Monitoring a small business IT infrastructure

By IT Infrastructure  August 26th techradar.com

Keep an eye on the infrastructure

Monitoring and management tools are becoming more complex to deal with increasingly sophisticated applications. But many small businesses have neither the time nor resources to devote to properly managing their IT infrastructure.

For SMBs, this increasing complexity provides a challenge. Even the smaller firms may have several desktops and laptops, handheld devices, servers, a network and applications to manage, often with no dedicated IT staff. The person looking after the IT infrastructure may often have other responsibilities that could be prioritised ahead of IT.

If things are not properly managed a business can suffer from outages, security threats and data loss. With the right tools, however, it's possible to manage and monitor the infrastructure to reduce the frequency and impact of outages and other incidents that can affect a network.

Basic function

The most basic function of a monitoring tool is to show whether or not a device (such as a router, switch, server or database) is operational. Used correctly, this will allow you to find problems before your users do so, but this requires a proactive approach to ensure the network stays up and calls to the helpdesk stay down.

If you don't know what's on the network, chances are you won't know of any inherent problems. Mapping out the infrastructure topology will help in identifying weaknesses and choke points, and help in redesigning the infrastructure and implement best practice on it. It will also provide opportunities to improve the layout, and clues to why outages have happened, which will help in fixing them.

When using monitoring tools, you can't always be glued to the screen waiting for problems to happen. Setting up alerts for specific incidents is a good way to stay on top of problems while dealing with other work. Functions for this can be found in monitoring tools and can be set up to email or message an IT administrator in the event of a problem.

Utilisation uptick

With a growing business, there will be an uptick in the utilisation of the infrastructure, and you need to plan for any extra devices the growing demand for bandwidth. Monitoring will allow you to see when and where you are close to capacity and react to prevent services slowing down.

Once you have a map of the network and all the devices using it, you will be able to focus on individual devices and check their status (such as availability, packet loss, response time, traffic and error rates). This can help in detecting network problems before they get out of hand.

Many monitoring tools can keep a historical record of devices on the network that can show up intermittent problems and help in fixing them.

With careful monitoring and timely reactions it is possible to prevent problems with an IT infrastructure getting out of hand. This will save a lot of time for whoever is looking over the network and those using it, and more importantly assure your customers that you are open for business.

How to make your IT infrastructure more efficient

You need to look at applications and processes.

By TechRadar  August 19th

So this is how you win some applause.

Making your small business's IT infrastructure more efficient can involve one of two things: you can try to run your network and systems for the cheapest price possible, or you can maximise the usage of those systems to wring every last drop of performance out of them.

It is not only about making sure the servers, storage and networking are up to scratch though; you also need to look at applications and processes.

Increase server utilisation

If your business uses a data centre or you have a server room, you can improve its efficiency by using virtualisation. This allows you to move many workloads onto fewer, more powerful servers.

Unnecessary old servers can be retired and you will be able to obtain advantages in flexibility, scalability and data centre automation.

Cut storage costs

The need to store data is growing and shows no sign of abating any time soon, and this will increase the expense of storing content.

Consolidating storage in a virtualised storage area network can allow firms to break away from server-attached storage. Then then speeds up backup, retrieval and archiving, because tasks don't compete for system resources with a server.

Storage virtualisation provides a way to combine all storage in the infrastructure into one centrally managed resource, which can lead to time and money savings.

Deduplication eliminates redundant data and can significantly reduce storage requirements – fewer disks are required and this can help to cut costs. It can also increase bandwidth efficiency and improve disaster recovery as there is less data to transfer. Backup and archive data usually includes a lot of duplicate data.

Reduce software costs

Efficiency can be improved and costs cut by identifying and eradicating unused or under-used software.

Firms often buy more software than they need so they can get volume licensing discounts, and to make sure they are licence-compliant. But they often end up paying for unnecessary software, support upgrades and asset management.

Organisations need to have in place a process for IT asset lifecycle management to ensure that software costs are at a bare minimum while maintaining compliance. A focus on software costs, workload analysis, negotiations and contracts can save more than 30% of the relevant spending.

Outsource IT tasks

In your organisation, is the IT team really making the best use of its time on tasks such as security or communications? It can be more efficient to outsource such tasks to a managed service provider.

Such providers will have capabilities that your company needs but may lack, and can ensure that routine but crucial tasks are done without you spending time or money cultivating that expertise in-house. Outsourcing also allows employees to focus on work related to the organisation's core competencies.

Create a long term plan

Replacing technology can disrupt the productivity of your workers. If you plan out your business objectives carefully and align technology to those objectives this will streamline your infrastructure and increase business performance.

How tools for targeted ads also boost targeted attacks

Matt Huang, Special for CyberTruth7:43 p.m. EDT August 19, 2013

Most of people are familiar with online ads. You see it everyday on webpages you browse. Most people also know that these ads are "targeted."

For example if you're shopping for a car and browsing related sites, you seem to start seeing more car-related ads, and sometimes the exact manufacturer that you are interested in.

Google, Yahoo! and ad networks have spent billions of dollars and years to develop these targeting technologies so ads can be served to "target" their audience.

However, protecting ad network infrastructure is a hard problem to solve. The ad ecosystem is so big with such sophistication that it's hard to pin point which party in the ad serving chain is ultimately responsible for the malicious ad.

In most cases, the website that displays the ad and the end user who sees the ad have no control over what ads will be displayed. This becomes a perfect playground for attackers. The technology is readily available, the cost is cheap, and the impact is not only great, but can be precisely targeted.

Most of the more security-aware have heard of the very hot term "targeted attacks", or "advanced persistent threats" as we call it in the industry. It is a new generation of attack where the attacker target individuals and organizations that they want to breach or infect. This is more powerful than infecting the general public; the attackers may be seeking specific information, source code, or intellectual property from a company or a government organization.

This is where advanced threats and online ads intersect, and the key word is "targeted."

Attackers have learned to leverage the advanced, ready made, and cheap technologies of the online ad ecosystem to serve their attacks. When they do so, the attacks can easily be targeted at a geographic location; at a certain time; or to a specific industry or community. They can turn the ad campaigns on and off, and they can see the click rate to determine success.

The attackers' ecosystem is built to differentiate humans versus automated crawlers and makes sure content is served to humans only. This makes it difficult for automated security scanners to "see" the malicious ads, and block them.

Industry initiatives such as the anti-malvertising working group at the Online Trust Alliance (OTA) are starting to look at the issue, and security vendors like Symantec and Armorize have started to provide solutions and technologies that monitors for malvertisements on websites and in ad networks. But it's still very early, and there are many more battles to come.

Why online and mobile ads are ripe for hacking

Byron Acohido, USA TODAY6:16 p.m. EDT August 19, 2013

SEATTLE — The multibillion-dollar Internet ad industry last week got a big wake-up call, courtesy of the Syrian Electronic Army.

The hacking group with ties to Syrian President Bashar al-Assad cracked into Outbrain, a third-party recommendation service, by fooling one of its employees to click on a viral Web link sent via e-mail.

That toehold inside the company's network enabled the hackers to change the widget settings Outbrain uses to recommend content from its big media partners and thereby gain access to the networks of The Washington Post, Time and CNN.

As hacking goes, nothing too complicated, really. Yet that headline-grabbing caper punctuated a series of recent disclosures showing just how porous the burgeoning online ad industry really is.

Those online ads you see that sometimes seem to sense your whims don't happen by accident. They are the result of media and tech giants furiously collaborating across the Internet with third-party app developers and ad brokers to send you ads that match your surfing habits.

The more we use online collaboration tools, social media sites and mobile devices, the more the ad industry can track our surfing habits to cash in. This entire enterprise by design has been made cheap and easy for third-party entrepreneurs to participate, and thousands do so. The unhappy corollary: The system is also ripe for spies, hacktivists and scammers to manipulate.

"The ad networks have been exposed and brittle for as long as they have existed," says Gunter Ollmann, network security firm IOActive's chief technology officer. "Some of the most successful criminal gangs rely heavily upon usurping ad networks to pimp their fake antivirus software and credit-checking services."

At the Black Hat conference in Las Vegas last month, researchers from website security firm WhiteHat Security demonstrated how it's possible to simply spend a few dollars to circulate innocuous ads that can commandeer Web browsers and use them to launch denial-of-service attacks against other websites.

To date, such denial-of-services attacks have been launched by botnets — large networks of thousands of infected PCs or Web servers under command of an attacker. WhiteHat's demonstration showed how anyone willing to spend less than $100 can circulate a simple ad that could manipulate the ad networks to perform much like an attacking botnet.

WhiteHat CTO Jeremiah Grossman and senior researcher Matt Johansen showed why it is so difficult for the top ad networks, operated by Google, Yahoo, AOL and Microsoft, to filter infectious ads. The bad guys are expert at manipulating ad networks to serve viral ads in a rotation based on location, time and surfing habits of the individual consumer. Meanwhile, hundreds of smaller ad networks don't do much security checking at all, and any one of them will display an ad for dirt cheap.

WhiteHat researchers showed how easy it would be to circulate an innocuous paid ad that didn't do anything overtly malicious. For instance, the ad could upload an image from a targeted website, a routine task.

However, the attacker could tweak the ad to upload the image 10 or 15 times, and then pay to have an ad network circulate the ad on thousands of Web pages, which may cost only a few dollars. Grossman and Johansen estimate that to knock down anything but the top-tier Web properties, which have substantive DDoS (distributed denial-of-service) protection in place, would cost no more than $20 per hour.

Each person who simply viewed, not even clicked, on a Web page carrying this ad would thereby ping the targeted website with potentially hundreds of image requests each minute. Multiply that by hundreds, thousands or millions of people viewing thousands of ads on Web pages and it wouldn't take long to shut down the website.

"The bad guys will use whatever means is available to them, and they've been using advertising networks to distribute malicious software for years now," Grossman says. "It's easy, inexpensive and gets them in front of millions of people."

Meanwhile, researchers at Taipei-based network security firm Armorize Technologies have documented in detail how hacking groups seed viral ads on popular websites in a way so as to avoid detection from search-engine filters, while also being targeted to appear only in certain regions of the world at pre-set times of the day.

And then there's the budding criminal enterprise of corrupting mobile ad networks so that they deliver malicious software to mobile device users. Researchers at Palo Alto Networks recently discovered this sort of attack unfolding in a novel way that exploits how popular Web apps are intricately hooked into mobile ad networks.

The nasty bit of coding that got circulated was not detected by antivirus software. It took over the infected device's SMS texting function so that the attacker could send text messages from the mobile device, as well as intercept messages coming into the device.

Mobile apps have hooks built into them to reach out to the appropriate ad network to fetch ads and update them so that the app developer gets paid, says Palo Alto Networks senior security analyst Wade Williamson. To do this, the developer needs to embed software from the ad network into the mobile app.

Bad guys are locating ad networks that aren't well protected and seeding malicious software on those networks. So any legit Android app that hooks into that particular ad network begins spreading their malware.

"A legit app developer can unknowingly partner with a corrupted ad network so that when his app reaches out to serve an ad from that network, now malware gets delivered to the mobile device user," Williamson says.

Paul Ferguson, director of threat intelligence at network monitoring firm Internet Identity, says the low barriers meant to encourage bloggers, app developers and anyone who wants to run an ad network into joining the online advertising ecosystem ensures bad guys will continue to take advantage.

"From a technical perspective, it is difficult to nail down malicious ads because of how they are served up to visitors in a rotation," Ferguson says. "And the ad may be targeted based on any number of criteria, such as geo-location or previously visited sites."

Complex industry going up the cloud

By Corrie Salientes-Narisma in San Jose, California/Philippine Daily Inquirer | Asia News Network – Sun, Jun 23, 2013

San Jose, California (Philippine Daily Inquirer/ANN) - Manufacturing companies may not be able to move their actual production lines into the cloud but they sure can manage there their shop floors, supply chain and inventory, financials and a lot of other tasks crucial in running a manufacturing business.

And what better way to enable manufacturers to focus on their core business¿making products¿than by lightening up their load on noncore but equally important aspects of their operations by bringing them to the cloud.

For a company to survive and stay competitive in an ever-changing market environment, going to the cloud and keeping connected may be the best way to go. The same goes for brick-and-mortar businesses.

Huge multinational manufacturing companies may not have a problem dealing with the complexities of modern times. With the resources they have, they can establish their own on-premise infrastructure and systems. But others, especially those that do not have the resources to build the systems that will help them become more productive and efficient, may not stand a chance.

It is here where NetSuite Inc., a leading cloud-based business solutions provider, comes into the picture. Its cloud manufacturing solutions were launched at the SuiteWorld 2013¿a gathering of NetSuite customers, partners and developers¿in San Jose, California last May.

NetSuite chief executive officer Zach Nelson says manufacturing is a complex business. But NetSuite, after years of research and development, is able to come up with a wide range of cloud-based capabilities for people and companies that actually build things.

With NetSuite¿s next-generation cloud-based solution, which appeared to be totally unviable before due to the complexity of the production process, Nelson says he now expects a sea of change in the manufacturing industry.

The manufacturing solution is a result of the evolution of NetSuite¿s offerings, Nelson says.

"For distributors, we have rich inventory capabilities and all things related to managing items. We saw that some of the distributors were also manufacturers in the sense that they assemble things. So we had, about four years ago, introduced a functionality called white manufacturing, which is really assembly," he explains.

"Prior to the launch, our products were great for outsource manufacturers¿those who do not really make things. They send their materials to somebody else who will build the products and get the finished products for distribution."

That served as a starting point for the cloud manufacturing solution which was built on top of the existing NetSuite platform, Nelson says in an interview with Philippine and Hong Kong journalists in San Jose.

The manufacturing suite includes a number of functionalities that will allow companies to fully run their businesses end-to-end. These include availability to promise or ATP, standard costs, work-in-process tracking and routings.

ATP is a system that provides visibility to inventory and supply chain, allows direct reservation of sales orders against the supply chain and automates the sales order commitment process.

According to NetSuite, the routing and scheduling capability in the suite allows production managers to define scheduling parameters, such as setup time and run rates for each operation. It also allows the creation of assemblies involving multiple steps and roll-up of standard costs. The work-in-process inventory tracking capability with new multistep functionality enables manufacturers to closely manage work-in-progress inventories to minimize inventory holding costs, prevent stock-outs and maximize efficiency.

The cloud solution covers manufacturing-specific requirements such as shop floor and project control, multisite and multidivision operations and warehousing, demand planning, production engineering, lot and serial control, standard costing, bill of materials and assembly building.

The delivery of real-time visibility into costs and customers enable manufacturers to make data-driven business decisions and adapt swiftly to opportunities and threats.

NetSuite SuiteCloud provides a robust environment to customize solutions to meet unique business needs. All customization seamlessly carry over with each periodic upgrade, eliminating users¿ concerns that customizations will be lost with an upgrade.

Netsuite¿s partnership with 3D design and product lifecycle management (PLM) companies provide its customers with a complete solution to manage product lifecycle¿from design to delivery¿entirely in the cloud and in one single suite.

An alliance with cloud-based design and engineering software provider Autodesk Inc., which was also announced at the SuiteWorld, will allow NetSuite to integrate its capabilities with Autodesk¿s PLM 360, a next-generation cloud-based lifecycle management solution. This, according to NetSuite¿s statement, is a major breakthrough in delivering an end-to-end solution for ideation, design, manufacturing, service, multichannel sales and beyond to the manufacturing industry.

"This gives manufacturers a single, closed-loop solution to accelerate product design and development, reduce risk of errors and delays, streamline supply network collaboration and gain critical real-time visibility into pricing, scheduling, capacity and profitability," according to the statement.

NetSuite has packaged its manufacturing offering with other business solutions, such as financials, enterprise resource planning (ERP) and customer relations management (CRM).

"Modern manufacturers require a system that helps them reduce costs during the design process, efficiently manage multichannel distribution, continuously innovate and leverage a dynamic supply network while adapting to mobile-empowered customers who demand modern e-commerce experience," the company said in a statement.

It adds that traditional on-premise software used by manufacturers creates a barrier to product innovation and business growth by increasing IT (information technology) costs, therefore driving up the cost of production and decreasing business efficiency and accuracy.

Establishing the traditional on-premise system not only costs a lot but also takes several years to complete. On the other hand, tapping cloud-based solutions is less costly and takes a much shorter time to get the system online.

COPYRIGHT: ASIA NEWS NETWORK

In-memory computing: the SMB perspective

IN DEPTH Advanced software and cloud services are removing barriers to entry

By Kane Fulton | TechRadar.com

In-memory computing is accelerating data analysis

Having gained traction in the larger enterprise in recent years, in-memory computing (IMC) is now becoming a viable option for small to midsized businesses (SMBs).

IMC involves storing critical business information in the random access memory (RAM) of dedicated servers, rather than in relational databases on traditional hard disks. It removes bottlenecks and positions data closer to the processor, allowing analysis to take place in 'real time'.

According to a recent Gartner report, the declining cost of RAM and maturing software systems are making it easier to SMBs to pick up on IMC.

"The industry has been through a period where large enterprises have used in-memory computing on a very experimental level," says Bo Lykkegaard, analyst at IDC. "The technology is now beginning to spread to smaller companies via different routes off the back of that."

Embedded analytics

A number of vendors targeting smaller businesses are beginning to integrate IMC technology into their analytics solutions, including Tibco Spotfire (in Spotfire5), QlikTech (Qlikview), and PowerPivot (Microsoft), which allows users to load data in-memory that can be manipulated using Excel.

"These vendors provide business intelligence tools that allow you to load in-memory data from your data warehouse or from various data sources," explains Gartner analyst Massimo Pezzini.

"While the data is in-memory you can analyse it using graphical or navigational tools that return results very quickly."

Pezzini adds that SMBs should not think in terms of how much data they have when considering an IMC solution, as a more important question lies in the frequency of reporting.

"You probably don't need in-memory computing if you only run reports once a week or month," he says. "However, you would need a data visualisation tool if you needed to analyse data in real time to identify opportunities and track profitability of your product line or customer activity."

Tableau Software, a provider of data visualisation solutions, offers an "in-memory Data Engine" which can extract data to bring it in-memory before executing fast query responses on hundreds of millions of rows, all performed on scalable commodity hardware.

"When users are able to get answers to their questions at the speed of thought they are able to ask more questions of their data, and safely explore different assumptions and perspectives," says Francois Ajenstat, Director of Product Management at Tableau.

"If people can make decisions based on facts and figures rather than gut feel then the quality of the decisions will increase which will result in greater business outcomes."

Innovating at speed

While SAP is not credited with inventing in-memory computing (it has been around since the 70s), it was the first vendor to ramp up marketing efforts around its own IMC technology when it launched HANA in late 2011.

SAP recently integrated HANA's technology, which allows businesses to run both analytics and transactions on a single database, with its BusinessOne management suite for SMBs. This removes the need for a separate data warehouse to run reporting tasks, thus lowering the potential total cost of ownership (TCO).

"Simplistically, HANA is an added-on appliance to BusinessOne, which allows the customer to pull data from the transactaional database and run analytics on top of it," says Rich Philips, UK Channel and Sales Director at SAP. "It's pretty low risk as you don't have to switch off the BusinessOne system while you're deploying and delivering the analytics alongside."

Philips adds that this could give SMBs a competitive advantage, providing the example of a retailer with six or seven stores that needs to find out whether a specific TV is in stock.

"If a customer enters a store and wants a particular TV that's not there, but is in another store, the SMB only knows the exact stock level of that particular item at that time," he says. "The current method to get an update would be to do an end-of-day stock check and submission to the back office, which could risk the customer going to that store to find out the TV has been sold."

"The benefit of IMC is that you don't have to wait for the transaction to complete until you can perform all of the analysis on it and get an update. That can help keep customer dissatisfaction at bay, and of course, loyalty in today's economy is very short lived."

Cloud memory

For businesses unable to afford the on-premise route to deploying IMC, IDC's Lykkegaard says that cloud solutions give SMBs access to the technology without the capiital expenditure. Amazon, for example, offers Business One with HANA database and compute power on Amazon Web Servers for a pay-as-you-go hourly fee.

"Amazon offers small companies the choice of shifting computer tasks, computer intensive work out there to the cloud with very limited cost," he says. "That may allow retailers with the skills to do more exploratory work, or assist smaller specialised companies servicing larger ones."

"It's all about this democratisation of in-memory computing that is happening right now with the ability to purchase computing power and software in very small increments."

Gatner's Pezzini says that many SMBs are also already likely to be using IMC though subscriptions to software-as-a-service (SaaS) cloud services.

"Quite a lot of SaaS applications are based on in-memory computing types of architectures," he says. "It means many businesses won't know they're using it explicitly, but it's embedded into certain types of applications, such as logistics, planning and other things of this nature."

Pezzini gives the example of Workday, the cloud-based financial and human capital management soutions provider, which is built on an in-memory architecture.

"In-memory computing enables Workday to implement functionality and provide the scalability and performance that would be very hard to implement using traditional architectures," he says. "They don't market the fact that they use the technology or give users a choice of whether they want it or not. It's just there."

IDC's Lykkegaard adds that cloud-based social media monitoring services, which allow businesses of any size to instantly analyse Twitter and Facebook activity, are also driven using IMC technology.

"This is another way of how these small enterprises will start to use in-memory computing," he says. "It's just going to be increasingly under the hood of some of these services and software that they are already using."

First look: Mac Pro

WWDC 2013 Apple isn't done innovating just yet

By Luke Brown | TechRadar.com

Apple staging a revolution of its own with the new Mac Pro

While Microsoft and Sony were busy readying next generation console reveals on Monday, Apple was prepping for a next-gen reveal all its own.

During its Worldwide Developers Conference, Apple unveiled the long-awaited new Mac Pro desktop, complete with a drastic and stylish redesign.

Of course, style isn't everything, and the Mac Pro packs a lot of punch into its diminutive cylindrical frame, which Apple claimed would provide "breakthrough performance" at one-eighth the size of current Mac Pros desktops.

Let's take a closer look at just what makes the new Mac Pro a desktop worth getting excited about.

Mac Pro: what's under the hood?

Inside Apple's short stack (credit: Tech Crunch)

Apple wasn't squeamish about breaking the Mac Pro open to give everyone a glimpse at the innards powering the 9.9-inch desktop.

The Mac Pro brings the noise with Intel Xeon E5 processors, which in turn are capable of supporting up to 12 core configurations to deliver two times the floating point performance.

Coupled with a pair of AMD FirePro workstation-class GPUs, the new Mac Pro is more than ready to handle up to seven teraflops of computations, and delivers speeds more than two times faster than current generation Mac Pros.

Bask in the Mac Pro's obelisk-like stature

More impressively, Apple is including 1,866MHz DDR3 RAM in the revamped Mac Pro, which gives it the ability to deliver up to 60GBps of memory bandwidth.

With that kind of power, the Mac Pro is a filmmaker's dream, as it's able to render full-resolution 4K video, while also working out rendering effects on the side.

All of this hardware is built around a unified thermal core, which will give the Mac Pro the advantage of distributing that thermal capacity across all the processors evenly.

Mac Pro: Ports galore

A port for any storm (credit: Tech Crunch)

A desktop wouldn't be any good without a plethora of ports, and the Mac Pro has them in spades.

There are six Thunderbolt 2 ports, each capable of supporting six daisy-chained devices, meaning you could have up to 36 different external devices hooked up to the Mac Pro with ease.

Add in the fact Thunderbolt 2 allows for up to 20GBs of bandwidth to each plugged device, and you've got yourself outstanding external performance almost unheard of to this point.

Even if you don't have a wealth of Thunderbolt 2-compatible external hard drives or displays, the Mac Pro's ports are completely backwards compatible with existing Thunderbolt connections, meaning you won't have to upgrade every last device you already have.

It's all very 2001

Mac Pro: Apple murky on release date

While specifics about an exact drop date and price for the Mac Pro haven't been divulged, Apple is planning on releasing the black beauty later this year.

It's been a while since Apple's dropped a desktop this revolutionary on consumers, and we can't wait to see what the Mac Pro is actually capable when we get our hands on one.

After all we've seen so far, we're inclined to believe Apple when it calls the Mac Pro "the most radical Mac yet."