Friday, June 13. 2008Security and Social Engineering
So much time is spent these days on logical security, penetration testing, intrusion detection, etc... The reality is most attacks occur from the inside. This week I attended a trade show at which I was scheduled to speak. Upon arrival at the convention center I approached the speakers registration booth to collect my conference badge and materials. After 2 or 3 minutes of searching it appeared that there was no badge for me and I was not in the system as a registered attendee or a speaker. Apparently I did nor register but if I have received numerous confirmations on the speaking engagements should I not already be registered? Anyway, when I was not found in the system I proceeded to open a conference program and point out that I was scheduled to speak at two sessions, how could I not be registered. The person manning the booth then proceeded to enter my name into the computer and create me a badge with the name of the speaker I pointed out in the program. Never did they ask to see identification to verify that I was actually that person, I had socially engineered my way into the conference.
The biggest whole in any secure system is the human beings who work within the system. Even in theatrical scenarios like the ones portrayed in Mission Impossible 1 through 1000  the key to entry is always a person. Find the weakest link with the most information and power and social engineering goes to work. Once I received my badge I proceed to walk onto the show floor in large part unmanned at the hour I was there, there was literally next to no security with plasma and LCD TVs everywhere and computers powering these TVs I pretty much could have walked out with anything.It was a pretty good show overall and I thought this experience was worth sharing. 
Wednesday, June 11. 2008Cisco WAAS Demo
I has been on my to do list to produce a Cisco WAAS demo for a while. I did this one quickly for another purpose but it is a good start.
Monday, May 19. 2008EMC InfiniFlex30 drives in a 3 U platform. Includes servers, DAS SAS or SATA, IP connectivity between servers and IP connectivity to client network. Sounds like a HPC cluster in-a-box? Configuration details:
Note: Not CX DAEs (visibly they look the same to me, but apparently they are native SAS shelves) but they have the same footprint. The equivalent of 2 DAEs are mounted in the same 3 U on a moveable shelf. Essentially 2 DAEs in the same 3 U vertical footprint. InfiniFlex is customer serviceable, customer can spare all parts or the customer can opt for a standard EMC support contract. InfiniFlex 10000 Server Specs:
Use cases:
Monday, May 19. 2008Disaster Recovery Strategies for Exchange 2007Should have called this session Site Recovery Manager brainwashing revisited. I find it interesting that we are still spending time talking about Replistor and MirrorView as viable Exchange replication technologies. I thought we determined years ago that they just don't work. It would make more sense to me when talking about Exchange 2007 and replication to spend more time on Local Continuous Replication (LCR), Cluster Continuous Replication (CCR) and Single Copy Clusters (SCC). With applications like Exchange enterprises will more to adopt the technology with the tightest application integration (e.g. - Oracle RAC). I would have preferred a discussion focused on application integration. Just my 2 cents.
Monday, May 19. 2008Hello from EMC World 2008I have been really busy the past few weeks so the blog has slowed to a snail crawl, although I do have an interesting blog that compares some of the more popular Windows data migration tools so stay tuned for that. This week I will try to report live from EMC World and the sessions that I attend, note that I will be listening, typing and publishing so please excuse spelling and grammar mistakes as I will not be spending time proofreading. I am now sitting in a session entitled "Simplifying Disaster Recovery with VMware and Celerra Replicator" This session should be entitled "VMware Site Recovery Manager and Celerra Replicator" Since I have been typing this blog I may have missed a few details but here is what i have heard thus far: Site Recovery Manager (SRM) is supported in the following environments:
One topic that I feel the need to address is the thought that SRM replaces Disaster Recovery (DR) Runbooks. I could not disagree more, under ideal conditions SRM automates the tasks traditionally documented in the DR Runbook but it is important to remember that SRM is another piece of software that is added to an already complex mountain of software and process, I do not believe this is a replacement for the DR Runbook but rather another infrastructure component that needs to be documented as part of the DR process. Note: VMware will only support RDM devices as beta? What the heck does that mean? SRM only support crash consistent copies, essentially no support for application awareness and Replication Manager. I asked the question with EMC and the application vendors (Microsoft) pushing for application (Exchange, SQL) awareness via VSS and other application aware APIs what is the plan for SRM and application awareness? The answer I received nebulous at best, to paraphrase the presenter I think he stated that you would need to determine if Exchange is core to your business; last time I checked Email is a fairly critical component of doing business in 2008. Needless to say to this point SRM is not making a good case for jettisoning the DR Runbook. Talk to you from Tucci's Keynote next.
Tuesday, April 22. 2008The pondering is over...EMC has acquired iomega for a cool 213 Million or 3.85 share. This is a significant premium for a company that has been struggling for a while. Back in the days before every computer has a CD/RW and before we all carried a 4 GB USB drive on our key chain the primary primary medium for transferring data between computers was the 5.25 floppy, then the 3.5 floppy and then iomega with the 100 MB Zip drive which revolutionized my life and had to be the the gadget of the year. Every techie I know had one and it dramatically simplified our lives, who could forget hooking up you 100 MB Zip drive to your PCs parallel port, nowadays it's hard to find a PC with a parallel port. Fast forward 10 years, just about every computer ships with a DVD/RW which can store 4+ GB of data, a 4GB USB thumb drive is ~ $25, translation the Zip drive is died a grim death. office furniture in BulgariaWhat does this acquisition mean... hmmmm... I could speculate that EMC has acquired iomega to continue their down market push with the obvious connection between iomega and Retrospect, which BTW I think is true. iomega has some nice disk based products that play well in this space. I also think that while the Zip drive is not really of much value these days iomega has a heritage of pioneering a storage technology which could help EMC realize the vision of displacing tape as the primary media for offsite storage in the SMB. iomega's iStorage also seems to dovetail nicely into EMC's cloud computing initiative. My thought here is that iStorage pairs nicely with Mozy, Pi, EMC's Cloud Infrastructure initiative, etc... Then of course there is the iomega Jaz the 2GB removable cartridge that never really took off but could EMC look to increase density and really target tape in the SMB with a technology like this? The speculator is me says, maybe. If you look around at companies like rdx are on the right track but may not have the market muscle, presence or heritage to capture significant market share and change the market paradigm, you can almost visualize how EMC could and might parlay the iomega acquisition.
Tuesday, March 18. 2008Iomega Ponders EMC & ExcelStor Deals - EMC News Analysis - Byte and SwitchIomega Ponders EMC & ExcelStor Deals - EMC News Analysis - Byte and Switch EMC continues to move down market with the looming acquisition of Iomega, as I have mentioned there is no doubt that EMC is very focused on capturing data at the edge in the SOHO and enterprise market. The Iomega news comes fresh off the acquisition of Pi and the announcement of a cloud computing initiative.
Tuesday, March 18. 2008Check port access from behind a firewallWhile banging my head against the table from behind the most anal retentive and productivity reducing firewall known to man I came across this cool little site http://www.canyouseeme.org/. Oddly enough this site was not blocked... Go figure.
Tuesday, March 18. 2008SAM/QFS released to the Open Source CommunityPossibly the best HSM product on the market released to the open source community by SUN.
Sunday, February 3. 2008Thoughts on Super Bowl XLII
Congratulations to the NY Giants and NY Giants fans. Unbelievable showing!!!! Yes, the Giants looked possessed on defense but did the Patriots look like an 18-0 team? I have a theory on this; read on. Regardless I could have cared less who won the game, neither team is my team and I did not have money on the game, but everyone loves the underdog and frankly I am so freakin tired of the the Patriots. Congratulations to Eli Manning MVP of Super Bowl XLII. I would like to offer up that there should be a co-MVP or at least adefensive player of the game should be named... can you guess who?
 Gisele Bundchen co-MVP Super Bowl XLII  Maybe next year Tom Brady should leave Gisele at home. While she is not a bad trophy / consolation prize it may be a bit easier for Eli to share his trophy (The Vince Lombardi Tropy, shown here on the right) with the team and the fans. Congrats NY!
|