Schneider Electric partnership to develop liquid cooling for power-hungry data centres


Dale Walker

2 Oct, 2019

Schneider Electric has said it has entered into a strategic partnership that will see the company collaborate on the development of cutting-edge data centre liquid cooling technology.

The energy and automation giant will work alongside Iceotope, a company known for its chassis-level liquid cooling technology, and Avnet, a global technology services provider that will help deliver the products to market.

The aim is to produce chassis-level liquid cooling that’s able to keep pace with the increased use of high-power graphical processing units within data centres, which are by far the most efficient processors for powering AI, IoT and big data analytics but often overheat when paired with traditional air cooling systems.

“Compute intensive applications like AI and IoT are driving the need for better chip performance,” explained Kevin Brown, CTO and SVP of Innovation in Schneider Electric’s Secure Power division.

“Our quantitative analysis and testing of liquid cooling approaches shows significant benefits to the market. This partnership is the next step in solution development and we are excited to be working with Avnet and Iceotope.”

In closed testing, early analysis of the proposed liquid cooling technologies produced CapEx savings of around 15% and energy savings of at least 10%, when compared with traditional air-cooled systems. If deployed, this would lead to total cost of ownership savings of over 11% over a 20-year period, the company claimed.

Schneider has invested directly into Iceotope through its SE Ventures investment arm, which historically has overseen agreements with Habiteo, Element Analytics, Sense and Qmerit. The agreement will essentially see Iceotopes’ current liquid cooling technology, which is already in use across the IT stack, including cloud and edge deployments, brought to the data centre environment for the first time.

Schneider said it was increasingly finding that the sort of GPU chips required for AI and edge deployments often came with thermal design power ratings of 400 watts or more, making air cooling too expensive and inefficient to use extensively.

To combat this, Schneider said it would work towards creating systems capable of being partially submerged in a dielectric fluid. This, it claims, will make cooling systems entirely silent and drastically reduce the form factor, making it also suitable for less power-intensive systems, although it’s unclear how much up-front investment will be required to make this feasible.

David Craig, CEO of Iceotope, said his company was eager to work with Schneider and Avnet to create a product that is able to deliver on the promise of liquid cooling for the data centre.

“Working with great partners that share the same passion for innovation, solution-focused thinking and quality is a pleasure,” said Craig. “Our ability to bring our IP to combined solutions that manage the pressing challenges of chip density, energy and water consumption, space and location challenges and the ever more complex issues relating to harsh environment and climate will be game-changing in the industry.”

Schneider Electric revealed the news at its annual Innovation Summit, held this year in Barcelona.

Microsoft unveils new Teams features in September update


Jane McCallion

2 Oct, 2019

Microsoft has made several updates to its flagship Teams collaboration platform, including new third-party software integrations and improvements to calls and meetings.

A common complaint about enterprise collaboration and chat platforms – such as Slack, Facebook Workplace and others – is that they can be disruptive to workflow, with instant messaging fostering a feeling that users are obliged to provide an instant reply.

Microsoft seems to have taken this issue onboard with the September Teams update.

In a blog post, the company debuted selective muting for channels. Users can mute specific conversations within a given channel if they need to concentrate, with the ability to turn notifications back on when they’re ready. Similarly, if they’ve hidden or muted a channel, they can opt to receive notifications from a particular conversation in it without reactivating the entire thing.

There’s also new activity filters in Chat. For example, a user can search for a colleague’s name and they will be presented with every group and meeting they have in common, as well as one-to-one chats. They can then add additional filters, such as unread messages only. The same type of filtering can also be applied to group chats and the teams list.

There are also several new features in calling and meetings. Users can now send incoming calls directly to Cloud Voicemail, and also make calls through Chrome if they’re using Teams on the web rather than through the app.

There’s also the ability to start a meeting instantly, rather than schedule it ahead of time, and a lightweight ‘meeting join’ capability for people using Internet Explorer, Safari and Firefox.

There’s good news for Lucidchart users too, with the data visualisation company’s app now supporting messaging extensions, link unfurling and collaboration permissions in Teams. This builds upon last year’s release of a Lucidchart app that made document editing and sharing possible within Teams. More details on the enhancements can be found on the Microsoft Teams blog.

Notable by its absence, however, is cross channel posting. This was teased in July, with the promise it would be “coming soon”, however it seems that soon is not yet now.

Sainsbury’s looks to Google Cloud for machine learning as retail cloud case studies continue to climb

UK supermarket chain Sainsbury’s is collaborating with Google Cloud on machine learning for greater customer insights – in another example of a cloud partnership among major retailers.

The company is looking at building machine learning solutions on Google Cloud Platform (GCP), in association with Accenture, to ‘provide new insights on what customers want and the trends driving their eating habits’, in the words of Alan Coad, Google Cloud managing director UKI in a blog post.

While that phrasing could be construed as peculiar, the overall goal, of building stronger customer profiles and providing greater value to customers through big data crunching, is one which resonates.

Sainsbury’s analyses data from various structured and unstructured sources, and is looking to Google to clean up the data, classify it, and deliver insights in real-time. Predictive analytics models have been deployed by the supermarket chain to sense trends and adjust inventory as a result. Google Cloud’s retail page outlines a five-step process to data nirvana: scaling infrastructure, developing new applications, unifying data streams and using collaborative tools to get insights faster.

“The grocery market continues to change rapidly. We know our customers want high quality at great value and that finding innovative and distinctive products is increasingly important to them,” said Phil Jordan, group CIO of Sainsbury’s. “With the help of Google Cloud Platform, we are generating new insights into how the world eats and lives, to help us stay ahead of market trends and provide an even better shopping experience for our customers.”

“The food sector is experiencing significant, rapid disruption, and this new cloud-based insights platform will help Sainsbury’s identify trends much earlier and adapt their product assortment in a faster, more informed way – all for the benefit of customers,” added Adrian Bertschinger, managing director for retail at Accenture.

Analysis

The rise in retailers partnering with the largest cloud providers is a trend which has been covered variously by this publication. In particular, the choice of cloud has frequently raised eyebrows. At the start of this year, US grocer Albertsons signed a three-year deal to make Microsoft Azure its preferred public cloud. Pharmaceutical giant Walgreens Boots Alliance signed a similar deal – albeit for seven years – in the same month.

This momentum, alongside a long-running saga last year where Walmart firmly placed its flag on terra Azure, led some to question whether top tier retailers were moving away from Amazon Web Services (AWS), the largest public cloud provider, whose parent company happens to be a rather large retailer. Indeed, according to the most recent Forbes Global 2000 list in May, Amazon surpassed Walmart as the leading retailer for the first time.

While it makes for a nice headline, this trend may be something of a red herring. AWS’ retail customers include Ocado, Under Armour and River Island. Perhaps its biggest customer is itself. Amazon had been gradually moving away from Oracle, and AWS chief executive Andy Jassy announced at the end of last year that Amazon’s consumer arm was now running the vast majority of critical system databases on AWS.

Speaking to CloudTech in April Jean Atelsek, digital economics unit analyst at 451 Research, dispelled the myth. “It’s easy to get the impression that retailers are fleeing AWS,” said Atelsek. “Microsoft’s big cloud partnership with Walmart seems to be the example that everyone wants to universalise to the entire cloud space. However since a lot of retailers also sell through/on AWS, they’re less likely than Walmart to see Amazon (and by extension AWS) as the devil.”

As the Sainsbury’s example shows, organisations across verticals are looking to utilise more mature machine learning models and techniques through the biggest cloud vendors. Even taking into account the buzzword factor, this year has seen an explosion of companies citing ML as a key factor, from media companies for content archiving (The Globe and Mail) to sporting brands for quicker insights (Formula 1), to both (NASCAR).

According to Kantar figures earlier this year, Sainsbury’s fell to third place in terms of the largest UK supermarkets, slipping behind Asda. The collaboration with Google Cloud will look to give the company a foot up; as Coad noted, the company’s vision is to ‘be the most trusted retailer’ and ‘make customers’ lives easier, by offering great quality and service at fair prices.’

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Cisco WebEx and Zoom video hit by security flaw


Nicole Kobie

1 Oct, 2019

Security researchers have uncovered a way for attackers to snoop on video conferences run on the Cisco WebEx and Zoom platforms.

Dubbed “Prying Eye”, the flaw spotted by Cequence Security is a weakness in web conferencing APIs that would allow attackers to use an enumeration attack to find open calls or meetings.

Enumeration attacks refer to the practice of using brute force to guess ID numbers – in this case, for meetings or calls. If the attacker guesses the right meeting ID number, and it isn’t password-protected, they have instant access.

That attack technique could work on any application that uses numbers as identifiers, but Cequence notes that it’s common practice to disable basic security such as passwords for web conferences in order to reduce friction for meeting participants. The flaw could be particularly troublesome for anyone who reuses meeting IDs, letting an attacker snoop on all future calls or conferences.

“In targeting an API instead of a web form fill, bad actors are able to leverage the same benefits of ease of use and flexibility that APIs bring to the development community,” said Shreyans Mehta, Cequence Security CTO and co-founder. “In the case of the Prying-Eye vulnerability, users should embrace the shared responsibility model and take advantage of the web conferencing vendors’ security features to not only protect their meetings but also take the extra step of confirming the attendee identities.”

Cequence alerted both companies to the vulnerability in July before taking it public today, giving Cisco and Zoom time to address the flaw. Cisco and Zoom have responded by altering default security settings and issuing advice to customers to help them avoid the vulnerability.

“Notably, the most effective step to strengthen the security of all meetings is to require a password – which is enabled by default for all WebEx meetings,” Cisco’s security team said in a statement provided by Cequence.

Richard Farley, CISO of Zoom Video Communications, said: “Zoom has improved our server protections to make it much harder for bad actors or malicious bots to troll for access into Zoom meetings.”

Farley added that passwords are now enabled by default, but stressed it was still possible to lighten such security settings to whatever is appropriate for different users. He said that, “as is true of other security options, meeting hosts are free to choose security settings that are most appropriate to the sensitivity of their meetings.”

Cequence Security added that it had not tested all other web conference vendors, so others may be at risk as well. The flaw can be avoided by requiring a password on sensitive conference calls or videos, and by confirming the identity of all attendees on a call.

The latest vulnerability comes just under a year after the discovery of a remote code execution flaw in WebEx’s update service, in which hackers could invoke a Windows update service tool which grants the ability to execute commands with system-level privileges.

Chaos engineering is integrated into the DevOps toolchain – but what about IT ops?

Chaos engineering (CE) is the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production. This approach is becoming commonplace in DevOps practices; but how would its application extend to IT operations?

In truth, CE for IT operations offers a similar framework for stress-testing a technology platform to understand its weak points and performance pitfalls under heavy pressure.

CE tends to be used primarily in DevOps during bug testing: setting up experiments to run software under different conditions, such as peak traffic, and monitoring how it functions and performs. This becomes increasingly necessary in cloud-based systems where failure to understand extreme load responses could result in runaway cascade failures or, worse yet, spinning up thousands of extra nodes handling error conditions while not doing any actual work.

These same principles, applied to IT operations management (ITOM), help define a functional baseline and tolerances for infrastructure, policies, and processes by clarifying both steady-state and chaotic outputs when extremes are reached.

Applications in IT

The theory of CE in DevOps gained early traction at Netflix as they moved from physical to virtual infrastructure, with the team that implemented it on AWS breaking off to form Gremlin. However, chaos engineering is not typically used in IT operations, because ITOM has historically been separated from development (generally, IT monitors system dynamics, and when a problem occurs, engineering change management or ITSM is brought in to remediate the issue).

With the growth of containerisation in cloud applications today, IT infrastructure looks more like development environments than classical multi-tier architectures. But the limitless scale of the cloud means failures can also be limitless: microservices are well-served by testing elasticity and scalability, data flows, and resiliency through stressing the system to the edge of its tolerances and fixing their shortcomings before a public crash.

1, 2, 3… chaos

Implementing chaos engineering for IT operations management provides a systematic approach to identifying weaknesses in a microservices-world. In a monolithic environment, you have visibility into performance and event metrics that may be lost with microservices designs. As a result, the need for operational insights becomes even more critical when scaling to unknown workloads.

Netflix’s Chaos Monkey grew out of CE principles from their own cloud-native community, meant to address the gaps in common dev tools’ abilities to manage extreme complexities. This methodology is extendable to infrastructure and helps to set guardrails on platform behavior as a whole. So how should a team bring this thinking into their IT operations management? Follow these five fundamental steps:

  • Define the current steady state: Performing baseline analysis is a standard concept in capacity planning, upgrade strategies, and other high-impact functions. Start with something relatively simple (and small) so that you don’t get overwhelmed by the data, or risk interfering with the business if something goes wrong (such as security Red Teaming). For example, monitoring CPU and network utilisation, which are common bottlenecks in any IT shop
     
  • Define optimal conditions. There’s how your system generally operates, and then there’s how it should operate; these typically aren’t the same thing. CPU utilisation and network latency are always affected by application efficiencies, hardware conditions, and a host of other factors. Create a standard that outlines what engineers should expect on a normal day, on an easy day, and on a very hard day. These are the control groups, and the extreme day will be the stress test
     
  • Form a hypothesis. Where will the system break? If you’re running an application scenario such as doubling the peak traffic that even your worst day so far has seen, will your CPU maintain optimum utilisation (or will the container provisioning engine smoothly deploy additional nodes) as in the variable control groups, or will it spike so severely that processes grind to a halt because there isn’t enough memory or network bandwidth left to manage the load?
     
  • Execute a real-world event (but contain the blast radius). Do something extreme, like taking down a firewall that severs connectivity to one internet service provider. This will confuse the application as it tries to respond to requests with repeated failures, ramping up CPU processes as errors return from a dead network endpoint. Log events will mount, filling the database and saturating the backbone
     
  • Validate the hypothesis. What happened? Monitor utilisation and network throughput during the test and see where the system fell over. Is it what you expected, or did something never previously considered take place? Did new chaos erupt from the fissures in your infrastructure? Stabilise, document, and remediate

Never stop not being afraid

Stressing a system to its absolute max—and a little bit further—to see where things go wrong allows you to understand steady-state behavior and error-handling, so you can fix it before something breaks in new and unexpected ways. What do traffic spikes look like? What are real-world events and their impacts on your organisation?

Chaos engineering is not just for DevOps. It should be a systemic practice for load-testing (out of your comfort zone) to the point of failure. It’s a responsibility for more than microservices deployments and applies to all sorts of disciplines within the IT organisation.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.