Slashdot Mirror

Theres a nice little intro to nmap over at 360, where they award it #1 on their list of top security tools. Its a good starting point for those who wonder what the fuss is about. AG

Theres a nice little article here (basic reg. required) contrasting VMware and Citrix XenServer, where the end user was forced to abandon VMware (their default choice) after suffering performance problems and after 6 months of back and forth with tech support and engineering at the vendor. In the end XenServer delivered 2x the real world performance on identical hardware with a default install. Not all workloads are equally well virtualized! N.

If you'd dropped my company a line we'd have offered a supported trial with an allocated engineer (okay, time spent would depend partly on potential size of a deployment...) but you'd certainly have spent nothing finding out what the product could and could not do in a supported way. We'd probably both have learnt something, I love real-life tests :-) Sometimes there are benefits in NOT buying direct off the vendor's web store :-) End of outrageous plug! Oh, we also do VMware, I guess what Im saying is that deployment is about more than just the upfront sticker price of the product.
PK

Does VMware still require an extra management server?

The product doesnt seem to have moved on much since I last looked at it 3-4 years ago. Sure, more management/orchestration tools like lab manager, but the core ESX product seems to have only had a name change.

Is there a definitive list of Xenserver clients? I see some listed here but is there an official Citrix list?

AG

Like Citrix XenServer. That way I can have a supported virtualization layer (XenServer), Application Management (XenApp, Presentation Server), and client (good old ICA). This just leaves me the decision on whether to take the plunge with true thin clients or stick with my laptops and desktops for now. Since there are now several thin client manufacturers around, I have plenty of choice.

I am no Microsoft fan... but since one-product companies like VMWare haven't tended to have good prospects after Microsoft enters their market. Netscape Navigator anyone? How about that hard disk compression company? Unfortunately I think VMWare's future is pre-determined.

AG

We ended up virtualizing on a little known platform which sounds exactly like the kind of server you are talking about. Big on RAM, modest on CPU, plenty of network connectivity and a price that would shame Dell, not to mention HP and IBM. When you virtualize RAM is the critical resource more often than not. We went for the lower end of the v1624 appliances from 360is and haven't regretted it. Regularly run 40 VMs per host.

LB.

We ended up virtualizing on a little known platform which sounds exactly like the kind of server you are talking about. Big on RAM, modest on CPU, plenty of network connectivity and a price that would shame Dell, not to mention HP and IBM. When you virtualize RAM is the critical resource more often than not. We went for the lower end of the v1624 appliances from 360is and haven't regretted it. Regularly run 40 VMs per host.

LB.

Contrasting Xenserver with VMWare would have been a better comparison. Xen have gone down the super-thin hypervisor route with only a few tens of thousands of lines of code in their core software, the rest plugged in via API. This is in contract to the integrated bigger approach by the existing market leaders.

AG

I've worked in several educational environments in the UK, and for the last 2 years or so have always gone the thin client route. There are now a number of such devices available, each using just 2W of power, no moving parts, with standard interfaces to keyboard, mouse, and display, and excellent support for local USB and so on. But rather than buy-in to a proprietory solution for application management (e.g. Presentation Server and its like) I'd recommend "full fat" windows (and/or Linux) OS installs, running on a virtualized server. VMWare and Xen are your choices on the back-end. Xen representing the better value for money/price-performance.

Although we worked on the design ourselves, implementation was done by a professional services firm, 360is based locally.

AG

We took our server estate down by a factor of 20 using modern virtualization hardware appliances and hypervisors. Thats right not 10x fewer servers, but 20x. With the right combination of investment in quality shared storage, dedicated virtualization appliances, and the skills to make them work, today our cooling, power, and rack space bills arent worth worrying about.

We are rarely at the cutting edge of technology, but if we can do it, you can.

We have recently adopted a phased approach of deploying new thin clients as our estate of traditional desktops hit retirement. After having seen several false dawns and uncomfortably proprietary solutions in the last 15 years, it was only now that we have been happy enough with the whole solution (thin client HW, network connectivity, back-end virtualization SW) to take the plunge.

There are now a range of HW clients (we use ChipPC).
There are a couple of viable virtualization systems (we use Citrix Xen, without the presentation server "tax").
We've chosen a dedicated virtualization hardware appliance on the back-end from 360is.

There's a nice little article all about what makes some software secure, where other application disintegrate under exposure to the "internet elements" over at Three Sixty Information Security. It features TCP Wrappers, Postfix, and several others, and asks the question "what makes this software so uncommonly good?".

AG

I have to disagree with AC that "vmware is the only solution", 6 months ago we evaluated both vmware (which we had been using in dev and test for years) and the Citrix Xen product and decided to go for Xen for our production systems based upon performance we saw (yes yes YMMV) cost, and the open nature of the API. The problem was finding a strong partner/integrator to help us swing our server estate from physical to virtual in the time allotted.

So far the systems have been solid, and required only a couple of noncritical updates/patches to maintain. I agree that its not about the hypervisor (any more), with Hyper-V being practically free ($40-bucks?), but I would disagree that VMWare is the only game in town.

We were prepared to question the accepted wisdom in search of performance and savings, and it worked out well for us (so far). I can't comment on the other versions of Xen from Sun, Oracle, and Co, but we found Citrix Xen and a hardware virtualization appliance a solid, manageable system.

Virtualization in the data center, coupled with Moores law as it applies to increasing CPU performance will take care of part of the problem. Today I can buy a dedicated hardware appliance that runs over 60 virtual machine workloads, costs about the same as a Dell server, and uses a fraction of the power and cooling.

On the desktop, thin clients are long overdue, and with lower cost devices from a range of suppliers (I like these ones) a desktop costs you only 5 watts these days.

AG.

These guys often cover cyber terrorism in their macro-economic section on security. Other readers may find interesting.

AG.

Anyone found a decent guide for comparing free and pay-for hypervisors? I had a link to one here but now cant seem to find it?

AG.

Security watchers and pundits might also like to take a look at this security news portal.

AG.

Was there any mention in the book of Xen hardware, pitfalls, recommendations, and so on? I am trying to evaluate a number of hardware appliances like this one from 360is (PDF) and ahead of projects like the SPEC benchmark there is a lack of information.

AG.

Give me Marcus, Bruce, or these guys any day. When is the security industry going to move on from this FUD?

Next! AG.

This story is bound to make the next issue of the 360is quaterly bulletin "Executive Intelligence". AG

This story is bound to make the next issue of the 360is quaterly bulletin "Executive Intelligence". AG

AG

AG

Although this is a relatively new area, there are already some experts emerging in the field. I came across these guys, who recently published this article on the subject. The article talks about the loss of control by IT of the desktop, and how peopel are now trying to use software to regain control.
AG

NH

NH

Personally I cant recommend rsync highly enough. The linked article is a basic introduction which explains what makes the utility to uncommonly good.

Nick

Earlier this year 360is.com published a brief note on clickfraud in their newsletter/bulletin thing, citing sources that Clickfraud as set to reach $1.8B by 2008. I expect we are going to see a lot more of this Fraud2.0.
Full report/page: here.
Nick.

Nick

Nick

There was a newsletter I caught recently talking about some of the successful prosecutions for spam 'downunder'. It sounds like they are making progress.

The full text of that newsletter is here.

Nick.