- Test Center Tracker: One-one-one with OS X Leopard, small project management with OpenProj, seizing control of remote service monitoring, and defeating denial of service attacks
- Test Center Tracker: BRMS wars, mainframe futures, and encryption caveats
- Microsoft poised to unfurl DPM 2007 Beta 2
- Review: Put some ZIP in your data and e-mail security
- Imation StorSentry monitors the health of backup devices
November 02, 2007 | Comments: (0)
Shacking up with Leopard: Apple's OS X Leopard hit the North American market one week ago this evening, prompting Tom Yager to swing by the Apple store, MacBook Pro in hand, then make a beeline for an isolation chamber (the local Holiday Inn) for an intensive evaluation. (Nothing gets between Yager and a new Mac OS.) While we wait for the resulting review, you can track his progress on Enterprise Mac. For the quick-and-dirty on what Leopard will mean to users, the best places to start are two of Tom's recent posts to Ahead of the Curve, "Apple OS X Leopard: A beautiful upgrad" and Tom's "Leopard: Not an OS, but a system you operate".
Small (and cheap) project management: If Microsoft Project is more than enough, free and open source OpenProj might be just enough. Curt "Dr. Gantt" Franklin takes the tidy project manager for a spin in SMB IT.
Help your datacenter help itself: The self-checking and "phone home" features in many server and storage systems use the Axeda ServiceLink service-monitoring system. A new offering from Axeda, called ServiceLink for Datacenters, brings these remote access links under a central management portal -- reducing the risk of data exposure, reports Storage Insider Mario Apicella.
Welcome to Estonia: If you think your business is immune to the kind of massive distributed denial of service attack that shoved Estonia off of the Internet, think again, advises our Security Advisor, Roger Grimes.
Posted by Doug Dineley on November 2, 2007 12:05 PM
August 06, 2007 | Comments: (0)
Test Center Tracker: BRMS wars, mainframe futures, and encryption caveats
BRMS Pushmi-Pullyu: Doctor Doolittle's two-headed llama has nothing on ILOG's JRules, a product that is moving forward and backward at the same time. JRules 5.0, which James Owen reviewed in June 2005, was a silky combination of strong performance and rich rule tools, nabbing the highest score we've given to a rule management system. But by the time of Owen's evaluation of JRules 6.0 and top rival Blaze Advisor 6.1 in July 2006, JRules had not only lost ground in performance to the Fair Isaac engine, it stumbled on documentation at the same time it introduced more complexity in its tools and repository. With Version 6.5, reviewed last week by Stephen Nunez, JRules continues the flow of important new functionality -- now exposing decision logic as Web services -- but hasn't reversed the ebb in performance, documentation, or general ease of use.
Project Big Green: We already knew that the mainframe is harder to kill than Stephen Seagal. The mainframe's resource management and high availability features are unparalleled, and it has virtualization capabilities that the x86 can only dream about. Although "mainframe migration" stories sprout like weeds from enterprise IT publications, if you ask deep-pocketed IT shops (think IRS) that can actually afford what they really want, they'll tell you they're running their most important apps on Big Iron. Turns out there may be another reason to invest in the monoliths: IBM claims they are more energy efficient than little iron. See Ted Samson's report in Sustainable IT.
Encryption dos and dont's: Embarrassing data breaches are all the rage these days, and encryption seems like a sensible, no-brainer solution. But as Roger Grimes points out in Friday's column, file encryption is not as simple as lock and key. Encryptors can require a surprising amount of free disk overhead. Some files will refuse to be encrypted. Some encryption processes leave readable traces of file text behind. Before you take the plunge, check these considerations and caveats from the Security Advisor.
Posted by Doug Dineley on August 6, 2007 10:52 AM
May 24, 2007 | Comments: (0)
Microsoft poised to unfurl DPM 2007 Beta 2
Microsoft's forthcoming Data Protection Manager yields encryption, more snapshots, and support for Linux VMs
Microsoft is set to release beta 2 of DPM 2007 at the end of the month. An ambitious replacement for traditional tape-based backups, DPM (Data Protection Manager) has been baking in Redmond for quite some time.
DPM 2007 is expected to offer more powerful backup options and to support many more application environments and servers than its predecessor. As you may have noticed, DPM 2006 was essentially limited to disk-to-disk files protection, with no built-in smarts for database-handling and no direct support for tape devices.
The new version eliminates those significant impediments, offering agents that protect machines running Exchange, Sharepoint, and SQL Server. You also should be able to back up VM clients -- even if running Linux (hear, hear!) -- but Microsoft guest OSes can benefit from proprietary features, such as VSS, that are obviously missing in other systems.
One of the most significant improvements in the upcoming beta release is increased number of snapshots you can take, 512 per volume. Obviously, a higher number of snapshots makes possible more frequent data protection, hence a more granular recovery of your data if something goes wrong.
Also notable: the ability to create policies that automatically transfer protected data to tape, either making a second stop to disk or not.
In addition, the new version can recover a database up to the last completed transaction found in the log. That approach is likely less disruptive than restarting from the previous recovery point, which could be from a significantly earlier point in time.
One of the new features that should be worth evaluating is encryption. According to Microsoft, DPM support media encryption both via hardware and software, something that could make the solution more desirable for many customers.
DPM is still in beta, so I'll refrain from a verdict from now. However, without discounting the numerous improvements it brings, one sorely missing feature is bare-metal recovery, which, ironically, becomes a bit more complicated when you add DPM to your data center.
If you decide to go on and test DPM next week, it would be a good idea to include using third-party tools for server recovery in your test plans.
If interested to try out the new beta version you should be able to download it from here next week. That page links also to a recent Webcast and other related info.
Posted by Mario Apicella on May 24, 2007 11:50 AM
April 26, 2007 | Comments: (0)
Review: Put some ZIP in your data and e-mail security
.
You might remember (or even still use) the original ZIP for DOS -- initially developed to save precious network bandwidth by compressing files. And you're probably aware that over time, PKWare improved this ubiquitous technology to keep up with enterprise needs, such as archiving multi-gigabyte-sized files and providing easy deployment tools for IT staff.
But you may not know about a different branch of the product, SecureZIP, which I've watched evolve since Version 4. I just finished testing the new SecureZIP v11, and I found that its strong encryption and central management features (available in the Enterprise Edition) are especially appropriate for helping organizations protect data against theft or unauthorized access.
The Enterprise Version's built on top of the free SecureZIP, which itself has a number of improvements, plus three major new features. To start, SecureZIP has the staples of PKZIP: a very simple user interface and various data compression settings. Just drag files to the main window and they're compacted. Using a wizard or options listed on the Secure Toolbar, I then applied encryption, which can be a passphrase, X.509 digital certificate, or a combination of both.
SecureZIP had no trouble recognizing my certificates and those of my business colleagues. I could digitally sign files (or the entire archive) so recipients could validate that the data wasn't modified.
The new features extend Outlook, making it persistently secure. For example, I secured the e-mail message body in addition to file attachments. The process is very transparent: SecureZIP displays a clear dialog prior to sending the message, asking if you would like to zip and secure your message. Moreover, when someone forwards the message he or she can automatically change the encryption, so that file attachments don't have to be manually opened and re-encrypted.
I also appreciated the third new option, which encrypts Outlook calendar attachments. This addresses a possible security gap if your staff sends sensitive documents inside of meeting invitations.
The Enterprise Edition allows IT administrators to centrally manage security policies through integration with Microsoft's Management Console. For instance, I easily set a Policy that ensured e-mail attachments were compressed and encrypted. Similarly, you could enforce a policy where every e-mail attachment is secured with a complex passphrase. These policies are then distributed to desktops using standard tools, such as Microsoft Systems Management Server (SMS).
Further, the enterprise version integrates with Active Directory so certificates are automatically retrieved. And to reduce work for helpdesk staff, there's a master key to recover data and also to audit what data is sent over e-mail.
SecureZIP is clearly a Microsoft-centric product. But for the many organizations invested in Windows and Outlook, I think it's a worthwhile security alternative to more complex agent and network scanners for protecting e-mail and data files.
PKWare SecureZIP v11
Cost: Free for individual use; Enterprise Edition lists at $49.95 per user.
Verdict: SecureZip v11 adds multiple layers of strong security when compressing files and also sending e-mail using Outlook. The underlying SecureZIP software is just as easy to use as WinZIP, while including options to protect complete e-mail messages. The Enterprise Edition lets IT staff centrally manage and deploy security policies.
Posted by Mike Heck on April 26, 2007 11:51 AM
April 03, 2007 | Comments: (0)
Imation StorSentry monitors the health of backup devices
If you are worried about the reliability of your tape drives and cartridges, a new product from Imation, called StorSentry, should interest you.
StorSentry was initially developed by HiStor, a French software company that entered a partnership with Imation earlier this year.
Using collection agents installed at strategic points in your network, typically on every backup server or media server, StorSentry records performance data about every read and write to tape devices and media and stores that information in a dedicated database.
A powerful reporting application helps you sift that data, allowing you to determine the frequency of use, the amount of data stored, and the errors registered for each backup device.
It's important to understand that StorSentry doesn't monitor the success or failure of backup or restore jobs. If that is your main concern you should look at other solutions, such as one from Bocada, for example.
What StorSentry does, and judging from a demo I have seen, does rather well, is to pinpoint how heavily each piece of hardware has been used and how well it is performing.
For example, you can find out how many times each drive has been used, how much data was written or read on that device, and the transfer rate for each execution.
A quite useful feature is the ability to set thresholds that trigger certain alerts, such as when a tape should be cleaned. StorSentry has default values for each criteria, but allows you to override those to generate early warnings if you like.
Tape drives and tape media are typically the most failure-prone objects in a data center, and we all know that the question is not "if" but "when" they will eventually show errors.
StorSentry maintains a log of those errors and assigns them ratings and color codes that allow you to quickly spot runaway devices -- such as the first tape on the left in this chart. 
Digging deeper into each tape drive's history, you can get more granular data, such as the number of mounts and how many bytes were read or written at each session. If you ever need to contact the tape vendor, the Profile Window groups all the pertinent information, including the make, model, and serial number of the unit and the version of firmware it is running.
Selecting a cartridge will bring up a similar abundance of information that you can use to monitor errors and spot degraded performance.
Some proprietary solutions from tape vendors (Quantum DLTSage, for example) offer some of the same capabilities, but none I know of comes even close to the powerful and flexible reporting and the extensive data collection that I saw in the StorSentry demo.
Imation StorSentry
Availability: Now
Pricing: Pricing for StorSentry is calculated based on three components; the operating system environment, the number of tape drives to be monitored and the media pool to be monitored.
Verdict: For companies that manage hundreds of tape drives, StorSentry can bring much-needed control over how frequently they are used. It won't make drives or reels more reliable, but offers the tools to predict and perhaps avoid catastrophic read failures.
Posted by Mario Apicella on April 3, 2007 01:28 PM