Top data center challenges include social networks, rising energy costs

Enterprise data needs will grow a staggering 650% over the next five years, and that's just one of numerous challenges IT leaders have to start preparing for today, analysts said as the annual Gartner Data Center Conference kicked off in Las Vegas Tuesday morning. The 650% enterprise data growth over the next five years poses a major challenge, in part because 80% of the new data will be unstructured, Cappuccio said. Gartner buying AMR Research in $64 million deal Rising use of social networks, rising energy costs and a need to understand new technologies such as virtualization and cloud computing are among the top issues IT leaders face in the evolving data center, Gartner analyst David Cappuccio said in an opening keynote address.

IT executives have to make sure data can be audited and meet regulatory and compliance objectives, while attempting to ensure that growing storage needs don't break the bank. Many IT shops are seeing storage reductions of 50% to 60% with dedupe, which eliminates duplicate copies of stored objects and files, he said. Technologies such as thin provisioning, deduplication and automated storage tiering can help reduce costs. "If you're not doing thin provisioning in storage today, you need to start," Cappuccio said. "It's an easy, logical way to reduce storage consumption." Deduplication is another technology IT officials have to examine. Another money-saving technology is automated tiering, which makes sure data is stored on appropriately priced boxes. Cappuccio listed 10 key issues for IT managers to examine: virtualization; the data deluge; energy and green IT; complex resource tracking; consumerization of IT and social software; unified communications; mobile and wireless; system density; mashups and portals; and cloud computing. As much as 80% of data on high-speed drives is almost never used and should be moved to less expensive storage tiers, he said.

Social networks are coming into the enterprise whether CIOs want them to or not, Cappuccio said. Employees and customers are using wikis, blogs, Facebook and Twitter and "it's affecting you now whether you know it or not." Businesses need to examine Web-based social software platforms because they are transforming interactions with both customers and employees, he said. Twitter use grew an amazing 1,382% in 2008 and the majority of new users were between the ages of 39 and 51, he said. "It is a growing phenomenon which we can't shut down," he said. IT managers are also being forced to look more at energy use, as many organizations are moving the energy bill from the facilities department to the IT department. "What's happening now is CFOs are asking embarrassing questions [about power use]," Cappuccio said. And servers are only growing denser, with new blades that incorporate servers, storage, switches, memory and I/O capabilities. The energy cost of two racks of servers, at full density, can exceed $105,000 a year, he said.

At today's prices, the money spent on supplying energy to an x86 server will exceed the cost of that server within three years, he said. The energy bill has not traditionally been a part of the IT budget but CIOs can expect it to be incorporated into their spending plans soon, he said. IT managers are accustomed to being asked to "do more with less," but that need is taking on new levels of meaning as IT is forced to curtail energy use, Cappuccio said. Energy costs are the main reason businesses are pursuing server virtualization. Gartner analysts noted that there is declining level of trust in the IT market on the heels of the recession, but the research firm expects global IT spending to rise a modest 2.3% in 2010. "There's no denying that it's been a tough year," Gartner analyst Joe Baylock said.

Despite what hypervisor vendors might have you believe, virtualization typically doesn't reduce complexity or management costs but the energy savings from packing multiple virtual machines onto a single box are very real, Cappuccio said. Enterprises are extending the life of old equipment to save money, but this is also subjecting users to higher failure rates caused by aging hardware. Follow Jon Brodkin on Twitter: http://www.twitter.com/jbrodkin Future spending growth might be driven by cloud computing, but Gartner analysts are predicting that most cloud spending will initially focus on building private cloud networks rather than outsourcing services to external cloud providers. "We think private cloud services are going to be 70% to 80% of the investments over the next few years," Cappuccio said.

App for avoiding traffic tickets speeds toward smartphones

A smartphone application coming this fall could help drivers use GPS to detect speed traps, cameras at red lights and more than 200,000 related alerts based on a database of locations compiled with updates from drivers. The company is currently taking orders at its Web site and is charging $100 for a lifetime fee for the software and GPS updates. PhantomAlert, based in Harrisburg, Pa., said today it plans to plans to ship its PhantomAlert software for Android devices in early October and for iPhone, BlackBerry and Nokia devices before Thanksgiving. The company has been offering the application for use with popular GPS devices from Garmin, Tom-Tom and Magellan since May.

The system works on reports from drivers and spotters who record their findings on the PhantomAlert.com Web site. About 100,000 users have already downloaded the application, CEO Joe Scott said in comments via e-mail. Scott said two people have to verify a speed trap or other location for the warning to stay in a database, and users are asked to comment about whether existing reports are accurate. In one example confirmed by a reporter today in Framingham, Mass., an icon was placed on a map along Route 9 west of Boston where it was first posted in mid-August. Sometimes, the locations of speed traps are left in the database for weeks at a time because they are spots along highways where the speed limit suddenly drops from, say, 55 mph to 35 mph and those locations "lend themselves to police monitoring," Scott said.

Icons on GPS maps are also used to post locations of school zones where speed limits are lower than nearby streets, but the system also records intersections where red light traffic cameras are installed to automatically record violators. PhantomAlert's Web site and press releases say that the system is legal and will help drivers avoid costly tickets by driving safer with the visual and audio alerts offered in the application. "Now, drivers will have an in-car reminder to obey traffic laws and stay alert," a statement from the company says. "As more and more cash-strapped cities are deploying photo radar to generate revenue, PhantomAlert is stepping forward with a service that will quite possibly level the playing field." In still more situations, speed traps and stops for Driving Under the Influence are located.

Moore's Law has decades left, Intel CTO predicts

Moore's Law will keep going strong for decades, Intel CTO Justin Rattner predicts. Predictions of the demise of Moore's Law are routinely heard in the IT world, and some organizations are trying to find a replacement for silicon chip technology. Why we're hard-wired to ignore Moore's LawRead the Intel CTO's take on why machines could ultimately match human intelligence Moore's Law, in force for more than 40 years, says that the number of transistors that can be placed on an integrated circuit will double every 18 to 24 months.

But Rattner says that silicon has plenty of life left and said there is no end in sight for Moore's Law. "If Moore's Law is simply a measure of the increase in the number of electronic devices per chip, then Moore's Law has much more time to go, probably decades," Rattner said in an interview with Network World. Separately, IBM scientists are building computer chips out of DNA.  Rattner, who is CTO of the world's biggest chipmaker and the head of Intel Labs, the company's primary research arm, predicted that chip architecture will "undergo dramatic changes" in the coming decades but that silicon itself will remain the core element for the foreseeable future. The National Science Foundation is already preparing for a post-silicon world, having requested $20 million in federal funding for research that could improve or replace current transistor technology. Intel is now moving to a 32-nanometer process for chip production, an upgrade over the existing 45-nanometer process. "There's plenty of life left in silicon," Rattner says. "We're well along in our 32-nanometer development and I think we'll show some significant product-level results at 32. Right now, in terms of silicon technology we don't feel like we're at some point of demise in any sense. Beyond the search for ever-greater performance and efficiency, Intel's researchers today are striving to make chips more compatible with server virtualization technologies, such as the VMware and Xen hypervisors. And there are still new approaches to the way we build transistors and devices that will involve silicon and newer materials, like our high-k metal gate silicon technology." The high-k metal gate technology uses hafnium-based circuitry, which Intel adopted to create smaller processors that are faster and more energy-efficient.

Just a decade ago, Intel had a hard time convincing its own chip designers that virtualization was an important feature, but times have changed quickly. "Virtualization has become mandatory," Rattner says. "We had a lot of work to do to convince the chip designers that this was a really important feature. What we think of today as supercomputer applications will ultimately move down to desktops, laptops and even mobile phones, Rattner says. At first they looked at it, kind of squinted and said 'really'? Now it's just about the most important thing in the product." Rattner, who will deliver the opening address at the SC supercomputing conference in Portland, Ore., in November, also discussed how supercomputing power is being packed into smaller and smaller form factors. Intel is building many new "system on chip" designs that will add new capabilities to a variety of Internet-connected devices, such as robotics, set-top boxes and various mobile Internet devices. Rattner says "mobile augmented reality" will become a part of everyday life, with cameras that you can point at an object – such as a famous ruin – and instantly receive detailed information about what it is. "That's augmented reality, where you take real world information, and you overlay the virtual information that informs you about the scene," Rattner says. "Beyond that, what we see happening is an increasing amount of what we call perceptual computing tasks, as small form factor machines have richer sensor capabilities."

A fresh start at a company that gets security

This economic recession has cost all of us. I was laid off first in 2007 after six years as the top security manager at a company where I had built the security program from scratch. In my case, it cost me my job - twice.

I was laid off again just recently, after two years during which I first tried to build a new security program, but then had to cut my already very small staff. Needless to say, I think that was a poor decision, and I don't say that because I lost my job. Finally the security program was shut down entirely. Just before the ax fell, I had been working on cost-cutting initiatives. I figured that there had to be a better way to save money than ejecting large pieces of our corporate knowledge base. I had hated cutting my staff, and I was determined to ensure that no more layoffs would be required.

After digging around, I found two very expensive services that the company was paying for while getting very little value in return. But just as I was feeling good about the prospects of this proposal, I was called in to the CIO's office, where I found myself facing our HR director and a bunch of layoff forms. It looked to me as if we could eliminate those expensive and underperforming services, and then use our in-house staff and infrastructure to perform the same work at a lower cost and higher level of quality. Clearly, the company had chosen to go down the well-worn path of cutting staff rather than reducing costs in other areas. But now I have a new position that I'm feeling pretty good about. It was a devastating blow.

My job-loss trauma was thankfully brief, and I can look back and realize that I'm probably better off not working for a company that made such terrible decisions. This time, I don't have to start from scratch exactly; this company has many good security practices ingrained into its processes, mainly because the technical staff is young, smart and savvy - they get security, and its importance. I'm a security manager again, but in a different industry, and in a company with a different culture and work environment. It looks like I won't have a very large staff once again, maybe two or three people, but the rest of the IT staff here is very aware of what constitutes good security practices, and that could make a huge difference. I'll be facing some new challenges here that I hadn't encountered in the previous eight years, but I've also learned some things from my experiences, so when familiar challenges present themselves, I'll react more effectively. With everybody pulling in the same direction, I might not need a lot of full-time employees dedicated to security.

For instance, I had to kick off my last security manager position with a focus on patching, as I tried to turn the steering wheel of a big company toward an effective program of consistently applying security updates to operating systems in a timely fashion. Instead, a collaborative approach with the IT administrators and a focus on getting management to provide the right resources and priorities can be more effective. I had mixed results, but I learned in the process that it doesn't pay to push too hard in the wrong places. That is a lesson that should be applicable in many situations, even though in my new company, patching is recognized as being important. I will need to raise the visibility and priority of the efforts so we can make improvements, but I don't have to try to get everyone to understand why it's needed.

It's being done, though not consistently and not comprehensively. What a relief. Account management is being done fairly diligently, although it could use some improvements, especially in the area of terminations and deprovisioning. It's also good that our IT administrators have a pretty good hardening standard for their Windows and Unix systems, and they seem to be applying it uniformly. Administrative access could use some fine-tuning as well; currently, everyone's an administrator, and there are many shared passwords in use. Overall, I would rate this environment 7 out of 10 in terms of general security practices.

I'll definitely want to address that. My first priority will be to start making small, incremental improvements in the current practices to make things better and introduce more maturity and consistency into the environment. This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. This is a new challenge for me, one that I hope will be fun and exciting as well as successful. Contact him at jf.rice@engineer.com.

Storm8 says phone-number lawsuit lacks merit

On Monday, we covered a pending class-action lawsuit filed against Storm8, developer of numerous popular iPhone games. In an official statement on the company's forum, Storm8 attempts to clarify just why the heck it was gathering phone numbers, and just what the heck it was doing with them. The suit alleges that Storm8's games used "backdoor" methods to snag players' iPhone numbers.

The short version: accidentally, and nothing. Elsewhere in the forum thread, Storm8 claims that said code was removed from its apps in August 2009, that the existing database of phone numbers was destroyed, and that the phone numbers sent by users who haven't yet upgraded to latest versions of the games aren't stored. The long version goes like this: Early in the development process of Storm8's initial games, the company wanted a way to identify specific iPhones connecting to its massively-multiplayer games, so it tried using the device's phone number . Eventually, Storm8 "determined it was more suitable to use the device's Unique Device ID instead." But-and here's the big head-scratcher-somehow, the old number-sniffing code was left in place anyway. On the lawsuit itself, Storm8 makes this key claim: "Storm8 will ask the judge to dismiss the lawsuit in its entirety due to the lawsuit's complete lack of merit. To our knowledge, no user has incurred any damage or loss as a result of the matters discussed in the lawsuit." We'll let the courts decide, of course, but if Storm8's claims are to be believed, perhaps the only thing the company is guilty of is especially lousy code review.

We believe that we have always complied with all of the statutes referred to in the lawsuit and never took an action that harmed or impaired users or your devices in any way.

Cisco warns UC users of limited support for Windows 7

Cisco (NASDAQ: CSCO) is warning customers of its unified communications products that support for Windows 7 won't be forthcoming until the product's 8.0 release scheduled for the first quarter of 2010. About a dozen more UC products will not support Windows 7 until version 8.5, in the third quarter of 2010 and at that time, only the 32-bit version of Windows 7 will be supported. 7 tools for Windows 7 rolloutsDennis Hartmann on Cisco Unified Communications Only three Cisco UC products among a list of about 50 published by Cisco Subnet blogger Brad Reese specifically promised 64-bit support, and this only through the use of a 32-bit emulator. These products are the Cisco UC Integration for Microsoft Office Communicator, Cisco IP Communicator and Cisco Unified Personal Communicator. One CCIE, who asked not to be identified, is frustrated with the delay. The Communicator products are the client-side multimedia applications used with Cisco Unified Communications. He tells Network World that Cisco became a Windows supplier when it developed desktop UC applications such as the Unified Attendant Console, one of the applications that is not yet slated to support 64-bit Windows 7. The spotty roadmap for 64-bit support makes it difficult to see Cisco's UC as a good fit for companies wanting to upgrade to Windows 7, he says.

However another expressed frustration. One reader posted a comment on Reese's blog that said it is possible to run UC products on Windows 7 right now. This anonymous reader wrote, "I realize many of the Cisco UC products will probably work on Win 7 32-bit. Microsoft 64-bit OS has been available since Win XP although 64-bit processors have only been available for the masses for a few years. I'm concerned about the Cisco UC applications working on Win 7 64-bit.

However, most desktop and notebook computers purchased in the last 2-3 years included 64-bit processors. They provide many applications for the standard desktop computer. Cisco is now a desktop software application vendor. They have a responsibility to support the most current corporate desktop OS!" Microsoft released Windows 7 to manufacturing on July 22, 2009. At that point developers of Windows applications had access to the final code included Windows 7. It was released to the general public on October 22.  According to Microsoft's Windows 7 Compatibility Center, four Cisco desktop Windows applications have been certified as compatible with Windows 7. These are the Cisco VPN client version 5, the Cisco EAP-FAST Module, the Cisco LEAP Module, the Cisco PEAP Module. The Cisco Anyconnect 2.4 SSLVPN client actually does support both 32-bit and 64-bit versions of Windows 7. The Cisco VPN client 5.0.6 supports only the 32-bit version, according to Microsoft's compatibility information. These modules are methods to securely transmit authentication credentials and are used with a VPN. Cisco Subnet blogger Jamey Heary asserts that Cisco is the first major VPN vendor to support Windows 7 (as well as Mac OSX 10.6 clients). Cisco's VPN support for Windows 7 covers both its IPSEC client and SSLVPN client software.

Follow all Cisco Subnet bloggers on Twitter.

Hijacked Web sites attack visitors

Here's the scenario: Attackers compromise a major brand's Web site. The issue goes unnoticed until it's exposed publicly. But instead of stealing customer records, the attacker installs malware that infects the computers of thousands of visitors to the site. Such attacks are a common occurrence, but most fly under the radar because the users never know that a trusted Web site infected them, says Brian Dye, senior director of product management at Symantec Corp.

But word can get out, leaving the Web site's customers feeling betrayed, and seriously damaging a brand's reputation. When his company tracks down the source of such infections, it often quietly notifies the Web site owner. Attackers, often organized crime rings, gain entry using techniques such as cross-site scripting, SQL injection and remote file-inclusion attacks, then install malicious code on the Web server that lets them get access to the end users doing business with the site. "They're co-opting machines that can be part of botnets that send phishing e-mail, that are landing sites for traffic diversion and that host malware," says Frederick Felman, chief marketing officer at MarkMonitor. That possibility is one of Lynn Goodendorf's biggest worries as global head of data privacy at InterContinental Hotels Group. "I worry about attacks that use a combination of malware and botnets," she says, adding that she has watched this type of activity increase steadily over the past two years. "That's very scary," says Goodendorf. But because the business's Web site isn't directly affected, the administrators of most infected Web sites don't even know it's happening.

Most victims haven't associated such attacks with the Web sites that inadvertently infected them. The latest versions of Microsoft's Internet Explorer browser and Google's search engine detect sites infected with malware, issue a warning and block access to the site. "To me, this is serious online brand damage," says Garter analyst John Pescatore, and it can be disastrous for small and midsize businesses that totally depend on search engine traffic. But that may be changing. The next frontier, says Dye, may be attackers who use these types of exploits against the Web sites of high-profile brands and then publicize - or threaten to publicize - what happened. But Pescatore sees a more fundamental problem: rushing through Web site updates and ignoring development best practices designed promote security. Preventing attacks like SQL injections requires using enterprise-class security tools, such as intrusion-prevention and -detection systems, with a focus on behavioral analysis to spot attacks, Dye says.

Most organizations follow formal processes for major upgrades, but not for the constant "tinkering" that takes place. The result: Vulnerabilities creep into the code. "Security groups often are forced to put Web application firewalls in front of Web servers to shield [these] vulnerabilities from attack," says Pescatore.