<< Symptom >>
The Hardware Status tab displays the error: Hardware monitoring service on this host is not responding or not available (1013080)
<< Resolution >>
1. Open an SSH session to the host.
2. Run this command:
/etc/init.d/sfcbd-watchdog restart
3. Go back to the Hardware Status tab on vCenter Server and click the Update link. It may take up to 5 minutes to refresh.
Note: Do not navigate away from the Hardware Status tab until it refreshes.
Wednesday 27 May 2015
PRTG: VMware WBEM Sensor Error
<< Symptom >>
Prompted an error message stated "Read timed out."
<< Resolution >>
1. Open an SSH session to the host.
2. Run this command:
/etc/init.d/sfcbd-watchdog restart
Prompted an error message stated "Read timed out."
<< Resolution >>
1. Open an SSH session to the host.
2. Run this command:
/etc/init.d/sfcbd-watchdog restart
IT Security: University of London Computer Centre Hit by Cyber Attack
The University of London Computer Centre (ULCC) was the subject of a cyber attack yesterday that may have left millions of students unable to access the organisation's IT services.
The centre provides services to over 300 UK institutions and supports over two million higher education and further education students on its open-source learning platform Moodle.
According to status updates, the centre updated students on the problems it was having throughout Thursday morning.
By 9am it said it had narrowed down the problem to a fault with its firewall. At 10am ULCC explained that it had reset core network switches and the firewalls to no avail. It said it was sending over an engineer from its firewall provider to the data centre to try to fix the issue.
At 11am it had called in engineers to work on fixing the networking problem that it believed was caused by issues with its firewall.
By 12pm, ULCC said that its services were up and running again and explained that the networking issue was caused by a cyber-attack. It said it had taken action to block the source.
Despite ULCC managing to get the system back up and running, George Anderson, director at Webroot, said that over four hours of ‘complete shutdown' was not an acceptable time-period in most cases.
He suggested that the attack was clearly implemented to have "maximum impact" on a system that would have been at peak usage around exam-time.
"Hopefully this case will serve as a warning to other organisations, encouraging them to ensure that they have an effective strategy in place to make sure user experience is impacted as little as possible," he said.
Friday 22 May 2015
IT Security: Telstra Reveals Large-Scale Security Breach at Pacnet
The telco today said the breach had occured before Telstra took ownership of the company following its December takeover announcement.
Telstra said it was told about the breach when it finalised the A$857 million purchase of Pacnet on April 16.
Pacnet had closed the vulnerability on April 3rd, but Telstra opted to investigate further after it was notified of the incident, group executive of global enterprise services Brendon Riley said.
Riley said since the two parties were still competitors during the December to February even during the due dilligence process, Telstra was limited as to how much information about Pacnet's operations it could access.
"The due dilligence went as far as it could and in terms of deep, detailed analysis of networks and operations, it wasn't one of the things we were able to do," he said.
The attackers gained access to the Pacnet corporate IT network - including email and admin systems - through a SQL injection on a web application server.
SQL injections let attackers issue commands to be executed on vulnerable servers, in order to dump contents of databases and to change or delete the information.
“To protect against further activity we rectified the security vulnerabilities that allowed the unauthorised access," Riley said.
"We have also put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks."
Telstra is now advising Pacnet customers - which it revealed included the Australian Federal Police, among others - globally about the breach. It said it had not received any contact from a perpetrator and had no information on motive.
The telco said it had no evidence data had been taken from the network. It refused to say how many customers were affected.
Pacnet's network was not connected to Telstra, and the telco said it had no evidence of malicious activity on Telstra's networks.
Telstra CISO Mike Burgess said the telco was unable to tell from system logs what had been taken from the network, "but it's clear they had complete access to the corporate network, and that's why we're telling customers".
Pacnet boasts Asia's largest privately-owned submarine cable network, with 46,500km of submarine cable between the US and Asia.
It counts 2400 enterprise customers and 220 retail and wholesale partners.
Wednesday 20 May 2015
IT Technology: 128GB DDR4 Memory Kits Become Reality
This week, Corsair announced it is now selling two 128GB DDR4 RAM kits while Kingston touted that its upcoming big-ass set will hit speeds of 3000MHz.
Why this matters: The move from DDR3 to DDR4 last year (in high-end machines) promised lower voltage, higher-frequencies and higher capacities—eventually. While the average consumer certainly doesn’t need 128GB of RAM to run Microsoft Word or play a video game, some power users do indeed need seemingly crazy amounts of RAM.
Corsair’s two kits fall into its premiere Dominator line up. The “cheaper” of the two uses eight 16GB DIMMs running at DDR4/2400 speeds for just $1,980. Corsair also offers a kit running at DDR4/2400 speeds for $2,120.
Not to be outdone, Kingston this week also announced its own 128GB DDR4 kit, coming at even higher speeds. The company said its eight 16GB DIMMs are rated to hit DDR4/3000 speeds. Kingston did the deed not with the pricey Core i7-5960X Haswell-E processor, but the cheapie Core i7-5820K CPU.
If you’re wondering what the fuss is about because you’ve seen 16GB DDR4 modules floating around for months, the Corsair and Kingston kits are unregistered RAM, which means there’s no error correction support in the modules.
Most of the 16GB DDR4 modules available—such as this Crucial module—have error-correcting code (ECC) support. ECC RAM can correct single-bit errors and detect multi-bit errors. It also generally runs at lower speeds. The Crucial RAM, for example, is a DDR4/2133 module. More importantly, ECC must be supported in the CPU.
For Intel, that means ECC DDR4 RAM can only be used with Xeon processors. Intel’s enthusiast- and prosumer-focused Core i7 Haswell-E processors simply won’t work with ECC RAM, so the Corsair and Kingston modules will be the first opportunity for those who don’t want to pony up for a pricey Xeon to reach 128GB.
IT Security: Three MetroHealth Computers Infected with Malware
Ohio-based MetroHealth is notifying nearly 1,000 patients that three computers in its Cardiac Cath Lab were infected with malware, and the affected computers contained their personal information.
How many victims? 981.
What type of personal information? Names, dates of service, dates of birth, heights, weights, medications administered during procedures, medical record numbers, case numbers related to procedures, and cardiac catheterization raw data such as tracings of EKG and oxygen saturation.
What happened? Three computers in the MetroHealth Cardiac Cath Lab, which contained the personal information, were discovered to be infected with malware.
What was the response? The malware was removed, as was a backdoor that was created to enable subsequent access to the affected computers. MetroHealth has increased monitoring for malware, added antivirus update reviews, revised its incident response plan, and revised its Cath Lab software update procedures. All impacted individuals are being notified.
Details: On March 17, MetroHealth discovered malware on three computers in its Cardiac Cath Lab. The computers are believed to have been infected between July 14, 2014, and July 19, 2014, during which time a MetroHealth business associate disabled antivirus protection while updating software systems used on the computers. The malware was removed on March 18, and a backdoor created by the malware to enable subsequent access to the computers was purged on March 21. The computers stored data on patients who had cardiac catheterizations from July 14, 2014, to March 21.
Thursday 14 May 2015
Microsoft: Change Product Key in Windows 8 or Windows Server 2012
The two methods below allow you to change the product key in Windows 8 and Windows Server 2012:
<< Method 1 >>
1. Swipe in from the right edge of the screen, and then tap Search. Or, if you are using a mouse, point to the lower-right corner of the screen, and then click Search.
2. In the search box, type Slui 3.
3. Tap or click the Slui 3 icon.
4. Type your product key in the Windows Activation window, and then click Activate.
<< Method 2 >>
1. Swipe in from the right edge of the screen, and then tap Search. Or, if you are using a mouse, point to the lower-right corner of the screen, and then click Search.
2. Type Command Prompt in the Search box.
3. Right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
4. Run the following command at the elevated command prompt:
slmgr.vbs /ipk <Your product key>
<< Method 1 >>
1. Swipe in from the right edge of the screen, and then tap Search. Or, if you are using a mouse, point to the lower-right corner of the screen, and then click Search.
2. In the search box, type Slui 3.
3. Tap or click the Slui 3 icon.
4. Type your product key in the Windows Activation window, and then click Activate.
<< Method 2 >>
1. Swipe in from the right edge of the screen, and then tap Search. Or, if you are using a mouse, point to the lower-right corner of the screen, and then click Search.
2. Type Command Prompt in the Search box.
3. Right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
4. Run the following command at the elevated command prompt:
slmgr.vbs /ipk <Your product key>
Wednesday 13 May 2015
IT Technology: Optical Power Budget
The optical power budget in a fiber-optic communication link is the allocation of available optical power (launched into a given fiber by a given source) among various loss-producing mechanisms such as launch coupling loss, fiber attenuation, splice losses, and connector losses, in order to ensure that adequate signal strength (optical power) is available at the receiver. In optical power budget attenuation is specified in decibels (dB) and optical power in dBms.
The amount of optical power launched into a given fiber by a given transmitter depends on the nature of its active optical source (LED or laser diode) and the type of fiber, including such parameters as core diameter and numerical aperture. Manufacturers sometimes specify an optical power budget only for a fiber that is optimum for their equipment—or specify only that their equipment will operate over a given distance, without mentioning the fiber characteristics. The user must first ascertain, from the manufacturer or by testing, the transmission losses for the type of fiber to be used, and the required signal strength for a given level of performance.
In addition to transmission loss, including those of any splices and connectors, allowance should be made for at least several dB of optical power margin losses, to compensate for component aging and to allow for future splices in the event of a severed cable.
LT = αL + Lc + Ls
Definitions:
LT - Total loss
α - Fiber attenuation
L - Length of fiber
Lc - Connector loss
Ls - Splice loss
The amount of optical power launched into a given fiber by a given transmitter depends on the nature of its active optical source (LED or laser diode) and the type of fiber, including such parameters as core diameter and numerical aperture. Manufacturers sometimes specify an optical power budget only for a fiber that is optimum for their equipment—or specify only that their equipment will operate over a given distance, without mentioning the fiber characteristics. The user must first ascertain, from the manufacturer or by testing, the transmission losses for the type of fiber to be used, and the required signal strength for a given level of performance.
In addition to transmission loss, including those of any splices and connectors, allowance should be made for at least several dB of optical power margin losses, to compensate for component aging and to allow for future splices in the event of a severed cable.
LT = αL + Lc + Ls
Definitions:
LT - Total loss
α - Fiber attenuation
L - Length of fiber
Lc - Connector loss
Ls - Splice loss
Google: The Secret Powers of Chrome Address Bar
Chrome's address bar doesn't do much at a glance. Type in a URL and you're taken to a web site. But it can do a lot more if you know how to use it.
We've covered plenty of great Chrome tricks over the years, but the address bar has always been a bit neglected. You can actually do a ton with it though, so let's dig into some of the better tricks.
1. Perform Quick Unit Conversion and Math
Don't feel like opening up a calculator just to do some basic math? Just type in the equation and Chrome's omnibox gives you the answer, no need to press Enter. You can do the same with basic unit conversion, including temperatures. All you need to do is add an equal signs after a query. So, type in something like 50 c = f for temperatures, or 50 feet = inches.
2. Turn A Browser Window Into a Notepad
This trick works in pretty much any modern browser, but it's still worth noting here. If you want to get a blank notepad to type in a quick note, just type this into the address bar (or add a bookmark):
data:text/html, <html contenteditable>
You'll get a blank page where you can type in text easily.
3. Search for Keywords with Drag and Drop
If you're not a fan of cutting and pasting or you hate right-clicking anything, you can search for a word by just highlighting it and dragging it to the address bar.
4. Search Specific Sites
Google veterans are pretty familiar with the old "site:" search operator, but you can also easily get that from the address bar by simply typing in a web site address then tapping the Tab button.
5. Search Gmail or Google Drive
Jumping over to a specific web app like Gmail or Google Drive to search for something takes a bunch of clicks. It's a lot easier to just search those services from the address bar. To do so, you'll need to do a little bit of set up.
a. Right-click the address bar and select "Edit Search Engines"
b. Add a new search engine called Google Drive
c. Make the keyword something you'll remember, like "Gdrive"
d. Enter this in for the URL: http://drive.google.com/?hl=en&tab=bo#search/%s You can do the same for Gmail, just make the URL https://mail.google.com/mail/ca/u/0/#apps/%s
When you want to search your Google Drive or Gmail accounts, just type in gmail.com or docs.google.com and tap the Tab key to intiate your search. You can do a similar trick to add an event to your Google Calendar.
6. Open a Link at a Specific Tab Spot
If you're obsessive about where a tab is located, you can grab any URL from the address bar or a link, then drag and drop it to a specific location in your Tabs.
7. Use Your Address Bar Basic File Explorer
While there isn't exactly a great reason why you'd want to use Chrome as a file browser, you can. Type in C:/ on Windows or file://localhost on a Mac and Linux to load up the file browser. You can also drag any file to the address bar to open it in Chrome.
8. Open a New Email Window
Want to quickly send out an email but don't want to deal with actually looking at your email? Type mailto: into your address bar and it'll open up a new compose window in whatever your default email client is.
9. Look at all the Security Information for a Site
If you ever find yourself on a shady site and want to get a little more information about what it's doing, click the lock or page icon to the left of the URL in the address bar. Here, you can research cookies, block Javascript, block popups, and more.
We've covered plenty of great Chrome tricks over the years, but the address bar has always been a bit neglected. You can actually do a ton with it though, so let's dig into some of the better tricks.
1. Perform Quick Unit Conversion and Math
Don't feel like opening up a calculator just to do some basic math? Just type in the equation and Chrome's omnibox gives you the answer, no need to press Enter. You can do the same with basic unit conversion, including temperatures. All you need to do is add an equal signs after a query. So, type in something like 50 c = f for temperatures, or 50 feet = inches.
2. Turn A Browser Window Into a Notepad
This trick works in pretty much any modern browser, but it's still worth noting here. If you want to get a blank notepad to type in a quick note, just type this into the address bar (or add a bookmark):
data:text/html, <html contenteditable>
You'll get a blank page where you can type in text easily.
3. Search for Keywords with Drag and Drop
If you're not a fan of cutting and pasting or you hate right-clicking anything, you can search for a word by just highlighting it and dragging it to the address bar.
4. Search Specific Sites
Google veterans are pretty familiar with the old "site:" search operator, but you can also easily get that from the address bar by simply typing in a web site address then tapping the Tab button.
5. Search Gmail or Google Drive
Jumping over to a specific web app like Gmail or Google Drive to search for something takes a bunch of clicks. It's a lot easier to just search those services from the address bar. To do so, you'll need to do a little bit of set up.
a. Right-click the address bar and select "Edit Search Engines"
b. Add a new search engine called Google Drive
c. Make the keyword something you'll remember, like "Gdrive"
d. Enter this in for the URL: http://drive.google.com/?hl=en&tab=bo#search/%s You can do the same for Gmail, just make the URL https://mail.google.com/mail/ca/u/0/#apps/%s
When you want to search your Google Drive or Gmail accounts, just type in gmail.com or docs.google.com and tap the Tab key to intiate your search. You can do a similar trick to add an event to your Google Calendar.
6. Open a Link at a Specific Tab Spot
If you're obsessive about where a tab is located, you can grab any URL from the address bar or a link, then drag and drop it to a specific location in your Tabs.
7. Use Your Address Bar Basic File Explorer
While there isn't exactly a great reason why you'd want to use Chrome as a file browser, you can. Type in C:/ on Windows or file://localhost on a Mac and Linux to load up the file browser. You can also drag any file to the address bar to open it in Chrome.
8. Open a New Email Window
Want to quickly send out an email but don't want to deal with actually looking at your email? Type mailto: into your address bar and it'll open up a new compose window in whatever your default email client is.
9. Look at all the Security Information for a Site
If you ever find yourself on a shady site and want to get a little more information about what it's doing, click the lock or page icon to the left of the URL in the address bar. Here, you can research cookies, block Javascript, block popups, and more.
Google: Find Hidden Features On Chrome Internal Pages
Google Chrome’s internal chrome:// pages contain experimental features, diagnostic tools and detailed statistics. They’re hidden in Chrome’s user interface, so you have to know they exist to find them. These hidden pages are Chrome’s version of Firefox’s about: pages.
You can access each by typing chrome://, followed by the name of the page — you can also use the more traditional about: prefix, which redirects you to the chrome:// URL.
<< Chrome://About >>
The chrome://about page lists all Chrome’s internal pages. Click any of the links to access the page. Many of them are the same pages you can access from Chrome’s menus — for example, chrome://bookmarks is the bookmarks manager and chrome://settings is Chrome’s options page.
<< Chrome://Kill >>
You can enter chrome://kill in the address bar to kill the current tab.
<< Chrome://Flags >>
The chrome://flags page, formerly known as the chrome://labs page, is probably the most interesting internal page. This page contains a treasure trove of experimental features that aren’t yet enabled by default — Google warns you that your browser may “spontaneously combust” if you enable these features. They may have security, privacy or stability problems or cause data loss. Use these options at your own risk!
<< Chrome://Sessions >>
Another feature buried on Chrome’s chrome://flags page is the “Enable Syncing Open Tabs” option, which adds an “Open Tabs” option to Chrome’s sync settings.
After you enable this option, you’ll find a list of your other browser sessions on the chrome://sessions page. This feature will eventually be enabled by default and exposed in Chrome’s user interface, but you can use it now.
<< Chrome://Memory & Chrome://Tasks >>
The chrome://memory page gives you a breakdown of Chrome’s memory usage. It shows you just how much memory each extension, app and web page is using. If other browsers, such as Mozilla Firefox or Internet Explorer, are running, it’ll also show the other browsers’ memory usage.
This is the same page you can access by clicking the “Stats for nerds” link at the bottom of Chrome’s Task Manager window. Open the Task Manager by right-clicking Chrome’s title bar and selecting Task Manager or access the chrome://tasks URL to open it in a tab.
<< Chrome://Net-Internals >>
The chrome://net-internals page is packed full of network diagnostic information and tools. It can capture network data and dump it to a file, making it a useful tool for troubleshooting Chrome network problems.
Most of the tools here won’t be useful to average users, but the Tests page contains a particularly useful tool. If a website won’t load, you can plug its address into the Tests page and Chrome will attempt to determine the problem for you.
<< Chrome://Crashes >>
The chrome://crashes page lists crashes that have occurred. You’ll only see crashes here if you have the “Automatically send usage statistics and crash reports to Google” option enabled on the Under the Hood tab in Chrome’s settings.
<< Chrome://Tracing >>
The chrome://tracing page is a developer tool that allows you to analyze Chrome’s performance. Click Record and Chrome will start logging browser activity.
After stopping the record process, you can dig into the activity and see what’s taking up the most time. If you have a page that performs slowly in Chrome, you can see what part of your code Chrome is struggling with.
Many of the other pages are technical pages listing debug information. For example, the chrome://flash page lists information about the flash plug-in and the chrome://sync-internals page displays the state of Chrome’s sync process. Feel free to explore the rest on your own.
You can access each by typing chrome://, followed by the name of the page — you can also use the more traditional about: prefix, which redirects you to the chrome:// URL.
<< Chrome://About >>
The chrome://about page lists all Chrome’s internal pages. Click any of the links to access the page. Many of them are the same pages you can access from Chrome’s menus — for example, chrome://bookmarks is the bookmarks manager and chrome://settings is Chrome’s options page.
<< Chrome://Kill >>
You can enter chrome://kill in the address bar to kill the current tab.
<< Chrome://Flags >>
The chrome://flags page, formerly known as the chrome://labs page, is probably the most interesting internal page. This page contains a treasure trove of experimental features that aren’t yet enabled by default — Google warns you that your browser may “spontaneously combust” if you enable these features. They may have security, privacy or stability problems or cause data loss. Use these options at your own risk!
<< Chrome://Sessions >>
Another feature buried on Chrome’s chrome://flags page is the “Enable Syncing Open Tabs” option, which adds an “Open Tabs” option to Chrome’s sync settings.
After you enable this option, you’ll find a list of your other browser sessions on the chrome://sessions page. This feature will eventually be enabled by default and exposed in Chrome’s user interface, but you can use it now.
<< Chrome://Memory & Chrome://Tasks >>
The chrome://memory page gives you a breakdown of Chrome’s memory usage. It shows you just how much memory each extension, app and web page is using. If other browsers, such as Mozilla Firefox or Internet Explorer, are running, it’ll also show the other browsers’ memory usage.
This is the same page you can access by clicking the “Stats for nerds” link at the bottom of Chrome’s Task Manager window. Open the Task Manager by right-clicking Chrome’s title bar and selecting Task Manager or access the chrome://tasks URL to open it in a tab.
<< Chrome://Net-Internals >>
The chrome://net-internals page is packed full of network diagnostic information and tools. It can capture network data and dump it to a file, making it a useful tool for troubleshooting Chrome network problems.
Most of the tools here won’t be useful to average users, but the Tests page contains a particularly useful tool. If a website won’t load, you can plug its address into the Tests page and Chrome will attempt to determine the problem for you.
<< Chrome://Crashes >>
The chrome://crashes page lists crashes that have occurred. You’ll only see crashes here if you have the “Automatically send usage statistics and crash reports to Google” option enabled on the Under the Hood tab in Chrome’s settings.
<< Chrome://Tracing >>
The chrome://tracing page is a developer tool that allows you to analyze Chrome’s performance. Click Record and Chrome will start logging browser activity.
After stopping the record process, you can dig into the activity and see what’s taking up the most time. If you have a page that performs slowly in Chrome, you can see what part of your code Chrome is struggling with.
Many of the other pages are technical pages listing debug information. For example, the chrome://flash page lists information about the flash plug-in and the chrome://sync-internals page displays the state of Chrome’s sync process. Feel free to explore the rest on your own.
Monday 11 May 2015
Google: Manage Other User's Mailbox as A Google Apps Administrator
As a Google Apps Administrator, you can only manage or view other user's mailbox with the following methods:
1. Reset the account's password
2. Delegate the user's account to the Google Apps Administrator. However, this method requires the authorization or permission from the respective user
3. Use Google Vault to search all the emails ( Inbox, Sent and Trash )
1. Reset the account's password
2. Delegate the user's account to the Google Apps Administrator. However, this method requires the authorization or permission from the respective user
3. Use Google Vault to search all the emails ( Inbox, Sent and Trash )
Microsoft: SQL Server 2005 Support is Ending
SQL Server 2005 was a huge leap forward in manageability and features when it was released 10 years ago. Microsoft’s Corporate Vice President, Data Platform, T.K. Rengarajan, posted a friendly reminder this week that extended support for SQL Server 2005 will end on April 12, 2016 – less than 12 months away.
What does that mean? SQL Server 2005 instances will continue to run. However, there will be no new hotfixes and no more security updates. Any vulnerabilities discovered will not be patched. That alone is reason to consider upgrading, but also think about all of the new features available to you in newer versions of SQL Server.
Now is the time to identify your remaining SQL Server 2005 instances, review the application and database requirements, and being working on your upgrade plan.
Thursday 7 May 2015
IT Security: Ransomware
Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive (cryptoviral extortion, a threat originally envisioned by Adam Young and Moti Yung), while some may simply lock the system and display messages intended to coax the user into paying.
While initially popular in Russia, the use of ransomware scams has grown internationally; in June 2013, security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013—more than double the number it had obtained in the first quarter of 2012. CryptoLocker, a ransomware worm that surfaced in late-2013, had procured an estimated US$3 million before it was taken down by authorities.
Ransomware typically propagates as a trojan like a conventional computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload: such as one that will begin to encrypt personal files on the hard drive.More sophisticated ransomware may hybrid-encrypt the victim's plaintext with a random symmetric key and a fixed public key. The malware author is the only party that knows the needed private decryption key. Some ransomware payloads do not use encryption. In these cases, the payload is simply an application designed to restrict interaction with the system, typically by setting the Windows Shell to itself, or even modifying the master boot record and/or partition table (which prevents the operating system from booting at all until it is repaired).
Ransomware payloads utilize elements of scareware to extort money from the system's user. The payload may, for example, display notices purportedly issued by companies or law enforcement agencies which falsely claim that the system had been used for illegal activities, or contains illegal content such as pornography and pirated software or media. Some ransomware payloads imitate Windows XP's product activation notices, falsely claiming that their computer's Windows installation is counterfeit or requires re-activation. These tactics coax the user into paying the malware's author to remove the ransomware, either by supplying a program which can decrypt the files, or by sending an unlock code that undoes the changes the payload has made. These payments are often delivered using either a wire transfer, premium-rate text messages, through an online payment voucher service such as Ukash or Paysafecard, or most recently, the digital currency Bitcoin.
Wednesday 6 May 2015
IT Technology: VMware EVO:RAIL vs VMware vSan vs Nutanix Converged Infrastructure
Nutanix, vSan, and VM EVO: RAIL are the three big competitors for the hyperconverged platform market. Which should you choose for your company? There is a wealth of information out there, so let’s look at some of the features under consideration to see how they stack up against one another.
Nutanix has the attribute of being on the market the longest, since 2009, so it has had time to develop a more streamlined approach to innovation, and to prove out any of its solutions. Both vSan and VM EVO:RAIL are newer, having been released in the last couple of years, so there are still a lot of unknowns for their platforms. This should be taken into consideration when researching potential solutions.
<< Performance >>
Nutanix sells a mature, scalable converged compute and storage platform based on open-source software which has proved to be very robust and eliminates the need for traditional storage arrays. The modular building block design allows for small deployments which can grow into very large cluster installations, scaling past 32 nodes. Additionally, when you add a node, it is deployed right away.
vSAN is a more complementary solution than it is a replacement, as it is a software-defined storage component in an overall virtual environment. It works with any hardware on the VMware Hardware Compatibility list. It is able to scale up or out on a granular and linear basis, and is supported for 32 nodes.
EVO:RAIL would seem to combine the best of these options, as it is a hyperconverged infrastructure, including both software and hardware. It is also a VMWare product, so it includes VSAN software, which means that it also scales both granularly and linearly. However, it is only supported for 16 nodes.
<< Simplicity >>
For all of the above platforms, simplicity is the goal. Instead of having an IT team and a set of applications to manage each discrete aspect of your array, a hyperconverged infrastructure can be maintained by a single team or person. Hyperconverged infrastructures are supported by a single vendor, which greatly simplifies the upgrade process and can reduce maintenance costs.
<< Cost >>
All of the above arrays have the same goal: easier administration and lower costs. The costs are easier to see on the back end than on the initial outlay, as these arrays are designed to save on every administrative level after the initial install.
Nutanix starts at US $90,000 for 4 nodes, depending on the model. This includes both the hardware and software required for a Nutanix hyperconverged appliance. You will also need to purchase vSphere licenses. If more storage is needed, additional nodes can be purchased and added to the Nutanix Cluster. Professional and Ultimate edition licenses do cost more, but enable additional features that significantly enhance Nutanix capabilities. When new features are released, customers do not have to pay if they are on a support contract.
vSan license list price is US$2,495 per socket. If you are purchasing the Data Protection plan along with it, you can add on another US$1,095. This is for the vSAN software licenses only. You will also need to add the cost of vSphere licenses as well. The total price of a vSAN cluster will also need to include the price of the underlying hardware. You have two options for vSAN hardware. Build your own bases on components listed on the vSAN Hardware Compatibility Guide, or purchase vSAN Ready Nodes from you hardware vendor of choice.
EVO:RAIL is priced per appliance and includes all the hardware and software licenses required to run EVO Rail. vSPhere Enterprise Plus, vSAN, vCenter, and vCenter Log Insight licenses are bundled with the EVO Rail appliance. Each appliance has four independent ESXi hosts. The EVO:Rail appliance is purchased from VMware qualified EVO rail partners. Dell, EMC HP and several other hardware vendors are Qualified EVO:Rail partners. The all-inclusive price of EVO:Rail is dependent on the vendor but are ~ $200,000 for each appliance.
<< Conclusion >>
All of the above vendors develop hyperconverged platforms, so it is best to carefully consider the one that works best for your IT needs and budget. It is a good idea to determine whether the simplicity and performance opportunities introduced by hyperconverged solutions like Nutanix outweigh the perceived benefit of choice and flexibility of VSAN or VM EVO:RAIL. Do your research, as these are not designed to be one-size-fits-all solutions, and the devil is in the details.
IT Technology: Dell Active System Manager
1. Simplify and automate IT service delivery
What if you could transform your IT environment from a cost center to an innovative service provider that empowers your business? Dell Active System Manager enables service-centric IT by helping you deliver the IT services your users demand — rapidly and efficiently.
When your IT team struggles to manage a complex mix of platforms from a variety of vendors with multiple consoles, you often spend more time maintaining than innovating. Manual and disconnected IT processes can result in unpredictable service levels, missed business opportunities and users frustrated by the amount of time it takes for IT to roll out services.
Active System Manager's unified console and highly intuitive user interface automate the deployment and management of IT services, allowing you to configure infrastructure and applications in minutes. This speeds up workload delivery, streamlines infrastructure provisioning and helps you improve service levels.
2. Use your infrastructure more fully and efficiently
From fast, easy hardware onboarding to comprehensive lifecycle management of your physical and virtual infrastructure, Active System Manager maximizes data center efficiency.Discover and deploy new infrastructure quickly with guided workflows and a wizard-driven graphical interface. Optimize utilization by pooling server, storage and network resources that can be allocated to users on demand, then release unused components back into resource pools.
Active System Manager helps you standardize processes with template-based provisioning and orchestration, which ensures accurate and consistent IT service delivery and configuration. Capturing best practices into service templates ensures reliable and repeatable infrastructure and workload deployments.
3. Unify management of existing and new IT resources
The open and extensible architecture of Active System Manager allows you to leverage existing IT investments. With support for legacy infrastructure from multiple vendors, Active System Manager helps unify the management of IT resources for increased efficiency and simplicity in the data center. And with published RESTful APIs, Active System Manager delivers ecosystem enablement for comprehensive integration capabilities and template portability.
Active System Manager delivers deep integration with top third-party virtualization platforms that and can manage cluster-level and virtual machine (VM) lifecycles for VMware© vSphere© and Microsoft© Hyper-V© platforms. Reduce time and effort with end-to-end automation of tasks extended through to the virtualization layer.
4. Seamlessly deliver private cloud workloads
Active System Manager delivers comprehensive workload and infrastructure provisioning that spans compute, network, storage, virtualization, OS, and application layers. The provisioning of workloads and their underlying infrastructure with the ability to scale resources up and down as needed makes it easy to keep up with changing user and workload demands.
For building private clouds, Active System Manager delivers the foundational capabilities required for dynamic, on-demand provisioning of resources from shared pools. This ability to create and maintain a shared resource pool is the basic building block that enables elasticity and nimbleness for your private cloud.
5. Integrated, future-ready IT automation
Active System Manager delivers top-down, service-centric IT automation that spans both physical and virtual infrastructure — encompassing everything from servers, networking, and storage to virtual machines, clusters and applications, Designed with IT administrators in mind, it offers a unified, comprehensive user experience for the deployment and ongoing lifecycle management of shared or converged infrastructure.
With its flexible and extensible architecture and support for heterogeneous IT environments, Active System Manager integrates with the IT of today and tomorrow. You can unify existing IT investments and maintain the flexibility to adopt new technology and new business initiatives in the future.
IT Security: Dyre Malware Developers Add Code to Elude Detection by Analysis Tools
As more companies deploy sandbox technology to catch advanced malware, many attackers are adding code to their programs to detect if the attack is running in a virtual machine.
The criminals behind a well-known tool used to steal data and bank account information have upgraded the code to add a basic, but effective, function to evade malware analysis systems, according to a report issued by security firm Seculert on May 1.
The report found that the malware, known as Dyre, checks for the number of processing cores on the system on which it's running. While almost all modern computers have more than one processing core, the virtual machines, or sandboxes that malware researchers use to detect and analyze malicious programs typically only run on a single core to be more efficient. The code is simple—and easily defeated—but attackers will have the upper hand until defenders can modify their programs, Aviv Raff, chief technology officer for Seculert.
“They really didn’t need to do much, and it is simple, three or four lines of code,” he said. “It is very easy and effective, and, to fix the issues, the makers of sandbox environments, will need time.”
The Dyre malware is currently at the top of the heap of money-stealing malware. While technically an information-stealing program, Dyre is also the foundation of one of the top banking botnets, according to a recent report by managed security firm Dell Secureworks.
The malware has infected at least 12,000 targets, the report stated. The group behind Dyre, which has also been dubbed Dyre Wolf by security firms, focuses on corporate accounting departments for bigger payouts and has stolen more than $500,000, according to IBM Security.
The malware is typically delivered via a spam botnet known as Cutwail, which originally used links to download malware stored in cloud services. Now, Cutwail spam will install a downloader, known as Upatre, which then installs Dyre. Dyre uses Web injects—snippets of code that can insert Web objects into pages—to steal banking information from victims.
While counting the number of processing cores being used by the operating system is simple method for detecting a sandboxed environment, it is effective. In April 2005, Intel released the first dual-core processor, the Pentium Processor Extreme Edition 840, which enabled increased processing power without dramatically increasing energy consumption. Today, Intel’s mainstream processors have two or four cores, and almost all computer systems use multiple cores.
Once defenders have modified their analysis methods -- possibly taking a penalty to efficiency -- attackers can move to other techniques to detect virtual environments that could indicate their code is running in a sandbox. Common techniques for detecting a virtual environment include looking for specific process and module names, using long instructions, and identifying the backdoor communications methods used to send messages to the host operating system.
The increasing inclusion of such techniques shows that while more companies are using sandboxes to test potentially malicious files, other techniques need to be adopted as well, Seculert’s Raff said.
“Just having a sandbox alone with today’s threats is not enough,” he said. “You have to have additional compensating controls.”
Tuesday 5 May 2015
Microsoft: OneDrive Updates Make Microsoft's Cloud Storage System Better for Photos
Microsoft is updating OneDrive, its cloud storage service that competes with rivals such as Dropbox and iCloud, in a bid to make it a better photo management tool. Over the next few weeks, the company says it's introducing changes that will automatically import photos from external devices, allow users to categorize them in new albums with clear thumbmail images, and use an updated search function to find specific files and photos saved on the service.
OneDrive users were already able to upload smartphone pictures straight to OneDrive using Microsoft's iOS, Android, and Windows Phone apps, but the updates mean that you'll be able to transfer files to the cloud service from cameras, USB sticks, and external hard drives linked to your computer. Once uploaded to OneDrive, users will be able to arrange and sort their pictures into new albums, which feature larger thumbnails than before and pictures that fill the entire screen when selected. In addition to the web interface, OneDrive users with iOS devices are able to sort their pictures into the new albums now, but Microsoft says Android owners and people using its own Windows Phone OS will need to wait a while longer.
Searching through those files will be easier, too. OneDrive will use Bing's search technology to let users look for Office files and PDFs by text contained inside, and photos based on location or the time they were taken. Each photo can also be tagged, either manually, or by OneDrive itself — Microsoft says, rather ominously, that the storage system will "automatically identify" tags for uploaded photos.
Microsoft has also extended the deal it announced last September, whereby users can increase the storage offered for free on OneDrive, from 15 GB to 30 GB, if they turn on automatic camera backup. That's a hefty increase — OneDrive's free 30 GB is far more than cloud competitors Dropbox and iCloud make available to non-paying users. Coupled with OneDrive's changes to the uploading, organization, and searching of files, Microsoft's cloud storage is becoming an easier and prettier system to use and manage, and an increasingly enticing option.
Subscribe to:
Posts (Atom)