Professional Documents
Culture Documents
Modern Infrastructure
Citrix Synergy and Modern Infrastructure Decisions Summit
Creating tomorrow’s data centers
Home
Editor’s Letter
Mad About
Microsegmentation
EDITOR’S LETTER
Break It Down
#HASHTAG
Twitter on
#Hashtag #DevOps
Cloud Backup
Correction
You Will Be
IN THE MIX
Get Over It
Microsegmentation Assimilated
Breaking up is hard to do.
Home
Editor’s Letter
Mad About
Microsegmentation
Break It Down public cloud, and sometimes (often), cloud-based appli-
cations aren’t being properly protected. In “Cloud Backup
Correction,” I describe what tools are available to backup
#Hashtag cloud-based apps, some novel approaches to backup that
cloud makes possible (Lambda function, anyone?), and
Cloud Backup
Correction
some backup challenges that have yet to be solved.
THESE DAYS, THE technology industry seems fixated on All this complexity has some IT pros throwing in the
Survey Says breaking things apart into ever-smaller units for greater towel—at least, when it comes to undifferentiated tasks
levels of “granularity.” Traditional standalone applications like security and backup. With the pain of a recently sur-
Show Them are maligned as “monoliths” that must be broken apart faced Linux vulnerability fresh on his mind, contributor
The Money
in to their component pieces, or “microservices.” Broad- Bob Plankers makes a bold suggestion: “Let’s throw it all
brush security that covers an entire network is deemed away” and move applications out of the data center, and
Overheard
insufficient, to be replaced by “microsegementation”—ap- adopt software as a service versions thereof. “Why are you
The Next Big Thing
plying security policies on a per-workload basis. running your own three-tier application when you could
But breaking up is hard to do. In his story, “Mad About just buy the product in ready-made form?” he asks. Mov-
In The Mix Microsegmentation,” senior technology editor Stephen ing applications to infrastructure as a service doesn’t cut
Bigelow lays out some of the pitfalls that will befall opera- it—it won’t protect you from having to remediate vulner-
tors as they go down this road. For instance, many network abilities such as CVE-2015-7457. Cutting to the chase and
and security tools don’t provide the necessary visibility in adopting SaaS frees IT up to be much more productive,
to traffic patterns and relationships between applications as “the time we spend patching and maintaining our old
that microsegmentation demands. applications, which will never be anything but an anchor,
Breaking with tradition is hard too. For decades, one are drowning us in the past.”
of IT’s primary responsibilities has been to protect its In other words, if it ain’t broke, don’t fix it. But if it is
systems from catastrophic failure by performing regular broken, by all means, do! n
point-in-time backups that can get back to a known good
state. In the data center, that meant agent- or image-based ALEX BARRETT is editor in chief of Modern Infrastructure.
backup tools, but those tools don’t map cleanly to the Contact her at abarrett@techtarget.com.
Mad About
rimeter security is breached.
Microsegmentation promises a series of benefits for the
business, but imposes some prerequisites and potential
HOME
MODERN INFRASTRUCTURE • MARCH 2016 3
Network segmentation offers elementary tools to boost been sparked by software-defined networking (SDN)
Home
network performance and introduce simple security in and software-defined data center (SDDC) technologies
Editor’s Letter
traditional static networks. capable of abstracting hardware. Before the advent of soft-
Microsegmentation builds on this elementary idea ware-defined technologies, any sort of microsegmentation
Mad About by abstracting new layers of virtualization and control. initiative would require traditional physical firewalls
Microsegmentation With microsegmentation, the data center is divided (seg- and VLANs. The manual effort involved in configuring
mented) into logical units, which are often workloads or internal firewalls for east-west traffic control—and then
#Hashtag applications. IT can then tailor unique security policies maintaining those configurations over time—was simply
and rules for each logical unit. The idea is to significantly too complex and costly. By contrast, SDN and SDDC ca-
Cloud Backup
Correction
reduce the surface available for malicious activity and pabilities support on-demand provisioning, the flexibility
restrict unwanted lateral (east-west) traffic—such as an to change parameters, and the ability to enforce security
Survey Says attack—once a perimeter is penetrated. Since policies are across each VM.
tied to logical segments, any workload migration will also
Show Them move the security policies. This eliminates the tedious,
The Money
error-prone manual configuration processes that often BENEFITS OF MICROSEGMENTATION
lead to security flaws. Traditional firewalls can remain in place to maintain
Overheard
“Microsegmentation is the application and enforce- familiar perimeter (north-south) defenses, but microseg-
The Next Big Thing
ment of security functions as close as possible to the given mentation significantly limits unwanted communication
application,” said Pete Sclafani, COO and co-founder of between workloads (east-west) within the enterprise.
In The Mix 6connect, a software and services company that offers This zero-trust approach addresses the dramatic shift in
network resource provisioning and automation. “In the network attack patterns where attackers penetrate the
past, this has been centralized ‘up the stack’ so there are perimeter and bide their time to watch activity, inject
quite a few gray areas that open the door for security issues malware and gain control of key systems—finally to steal
even if policies are properly configured.” valuable data or disrupt business activities.
Microsegmentation isn’t new, but its adoption has Software rules-based behavior also allows micro-
Home
#Hashtag
Twitter on #DevOps
Editor’s Letter
Mad About
Microsegmentation
#Hashtag
Cloud Backup Jacob Lane Steve Fitchett Chris Cowley Dan Johnson
Correction @jacob_lane2015 @ScotsExcile @chriscowleyunix @penguin_dan
Survey Says By 2018, 90% of organi- #Devops the “No you can’t restart Tool diversity is
zations attempting to speed to succeed that server ever” is the great and frustrating.
use #DevOps without #ibminterconnect wrong answer #devops #devops
Show Them specifically addressing
The Money their cultural founda-
tions will fail. @Gartner
Overheard
In The Mix
If you have no failures Main #DevOps Sometimes, not It’s when the CatFacts
and not introducing frustration? Getting always, you have to tape slackbot goes down
few defects here and the board to understand together a stick and that even a seasoned
there, you are not that DevOps is NOT a knife and improvise anthropologist will learn
moving fast enough. ‘just an IT issue’. It’s a a crappy spear, don’t something about the
Embrace challenge!— business issue. Is this get used to it! #devops #devopsculture
#devops #agile common? #startup
Cloud Backup “Some people are doing nothing, some people are
designing custom backups, and some people are doing
completely other things,” Haletky said.
Correction Cloud backup players agree. “I’d say that 50% of the
time I talk to potential customers, the value of cloud-to-
cloud backup is still evangelical,” said Dan Flanigan, di-
The need to do backups hasn’t changed,
rector of product management at Datto, whose Backupify
but the way we do them has.
service protects hosted applications such as Office 365 and
BY ALEX BARRETT
Salesforce. “People are like, ‘Isn’t that one of the reasons I
put it in the cloud in the first place?’”
But those people don’t know how wrong they are.
CREATIVE-IDEA
HOME
MODERN INFRASTRUCTURE • MARCH 2016 9
RESILIENCY VS. RECOVERABILITY and Salesforce. For example, with Salesforce, there are
Home
Cloud service providers move heaven and earth to ensure a lot of non-technical admins with sales and marketing
Editor’s Letter
that their underlying infrastructure is highly resilient, and backgrounds, and that can lead to mistakes and miscon-
services built on top of it aim to remain up and running figurations. Nor will Salesforce make it easy to get your
Mad About despite a data center outage. data back, he added. Data recovery is expensive (starting
Microsegmentation “These cloud platforms are inarguably more durable at $10,000); time consuming (recovery can take as long
than what you can stand up yourself,” said Jason Buff- as two to three weeks) and “best effort”—i.e., the provider
#Hashtag ington, senior analyst at Enterprise Strategy Group in will give you a CVS file—but not a lot more.
Milford, Mass. Applications that are migrated to the cloud The good news is that services such as Spanning and
Cloud Backup
Correction
or built there natively can piggyback on that underlying Datto can help back up—and easily recover—popular
resiliency using availability zones, or by replicating across hosted applications, and support for more software as
Survey Says regions. But there’s a big difference between being resil- a service (SaaS) apps on the way. The bad news is that
ient, and recovering your data. organizations running cloud applications on top of in-
Show Them “What a lot of people don’t get is the difference between frastructure as a service (IaaS) must think long and hard
The Money
productivity and preservation,” Buffington said. An ap- about their backup strategy, because there’s no one right
plication may be very productive because it is replicated way to back up a cloud-native app, and traditional backup
Overheard
many times across many availability zones and virtually techniques don’t map well to this new world cloud order.
The Next Big Thing
immune to an outage, but “if you edit a telephone number
incorrectly in Office 365, it’s happily replicated n times
In The Mix around the globe—it is still just as invalid.” WAYS TO SKIN THE BACKUP CAT
Unfortunately, mistakes happen with alarming fre- There is no shortage of ways to copy data. Back in the vir-
quency, thanks to cloud’s tendency to democratize systems tualization heyday, the preferred method was to use data
administration, said Jeff Erramouspe, vice president and protection software that backed up or replicated entire
general manager at Spanning, a backup provider owned virtual machines from the hypervisor layer, for example
by EMC that offers services from Office 365, Google Apps Veeam Backup, or replication software from Zerto.
n The need to do backups hasn’t changed, but the way we do them has.
HIGHLIGHTS n Backing up cloud-based apps is complicated, and there are no clear practices.
n Cloud providers move heaven and earth to ensure their underlying infrastructure is resilient.
Home
Survey Says
Disaster recovery plans not frequently checked
Editor’s Letter
Mad About
Microsegmentation
D Which of the following DR tools D How many TBs or PBs of data will you
and/or technologies do you need to quickly recover in the event
#Hashtag
currently have in place?* of a disaster or major interruption?
Cloud Backup
Correction
34%
Less than
Survey Says 10 TB
*MULTIPLE SELECTIONS ALLOWED; N=660; SOURCE: DISASTER RECOVERY/BUSINESS N=192; SOURCE: CLOUD AND VIRTUALIZED SYSTEMS MANAGEMENT SURVEY
CONTINUITY SURVEY
Show Them
the Money
Business value dashboards help operations
teams justify their spending. IN A WORLD ever more obsessed with getting the most from
BY ALAN R. EARLS the least, IT often comes under harsh scrutiny. Exactly
what is the point of all that spending and what does it
accomplish, the bean counters ask? Well, now there may
finally be a means to provide those answers, painlessly
and reliably.
The concept of the Business Value Dashboard (BVD)—a
marriage of IT and business data collecting—originated
with research firm Gartner, and has been adopted by
established players such as Hewlett-Packard Enterprise
(HPE) and newer companies as well. It’s a buzzword
aimed squarely at the push for infrastructure and opera-
tions (I&O) teams to justify their expenditures, and show
how their initiatives relate to the company’s bottom line.
BVDs, by their nature, are comprehensive and adaptable
and can readily incorporate data on cloud resources.
What’s more, some are even software as a service based.
For any I&O team, a dashboard can be a useful way
to access and communicate metrics to demonstrate the
business value of IT and chart progress on corporate goals.
“The challenge that faces our clients is that they are
increasingly asked to prove what I&O contributes to busi-
ness value,” said Gary Spivak, a Gartner research director.
With the massive amounts of data being collected already,
RAMCREATIV
HOME
MODERN INFRASTRUCTURE • MARCH 2016 15
that raises multiples issues, including simply selecting watches in the BVD space. “The original problem Pure-
Home
which metrics to present. Additionally, determining what Share aimed at was providing a single system of opera-
Editor’s Letter
most concerns the business really requires input from the tional metrics surrounding an enterprise IT environment,”
business side. he said. That involved PureShare setting up and amal-
Mad About “There is a tendency to just pass along the information gamating metrics for everything from space and cooling
Microsegmentation that IT uses to run IT.”
Overheard
In The Mix
Home
Overheard @ Container World
Editor’s Letter
Mad About
Microsegmentation
#Hashtag
“The only “Containers is one of
Cloud Backup thing that those technologies
Correction
refactoring that every time I use it,
does better I want to use it more.” “Did Docker
Survey Says
than contain- PATRICK CHANEZON, Docker developer
make micro-
erization advocate, on why he joined the company services
Show Them
The Money is leverage more popular,
cloud-native or was it
Overheard
features.” vice-versa?
DAVID LINTHICUM, “In my time at Amazon, I suspect
The Next Big Thing
Cloud Technology
I have not seen that they’re
Partners, on using
In The Mix containers to migrate anything take off so symbiotic.”
applications to the ANGEL DIAZ, IBM
cloud fast as Docker.” vice president cloud
DEEPAK SINGH, general manager architecture and
for AWS Container Services technology
Home
Editor’s Letter
Mad About
Microsegmentation
You Will Be for experts to dive deep under the covers to work through
levels of complexity when things inevitably go wrong.
#Hashtag Assimilated That makes for more impactful and satisfying jobs. And
let’s be honest—convergence is far less threatening than
It’s time for IT to get over the public cloud.
Cloud Backup
Correction its fears about convergence.
BY MIKE MATCHETT
Survey Says UNLOCKING HYPER-CONVERGENCE
Early converged infrastructure was attractive to larger
Show Them enterprises hoping to eliminate deployment risk, speed
The Money
time to value, and reduce management OPEX. Some en-
terprises were willing to pay a premium to just reduce the
Overheard
I FEEL LIKE the Borg from Star Trek when I proclaim, “IT number of vendors they work with. Fully racked conver-
The Next Big Thing
convergence is inevitable.” gence (e.g., EMC/VCE vBlocks) however do not present
Convergence is a good thing, a mark of forward prog- much of a “start small and grow as you need” option, and
In The Mix ress. And resistance to convergence is futile. It is a great we’ve long heard rumors about such systems “unblocking”
way to simplify and automate the complexities between back into silo management domains as needs, features,
two (or more) maturing domains and drive cost-efficien- and applications diverge from original plans.
cies, reliability improvements, and agility. As the opera- If virtualization was a key enabler of converged infra-
tions and management issues become well understood, structure, then software-defined has unlocked hyper-con-
new tools will take advantage by converging both into an verged infrastructure (HCI). Somewhere underneath
integrated resource. software-defined resource x, there is still a real processor
Some reluctance to convergence does happen within core, a persistent storage bit or a network cable. But with
some IT organizations. Siloed staff might suffer—con- software-defined resources, we’ve moved a lot of func-
vergence threatens domain subject matter experts by tionality up out of hardware and into mutable, fungible
embedding their fiefdoms inside larger realms. That’s not and dynamic software. This takes advantage of growing
the first time that has happened, and there is always room compute density and the shrinking cost of compute.
Survey Says CONVERGENCE GROWS We will soon see hyper-scale convergence in a ready to
In 2016, we’ll see convergence enter new areas. consume package for the rank and file IT organization—
Show Them cloud-like hosting architectures that leverage container-
The Money n Data Protection. We’ll definitely hear more about how ized resources and applications where it’s hard to discern
data protection is being converged into traditional stor- what’s virtual and what’s real. The data center of the future
Overheard
age, software-defined storage, and HCI tools. We already will be able to span transparently across infrastructure
The Next Big Thing
have cloud gateways and fully hybridizing cloud-enabled options (e.g., public, private, collocated, shared, dedi-
storage such as Microsoft StorSimple. Expect to see in- cated) as application service goals and cost optimization
In The Mix creasingly complete convergence offerings that span data opportunities dictate.
ingestion (i.e., data lake platforms) through operations, What’s still needed is automating IT predictive intelli-
analysis, archive, backup, and BC/DR. gence across the whole spectrum of infrastructure. Each
bit of virtually hosted, software defined, containerized
n Edge.Keep an eye on the edges of the enterprise too, micro-served resource represents a new management
whether remote office/branch office, regional office, or challenge. But if computers can now drive our cars and
Internet-of-Things things. Riverbed’s SteelFusion is a good play the ancient game of Go at the master level, it seems
example of edge hyper-convergence combining remote that convergence is inevitable. May we all live long and
computing, WANO, and projected datacenter storage into prosper! n
stateless remote appliances.
MIKE MATCHETT is a senior analyst and consultant at Taneja Group.
n Data center. VMware is leading the charge here with Contact him at mike.matchett@tanejagroup.com.
Home
Editor’s Letter
Mad About
Microsegmentation
Get Over It Rackspace, Digital Ocean and so on. And it’s underneath
most of our on-premises infrastructure, too.
Whether it wants to or not, IT Even more important than being in our infrastructure,
#Hashtag must embrace the future. this vulnerability is in our applications. The applications
BY BOB PLANKERS I run in my on-premises private cloud are affected. The
Cloud Backup
Correction
applications I run in the public cloud are affected, just as
if they were on premises. In fact, it’s likely worse, since
Survey Says the applications in the cloud don’t have as many security
controls as my on-premises instances. On its face, infra-
Show Them structure as a service (IaaS) doesn’t save us from any of
The Money
BY THE TIME you read this someone around you will be wor- these issues.
rying about CVE-2015-7457. CVE numbers are assigned I often say that the journey to the cloud isn’t a techno-
Overheard
to entries in the Common Vulnerabilities and Exposures logical journey. It’s a journey for the people in IT. People
The Next Big Thing
database, essentially a big, government-sponsored catalog who have done it nod their heads knowingly; people who
of security problems. CVE-2015-7457 is a particularly bad haven’t think I’m crazy. While IaaS doesn’t save us from
In The Mix one, where a problem that lies deep in a Linux operating the need to remediate critical security vulnerabilities,
system library, glibc, exposes every application and pro- just like we did 10 years ago, it allows us to change our
gram that uses DNS. An intentionally malformed DNS processes. That’s because we can instantiate new con-
response can help someone break into your applications. tainers, new virtual machines, and new operating system
“DNS … I’ve heard of that,” you say, jokingly. But it’s images in seconds, and we can treat those components as
no joke. disposable. When something is wrong we throw it away
This vulnerability has been in Linux for eight years, and get a new one. A security problem certainly qualifies
a long time in IT. Long enough to be present in all the as something wrong.
underpinnings of everything that powers our enterprises The big problem is that, with enterprise software, we
and clouds. Whole economies and companies have come can’t just throw an instance away and deploy a new one.
and gone in the time this problem has been stewing in Software vendors like Oracle and Microsoft don’t let us,
our infrastructure. It’s underneath everything that is AWS, or have no automation capabilities, or no support for us
In The Mix
Editor’s Letter
© 2016 TechTarget Inc. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the publisher.
TechTarget reprints are available through The YGS Group.
About TechTarget: TechTarget publishes media for information technology professionals. More than 100 focused websites enable quick access to a deep store of news, advice and
analysis about the technologies, products and processes crucial to your job. Our live and virtual events give you direct access to independent expert commentary and advice.
At IT Knowledge Exchange, our social community, you can get advice and share solutions with peers and experts.