Wednesday, November 26, 2008

Happy Thanksgiving

Today is a great time of the year to say thank you to all of Zerowait's customers and friends. It is also a good time to look back and recognize how lucky I was personally to grow up in Delaware and have the ability to start a company with just an idea. My idea has grown into an international company thanks to the hard work and determination of our team members to satisfy our customers needs.

Often the hardest part of getting any company off the ground is learning how to communicate your ideas clearly. Dave Hitz, the founder of NetApp was featured in Entrepreneur magazine recently and noticed the same thing, and states in the magazine that communication skills were very important to growing his company.

When a company is little, there's just a handful of you. It's relatively simple to get that group of people to figure out where they are going. As the company grows, one of the biggest challenges is to get all of the people headed in the same direction. To accomplish that, you need to be a loudmouth, and I mean that broadly. You need to talk, you need to write. Writing is an extremely powerful tool. It helps you test your thinking. Writing is also a great way of communicating to lots of people at once. I started a blog and I've written papers that I call future histories, which are my best attempts to describe how I think the world is going to look three years out, sometimes further.

Dave clearly is a visionary and a very good writer, it is a good time of the year to say thanks to Dave for helping to create a new market sector.

Monday, November 24, 2008

Canada

I am in Canada for a few days of visiting customers here. Just like so many of our customers, the Canadians know that NetApp makes great products, they call Zerowait because they need an affordable way to expand and maintain their storage infrastructure. As things tighten in the world economy more companies are calling us to maintain their Filers, and so even in this strange economic time our business is good.

As companies begin to watch where their budget dollars go, they look for easy ways to cut costs. And our company offers a very easy way to cut the costs of your storage maintenance budget. Our history and references prove that we are the best high availability alternative to the OEM for service and support.

Friday, November 14, 2008

A setting Sun?

According to the Wall Street Journal, Sun Microsystems is planning a 15% cut in its workforce. Perhaps one of the major problems for Sun is that its sales force and margins are based on selling proprietary hardware. And like most products their customers pushed for commoditization over time. Linux was a commodity priced solution that pushed Sun over the edge. Economic models that go back to to Adam Smith's have made sense for hundreds of years because they keep passing the test of time. If Sun can figure out how to make money with its Thumper products selling them as a commodity solution they may re emerge in a stronger position.

As I have written previously, there is a customer niche for the product.

The Silicon Valley computer maker said the moves, which include organizational changes aimed at bolstering its software business, will reduce costs by approximately $700 million to $800 million annually. It expects to incur total charges in the range of $500 million to $600 million over the next 12 months from the restructuring, of which it expects to incur approximately $375 million to $450 million within its current fiscal year 2009.
Sun has been struggling to reverse sagging sales, a depressed stock price and other problems. Sun reported a $1.68 billion loss in its fiscal first quarter ended in September, and has faced pressure from Wall Street to make substantial cost cuts. The company's revenue, which dropped 7%, was triggered partly by a drop in sales of its high-end server systems, which use a proprietary chip technology called Sparc.
Sun is battling to find a consistent formula for growth since the Internet boom, when it supplied computers to power Web sites. But most of that business shifted to lower-priced systems that use x86 chips, designed by Intel Corp. and Advanced Micro Devices Inc. Sun now sells those machines, too, but its growth with those products has not been able to make up for slowing growth of its Sparc line.
More recently, Sun was among the first technology companies to feel the effects of the slump on Wall Street. The company has long relied heavily on sales to the financial services industry.

Wednesday, November 12, 2008

A new type of network appliance

One of my friends sent me this patent to see if it was something that our company would be interested in. After reading the abstract and summary it reinforced my belief that there are several applications in the world where a network appliance fits in to a high availability architecture, but there always needs to be a balance between infrastructure complexity and stability.

If you are interested in what another California inventor has conjured up, read on.


United States Patent Application 20080016570




Abstract:

The method analyzes unauthorized intrusion into a computer network. Access is allowed through one or more open ports to one or more virtualized decoy operating systems running on a hypervisor operating system hosted on a decoy network device. This may be done by opening a port on one of the virtualized decoy operating systems. A network attack on the virtualized operating system is then intercepted by an introspection module running on the hypervisor operating system. The attack-identifying information is communicated through a private network interface channel and stored on a database server as forensic data. A signature-generation engine uses this forensic data to generate a signature of the attack. An intrusion prevention system then uses the attack signature to identify and prevent subsequent attacks. A web-based visualization interface facilitates configuration of the system and analysis of (and response to) forensic data generated by the introspection module and the signature generation engine, as well as that stored in the processing module's relational databases.

SUMMARY


One or more embodiments of the invention are directed to an improved method and system for protecting computer networks. In one embodiment, the invention comprises a modular decoy network appliance, which runs fully functional operating systems on client hardware modules. The modular arrangement comprises front-end fully functional operating system modules and a separate processing back-end module.


The front-end presents a standard fully functional operating system, such as Windows® or a flavor of Linux®, or Sun Microsystems Solaris® that returns a standard operating system fingerprint when it is scanned by tools that attackers typically use to identify vulnerable systems. The attacker is thus lured into accessing the identified operating system and running custom or known exploits on that system.


The front-end module includes a sentinel kernel driver (or a more generalized executable module) that is hidden from system scanners as it is removed from kernel module listings or registry in Windows. Thus, the kernel does not indicate the sentinel kernel driver is running. The sentinel kernel driver monitors connections to the operating system as well as activity on the operating system and activity on services running on the operating system. When an attacker connects to a port, the sentinel kernel driver captures the data coming through the socket. Generally all relevant data coming through the socket is captured. In most cases this means whatever data is received as part of an incoming attack is captured by the sentinel driver. Captured data is sent as a slew of common UDP packets to the back end processing module over the fabric network connection separate from the vulnerable front-end modules. In this manner, there is no way for the intruder to know that his or her communications with the operating system are being analyzed.


The captured data, which contains the attack-identifying information, is sent to the back-end or processing module though the backplane fabric of the appliance using Layer 2 Ethernet communication protocol. The processing module is separate and independent from the client operating system modules and communicates the processed information to security administrators through a network port connected to the private and secure VLAN. Unbeknownst to the intruder, the exploit is thus captured, transferred and analyzed.


With the received data, the processing module generates a report of the attack. The report consists of user-friendly information that paints a picture of the attack for a system administrator. This may include information on which sockets were accessed, what happened at a particular socket, the key strokes entered or bytes transferred to the port, what files were transferred, registry changes, how the attack was run, what happened on the primary network, on its servers or how the network services were affected. The report may also include information on the location of the attacker or the attacker's service provider. Graphical representations of key information and interactive mapping of the attack locales by region or country may be utilized in one or more embodiments of the invention.


The processing module is used to generate an attack signature by analyzing all the data passed through the socket. The signature is generated by analyzing the attack payload including the keystrokes or transferred bytes and any files uploaded to the client operating system of an ASCII or binary nature. The files uploaded are assumed to be of a malicious nature created to deliver a malicious payload in the form of a compiled program or an interpreted script. In the event that no malicious files are uploaded to the operating system, the signature generation engine analyzes all the keystrokes or bytes delivered through the socket and creates a pattern signature which when applied to an IDS or IPS system, enables the IDS or IPS systems to detect the attack if repeated on production systems. Once generated, the attack signatures can be viewed by a system administrator to determine the appropriate course of action. The system administrator can instruct the signature to be uploaded to the intrusion detection system (IDS) or intrusion prevention system (IPS) for the protected network where it is added to the IDS's or IPS's library of signatures to protect production systems. In one or more embodiments of the invention, the signature may be uploaded or saved in a third party system that maintains all known exploits. In this manner, other systems may be notified through secure channels of an impending threat. For example, by transferring the signature to a centralized server that communicates with multiple installations, the intruder may be thwarted before attacking other systems in other companies.

Monday, November 10, 2008

Sun's Amber Road ZFS solution

The Wall Street Journal today has a short article on the Sun ZFS solution. We have some customers who have switched to the Sun Thumper solution and for their smaller storage applications they seem to like it. Other customers are working with home brewed ZFS on BSD solutions and finding a few places where it fits into their infrastructure.

With budgets tightening more customers are looking at ways to cut their storage acquisition and maintenance costs and the Sun solution seems to fit for a portion of these customers.

I think the following points from the article are the most interesting:

1) Sun Monday is introducing its latest family of hardware based on a concept it calls "open storage," which avoids proprietary technology in favor of standard components and open-source software that can be modified by users. Sun says the "open" approach, among other things, makes its products less expensive and more flexible than competing offerings.

2) Sun's storage hardware relies heavily on what it calls the Zettabyte file system, which is software that manages how data files are named and stored. By offering ZFS as a free open-source program, Sun hopes to build a community of companies and developers, such as exists for the open-source Linux operating system.

3) Sun earns revenue by selling services around it's open-source software, which is free to download and use, as well as by selling related hardware.


Time will tell what the marketplace thinks of the solution. Based on customer comments that we have heard over the last year about ZFS, I think there is a market for a commodity based solution for enterprise storage.

Thursday, November 06, 2008

An interesting data point

John Chambers of Cisco is forecasting a decline in sales.


Sales will decline as much as 10 percent in the second quarter, which ends in January, Chambers said yesterday on a conference call. In August, he predicted a gain of 8.5 percent from a year earlier.
Business changed course after the credit crunch hit, pushing October orders down 9 percent, Chambers said, adding that his comfort level with the forecast was the lowest since the dot-com bust in 2000. Chambers plans to save $1 billion in
costs over the next three quarters by curbing hiring, business travel and relocations.

When Cisco has to tighten its belt, people notice. Zerowait can help lower operating costs for companies and we look forward to working with many more companies to show them how they can operating costs while maintaining their High Availability Service levels.

Tuesday, November 04, 2008

Cloud computing can be stormy

Cloud Computing seems to be the 'hot' term now. But it seems like it might turn into another way for vendor's to lock customers into their services.

Service providers won't admit this, but once they've got your data, they'll try to find ways to lock you in and keep you from switching to another provider. Ultimately, we users may have to make a trade-off -- sacrificing some degree of freedom and control in exchange for convenience. If the alternative is the mess we have today, that trade-off may look appealing.

Before you let your data get locked into a service provider, you better make certain that the company that has your data can meet your data recovery requirements and your data security requirements. For example not all clients will feel comfortable with their data being mixed in aggregates with other customers' data. Providing security for your corporate data may be more important than the convenience of the solution pitched to you by the Cloud storage provider. How can you be certain that your Cloud storage provider's employees meet your personnel screening requirements?

Everyone should ask their Cloud storage provider the following questions:
1) "Who has the keys to my company's most valuable data?"
2) " Do the employees meet our company's security requirements?"
3) " Do they meet the requirements of any government contracts we have"
4) " Where is the data physically located if we need to take possession of it quickly"
5) " What is the cost if we need to take possession of our data "


Clouds often mask the important visual clues that you need to make informed decisions, without a good set of instruments it may be hard to interpret the information you are given by the Cloud storage provider.