2009/06/25
InternetNews: Sun Exec: Cloud Changes Sysadmin Job
by Alex Goldman
If you're an IT manager, cloud computing will fundamentally change your job, said Hal Stern, Sun vice president of engineering, in a speech at the technology management conference of the Securities Industry and Financial Markets Association (SIFMA) here Wednesday.
"With services, we are leaving the hardware world," Stern said.
He meant that system administrators will monitor the network and not its hardware components. "We still need sysadmins but we don't need them running around the datacenter with a socket wrench," he said. "Instead, they will use telemetry and tools to assess capacity, security, and performance."
But what is the cloud? According to Gartner, the cloud has five attributes. It is service-based. It is scalable and elastic, able to add and remove infrastructure as needed. It uses shared infrastructure to build economies of scale. It is metered and users pay according to usage. Most importantly, of course, it uses Internet technologies.
Some companies don't want to share the infrastructure, so they build what is called private clouds. Others focus on price, and are willing to share the cloud infrastructure with other companies in cheaper public clouds.
"In Sun's view, there will be many clouds. There will be private clouds and public clouds and a spectrum of clouds in between them, even though at the moment the distribution of clouds is barbell shaped," Stern said.
Tension between developers and deployersFor IT managers in general and system administrators in particular, cloud computing can solve one nagging headache, Stern said. "Cloud computing can help solve the tension between developers and deployers. This tension has existed since the Garden of Eden. Why would the apple be there if not for developers to play with it," he joked, inferring that IT administrators are God.
He said, "IT administrators ask: why are users so needy? How can I audit what they're doing? Why do they need so many versions?"
All of this is easier in the cloud. Applications can be monitored and deployed better, depending on a company's needs.
"Startups see the cloud as a way to spend money on salaries, developers, and beer – and not on infrastructure," Stern said.
The cloud makes it easier to monitor usage, but paying according to use isn't always cheaper, Stern warned. He noted that if you drive a car every day, you should buy one, but if you drive a car occasionally, it should make financial sense to rent one.
Sometimes, business managers use the cloud to avoid IT. Stern pointed to the story of New York Times data architect Derek Gottfrid who used Amazon's AWS and the Hadoop parallel data processing architecture to turn 70 years of newspapers into the TimesMachine archive.
"Eyebrows were raised when Gottfrid did an end run around the IT department," Stern said."
Stern noted that it makes sense to use the cloud to process this quantity of data (810,000 PNG images (thumbnails and full images) and 405,000 JavaScript files) if and only if you're not doing it every day.
TheRegister: Crypto guru urges incentives for SSL cert recall
by John Leyden
An SSL security guru is urging incentives to promote website certificate upgrade in response to problems with a widely-used digital-signature algorithm.
Collisions in the MD5 hashing algorithm mean that two different inputs can produce the same output. Last year independent researchers showed how the cryptographic flaw might make it possible to forge counterfeit digital certificate credentials.
The trick might be used to set up phony websites with bogus certificates that, as far as a visiting surfer's browser is concerned, are indistinguishable from the real thing.
Dr Taher Elgamal, chief security officer at Axway, who is credited as the inventor of Secure Socket Layer (SSL) technology, told El Reg that solving the problem means moving onto digital certificates that use a more secure SHA-1 or SHA-2 hash function. However, progress has been far too slow, according to Elgamal. Although he didn't have figures the distinguished cryptographer was adamant that the digital certificate refresh process was p[proceeding only at snail's pace, and needed to be pushed along.
"Web servers need to discontinue MD5," Elgamal told El Reg. "VeriSign, which is fully aware of the problem, should offer discounted SHA-1 and SHA-2 certificates."
MD5 was fine in the past but is now simply not sophisticated enough. Indeed even SHA-1 is beginning to show itself as potentially vulnerable to the same sort of collision problems, albeit to a lesser extent than MD5.
"Algorithms don't stay secure forever, it's an issue of computing," Elgamal explained.
Much has been written, since the discovery of a serious vulnerability in the nets addressing system by Dan Kaminsky last year, about the need to move from DNS to a more secure version, DNSSec.
The SSL protocol, by contrast, remains robust and workable, according to Elgamal. "The protocol needs no big change, it's how it integrates with browser that needs to be improved," he explained.
For one thing, the trust model of browser makes it easy for consumers to add new trusted digital roots (Certificate Authorities). "Browser just randomly trust the root. There's not enough checking on the browser side."
Browser security came across as one of Elgamal's key concerns. He praised Google's developers for adopting a robust security model with Chrome, which used sandboxing to isolate any malware that does come through the browser from the rest of a system while adding that this is "the right model but it's not there yet". More generally, Elgamal said browser developers should "avoid trying to compete on trust", instead working more closely together on security.
Such co-operation is commonplace in cryptography but harder (though not impossible) to imagine between rival development teams at Microsoft, Google and Apple, of course.
Elgamal also said more needed to be done to address the potential danger of man-in-the middle attacks, where hackers sit in the middle of a conversation between a surfer and a bank, impersonating one to the other.
"This breaks the trust model, not the encryption, as such," Elgamal said. He added that two-factor authentication - while not complete - offered a way of mitigating risk. Two-factor authentication technology means, in practice, that users use a token that generates a variable electronic code in addition to their login credentials in order to gain access to an online banking site, for example. ®
InfoWorld: Many companies say they will adopt cloud computing within two years
by Julie Bort
One-third of 1,200 organizations plan to convert their application environments away from a traditional, client-server model to one based on virtualization and cloud computing over the next two years, according to a study commissioned by Microsoft and released today. The study sought to broadly determine global IT spending priorities.
While the survey was far from comprehensive, it did uncover a few silver-lining facts. IT spending budgets will not be cut, with 98 percent saying they will generally maintain or increase their planned investment. Nearly 2/3 say the economy has created reason to invest more in one or more areas of technology. And of those, virtualization, security, systems management and cloud computing are the areas of choice. Specifically:
- 42 percent plan increased investment in virtualization
- 36 percent plan increased investment in security
- 24 percent plan increased investment in systems management
- 16 percent plan increased investment in cloud computing
Given today's economic climate, much of the study produced results on spending priorities that you might expect. Security remains the top challenge, with 73% saying protection of consumer and customer data as the top priority. Additionally:
- 55 percent indicate that the economy has changed the role of IT in their organization
- 51 percent say that budget cuts are the biggest barrier to innovation
- Innovation is taking a back seat to maintenance. In 2009 companies on average worldwide will allocate 37 percent of their budget to innovation and 63% toward "keeping the lights on"
However, one of the more surprising areas was that U.S. companies were allocating less budget toward "innovation," and more toward maintenance than their international counterparts, said Microsoft's Bob Kelly, corporate vice president of infrastructure server marketing in an online press conference. In the U.S. the breakout was innovation 29 percent vs. maintenance 71 percent. This compares to the U.K. and Japan's 41 percent / 59 percent ratio and Germany's 35 percent / 65 percent.
With respect to U.S.'s lower ratio, Kelly says, "The U.S. was the hardest hit in some respects from the economic downturn but also has the opportunity of coming back faster. Nearly 70 of the IT pros we surveyed believe that their investments in IT will drive revenue growth and become a competitive advantage over the next three years."
One area that won't be seeing the greenbacks is green IT, the study found. While most of those surveyed (84 percent), said they considered green factors when making decisions about datacenters, when push comes to shove, a technology's green-ness is only a factor for 44 percent when deciding what to spend on. In other words, the study suggested that people like to think about eco-conscious IT options, but these have a reputation of costing more and they aren't willing to spend more for so-called green technologies, at least not in this economic climate.
