart from the main client platform that will never get really damaging and widespread malware – is clever server infrastructure that routes data streams between the handhelds and the enterprise infrastructure. A mother ship in Canada handles all signaling and connections between various operators around the world so that roaming experience is really smooth (this also contributes to the business model that makes the operators hugely enthusiastic about BlackBerry). Data communication is direct between the handheld and the BlackBerry Enterprise Server, using UDP. Using Wi-Fi is possible. All is heavily encrypted.


But one thing happens over and over when governmentslook at BlackBerry security: they suddenly learn about the Canadian intermediary (for they believe it is), become concerned about non-existing snooping possibility, and place BlackBerry on hold for pointless yet lenghty review. It happened before in Australia. Now it happens in France: Blackberries nipped amid security fears. Some interesting details:


BlackBerry handheld computers, or “Le BlackBerry” as they are known France, have been called addictive, invasive, tiresome for thumbs – and, now, a threat to French secrets.

That, at least, is the fear of French government defence experts who have advised against their use by officials in France’s corridors of power, reportedly to avoid snooping by US intelligence agencies and the loss of commercial and other secrets.

“It’s not a question of trust,” French legislator Pierre Lasbordes said today. “We are friends with the Americans, the Anglo-Saxons, but it’s economic war.”

Lasbordes, who was commissioned in 2005 by then-Prime Minister Dominique de Villepin to look into such issues, said he alerted the government about the issue months ago.


So it took two years for a politician to identify a non-issue as a problem. Apparently RIM cannot easily stand up to the politicians’ stupidity:


The Canadian company “admitted that there was a certain fragility in the protection of information when you use the email system” and promised it would be resolved, said Lasbordes, adding: “That was more than a year ago.”


Of course, we shall never know what exactly is that certain fragility, because it is certaintly an uncertainty – please pardon my French. And, of course, there is another official to voice the concerns:


BlackBerries pose “a problem with the protection of information” and “the risks of interception are real,” Alain Juillet, in charge of economic intelligence for the government, told Le Monde.


What is the most amazing here is that the Mr. Jullet is responsible for some kind of intelligence. He should know the meaning of “real”.

Remembering things to do

Andrew “Angry” Anderson, a fellow security specialist who suddenly passed away on 21 June, once said in response to a request to bring a pen to a meeting:


If you give me more tasks than I can remember, I won’t be doing them all anyway.


Come to think of it, most things that are getting forgotten weren’t important in first pllace. So who says that setting priorities is hard?