We talk a lot about so-called ‘business transformation’, but what do we really mean by this expression and how does it change the way (as workers) now operate on the shop floor?
Read any history of the industrial revolution and you will understand the massively impactful swings that our workplace went through from the 1800s through to the introduction of the automatic lathe around the turn of the last century.

read more

NaviSite, Inc., a Time Warner Cable Company and premier provider of enterprise-class hosting, managed applications, managed messaging and managed cloud services, on Tuesday announced an Enterprise Mobility Management (EMM) solution to help enable enhanced data security while simplifying the management of devices and resources across an organization. NaviSite’s EMM solutions provide a full portfolio of Mobile Device Management (MDM) capabilities to help companies address the critical challenge of securing data across a range of personal devices in a workplace environment where Bring Your Own Device (BYOD) has become the norm.

read more

CommVault on Tuesday announced a series of new enhancements to the CommVault PartnerAdvantage partner program Service Provider (SP) Edition, designed to help service provider partners maximize revenue, profitability and growth opportunities through new leading edge tools, resources and solutions that support their specialized requirements.
CommVault’s ongoing cloud strategy builds on its leadership in software innovation and, through strategic relationships with service provider partners, delivers solutions to simplify and secure the transition of these services providers and their customers to cloud computing. To achieve this, CommVault utilizes its single software platform to power highly efficient cloud infrastructures, is expanding market reach through a broad cloud ecosystem and further investing in its own cloud solutions group.

read more

If you work in technology, you’d have to have been under a rock to have not heard about Docker. In a nutshell, Docker provides a lightweight container for code that can be installed onto a Linux system, providing both an execution environment for applications and partitioning to securely segregate sets of application code from one another. While this high-level description doesn’t sound that exciting, Docker addresses three key issues confronting application developers:
One of the problems confronting IT organizations is how to get the most benefit from computing resources; this translates as to how to raise utilization of servers to ensure that their cost and power use is actually applied to computing rather than being used to operate a server that is running, but performing no useful work. The previous solution to this issue was virtualization, which enabled a single server to support multiple virtual machines, each containing an operating system and software payload.

read more

Recognising that not all organisations have adequately dealt with cyber security, the UK Government has recently developed a Cyber Essentials Scheme which aims to provide clarity on good cyber security practice.

In its Cyber Essentials Scheme, the UK Government sets out five controls which it is hoped will provide all types of organisations with basic protection against the most widespread type of Internet threats. As such, the Cyber Essentials Scheme should be viewed as a form of strategic risk management, designed to mitigate the risk from common online threats, and to significantly reduce an organisation’s vulnerability. 

Along with the Cyber Essentials Scheme, the Government has published an Assurance Framework, which enables organisations to reassure customers, investors, insurers and others that they have taken the appropriate cyber security precautions.

Rationale underlying the Cyber Essentials Scheme

The Government realised that the controls incorporated in its 2012 guide, “10 Steps to Cyber Security” were not being adequately applied, and therefore initiated a call for evidence on a preferred cyber security Standard.

The government concluded in November 2013 that no individual standard was in line with its fixed requirements, and therefore developed the Cyber Essentials Scheme, by developing a set of controls and implementation guidance for “basic cyber hygiene”.

When will the Cyber Essentials Scheme come into effect?

The voluntary scheme is currently open and available to all types of organisations. From 1 October 2014 onwards, the Government will require suppliers bidding for certain types of personal and sensitive information handling contracts to be Cyber Essentials certified.  

Controls offered by the Cyber Essentials Scheme

Cyber Essential focuses on five core controls:

1. Boundary firewalls and internet getaways

Designed to prevent unauthorised access to or from private networks and offers a basic level of protection.

2. Secure configuration

Designed to implement security measures when building and installing computers and network devices.

3. Access control and administrative privilege management

Designed to protect user accounts and helping prevent the misuse of privileged accounts.

4. Patch management

Designed to ensure the software used on computers and network devices is up to date.

5. Malware protection

Designed to ensure that malware and virus protection is installed so as to protect important documents, computer, and privacy from attack.

Assurance Framework

The two levels against which organisations can be certified are: Cyber Essentials (Stage 1), which consists of self-assessment and authentication by a certification body, and Cyber Essential Plus (Stage 2), which rests upon more detailed assessment by a certification body, in addition to the Stage 1 requirements.    

Stage 1: Cyber Essentials

• The scope must be defined in terms of network boundaries, location and management control by the organisation
• The organisation must answer a self-assessment questionnaire in order to prove its level of compliance with the requirements for basic cyber security. It is signed by an authorised signatory from the organisation to confirm its accuracy, and is then sent to the certification body to be verified. Once the certification body is certain that the controls have been correctly implemented, a certificate is awarded.

Stage 2: Cyber Essentials Plus

• This stage examines whether the controls implemented are adequate to safeguard the organisation against Internet based threat actors with low levels of technical capability.
• All CREST-accredited certification bodies carry out the necessary verification for Stage 1, combined with a more in-depth internal assessment of a sample of relevant devices that are connected to the Internet and/or capable of receiving emails.

As a whole, certification should bring numerous benefits, such as the opportunity to tender for business in cases where certification might be a prerequisite to the scheme, and contributing to building customer and investor confidence in the ability of a business to deal with cyber security.

Is the Cyber Essentials Scheme the way forward?

While the Cyber Essentials Scheme is an important step in improving cyber security standards businesses should continue to place emphasis on internal risk management strategies, which may well require additional and specific security controls, while customers should not forget that evidence of certification should not replace appropriate due diligence on a supplier and other risk management strategies such as putting in place cyber security insurance.

By Nick Razey, CEO, Next Generation Data

Achieving the lowest possible power usage effectiveness (PUE) rating should not be the only objective of a data centre operator. After all, the most energy efficient data centre is one which has lost all power! Furthermore there is a considerable grey area around the method of PUE calculation.

Effectively consolidating space and power constrained legacy data centres into more energy efficient ‘PUE-friendly’ environments ultimately requires their migration into modern facilities. These can offer the space, power and infrastructure necessary for supporting future compute requirements over the medium to longer term; five, ten, even fifteen years.    

But for a realistic data centre PUE to be calculated it should include the power consumed by offices, general lighting, security systems and so on. As a minimum it should include transformer and UPS losses. Ideally it should be measured over a 12 month period or if calculated then it should be based on the worst case conditions (i.e the hottest day of the year) – even so many companies will look at the energy consumption of the air conditioning units under ideal conditions and only include this in their calculations.

Without doubt the PUE can be improved by stripping out levels of resiliency; N+1 is more efficient than N+N for example, but some customers will demand the reliability of N+N regardless of PUE. Reliability is still king and this necessitates resilient energy supply which must not be unduly compromised in pursuit of the ultimate in PUE ratings.

While a PUE of 1 is not possible as this would mean that no power is consumed other than that used by the IT Load, it is feasible in a modern facility to get close. The processes and procedures to lower the PUE should focus particularly on reducing power for cooling. This will require a combination of close-coupled CRACs, hot and cold aisle containment, higher data hall temperatures and, assuming sufficiently low ambient temperatures are available, fresh air cooling.

Although the use of fresh air cooling drastically reduces the energy consumption there are some losses which cannot be avoided. For example, getting electricity from the incoming feed to the rack wastes power due to transformer losses, cable resistances and UPS inefficiencies. Even the fresh air cooling will consume some energy due to the fans needed to circulate the air. Furthermore, regardless of cooling requirements, best practice dictates that the data centre fresh air is changed regularly.

Server virtualisation

When taking steps to reduce power consumption, server virtualisation is essential. An average server used to be run at 10% to 15% of capacity but it is now possible to virtualise new servers to run 20 to 40 virtual machines.

But organisations must consider the power implications for the type of rack hardware used for running the required applications or they may be forced into using more racks and more power than actually necessary. There is a common misconception that running low density racks instead of higher density ones will be less costly when it comes to power but the reverse is actually the case. 

Running fewer high density racks than lower density ones will yield a lower total cost of ownership because they have far superior compute capabilities while using significantly less data centre resource; switchgear, UPS, power, cooling towers and pumps, chillers, lighting and so on.

The problem is that the latest more efficient higher density racks consume over 5kW and a growing number more than 10kW: few data centres can actually supply this level of power per rack today and this problem is only going to get worse.   

Integrated energy management

Central to optimising overall data centre energy efficiencies must be an advanced energy monitoring and management platform, capable of integrating the building management system, the electronic management system, PDUs and SCADA; data centres have historically used disparate systems which is considerably less efficient.       

With an integrated energy management system there is the means to closely monitor energy usage, highlighting any areas of concern where consumption is running at unexpected levels. This can then be addressed quickly and efficiently, ensuring a better service for customers of the data centre and potentially saving the operator and its customers thousands of pounds through reduced electricity costs and of course minimising the environmental impact of their operations.

Cloud-integrated storage provider TwinStrata has been acquired by cloudy giant EMC as part of a shift of its VMAX product to more agile enterprise storage.

The full product name is VMAX³ Family, which claims to be a hugely powerful system compared to the previous iterations. VMAX³ offers up to three times faster performance and half the total cost of ownership when stood next to the previous generation product.

According to EMC, the new portfolio aims to offer greater simplicity and agility while continuing to provide solid performance.

“The simplicity of VMAX³ is a game changer as it gives us the ability to take control back into the data centre and deliver cloud services [to] our clients,” said Jesse Braasch, VP infrastructure at EMC customer Evolution1.

TwinStrata CEO and co-founder Nicos Vekiarides penned a letter to customers saying that the company’s commitment to its current goals “remains stronger than ever” after the EMC buyout.

“We will continue to enable customers to extend on-premise storage into one or many public or private cloud providers,” he wrote. “Infact, our customers will still get everything they know and love about TwinStrata…just as part of a wider, market-leading cloud portfolio and global brand behind it.”

Mark Peters, of the Enterprise Strategy Group, said the VMAX³ “does not disappoint” in both style or substance.

“It is a purpose-built platform that uses heavy doses of both raw horsepower and advanced, innovative functionality to deliver and manage predictable service levels at scale,” he said.

“It is designed to allow IT organisations to enjoy the attractive economics, workload-flexibility and self-service of a cloud approach in combination with the sheer trust, availability and scalability of a traditional data centre.”

Last month CloudTech reported on survey data from TwinStrata which showed more than half the data organisations store is inactive, holding up valuable storage space.

VMAX³ is expected to be available in the third quarter of 2014, with TwinStrata integration to be announced. The financial terms of the deal have not been disclosed.

As we become more connected online, the old system of site-specific passwords and user identity are no longer equal to the task. We need to find new ways of providing identities and authorization.

read more

My colleague @kacyclarke and I were interviewed at the Cloud Expo in NYC a few weeks back. A lot of the questions were focused on security and the cloud. Enjoy.

read more

My colleague @kacyclarke and I were interviewed at the Cloud Expo in NYC a few weeks back. A lot of the questions were focused on security and the cloud. Enjoy.

read more