IT Business Insider: Infrastructure

Building Better IT SWAT Teams

From the Editors of IT Business Insider

It's an unpleasant and unavoidable fact of life: IT organizations are almost always in problem-solving mode. And the best way to address unusual, urgent or one-time issues is to create temporary IT "solution teams."

The experts on these SWAT teams - the apt acronym for Special Weapons and Tactics - have the skills and tools to solve problems quickly and efficiently under intense time pressure. But it's important to keep in mind that you are bringing together people who may never have worked as a team before, and in larger organizations, they may not even have ever met.

There are right and wrong ways to build, train and maintain these crucial resources. Here are six ways that work.

Appoint a team leader. Forget everything you've heard about peer management. According to Katherine Spencer Lee, executive director of Robert Half Technology, in Menlo Park, Calif, the self-governing team is a myth. "You've got to have a team leader," she says, "and that person needs to have more than just technical skills." In particular, "good communications skills - both oral and written - are essential."

A leader is vital in cases where the team has been assembled from different departments. Someone acting as a coach or facilitator can help get the group to gel. This might be a role taken by the project manager; it might be formally assigned to someone with those specific skills or it might just be naturally assumed by a team member who has a talent for bringing people together. (article continues)

Balance individual accountability with a clear chain of command. The best teams don't necessarily duplicate skills, says Dean Meyer, chairman of NDMA Inc., a management-consulting firm based in Ridgefield, Conn. "Each member of the team needs to understand the specific contribution and/or deliverable that he or she is responsible for, and not meddle in other people's domains," he says.

Find - and involve - people from other disciplines. It's rare that a technical problem impacts only IT. "Once you make changes to an application, to the infrastructure or to the network, there are implications for anyone who uses those resources," says Jeff Gibson, vice president of consulting for The Table Group, a managing consulting firm based in Lafayette, Calif. "You need to have all the stakeholders represented on that team." In particular, members of the affected user community must have someone participating in order to come up with a solution they will be satisfied with.

Clarify the loyalties of team members. Because the team is temporary, by implication all members of it have other "real" jobs to do. To avoid cases of divided loyalties, members must know their responsibilities on the team and how that time commitment relates to their regular job. "Managers must be exceedingly clear about the priorities," stipulates Gibson. "If someone is expected to give 100 percent to the team, that has to be approved by his or her manager - and everyone must be very clear about how it will work on a practical basis from day to day." (article continues)

Establish firm boundaries. A temporary team is just that - temporary. The exact charter for its existence, including its timeframe, deliverables and deadline, must be carefully delineated in advance of the first meeting of the team. "If you don't provide an end date, or sufficiently detailed criteria about what constitutes the success of the project, then the so-called temporary team can easily turn into a standing committee," says Johanna Rothman, president of the Rothman Consulting Group, in Arlington, Mass. "If at all possible, make the goal something measurable; certainly make progress toward it something you can track."

Be prepared to disperse the team if necessary. Just because specific deliverables - and viable deadlines - have been established up front doesn't mean that the team must stay together to the bitter end. "Every healthy IT organization has a methodology for evaluating and killing troubled projects," says Raj Kapur, vice president of the Center for Project Management, in San Ramon, Calif. "You need to keep ascertaining that your resources are allocated where they can provide the most value. If things clearly aren't working out, you need to cut your losses and move on."

The bottom line: The best way to get a team acting like a team is for them to start working together.

Permalink| Comments

IT Business Insider: Infrastructure

The Heat Is On

From the Editors of IT Business Insider

A strange thing happened when St. Louis, Mo.-based Sisters of Mercy Health System began populating its data center with new servers. "We ran out of power capacity,'' says Bill Hodges, director of the data center at Mercy, the ninth largest Catholic healthcare system in the country. Mercy found that the servers were smaller and denser and took up less space. But on the flip side, they required more power and cooling, as well as a bigger generator to handle the increased load.

Then the domino effect kicked in. "Now I have to increase the capacity of the infrastructure that supports the data center,'' says Hodges. "You fix one thing, but then there are four other areas you have to upgrade to leverage what the technology changes are allowing you to do."

With a trend toward smaller servers and blade servers, enterprises are now able to get more hardware into a single rack than ever before. However, they're finding that improvement to be a double-edged sword because the smaller server size equals greater power consumption. And if companies don't upgrade to accommodate the new equipment, they'll find themselves only able to use a fraction of their data center's floor space.

"We're seeing increased density in data centers because more CPUs are being packed into a unit of volume,'' explains Dan Golding, a vice president and senior analyst with Tier1 Research in New York City. "Each chassis is taking up a tremendous amount of power to do its computing. One of the laws of engineering is if you take in a lot of power to do computation, something has to be done with that power, which is turned into heat eventually." (article continues)

Power, Power Everywhere
And it's not just the processors that are getting more powerful -- the same thing is happening to storage devices and Ethernet switches, which take more power to handle more bandwidth, Golding adds. There is more capacity in data centers "to the tune of fifty-times the processing power, and a hundred-times the storage and networking capacity in a single cabinet. And that means you're using much more power and that's generating much more heat," Golding says. At the same time, because generators and air conditioning units are only so big, data centers are running out of power.

According to research firm International Data Corp., 40 percent of data center end users report that power demand is greater than the supply. What's the answer? Ideally, says Golding, outsourcing or building a better data center designed with more power and greater cooling capacity per square foot. "Designers and electrical and mechanical engineers are designing for large enterprises two to three times the cooling and power capacity than what presently exists,'' he says.

"The goal is to guarantee the inlet temperature to the IT equipment so the fans are always pulling in the same temperature as the air,'' says Kevin Dunlap, director of business strategies, Cooling Group, at American Power Consumption Corp (APCC) in St. Louis, Mo. "The easiest way for us to guarantee that temperature is to remove heat from the back of the server and not give it a chance to mix with the air in the rest of room."

It's more efficient to cool at the row level, he says, because when air is blown from a source that's much further away, the air has to be cooled down to a much lower temperature, which takes more energy.

Dunlap says for energy saving reasons, the new servers "pull back" when they're not being asked to do lot of computing. But the cooling system has to be able to respond quickly and the power has to be there to support the equipment when it springs to life again.

"As computing loads moves around the data center, the power and cooling has to move around data center to mirror that compute load,'' he adds. "That's the next challenge we're facing." (article continues)

Plan to Scale Based on Demand
When planning the layout of a data center, Dunlap recommends thinking about how much capacity is needed today and populating it for current needs, and then matching the energy consumption rack by rack. Then as racks are added, it will be possible to also add cooling units and scale as the computing needs grow, so you're matching the capacity to the demand.

Hodges says APCC's hardware enabled Mercy to tap into the building's power supply and redirect capacity that wasn't being used, which gave them the ability to extend the life of their existing data center. On top of that, APCC's components are modular and can be moved when Mercy ultimately builds its new data center five years down the road.

Since most enterprises have a three- to seven-year equipment replacement cycle, experts suggest doing a usage inventory and then ensuring that power is supplied only to the racks that are being used. "We've seen a shift from cooling the room in general to looking at a room as a large heat source and trying to cool it with a big air conditioning system,'' says Dunlap, "to targeted cooling solutions where each individual rack has its own row or rack. So it's much more one to one."

Permalink| Comments

IT Business Insider: Infrastructure

Revise Your Technology Refresh Strategy

From the Editors of IT Business Insider

High on the list of certainties, right after death and taxes, is the knowledge that the computers your company bought just three months ago are already obsolete. But when is the best time to upgrade?

When developing technology refresh strategies, enterprises are caught between the pull of new technology and the realities of budgets and operations. While these competing forces play out differently from company to company -- sometimes from business unit to business unit -- the underlying issues are similar.

Until recently, hardware refresh strategies were often driven by tax depreciation schedules. Many companies were unwilling to replace assets on the books, even if their real value was little or nothing.

During the last five years, with prices falling and computers becoming more powerful, accounting imperatives have become less important. "The asset may not be depreciated, but the business isn't getting any value [from the asset] because it can't take advantage of the newer software it needs to compete," says Mike Yudkin, senior vice president of Design Strategy Corporation in New York City. During the last few years, he has seen more companies expensing their equipment and others moving to shorter, usually three-year, depreciation schedules in order to gain earlier access to new technology. (article continues)

Multiple Forces Drive Change
The demand for powerful new software isn't the only consideration driving refresh schedules. Not everyone requires up-to-date technology, and in many cases other factors become more important. These include:

No One Size Fits
Because so many factors come into play, it's best not to impose a one-size-fits-all rule on the entire company when you develop a tech refresh schedule. Rather, consider evaluating each business unit separately. Weigh the benefits of the proposed upgrade against the costs and potential risks. Keep in mind that revenue-driving units may need more frequent upgrades than back-office operations.

Evaluate your changes based on lower maintenance costs, higher productivity and faster time to market. But keep in mind that even the most carefully drawn refresh strategy may be overridden by changing business needs. A unit that is likely to be sold or relocated probably won't be given new equipment even if it is theoretically due for a refresh.

In another example, Bowling says that his company's refresh strategy is being impacted by the shift from desktops to laptops. With the narrowing of the desktop/laptop price differential, the growth of mobility and increasing attention given to business continuity and flexible work arrangements, more and more employees are getting laptops. A strong case can be made for not replacing their desktop computers. "Why not have just one asset?" Bowling asks. "If you have to maintain two assets, then all the patches and updates have to be done twice. It's not an effective use of IT."

Permalink| Comments

IT Business Insider: Infrastructure

Continuous Data Protection: Securing Data

From the Editors of IT Business Insider

It's virtually a no-brainer. Your data is backed up the instant you make a change to it -- any change, no matter how small. You can retrieve it immediately. That's right; no need to hassle with locating and accessing the right backup tape. And the expense is easily justified by the time you save from not having to redo work lost since the system was last backed up using traditional methods -- whether that was an hour ago, last night, or last week.

Given all this, small wonder that enterprises in increasing numbers are implementing continuous data protection, aka CDP.

"CDP is rapidly turning out to be one of the major technologies emerging to protect all-important enterprise data," says Jim Addlesberger, president and CEO of NavigateStorage, a Boston-based systems integrator specializing in data storage and backup.

Of course, IT departments have been doing backup and recovery for more than 40 years, but until recently it has been the practice to make periodic copies of all of your most important data onto tape. That tape is subsequently detached from the network and stored in a safe place. Most enterprises take it a step further by making copies of such backup tapes and keep them offsite for extra protection. (article continues)

Something Completely Different
But CDP takes a different approach entirely. "Backup isn't the issue -- protection is the issue," says Mike Karp, a senior analyst at Enterprise Management Associates in Portsmouth, N.H. "Everyone does backups. The question is, can you recover data in its correct state at the exact point at which it needs to be recovered?"

"Agree," says Benjamin Aronson, president of Aronson & Associates Inc., a Sunnyvale, Calif.-based IT consulting firm. "Recovering data from tape is an arduous, time-consuming chore," he says. "No one likes to do it. Frequently it doesn't work. And you don't necessarily -- by definition of the process -- get back all the data you need." On the other hand, adds Aronson, CDP promises seamless backup, seamless recovery and virtually nonexistent administrative overhead.

But to implement CDP requires a major shift in focus: from thinking about backup as a time-based action to an event-based one, according to Karp. With traditional backup methods and supporting technologies, data copying is instigated according to a predefined schedule. This could be every week, every night or every hour, depending on the needs of your business. However, with CDP, every time you make a change to data, that "event" triggers the change to be copied incrementally onto the backup device. Later on, if you want to recover a previous version of that data, you scan through the data -- using the "recovery" interface provided by the CDP application -- and find the precise snapshot of the data that you require. (article continues)

"Say a virus gets into your system, and you don't realize it for several hours," says Farid Neema, president of Peripheral Concepts Inc., a storage-management consultancy based in Santa Barbara, Calif. "You want to go back to that exact point in time before that virus was introduced. The difference between CDP and the traditional periodic backups of data -- even if done every hour -- is that with traditional methods, you can lose a substantial amount of work. This can be serious for many professionals, but for people in the financial services or other transaction-intensive industries it can be disastrous."

And it seems that IT managers are getting it. A recent survey by Peripheral Concepts found that the number of enterprise sites that have already implemented CDP grew from 34 percent in 2005 to 43 percent this year. In 2007, that number will increase to 58 percent. 

And, according to the participants in the study, CDP is extremely easy to justify: return on investment (ROI) of implementing CDP was achieved in less than two years by 61 percent of respondents.

Why Wait?
Given the overwhelming arguments in favor of implementing CDP, why are some enterprises still hesitating? There are several reasons, according to Karp. "Most CDP products have been developed by smaller vendors, which makes enterprises nervous," he says. "Moreover, they are stand-alone products, not integrated with the mainstream data backup applications sold by larger vendors." What's required: easy integration of CDP with enterprises' existing backup and recovery products and processes.

Understandably, most IT managers are reluctant to force their employees to learn yet another backup tool. "But when CDP is integrated and accepted as an 'evolutionary' improvement to existing backup-and-recovery processes," adds Karp, "sales of the technology will really take off."

Permalink| Comments

IT Business Insider: Infrastructure

Are Remote Users Threatening Your Security?

From the Editors of IT Business Insider

The troubling news is remote access remains as much of a security threat for enterprise as it ever was. The good news is that companies can diminish the likelihood of a breach with the right management and technology.

"Remote access is probably the key problem to all problems we have within security,' says Doug Howard, chief operating officer at BT Counterpane, a managed security firm in Chantilly, Va. "10 years ago, most of the IT security concerns we have today didn't exist because you didn't have people logging into remote systems. Today, in order for anyone to do business, you have to let other people inside our systems whether it be partners, remote workers or suppliers."

Securing networks that are accessed remotely is as much a business issue as it is a technology one, security experts say. Preventing security breaches is not just about putting layers of technology on the network -- but ensuring that the technology is properly managed.

A Management Issue
While remote access is a manageable threat, it's one that tends to be a low priority for IT, says Jon Oltsik, a senior analyst at Enterprise Strategy Group in Milford, Mass. (article continues)

"Part of the problem is in the number of remote access methods and the sloppiness of the way things are managed,' says Oltsik. "Companies tend to have multiple ways they allow remote workers to get onto their systems."

Those workers may have user accounts and laptops they just don't manage properly. IT needs to get a better handle on what is on an employee's laptop. "Managing it is as important as providing the access," says Oltsik. "IT doesn't look at remote access as an end-to-end solution but as a point requirement, and doesn't integrate it into security as a whole."

Both Oltsik and Howard recommend deploying an IDS (intrusion detection system) and/or an IPS (intrusion prevention system), which both examine incoming network traffic and block it or alert a network administrator if the system sees something suspicious.

Companies make an incorrect assumption that once someone is given a remote access account they have the appropriate credentials. But Oltsik says no one accessing the network should be trusted until the proper steps have been taken to ensure they do not pose a security threat. Strong auditing and reporting is also lacking and that's a function of having too many different accounts in too many places, making it difficult to get an adequate big picture, the experts say. A classic example is when a female employee gets married and changes her name -- her old account is then deleted in one place on the network but not another. If someone knows about that vulnerability, they can exploit it. (article continues)

Besides redundant accounts, another challenge is that users may be accessing internal applications or Web applications that reside on different servers with different system administrators, says Oltsik. That creates another challenge when trying to audit everything from a single place.

A Balancing Act
Howard cautions that as IT looks for ways to decrease remote access security risks by adding more technology to the mix, the complexity for the end user increases. For example, he says some companies will use two-factor authentication (a security technique that combines something you have with something you know), which means when someone remotely logs in with a user name and password, they will also have a physical token that generates a number that must be input as a second step. That adds more complexity for the end user, but also adds more security to the process. Yet, tokens have shown to be very successful and most corporations use two-factor authentication for accessing the network remotely.

Another potential hassle for the remote worker -- but one both Howard and Oltsik say is critical -- is to check the remote computer's antivirus settings before letting anyone onto the network. If those systems are outdated, a laptop could be infected and a virus could spread to the network.

"It's a somewhat tedious process because if users are trying to connect remotely," says Howard, "they're trying to do it fast and if they get a message saying, 'Go update your antivirus software,' it's frustrating for them."

The demand for remote connections will only increase, and the potential for unintended malicious access will continue to be a serious concern for enterprise security teams.  "We've done a good job of allowing people to access networks remotely, but not at securing that access,' says Oltsik. "Remote access has grown organically and now it's time we take a step back and figure out what to do strategically and consolidate as we need to."

Permalink| Comments

IT Business Insider: Infrastructure

Will Alternatives to Microsoft Become Mainstream?

From the Editors of IT Business Insider

Is the Microsoft monolith beginning to crumble? Alternative applications for everyday office tasks like word processing, e-mail, spreadsheets and presentations have been available for years, but their small size and limited resources relegated them to the sidelines.

Now, however, the software giant is facing challenges from champions of similar size.  "IBM and Google have begun to play together," says Kyle McNabb, principal analyst at Forrester in Cambridge, Mass. "If they can work past their differences, then you have something credible and Microsoft should start shaking in its boots."

Sneaking in the Back Door
IBM, Sun, Google, Yahoo and Thinkfree are the leading contenders jostling to gain a substantial foothold on Microsoft's turf in the enterprise space. Although their potential is promising, at the moment, their plays are tenuous at best.

"We've talked to over 200 enterprises in the last 18 months and we're seeing a lot of playing around with these alternatives -- usually in IT groups and rogues throughout the enterprise that typically use them without corporate sanctions --but we're not seeing very much actual adoption," adds McNabb. "Where we are seeing adoption in enterprise, it's usually of Sun's StarOffice."(article continues)

Not everyone agrees with McNabb. Vaughan Woods, CEO of Maverick Asia Pte Ltd, a boutique consultancy out of Singapore, sees one solid reason, at least, to consider the contenders' claims. "The reason enterprises look at these products is the high cost of Microsoft."  

A Different Lever
While cost is always a factor in any enterprise decision, it still isn't providing the momentum for change one might expect. This forces the alternative applications to take a different approach to encourage wide scale adoption.

"Adoption happens outside of work," says McNabb. "Google and Yahoo in particular are wooing home adopters, hoping to become so familiar and useful that employees will push the enterprise to adopt the programs as well. That strategy does have legs. After all, that's exactly how Microsoft, particularly Windows, pushed its way into the enterprise."

Microsoft did indeed slide in the back door to invade all of the enterprise space but that pervasiveness brought much-needed standardization as well. The threat of the chaos implicit in non-standardized applications has strengthened the ties to the Microsoft mother ship.

"If you review the process of convergence with the MS Office de facto standard in the 1980s, you will get a template for this process," says David McNab, president of Objective Business Services, a boutique consulting firm based in Markham, Ontario. "Office productivity was only realized once we could share information across desktops and networks, and to do that we needed a standard which led to Microsoft's dominance. The next step in evolution is that the Office standards become commoditized -- e.g., open source alternatives abound -- and that's what you are starting to see now."(article continues)

Culture Dictates the Play
Some IT analysts believe the pace of change is governed more by culture than by business principles or cost concerns. They cite an intriguing disparity in alternative uptakes in various countries.

"For a while now, I've noticed that U.S. businesses are quite inflexible when it comes to adopting new technology. There seems to be a particular aversion to using this kind of third-party application for managing data," says Paul C. Williams, senior software engineer at LexisNexis Examen in Sacramento, Calif.

Conversely, he adds, "Businesspeople in developing countries, particularly in India and China, but also in the Eastern Bloc, are quite open to using these new tools. I would expect that trend to continue with corporate adoption of Internet-based applications."

His prediction: Managers in developing countries with large groups of people working collaboratively will tend to use the network-based tools, while the "rugged individualists" in the U.S. will continue to insist on stand-alone applications.

Which Will Switch?
The status quo will always have plenty of supporters, if not outright fans. "I don't expect many businesses to switch to online alternatives in the near future -- just because it is a switch to be made," says Jan Doornaert, project manager at Radar Automation N.V. in Belgium. "Too many vested interests, or 'it works just fine now, why change?' mindsets take over."

But at the end of the day, the needs of the global marketplace may override all other concerns.

"I suspect some changeovers may be financially motivated" says Williams. "But ultimately, due to the increasing need for document control and collaboration, some collaborative platform -- be it Google Docs, Sharepoint or something all together different -- will become adopted throughout businesses."

Permalink| Comments

IT Business Insider: Infrastructure

Network Switches Grow Up

From the Editors of IT Business Insider

Once just hubs that directed network traffic, network switches have steadily gained intelligence. They can now help with user access control of applications and enable fault tolerance to prevent network downtime. This increased functionality not only makes the corporate network run better; it can relieve some of the administrative load on network administrators as well as other IT professionals.

"Enterprises can do much more with their existing equipment thanks to the increased sophistication and speed of switches," says Jim Kelton, president of Altius Information Technology Inc., an IT consulting firm based in Santa Ana, Calif., that specializes in performing network and security assessments. "And even as speeds go up -- we've seen them rise from 10 megabits to 100 megabits to 1 gigabit -- prices are coming down dramatically. As a result, we see companies rapidly upgrading to the higher-capacity switches."

"IT is very interested in this because many companies are building converged networks, putting IP and telephone traffic on the same network, and in general trying to enable various kinds of traffic using the same infrastructure," says Mary Petrosky, a network analyst based in San Mateo, Calif.

All On Top
The increased functionality is evident in that switches are no longer merely acting as Layer 2 and Layer 3 devices, but have moved up the network topology ladder to being Layer 4 and even Layer 7 devices. (article continues)

Topology is the term used to describe device configuration. Layer 1 switches are rapidly becoming obsolete; not so much switches as simple hubs, they don't manage traffic, but merely pass it from one network device to another. Slightly more sophisticated, Layer 2 switches can interconnect a small number of devices in a home or office. Layer 3 switches are built on a higher topology still. Often referred to as routers, they increase network efficiency by delivering traffic only to those ports that have been configured to "listen" to that traffic.

There are no Layer 5 or Layer 6 switches. The definition of Layer 7 switches varies from vendor to vendor, but these are typically capable of performing packet inspection at a very granular level while controlling quality of service (QoS) as well as a host of security-related functions.

Enterprises are using the more intelligent devices -- specifically, the Layer 4 and Layer 7 switches -- in the following ways:

routers can detect and prioritize voice traffic -- which is more sensitive to latency than data traffic -- over data traffic. Likewise, higher priority data traffic can take precedence over less important data.

All this additional capacity and functionality raises even more security issues. "The higher bandwidth these devices deliver allows people to email ever-larger documents of all types. And any time that you connect more people to more information more easily, you up the risk of security breaches," says Kelton.

Still, he says, the pros greatly outweigh the cons. With switches evolving so rapidly, Kelton recommends that enterprises evaluate their networks and upgrade their switches at least every two years. "Everything is changing so rapidly and the increased functionality is so potentially valuable that enterprises need to make a point of keeping up," he says.

Permalink| Comments

IT Business Insider: Infrastructure

Maximizing Multicore Servers

From the Editors of IT Business Insider

In the perennial push for greater speed and more robust functionality, multicore servers have been promoted as the solution for the future. But despite their obvious benefits in cost-effective and faster parallel processing, there are significant trade-offs. Chief among these are pushback from application developers, skill transfer, memory limitations, provisioning and governance. How can IT managers best harness the gain in speed with minimum risk?

Same Song, New Verse
"Multicore has been on the hype cycle recently, but it is not a new technology. Larger server systems, such as many RISC-based systems running UNIX, have had multicore for several years," says Austin, Texas-based David Stirling, lead systems engineer at The Home Depot. "What we are seeing now is a lot of hype, with Intel and AMD on the bandwagon marketing to consumers."

One cause of confusion is the lack of a standard to describe relative performance. "There are some segments of the market that still believe clock rate [in GHz] is the only meaningful information by which processor performance can be gauged," says Doug Rollins, Director of Research and Development, MPC Computers (Gateway) in Nampa, Idaho. "However, with multicore -- in particular, quad core -- processors, this simply isn't true."

Intel and AMD think "CPU numbers" provide a more valid assessment of processor performance. For example, despite the slower clock rate of a current Xeon 5300 quad core series processor, it may outperform a current Xeon 5100 dual core series one under certain workloads. Furthermore, the extra performance can also translate to lower power consumption. (article continues)

Serial or Parallel Universe?
The market hasn't yet completely made the transition from clock speed to CPU numbers, leaving IT managers confused about how to assess performance. But in the end, the workload that is being processed, not the numbers, that should determine whether you choose a serial or parallel configuration.

"If a set of processing can only be done serially, then having multiple cores does not help," says Chicago, Ill.-based Carl Franklin, Solution Architect for Triton-Tek. "If work can be done in parallel and the application or service can delegate its work in parallel, then multicores give a better work per space and work per watt advantage."

Keep in mind, however, that while multicores technically pack more processing power in the same heat footprint, i.e., more processing power per BTU of heat, not all that processing power is accessible. "Certainly [multicores do] not double the effective processing power, as some marketing folks claim," says Stirling. "This is because much of the operating system and application code today is not designed to take full advantage of the additional cores. This is especially true of multicore desktop/laptop systems, but it applies to some server applications as well."

"The key best practice is to size the processor to the workload. With the advent of dual socket designs (like the MPC NetFRAME 1640, 1740 and 2740), one has a wide choice in CPU selection, both in terms of type, speed and quantity," says Rollins. "Not 'over buying' is as important as not 'under buying' -- and processor numbers can help with this choice." (article continues)

Besting the Beast
To maximize the power of multicore server deployments, Jay Bretzmann, Manager of Product Marketing at IBM Systems in Research Triangle Park, N.C., offers the following advice:

The bottom line: Multicore server deployments can pack a wallop in attacking some of the more bedeviling enterprise tasks, but how much of a wallop depends on how well you aim the punch. "You will definitely see improvement by deploying multicore chips as opposed to the previous generation single core chips," says Stirling. "But, as in any capacity management exercise, you should map your load to the actual performance of your application on the processors in question, not the marketing hype."

Permalink| Comments

IT Business Insider: Infrastructure

Is It -- Finally -- Time for the Grid?

From the Editors of IT Business Insider

Grid computing would seem to be a simple concept: computers are linked together and the machines share resources such as CPU cycles, RAM and data storage capabilities. Free resources on one machine can be tapped by other users on the grid; in return, a machine in need of additional computing capacity can utilize free resources available on other parts of the grid.

"In some senses, the idea is a very old one," says Ian Foster, the director of the Computation Institute at the University of Chicago's Argonne National Laboratory in Chicago, Ill., and considered by most in the field to be the "father of the grid." "When the Internet first appeared in the late 1960s, some people talked about how you might be able to create computing utilities. But it was with the emergence of high-speed networks in the early 1990s that people really started looking seriously at how you could link systems together."

Not surprisingly with such an amorphous concept, there's some confusion about a clear definition of the term "grid computing." Foster suggests that the best way to think about it is as a set of technologies that closely dovetail with other similar sets of technologies. "It's really a continuum from the tightly-coupled parallel machines, like IBM's Blue Gene, to clusters, and then collections of clusters and, in the sciences and some large companies, national-scale grids that link clusters and other systems at many sites." (article continues)

Economy and Scale
Grid computing works especially well for repetitive jobs -- calculations that need not be made in parallel, but instead can be made sequentially. Purdue University (West Lafayette, Ind.) CIO Gerard McCartney, who oversees a grid of 6,001 Linux, Windows, Solaris and Macintosh machines that talk to each other using the University of Wisconsin's Condor grid middleware, says one Purdue faculty member grabs images of viruses from an electron microscope, and then processes the images using the grid. "He could do this on a mainframe that costs millions of dollars. Our way, he essentially does it for free."

While cost savings are an important argument in favor of grid computing, the time element may be even more important. McCartney, who contends that most computers, even when in use, utilize only 20 percent or so of their capacity, cites the case of a materials scientist at Rice University who uses the Purdue grid to analyze zeolite structures. In one day, says McCartney, he may use a CPU year of computation running "fairly small calculations that have to happen thousands of times." Midway through 2007, he'd already used three million hours of computing time, at very little cost. "These are all waste cycles. That's the point," says McCartney.

There are few infrastructure requirements for grid computing. Networking capability, of course, is essential, as is the middleware that enables the machines to distribute tasks intelligently. Foster's Argonne Laboratory, with support from IBM, developed the open-source Globus software, which, he says, "addresses security, data movement, job submission, data replication" and other challenges for large grids. Other popular middleware offerings include the Sun Grid Engine (SGE) and Condor. This software is platform-independent and has the advantage, says McCartney, of being a "lightweight installation -- you're not hiring a cadre of systems programmers to make this happen." (article continues)

Finally, emphasizes Cheryl Doninger, the R&D director of the enterprise computing infrastructure unit at SAS in Cary, N.C., the software actually using the grid -- what's visible on the individual user's desktop -- has to be grid-enabled. She says that SAS added grid capabilities to its software offerings a year and a half ago.

Expanding the Grid
Grid computing is starting to catch on in many enterprises. It is already being used extensively in the financial services, oil and gas, insurance and pharmaceutical industries. Meanwhile, says Doninger, telcos, the travel industry and the entertainment sector, are quickly adopting the technology.

"You can't really pick an area [of the enterprise] that's amenable to grid computing," says McCartney. But, he adds, you can isolate the best uses for the grid. "Science applications work nicely in this environment, Parameter sweeps, statistical analyses and digital rendering also work well."

Any area of the enterprise that needs lots of computing power, and fast, can benefit. Payroll departments can use the grid to help churn out thousands of paychecks overnight, and then forget about the grid the rest of the time. Programmers at SAS use the grid at night -- when they have to quickly process the latest source code builds.

With relatively small initial expenditures, grid computing can enable enterprises to realize extraordinary gains in computing power and efficiency. And in the medium and long term, they can save money. "Grid can run on low-cost commodity and open source operating systems," says Doninger. "We talk [to our customers] about savings, and a lot of times that's why they're starting to look at grid -- because of the hardware savings it can bring."

Permalink| Comments

IT Business Insider: Infrastructure

SOA Is Looking A-OK

From the Editors of IT Business Insider

The clamor for convergence is reaching a deafening roar as IT departments seek new ways to make scarce budget dollars support broad and sweeping business changes. The more flexible and adaptable the technology, the better the play, the thinking goes. Better still: the technology becomes invisible, connecting multiple uses and applications while leaving the user's focus on the business at hand rather than on the interface commands.

Legacy and other systems intended to improve time-to-market or component re-use, such as CORBA and DCOM, were soon outpaced. "Previous strategies were very rigid and brittle," says Peter Kastner, research vice president of the Aberdeen Group of Boston, Mass. "Any small change could break things." In their place arose Service Oriented Architecture (SOA), an approach to designing business applications built around the concept of services.

What's So Different?
"Past integration strategies focused primarily on simplifying the effort required to make large applications interoperate," says Larry Fulton, senior analyst at Forrester Research based in Cambridge, Mass. "SOA, on the other hand, is about creating or repackaging software components in a way that makes the components themselves easier to use by new or existing systems."

SOA is differentiated from previous technologies in two ways, says Fulton.  First, SOA designs around business process steps, achieving a more naturally reusable granularity of function. Second, the industry has learned a lot about the need to support the adoption of new approaches by also facing the challenges head-on. (article continues)

"SOA, SOA governance or the processes by which SOA decisions are made consistently and effectively are as much a part of the industry discussion as the approach and the related technologies," says Fulton. "This did not happen with earlier attempts."

According to Kastner, early adopters have learned many valuable lessons about implementing SOA. "The complexity has not gone away even though SOA reduces the number of lines of code the organization has to deal with, and the resulting applications are more user friendly," he says. "Companies further down the road with SOA implementation are telling us that it is best to retain outside services to curb the training curve and that they wish they had done far more planning on the front end."

"SOA is widely expected to lower the 40 percent on average of the IT budget currently dedicated to integration. It provides more agility and frees dollars for other IT needs," says Kastner.

Making Connections
SOA is showing yet another major plus: it is highly workable with the push towards IP-based convergence in the wired and mobile communications sectors.

"IP-based convergence offers the same benefits to SOA as it does to other IT efforts," says Fulton. "Just as IP-based convergence brings together a host of capabilities into a single networking model, those same capabilities can be more easily leveraged when they are bundled into easily integrated SOA services, extending the convergence into the application and architecture levels."

According to Forrester's most recent survey data, strategic adoption of SOA and reported measurable benefits continue to grow among North American and European businesses. "All of which demonstrates that unlike earlier strategies, SOA is actually delivering on the promise to improve IT solution delivery," says Fulton. "The most powerful applications of SOA include the creation of services that closely correspond to business units of work."

Permalink| Comments

IT Business Insider: Infrastructure

Implementing a Tiered Storage Strategy

From the Editors of IT Business Insider

The cost of storage continues to decline even as the capacity of individual drives increases. But rather than move all data to the fastest -- and most expensive -- devices, most enterprises are implementing a tiered storage strategy, in which data is delegated to devices according to its importance.

"Ten years ago, people simply installed systems that allowed them to store all information electronically and to get to it quickly," says Joe Martins, a partner with the Data Mobility Group LLC, in Nashua, N.H. "They didn't start to consider strategies that took into account cost as well as performance issues until 2000," when resolving Y2K issues brought it to their attention.

Dividing the Data
The Enterprise Strategy Group estimates that about 85 percent of the data sitting on high-end storage systems is non- or post-transactional, and that half of this replicates non-transactional data. "This is a very inefficient use of high-end real estate at best -- and a costly business adventure at worst," says Heidi Biggar, an analyst with the Enterprise Strategy Group, based in Milford, Mass. After all, primary disk storage is expensive to acquire, manage and maintain, as well as draining power and cooling resources.

Best practices involve first classifying data into categories. Information deemed mission-critical and data that is frequently accessed and/or changed should be (article continues)

kept on primary storage systems. Data that is less urgent but still important to the business could be kept on SATA-based systems. Data that is static, or only periodically accessed, could be kept on disk-based archives. Finally, tape or optical storage would be used for deep archiving.

Five Storage Strategies
How can you effectively implement a tiered storage system? Here's a five-step plan:

Determine your goals What do you hope to achieve from moving to tiered storage? Reduce costs? Improve performance? Achieve better service levels? Some combination of the above? "Some enterprises are extremely cost-sensitive and are looking to cut storage-related expenses," says Greg Schulz, founder of the StorageIO Group, in Stillwater, Minn. "Others put performance first, as it can directly impact their ability to serve customers. Before you do anything, you have to establish your priorities."

Establish recovery point objectives and recovery time objectives for all data types Before you can determine what data belongs on what kind of storage device, you must decide your recovery point objectives (RPO) -- the point in time to which data must be restored to ensure smooth recovery of business processes that the data supports -- as well as your recovery time objectives (RTO), the maximum amount of time that you can afford for systems to be down after a failure. Without both an RPO and an RTO, you will not be able to implement a viable storage tier strategy. It's not good enough to define one or the other; you have to specify both. (article continues)

Inventory existing storage resources Chances are good that you already possess a number of the storage devices you need to implement a tiered strategy with a minimal investment in additional equipment and software. Find out exactly what you already have installed that can be repurposed into a tiered strategy.

Consider how to best manage the increased complexity Moving to a tiered system always adds complexity to data center operations, but especially so if you switch from a single vendor to a multiple vendor storage environment. "Make sure you have the software tools, as well as the personnel to manage this cost-effectively," says Mike Karp, a senior analyst and head of the storage practice at the Enterprise Management Associates, in Boulder, Colo. "You don't want to gain efficiency in one area only to lose it in another."

Approach the process in phases Rather than implementing it all at once, it's best to start with one application and two data tiers, and proceed gradually from there. "This makes the process much more manageable -- and there are still immediate and sizable benefits," says Biggar.

All experts agree: Don't write that P.O. for the new drive until you complete your upfront work. "There's so much more involved than simply deciding what product to buy," says Karp.

Establishing a tiered storage system involves a lot of upfront work and investment in both time and hardware and software. There's no magic bullet for making it a success, warns Martins. But, he quickly adds, "It pays off in spades in the long run."

Permalink| Comments

IT Business Insider: Infrastructure

Seven Best Practices for Managing Data Storage

From the Editors of IT Business Insider

Despite the strategic value of data, many enterprises have yet to establish robust storage management strategies that keep important data readily available, the cost of managing it low and its access safe and secure. Given the huge proportion of corporate data that resides in unstructured or semi-structured
form -- such as in documents, spreadsheets and e-mails -- this is a daunting challenge.

"Data both grows very fast and ages very fast," says Mike Noordyke, president of the Trivalent Group, a consulting firm based in Grand Rapids, Mich. "You need to put strategies in place that allow you to monitor and manage it effectively, or it will impact your firm's ability to function properly."

Data storage experts recommend the following seven practices to help enterprises, both large and small, stay on top of their data storage challenges:

Establish recovery time objectives and put technology and processes in place to enforce them Recovery time objectives (aka RTOs) specify the maximum time allowed between a system crash and when data is restored. "Backup is one thing, but restoring is another," says Noordyke. "You can have the best backup mechanism in the world in place, but if you can't make your data accessible again in a timely manner, your business can take a real hit."

Classify data into "tiers" By assigning value to data throughout its lifecycle, from  the moment it is created until it is destroyed, organizations can begin to establish policies on when to move data from the most accessible -- and expensive -- disk storage to media that is more difficult to access, but which is (article continues)

substantially cheaper. But it's not enough to merely classify data according to "old" or "new" says Mike Karp, a senior analyst and head of the storage practice at Enterprise Management Associates, in Boulder, Colo. "You have to look at the underlying value, rather than assuming old data is less important than newer information." Concurrently, it's important to think not just in terms of managing capacity, but of performance, says Kris Domich, principal consultant for Data Center and Storage Solutions at Dimension Data, a $3.1 billion IT services firm based in New York. "Implementing monitoring and management tools is a must, so you can collect and see trends in performance as well as space usage over time."

Talk to actual users To help classify data into these different "value" tiers, it's critical to keep users in the loop, says Scott Robinson, chief technology office at DataLink, a Chanhassen, Minn., enterprise storage integrator. "There's no magic bullet; you have to go out and interview business data owners, and gain a first-hand knowledge of the needs of each business unit and how they prioritize their data," he says.

Understand the true cost of storage "Organizations must also understand the actual cost per gigabyte of storing data," says Dan Mack, a principal consultant with Glass House Technologies, an enterprise storage consulting firm based in Framingham, Mass. Firms need to include everything in this calculation: hardware, software, maintenance, employee time, service and support fees from external parties and -- last but not least -- utility costs. "A huge part of the IT department's budget is storage. They need this cost information to make all sorts of decisions, including calculating the true cost of proposed IT projects," he says. (article continues)

Limit access to need-to-know data In general, companies make data available to a lot more people than actually need it. "'Deny all' should be the default, and organizations should only give access to those people who really need it," says Domich. "And you have to audit those access rights on a regular basis."

Safely destroy, as well as protect, critical data operations "Completely erasing data is just as important as other aspects of data security," says Greg Schulz, founder of the StorageIO Group, a storage analyst firm based in Stillwater, Minn. "This means not simply discarding old magnetic tape, disk drives, laptops and desktop systems, but destroying the data residing on them."

Discriminate between backup and archiving "The growth of data -- whether in e-mails, IMs, database records, or transactions -- is pretty alarming," says Mike Kahn managing director of The Clipper Group, in Wellesley, Mass. "You need to know, legally, what you need to keep and what needs simply to be archived versus what is needed for backup and recovery purposes." Adds Lauren Whitehouse, an analyst with the Enterprise Strategy Group, an enterprise consulting firm based in Milford, Mass.: "Given increasing emphasize on compliance and privacy, companies need to be very vigilant to make sure that data is secured as well as readily available when required."

In the end, companies need to have an "information perspective" on all aspects of their data storage, says Joe Martins, a partner at the Data Mobility Group LLC, a Nassau, N.H.-based storage analyst group. "They need to think of storage less as bits and bytes and put it in a business context. This is what makes effective storage management capabilities so important."

Permalink| Comments

IT Business Insider: Infrastructure

The Pros and Cons of Server Consolidation

From the Editors of IT Business Insider

One of the hottest prospects to address the high administrative, support and infrastructure costs of the data center is server consolidation. "In the long term, server consolidation is something you absolutely must do," says Tim Pacileo, executive consultant at Compass American Inc., a metrics-based IT consulting firm based in New York City.

However, along with consolidation's significant advantages, there are also significant challenges that may diminish its benefits. "The cost savings look great on paper," concedes Pacileo. "But once you consider all the factors, you understand that you might not realize all those savings right away."

Together At Last
Server consolidation involves gathering data and applications stored or running on two or more physical servers onto a single server. This reduces the number of physical machines required to meet all the processing and/or storage requirements of the data center. Some organizations take this concept a step further through virtualization, which makes a single physical server look like multiple logical servers. Either way, there are a number of ways in which consolidation reduces the data center's total cost of ownership (TCO):

savings. "With the current drive toward 'green' data centers, this is a major business driver," says John Sloan, a senior research analyst at Info-Tech    Research Group, in London, Ont., Canada.

Curb Your Enthusiasm
Before moving ahead with consolidation plans, though, data center managers must consider a number of challenges. Chief among them: disaster recovery. "You have to have a backup machine that has the same capabilities of each production server," Pacileo points out. "These hardware costs -- and the related support costs -- can add up, and reduce your anticipated savings."

An added detriment: In the past, when a server went down, it might inconvenience a couple of hundred people. Now, says Pacileo, "If you consolidate 30 servers onto one, and that goes down, you take down thousands of users. The risks are much greater."

Paradoxically, because it's so easy to create new virtual servers on existing hardware, many data centers find the number of logical servers proliferating, leading to higher complexity and greater related support costs.
"It's so easy to get as many virtual servers as you want without jumping through hoops," says Farmer. "People think, 'Why not just create another server?' without thinking through the ramifications."  (article continues)

Follow a Plan
Implementing an effective server consolidation is a four-step process, according to Chris Taylor, director of professional services at Evolving Solutions, a Minneapolis, Minn.-based consulting integrator specializing in server and storage virtualization:

Despite today's challenges, businesses looking to cut costs, increase utilization, and promote organizational effectiveness will inevitably choose consolidation. "As we move from decentralized, department-centric ways to manage computing resources back to a centralized model, reducing the number of servers is the required first step," Sloan says.

Permalink| Comments

IT Business Insider: Infrastructure

Outsource Your Data Center

From the Editors of IT Business Insider

Rapid change in technology is nothing new. But some things remain a constant: CIOs will always be under pressure to prove IT spending improves business growth and, at the same time, find ways to deliver more with less. These days, that means figuring out which parts of IT to keep in-house and which to outsource.

One logical conclusion, industry experts say, is to let someone else take over the organization's IT assets, or physical infrastructure. After all, says Laura DiDio, a research fellow at IT firm Yankee Group, based in Boston, Mass., "If you could get rid of an Excedrin headache, you would, wouldn't you?'

Someone Else's Headache
More and more IT departments concede that they don't have the budget to buy an increasingly complex infrastructure, let alone hire and train the technicians to service it. Outsourcing to a hosted environment offers an attractive solution. "The trend started several years ago, so moving the physical assets is not a new concept," says Eugene V. Zakharov, a senior analyst at Technology Business Research, Inc., an IT market research firm in Hampton, N.H. Recently, he adds, "I'm seeing more acceptance in the marketplace."

A hosted hardware model best suits companies that have data-intensive environments. Financial services and manufacturing industries are prime candidates. (article continues)

The potential advantages of outsourcing the infrastructure include:

Challenges Remain
For all the potential advantages, the decision to switch to a hosted data center is not a slam-dunk. The stumbling blocks include:

IT managers also experience a loss of control when the data crosses the firewall into a hosted environment. Says Bracco, "One of the things they are completely unsure about is how they are going to be able to track access and data bleed. Is that hosted environment really complying with the regulatory requirements of their industry?"

Caveat Emptor
Before you jump to a hosted data center, do a thorough due diligence. Is the vendor in a secure financial position? Does it provide quality products and services? Can the vendor show actual results it has delivered? Are they going to store sensitive information somewhere safe from hackers? How solid are the vendor's business continuity and disaster recovery services? How does the vendor deal with employee attrition?

When customers consider outsourcing, DiDio always advises them to have a liaison in the IT department who works closely with the outsourcer to determine what they're doing, if they're doing it correctly and whether they are doing it in the most efficient manner. "You need to be kept apprised and abreast of what you're hosting and ask them for the appropriate depth in the reports," she says. "You want to hear about the latest updates in hardware and the corrective action they took if there was a problem."

In the final analysis, bear in mind that just because equipment moves outside the physical walls doesn't mean you relinquish overall management for it. "This is a live, ongoing investment,' DiDio says. "Your data is still your primary asset, so you have to take responsibility."

Permalink| Comments

IT Business Insider: Infrastructure

Data on Demand

From the Editors of IT Business Insider

Ramiro Perez doesn't like to wait around. As purchasing manager for Copart Inc., a $500 million automotive services firm based in Fairfield, Calif. helping insurance companies process and sell "total loss" vehicles, his job is all about efficiency -- and that's as much about making sure his organization doesn't waste time as it is about controlling costs. That's why last year Perez convinced his IT director to sign up with ExpenseWatch, a hosted Web-based application for managing operating expenses.

"We run 120 sites throughout the United States and Canada," says Perez, "and the people in our organization who have the authority to sign purchase orders and invoices are always traveling. With ExpenseWatch, our executives can access expense reports, contracts, invoices and quotes as they need them from anywhere in the world. It's extraordinarily efficient."

Welcome to the era of on-demand software. Also known as software as a service (SaaS), these applications are enticing enterprises to move critical data from internally based systems to multi-tenant, hosted solutions.

Access Anywhere at Any Time
SaaS offers companies new solutions to the perennial problems of cost, risk and, most of all, access.

Although corporations have long provided employees with remote access to applications and data inside the firewall, on-demand applications make remote access the norm rather than an additional access route. For the most part, there's no client component allowing new users to sign up swiftly and easily. Employees can use any Internet PC (article continues)

equipped with a browser to gain access to critical data.

"There's no longer any need to go through the hassle of setting up employees to work through a virtual private network (VPN) to gain remote access, since all of the remote data resides online," says Eric Berridge, co-founder and principal of the Bluewolf Group, an IT consulting firm in New York, N.Y., specializing in helping enterprises move to on-demand applications. Bluewolf derives most of its revenues from implementations of Salesforce, an on-demand customer relationship management (CRM) application, and Open Air, a hosted, professional services automation (PSA) solution.

Instead of paying hundreds of thousands or even millions of dollars upfront to install on-premise software, companies pay hosted applications monthly subscription fees. Furthermore, these fees can be deducted as operating expenses rather than amortized as capital expenditures.

Hosted applications also result in reduced risk. Most on-premises application installations fail during an implementation process typically so bug-ridden that it can take years to complete. The time an on-demand service requires to get required functionality customized and ready to use is just weeks -- or even days. And if on demand solutions don't work, the customer can simply walk away -- no strings attached.

Earlier versions of SaaS often foundered on the issue of security. Companies were uncomfortable with the notion that their information crown jewels were residing on someone else's servers. But as more time passes without data breaches at on-demand vendors, companies are becoming infinitely more reassured about the safety of their data. "Security is a non-issue as far as we're concerned," says Perez. (article continues)

SaaS-y Promises
Hosted applications provide further advantages which, while less obvious, save time and boost an organization's bottom line. These include:

More reliable off-site backup Many companies are beginning to see that SaaS' built-in off-site data storage makes it a perfect solution for their data recovery and business continuity needs, says Jeffrey Kaplan, managing director of THINKStrategies, a consulting firm based in Wellesley, Mass. "It's one of those unintended benefits that has increased in importance as people become more aware of what SaaS can do," he says.

Compliance with regulatory mandates Most companies are facing increased regulatory mandates, either because of universal laws such as Sarbanes-Oxley (SOX) or industry-specific regulations like the Health Insurance Portability and Accountability Act (HIPAA). Most on demand solutions offer automatic compliance with these regulations, says Kaplan.

Cheaper archiving After instant and always available data access, the main reason Copart chose ExpenseWatch was because the archiving of critical information could be achieved less expensively than with an on-premises solution. "Document retention was huge for us," says Perez. "Otherwise, we would have had to invest in servers, bring them in-house and hire personnel to maintain them."

Easy transition to globalization Because on demand applications are so easily scalable, as well as being instantly available in other languages, many international companies are turning to them as well. "An on-premises solution generally requires installing a whole new version of the software. It's much easier to switch between languages and currencies (with a hosted application)," says Berridge. "All it takes is a click of a mouse."

The bottom line: Any company looking to cut implementation costs, reduce network-operating risk and provide near-universal data access should further investigate whether SaaS' promises pay off.

Permalink| Comments

IT Business Insider: Infrastructure

Social Network Security

From the Editors of IT Business Insider

Social networking sites are designed to let people reach out to one another. As virtual communities of professions and connections to experts, they can be valuable business resources. But these very interactions that make networking sites valuable are the same ones that can leave corporate networks vulnerable to IT security breaches.

This is becoming an issue as several virtual communities have sprung up that are geared to business executives. These include Ryze, Xing (formerly OpenBc), Ecademy, Hoover's Connect, Spoke and Vshake.

"They definitely pose a problem," says Andre Protas, a researcher at eEye Digital Security Inc., an enterprise security software and research firm in Aliso Viejo, Calif. "Most of these websites were not created with security in mind.'

Often, these types of communications paths bypass security measures that have been put in place to protect the enterprise, such as firewalls, IDS/IPS, personal firewalls and gateway anti-virus systems, adds Doug Howard, chief operating officer at BT Counterpane, a security firm in Chantilly, Va. "Through peer-to-peer and other technologies that bypass corporate security, you create additional risk for an enterprise."

Protas says he's seen "a proliferation of vulnerabilities" on social networking sites recently. A case in point: the worm that targeted MySpace users, changing the links of their home pages and redirecting them to phishing sites. "That was a pretty serious first punch to MySpace and to social networking sites in general,' he says. (article continues)

Some Sites are Safer
At LinkedIn, which bills itself as world's largest business network with 8.5 million users, officials say they are mindful of the potential for security breaches. They claim protections have been built in to allow users the flexibility of deciding what information they want to share, and what they would prefer to keep private.

"Privacy and protected communications are key elements of LinkedIn,' says Allen Blue, vice president of Product Strategy, at LinkedIn in Palo Alto, Calif. "We have created communication and browsing systems, which allow all participants - browsers, message-senders and recipients - to show or hide as much information about themselves as they like, and to protect private information (for instance, email addresses) until they are ready to share that information."

Vshake founder Sagi Richberg says his site was built with privacy and security protection in mind and the site eliminates spam by acting as a proxy for visitors.

"Even after you pay to contact someone, we act on your behalf as a proxy. You don't get the person's email or telephone number; everything is done via our system and we send the email on your behalf," says Richberg in Ashland, Mass.

As an added security measure, Vshake also has what Richberg calls a "unique verification system." If a Vshake visitor decides to verify him or herself on the site with a driver's license or other identification, lending credibility to the communication, Vshake will send that person a letter with a random, system-generated number via snail mail. (article continues)

The visitor then has to input it onto the website for the verification to be accepted. "That means you are who you are,' Richberg explains. "Anyone can go to any social networking site and say they're Bill Gates and claim to know people they don't really know. That's another layer we have that no one else has."

Always Employ Basic Security Measures
Protas says the easiest way for IT to prevent network vulnerabilities is simply by using software that lets administrators decide which sites people can access and which sites are blocked. "I would suggest there is no benefit for [corporate] users to be on MySpace so IT should block it. People are spending so much time on it that it's a huge productivity loss."

Howard concurs. "The recommendation is usually to not allow employees to use sites that utilize peer-to-peer communications," he says.

But in lieu of that, since, according to Protas, "there's really no way to filter out the good MySpace from the bad MySpace," IT should make sure every computer on the network is covered with basic Internet security software covering zero day, anti-virus, anti-phishing and spyware protection.

Howard also recommends that the enterprise communicate overall best practices to their employee on a regular basis. These include:

"It's hard to draw the line to decide what to allow and what not to,' admits Protas. "So if you're going to try and block users from these sites, make sure you protect the end points."

Permalink| Comments

IT Business Insider: Infrastructure

Five Critical Criteria for Server Virtualization

From the Editors of IT Business Insider

Virtualization is the topic du jour among IT professionals. As CIOs continue to search for more efficient - and cost-effective - ways to manage the data center, the promise of being able to do more with fewer resources is spurring a large proportion of enterprises to test the virtualization waters.

Server virtualization is defined as a technology that allows you to transform a physical computing resource into a logical one. The technology can be implemented as a single physical machine that operates like multiple servers, or multiple servers that appear as a single machine. Either way, it promises significant benefits, among them better hardware utilization, improved load balancing, more flexible provisioning, lower power consumption and reduced data center personnel costs.

"Virtualization allows organizations to better utilize their resources, as well as have the ability to respond quickly and agilely to changing business needs," says Barb Goldworm, president and chief analyst at Focus Consulting, a Boulder, Colo.-based research firm specializing in systems and storage. "It's a very powerful technology."

But as is often the case with new technologies, the reality may not live up to the promise. (article continues)

The Right Steps to Real Results
How can you maximize your chances of getting the results you want?  Before implementing the technology, there are critical factors to take into account. The top five actions include:

The bottom line: "It's too early to give a recipe for success" in the fast-changing virtualization field, says Iams. "But the cost savings, increased efficiency and increased agility are proving very attractive."

Permalink| Comments

IT Business Insider: Infrastructure

The New Virtues of Virtualization

From the Editors of IT Business Insider

After being sidelined for years by low-cost PCs and servers, the virtues of virtualization are re-emerging. Its adoption is accelerating among companies of all sizes. "The world will be virtualized in several years," says Sal Capizzi, senior analyst at the Boston, Mass. based Yankee Group. "In five years, they'll be doing things you wouldn't even think about today."

The most immediate benefit for administrators is simplified storage management. Virtualization storage software lets administrators manage disk arrays of different types from different manufacturers and scattered in different locations as if they were a single pool of hard disks. This makes daily tasks, like allocating the correct amount of storage to any particular application, a straightforward operation rather than a complex calculation.

Virtualization also streamlines as well as simplifies storage management. Because applications are no longer mapped to specific physical storage devices, disk space doesn't need to be held in reserve for them. This load balancing improves application performance and allows disk space to be used more efficiently.

A less-visible but equally significant advantage: storage virtualization eliminates application downtime. Many tasks that once required applications to be brought down -- swapping out servers whose leases have expired, archiving data, performing backups -- can now be executed without any impact on the application.

More Space for More Storage Functions
Storage managers may find that virtualization increases their choices of disk hardware. Managing a heterogeneous storage environment becomes much simpler in a virtualized environment, where applications no longer interface directly with storage devices. "It wouldn't matter what the hardware is; the application wouldn't worry about that," says Capizzi. Managers are freer to mix and match hardware from different vendors, and to substitute lower-cost for higher-cost disk hardware. (article continues)

However, it's not yet clear whether virtualization will result in more or less demand for storage. Since storage can be used far more efficiently, Capizzi makes the case that managers will be buying "less hardware, fewer storage arrays, fewer servers." On the other hand, he notes, virtualization "might make it possible to do things that you couldn't do before" -- which would require more storage capacity.

Many SMBs, Capizzi says, were never entirely comfortable with the level of backup they were performing or with their preparedness for disasters. Virtualization now makes it economically feasible for them to seamlessly replicate data to a second site on a daily basis. But new functions like disaster recovery could require more storage capacity than is saved by virtualization's increased efficiency.

NAS' New Appeal
Storage-area network (SAN) and network-attached storage (NAS) technologies will both continue to be used as virtualization becomes more prevalent. Capizzi says that virtualization "doesn't make anything obsolete that's there today."

For the most part, the choice between SAN and NAS is driven by whether an application requests data in files or in blocks. Office applications such as word processing typically store data in discrete files, making NAS structures preferable, while DBMSs typically access data in i/o blocks, giving the edge to SAN storage.

Because of the way its disk drives are accessed, SAN is often selected for complex applications that require intensive disk use and high performance, such as replicating data from numerous servers, and for applications requiring a particularly high level of reliability. NAS gets the nod for simpler applications -- and it comes with a less-expensive price tag. (article continues)

To the extent that there is a choice of storage technology, virtualization may provide a boost to NAS.

The reason, according to Farid Neema, president of research firm Peripheral Concepts in Santa Barbara, Calif., is that virtualization addresses NAS's greatest weakness -- its scalability. Placing more than five or 10 NAS on a network can cause serious management and performance problems. "They each had separate operating systems and separate file systems -- it was a nightmare to manage," Neema says. "But virtualization has completely solved that problem. Now, you see only one file system, managed as one pool of storage."

As a result, while SAN was once the predominant storage technology, virtualization has put NAS almost on a par with it. The emergence of NAS as a solution equal in status to SAN is demonstrated, Neema says, by the recent spate of "consolidated" or "unified" storage solutions that allow storage administrators to manage both SAN and NAS from a single vantage point.

Another indicator of NAS' new appeal is found in Peripheral Concepts' recent survey of end users, which finds that the percentage of data stored on NAS is growing along with NAS virtualization. The number of sites storing more than 30 percent of their data on NAS has increased from 25 percent in 2004 to 44 percent in 2006.

The bottom line: If you are implementing storage virtualization, NAS' increased manageability may increase functionality and cut costs.

Permalink| Comments

IT Business Insider: Infrastructure

Building Better IT SWAT Teams

From the Editors of IT Business Insider

It's an unpleasant and unavoidable fact of life: IT organizations are almost always in problem-solving mode. And the best way to address unusual, urgent or one-time issues is to create temporary IT "solution teams."

The experts on these SWAT teams - the apt acronym for Special Weapons and Tactics - have the skills and tools to solve problems quickly and efficiently under intense time pressure. But it's important to keep in mind that you are bringing together people who may never have worked as a team before, and in larger organizations, they may not even have ever met.

There are right and wrong ways to build, train and maintain these crucial resources. Here are six ways that work.

Appoint a team leader. Forget everything you've heard about peer management. According to Katherine Spencer Lee, executive director of Robert Half Technology, in Menlo Park, Calif, the self-governing team is a myth. "You've got to have a team leader," she says, "and that person needs to have more than just technical skills." In particular, "good communications skills - both oral and written - are essential."

A leader is vital in cases where the team has been assembled from different departments. Someone acting as a coach or facilitator can help get the group to gel. This might be a role taken by the project manager; it might be formally assigned to someone with those specific skills or it might just be naturally assumed by a team member who has a talent for bringing people together. (article continues)

Balance individual accountability with a clear chain of command. The best teams don't necessarily duplicate skills, says Dean Meyer, chairman of NDMA Inc., a management-consulting firm based in Ridgefield, Conn. "Each member of the team needs to understand the specific contribution and/or deliverable that he or she is responsible for, and not meddle in other people's domains," he says.

Find - and involve - people from other disciplines. It's rare that a technical problem impacts only IT. "Once you make changes to an application, to the infrastructure or to the network, there are implications for anyone who uses those resources," says Jeff Gibson, vice president of consulting for The Table Group, a managing consulting firm based in Lafayette, Calif. "You need to have all the stakeholders represented on that team." In particular, members of the affected user community must have someone participating in order to come up with a solution they will be satisfied with.

Clarify the loyalties of team members. Because the team is temporary, by implication all members of it have other "real" jobs to do. To avoid cases of divided loyalties, members must know their responsibilities on the team and how that time commitment relates to their regular job. "Managers must be exceedingly clear about the priorities," stipulates Gibson. "If someone is expected to give 100 percent to the team, that has to be approved by his or her manager - and everyone must be very clear about how it will work on a practical basis from day to day." (article continues)

Establish firm boundaries. A temporary team is just that - temporary. The exact charter for its existence, including its timeframe, deliverables and deadline, must be carefully delineated in advance of the first meeting of the team. "If you don't provide an end date, or sufficiently detailed criteria about what constitutes the success of the project, then the so-called temporary team can easily turn into a standing committee," says Johanna Rothman, president of the Rothman Consulting Group, in Arlington, Mass. "If at all possible, make the goal something measurable; certainly make progress toward it something you can track."

Be prepared to disperse the team if necessary. Just because specific deliverables - and viable deadlines - have been established up front doesn't mean that the team must stay together to the bitter end. "Every healthy IT organization has a methodology for evaluating and killing troubled projects," says Raj Kapur, vice president of the Center for Project Management, in San Ramon, Calif. "You need to keep ascertaining that your resources are allocated where they can provide the most value. If things clearly aren't working out, you need to cut your losses and move on."

The bottom line: The best way to get a team acting like a team is for them to start working together.

Permalink| Comments

IT Business Insider: Infrastructure

The Heat Is On

From the Editors of IT Business Insider

A strange thing happened when St. Louis, Mo.-based Sisters of Mercy Health System began populating its data center with new servers. "We ran out of power capacity,' says Bill Hodges, director of the data center at Mercy, the ninth largest Catholic healthcare system in the country. Mercy found that the servers were smaller and denser and took up less space. But on the flip side, they required more power and cooling, as well as a bigger generator to handle the increased load.

Then the domino effect kicked in. "Now I have to increase the capacity of the infrastructure that supports the data center,' says Hodges. "You fix one thing, but then there are four other areas you have to upgrade to leverage what the technology changes are allowing you to do."

With a trend toward smaller servers and blade servers, enterprises are now able to get more hardware into a single rack than ever before. However, they're finding that improvement to be a double-edged sword because the smaller server size equals greater power consumption. And if companies don't upgrade to accommodate the new equipment, they'll find themselves only able to use a fraction of their data center's floor space.

"We're seeing increased density in data centers because more CPUs are being packed into a unit of volume,' explains Dan Golding, a vice president and senior analyst with Tier1 Research in New York City. "Each chassis is taking up a tremendous amount of power to do its computing. One of the laws of engineering is if you take in a lot of power to do computation, something has to be done with that power, which is turned into heat eventually." (article continues)

Power, Power Everywhere
And it's not just the processors that are getting more powerful -- the same thing is happening to storage devices and Ethernet switches, which take more power to handle more bandwidth, Golding adds. There is more capacity in data centers "to the tune of fifty-times the processing power, and a hundred-times the storage and networking capacity in a single cabinet. And that means you're using much more power and that's generating much more heat," Golding says. At the same time, because generators and air conditioning units are only so big, data centers are running out of power.

According to research firm International Data Corp., 40 percent of data center end users report that power demand is greater than the supply. What's the answer? Ideally, says Golding, outsourcing or building a better data center designed with more power and greater cooling capacity per square foot. "Designers and electrical and mechanical engineers are designing for large enterprises two to three times the cooling and power capacity than what presently exists,' he says.

"The goal is to guarantee the inlet temperature to the IT equipment so the fans are always pulling in the same temperature as the air,' says Kevin Dunlap, director of business strategies, Cooling Group, at American Power Consumption Corp (APCC) in St. Louis, Mo. "The easiest way for us to guarantee that temperature is to remove heat from the back of the server and not give it a chance to mix with the air in the rest of room."

It's more efficient to cool at the row level, he says, because when air is blown from a source that's much further away, the air has to be cooled down to a much lower temperature, which takes more energy.

Dunlap says for energy saving reasons, the new servers "pull back" when they're not being asked to do lot of computing. But the cooling system has to be able to respond quickly and the power has to be there to support the equipment when it springs to life again.

"As computing loads moves around the data center, the power and cooling has to move around data center to mirror that compute load,' he adds. "That's the next challenge we're facing." (article continues)

Plan to Scale Based on Demand
When planning the layout of a data center, Dunlap recommends thinking about how much capacity is needed today and populating it for current needs, and then matching the energy consumption rack by rack. Then as racks are added, it will be possible to also add cooling units and scale as the computing needs grow, so you're matching the capacity to the demand.

Hodges says APCC's hardware enabled Mercy to tap into the building's power supply and redirect capacity that wasn't being used, which gave them the ability to extend the life of their existing data center. On top of that, APCC's components are modular and can be moved when Mercy ultimately builds its new data center five years down the road.

Since most enterprises have a three- to seven-year equipment replacement cycle, experts suggest doing a usage inventory and then ensuring that power is supplied only to the racks that are being used. "We've seen a shift from cooling the room in general to looking at a room as a large heat source and trying to cool it with a big air conditioning system,' says Dunlap, "to targeted cooling solutions where each individual rack has its own row or rack. So it's much more one to one."

Permalink| Comments