Key benefits of Thin Computing

Security

Unlike PCs, thin clients have no local storage devices. It is not vulnerable to viruses and other malware. Since there is no way to store and remove proprietary information from thin clients, that data is always safe on the server, and compliant with privacy regulations. And since nothing is stored on the desktop, there is nothing of easy value for thieves to physically remove. Security software is also easier to maintain, update, and upgrade on a few servers instead of hundreds or thousands of desktop systems.

Manageability

Backing up data is easy, since all the data resides on the server. Since all applications are stored and delivered from the server, updates can be performed at the server level, eliminating the need for manual updates of individual systems. This also improves version control for applications.

Availability

There are no moving parts to fail because thin clients have solid-state technology.  And with no local storage, there is no chance for an individual system to come under attack from viruses and malware. Plus, should a thin client ever fail, the data is always instantly available to another system from the server.

Reliability

Thin clients are 10 times more reliable than PCs because there are no mechanical parts, such as fans or disk drives, to break down. With no local storage of applications or data, it is impossible to download viruses, malware, or software that causes conflicts with more mission-critical applications. We pushing storage and computing power to more reliable servers, thin computing dramatically increases the reliability of the entire infrastructure.

Total Cost of Ownership [TCO]

Thin clients low initial purchase cost. On average, thin clients can save you more than Rs.40000 per seat per year in maintenance costs. This can be as much as a 40-percent savings for most IT departments, a significant savings for organizations whose IT budgets are primarily allocated to maintenance.

Scalability

The greatest challenge for rapidly expanding enterprises, businesses, and organizations is rapidly deploying systems. With thin computing, the only set up required in a remote office is plugging in three or four cables. The rest of the set up can take place in the data center.

IT Audit

IT Security Audit: Important Terms

“Hacker stole thousands of credit card numbers” is a story that seems to run in the news on a daily basis.

In order for businesses to adequately protect their internal and customer data, they must understand the risks and vulnerabilities affecting their systems. Penetration testing and vulnerability assessment are two paths to understanding these risks. Although these terms tend to be used interchangeably, they are in fact different procedures. Understanding the differences between these two types of assessments is important when selecting the one that best fits the needs of the business.

Penetration testing provides a view of the risks and vulnerabilities that exist within a business’ internet-facing systems. Often called “ethical hacking,” penetration testing requires security professionals to mimic the tactics and tools used by those with malicious intent. These professionals are looking to identify the system vulnerabilities where outsiders could gain access to sensitive data or systems. The ultimate goal of the penetration test is to find a way into the network and systems.

External penetration testing also provides organizations the opportunity to test their incident response process and procedures. Coordinating activities with just IT management, and not the entire IT group, allows management to observe the actions of IT staff during a security incident and determine whether procedures are adequately followed.

Vulnerability assessments, on the other hand, take a top-to-bottom approach to identifying weaknesses affecting both internal and external networks. These assessments are an interactive method of data security testing with the subject participating throughout the analysis. The entire organization is fully aware of the approach being followed and the security measures that are in place.

Considerations

Where do you begin once you have identified the need for a data security review? It is important to consider several factors when choosing a security test approach. These include:

• Who is the target audience?
• Have there been recent incidents impacting data security?
• How mature is the organization’s security function?
• What is the desired time frame for performing the analysis? How often should this analysis occur?
• What is your budget for the data security review?

 “Vulnerability assessments often take longer, so the time frame is important with this choice” and Pricing is also an issue for many companies. The number of hosts, complexity of the technology environment, existing level of security and amount of information provided up-front are some of the factors that have a bearing on costs. For example, if the organization periodically performs their own reviews, it makes the process easier and reduces costs. A centralized IT environment is also optimal.”

Once the need for the security review is established the next step is a detailed analysis of the company network. This includes:

• Gathering public information by searching registered domains and networks, corporate filings, and the internet.
• Identifying target networks and confirming the assessment targets.
• Identifying open ports and services.
• Determining the impacted operating systems and assessing their function.

 Considering using one of the available automated tools to identify vulnerabilities and collect data, including valid system accounts, network resources and applications.

We can see if there’s a web server, file server, email server or other systems that support their external presence on the internet. There are tools to see what’s secure and not secure, but we also perform manual steps to look for other vulnerabilities.

Web application programming issues are high-risk vulnerabilities that are very common right now. A lot of web development has been done in-house by programmers that they not explored much about security programming. People can gain significant access to the environment using exploits against web applications. The number of occurrences of this nature is going up and up. Of course, we still identify plenty of basic security issues such as weak passwords.

Using the information obtained in the network analysis, it is important to identify which areas to include in the penetration test or vulnerability assessment. In doing this, consider the following:

• Determine what is inside versus outside of the perimeter of the company network. This might include:
  • Third-party connections
  • Remote access (VPN, Modems, etc.)       
  • Wireless access
  • Physical access.
• Decide how much information you want to make available during the security review via:
  • Router configurations
  • Firewall rule bases
  • Wireless access point configurations
  • Password files
  • Account access to applications.

 Risk Assessment

Penetration tests and vulnerability assessments can potentially disrupt operations to varying degrees. Companies should balance the need to adequately test the target systems with the need to keep them up and running. The risks associated with security tests can include:

• Temporarily breaking a system or denying legitimate service.
• Creating a backdoor or insecure condition that is not removed in a timely manner.
• Creating confusion in the organization if the activity is detected but not recognized as part of a test.
• A real attack occurring at the same time as the test, leading people to ignore the attack in the belief that it is part of the test.

 The risk of impacting systems unnecessarily is greater with penetration testing and often we will identify vulnerability without exploiting it in order to avoid having a negative impact.

With assessing risk also comes the need for open communication during each stage of the security review. Clear communication is also imperative in identifying business process issues, performing root-cause analysis, and finalizing reports. During the reporting process, attention to the following can facilitate the communication flow:

• Base the level of report detail on the needs of the audience.
• Aggregate the data appropriately rather than using it multiple times throughout the report.
• Consider presenting the details by using databases, spreadsheets, and charts.
• Identify trends and root causes and articulate their impact to the project.
• Present findings and action items in order of importance.

 Close communication is important for fieldwork and deliverables in the reports. Always discuss initial findings before they appear in a report, to make sure things are understood correctly. Good communication also ensures delivery of the project in a way that meets expectations.

                                                                                                                                                         – Thank you to Michael Richardson

IBM BladeCenter vs HP BladeSystem

Features	IBM Blade Center	HP BladeSystem
Chassis flexibility	BladeCenter S, BladeCenter E, BladeCenter H, BladeCenter T, BladeCenter HT, Common set of blades, switches, I/O fabrics and management infrastructure		BladeSystem c-Class,
IBM has many chassis and blade models to support the chassis. Those blades are not backward comptabile.
Blade server flexibility	Intel® Xeon®, AMD Opteron, IBM POWER™, Cell BE™		Intel Xeon, AMD Opteron, Intel Itanium®
All operating systems are supported on HP Blades which includes OpenVMs
Blades/ChassisRedundantBlades/ChassisFully RedundantBlades/Chassis Blades w/ hotswap HDD per chassis	14                           14                           14                           14                              0		16                       8                       0                      16                       16
No active components are placed in backplane of HP Enclosure so there is NO question of failure.
Redundancy	- Dual power connections to each blade- Dual I/O connections to each blade- Dual paths through the backplane to I/O, power and KVM		- Single power connections to each blade- Single I/O connections on BL460c and BL465c blades- Single I/O paths for mezzanine slots 2 and 3 on the BL480c and BL685c
All redundancy is moved to Enclosure rather than a server. By default enclosure is comes with fully redundant this is the reason HP is winning the race. IBM Chassis have power and data signals in single path where as HP have separated path.
Hot Swap HDDSolid State Drives (SSD)	Require Expansion unit which waste 1U and reduce the number of blades per chassisAvailable		No need for expansion unit which save space                                 Available
It seems HP are having an advantage in being able to fit larger number of blades which includes Hot Swap HDD into their C-class chassis, but IBM has a valid argument as most blades customers depend on boot from SAN which provide them with stateless blades and all kind of advantages including the ability of taking snap shots of their blades.IT Best Practice says Operating system on RAID1 with local storage and data on SAN.  It gives high performance, easy management, low Cost/GB and low TCO. In addition, with IBM introducing Solid State Drives it has even reduced the need for hot-swap hard disks even further as these have no spinner and their reliability are way better than SCSI HDD. All HP Blades comes with RAID1 configuration of SAS Hard Drives.  Very less probability of both disk failure since not require to buy high expensive Disk. Now HP also offering Solid state drives as a option. HP can fit more blades with hotswap HDD where only IBM can offer a fully redundant on blades level and not with Chassis. IF ANY FAILURE IN IBM CHASSIS CAUSE HUGE IMPACT ON BUSINESS since all servers will be down by default.
Illuminated path to blade components	Light Path Diagnostics uses battery to help diagnose even without power to the blade.		HP offer diagnostics LEDs beside some components, but will not led without power.
Todays IT Datacenter fully equipped with power redundancy so there is no question on without power. If the blade is not powering ON best option to report to Customer care Technician rather than figuring out on your own this leads more RTO.
Event identification	First Failure Data Capture		Integrated Management Log
Both of them have their own technology to display the failure data.
Blade deployment and redeployment	Open Fabric Manager, Uses standard switches, single login across 100 chassis		Virtual Connect, Uses proprietary switches, single login across four chassis
With OFM still need to call network and Storage teams to make a server change. HP has solved this problem with VC.  Can do literally ANYTHING and no configuration changes require from network/storage side.  HP Virtual connects uses open standard protocol so it works any brand storage or network.
Built-in Management Module	Yes		Yes
Efficient utilization of available power resources	Power Executive™		Power Regulator, a bit Less functionality and over $400 charge
HP and IBM power management software are offering almost the same functionality. In addition, IBM is providing their Power Executive as freebie where HP is charging for it. As far power consumption go it seems both vendor are doing almost as good and the difference in consumption depend on the configuration ordered by the customer.
Investment Protection	Chassis compatibility		Universal Chassis
IBM blades are not backward compatible with all the chassis.

Windows DirectAccess

Windows 7 DIRECT ACCESS

Windows 7 DirectAccess gives mobile users seamless access to corporate networks without the need to use a Virtual Private Network (VPN).

Enabling DirectAccess allows the entire network’s file shares, intranet websites and other applications to be available wherever there’s Internet. DirectAccess also allows administrators to update Group Policy settings on remote computers. Administrators can also distribute software updates whenever the computer is switched on, and has Internet access, even if the user isn’t logged in.

Windows 7 DirectAccess incorporates Internet Protocol Version 6 over Internet Protocol security (IPv6-over-IPsec) for encryption. Internet and Intranet traffic is separated by DirectAccess. Both users and computers can be authenticated and Windows 7 DirectAccess supports multifactor authentication like smart cards.

Organizational Advantages
- Productivity is enhanced because mobile users can keep connected to corporate networks all the time.

IT Advantages
- Specific resources on the Internet can be switched off for certain users or machines.
- Administrator can allow only specific servers or subnets.
- Reduce the complexity of environment
- Easy to manage & always keep control on remote environment

User Advantages
- Accessing the network resources appears seamless
- It ties in nicely with Folder Redirection, Which synchronizes files across the network.

Financial Advantages
- Reduction in Initial Cost of Ownership
- Reduction in Operational Costs

Security
- IT Uses IPSec communication.
- Multifactor Authentication [AAA Mechanism]

Save Energy

Energy Savings – Part 1

In this tight economy, businesses are increasingly looking for ways to cut operational expenses and provide service to their customers. One area that offers opportunities to save now is lighting for your offices and buildings.

Each CFL bulb installed saves an average of Rs. 500/- in energy costs, 50 kilowatt hours and 75 pounds of carbon dioxide emissions per year.

Below are some tips for when purchasing CFLs:

1. Choose only nationallay recongnized CFL, ensure it has been tested and certified to the applicable standards for safety and performance. A certification mark should appear on both the product and the packaging.

 2. Choose an Energy Star qualified CFL to ensure it will provide the greatest amount of energy savings. Energy Star Qualified CFLs also have a minimum two-year warranty.

 3. Choose the bulb that best suits the fixture. CFLs with globes are available in various sizes and shapes to fit most fixtures. They look similar to traditional incandescent bulbs and may look better in fixtures with exposed bulbs.

 4. Determine how much light is needed. Check you fixture to ensure the light is the proper size and wattage. Light output is described as “brightness” and is measured in lumens.

Below sample calucation is for one CFL comparing with one regular bulb

Assumptions
100W GLS being replaced with an 18W CFL
No. of hrs of usage per day – 5 hrs
Per annum calculation days – 350
1unit (1 KWH) cost of electricity – Rs 5 per KWH 

Sample Calculation
100 W GLS being replaced with an 18 W CFL 
Savings per lamp = 82W   
No. of hrs usage per day = 6 Hrs
Therefore no of hrs usage per annum    = 2100 Hrs (6*350)
Therefore electricity saved per annum   = 172200W hrs (82*2100)
Therefore electricity saved per annum   = 172.2 KWH
Therefore Amount in Rs saved per annum = 861 Rs. (5*172.2)

Useful Links
http://en.wikipedia.org/wiki/Compact_fluorescent_lamp
http://www.energystar.gov/index.cfm?fuseaction=find_a_product.showProductGroup&pgw_code=LB
http://www.gelighting.com/na/home_lighting/products/pop_lighting_calc.htm
http://www.energystar.gov/ia/business/bulk_purchasing/bpsavings_calc/CalculatorCFLs.xls

Save your Money!!!  Save our Environment by reducing the carbon footprint.