Tag Archives: beyond

Microsoft seeks broader developer appeal with Azure DevOps

Microsoft has rebranded its primary DevOps platform as Azure DevOps to reach beyond Windows developers or Visual Studio developers and appeal to those who just want a solid DevOps platform.

Azure DevOps encompasses five services that span the breadth of the development lifecycle. The services aim to help developers plan, build, test, deploy and collaborate to ship software faster and with higher quality. These services include the following:

  • Azure Pipelines is a CI/CD service.
  • Azure Repos offers source code hosting with version control.
  • Azure Boards provides project management with support for Agile development using Kanban boards and bug tracking.
  • Azure Artifacts is a package management system to store artifacts.
  • Azure Test Plans lets developers define, organize, and run test cases and report any issues through Azure Boards.

Microsoft customers wanted the company to break up the Visual Studio Team Services (VSTS) platform so they could choose individual services, said Jamie Cool, Microsoft’s program manager for Azure DevOps. By doing so, the company also hopes to attract a wider audience that includes Mac and Linux developers, as well as open source developers in general, who avoid Visual Studio, Microsoft’s flagship development tool set.

Open source software continues to achieve broad acceptance within the software industry. However, many developers don’t want to switch to Git source control and stay with VSTS for everything else. Over the past few years, Microsoft has technically separated some of its developer tool functions.

But the company has struggled to convince developers about Microsoft’s cross-platform capabilities and that they can pick and choose areas from Microsoft versus elsewhere, said Rockford Lhotka, CTO of Magenic, an IT services company in St. Louis Park, Minn.

Rockford Lhotka, CTO, MagenicRockford Lhotka

“The idea of a single vendor or single platform developer is probably gone at this point,” he said. “A Microsoft developer may use ASP.NET, but must also use JavaScript, Angular and a host of non-Microsoft tools, as well. Similarly, a Java developer may well be building the back-end services to support a Xamarin mobile app.”

Most developers build for a lot of different platforms and use a lot of different development languages and tools. However, the features of Azure DevOps will work for everyone, Lhotka said.

Azure DevOps is Microsoft’s latest embrace of open source development, from participation in open source development to integrating tools and languages outside its own ecosystem, said Mike Saccotelli, director of modern apps at SPR, a digital technology consulting firm in Chicago.

In addition to the rebranded Azure DevOps platform, Microsoft also plans to provide free CI/CD technology for any open source project, including unlimited compute on Azure, with the ability to run up to 10 jobs concurrently, Cool said. Microsoft has also made Azure Pipelines the first of the Azure DevOps services to be available on the GitHub Marketplace.

Panzura tackles multi-cloud data management

Panzura is expanding beyond cloud file services to multi-cloud data management with its new Vizion.ai option, which is designed to enable customers to search, analyze and control data on premises and off premises.

The Campbell, Calif., company’s CEO, Patrick Harr, said the vendor built its Vizion.ai software-as-a-service (SaaS) offering on a new hyperscale multi-cloud data engine orchestrated by Kubernetes. Vizion.ai embeds machine learning and policy functionality for data analytics and control. It features an open API for third-party developers to use the Panzura technology with their own applications, such as internet of things and security monitoring.

Panzura initially focused on helping enterprises shift from legacy file-based NAS systems to object storage in public and private clouds. The vendor sells Freedom NAS filer appliances that cache active data in flash drives for fast access, while shifting colder data to object storage. Users can also run the software in virtual machines (VMs) on their own hardware or on public cloud servers.

With the new Vizion.ai SaaS option, Panzura consolidates and centralizes metadata to facilitate fast indexing in its Freedom NAS products, third-party NAS filers, SaaS applications and public cloud storage. The company integrated open source Elasticsearch technology to enable the distributed search capability.

“We’ve had a lot of requests in the past for how to search data in a multi-cloud fashion. And when I say multi-cloud, I’m not only talking Amazon, Azure and Google. I’m also talking about private cloud,” Harr said.

Visibility into third-party storage

Harr said the Vizion.ai multi-cloud data management service gains visibility into third-party storage through connector technology the company is offering to the open source community. Users download a small VM and plug the software into their Dell EMC, NetApp or Windows filers. The software crawls the NAS systems, takes a snapshot of the metadata and uploads the indices into the Vizion.ai service, Harr said.

Panzura plans to support a private managed option for customers to use the Vizion.ai index, search and analytics capabilities on premises in secure environments, the CEO added. That support is expected by the end of 2018.

Panzura built algorithms for machine learning to examine data access patterns to let the software recommend the most cost-effective storage location, Harr said. Users can look at heat maps of hot, warm and cold data. And they can use the technology for audit purposes, because they can see who has accessed the data at specific times, he said.

The Vizion.ai capabilities extend to restoring data from snapshots and cloning data for test and development. A customer might want to move a select workload’s data to the optimal cloud, such as Google for machine learning, Harr said.

Panzura’s multi-cloud data management effort

Harr said Panzura started designing its new hyperscale multi-cloud data management platform two years ago to be able to service billions of files and objects across multiple clouds. So far, more than 100 customers tested a private beta version of the Vizion.ai service.

Panzura opened its Vizion.ai beta to the public this week. When the service goes live in October, Vizion.ai multi-cloud data management will be priced based on gigabytes of data indexed and managed, Harr said. The company will have a free version for customers to index and search 1 GB of metadata.

Beta tester Prosper Funding, a San Francisco-based peer-to-peer lending company, started using Panzura’s hybrid cloud technology in 2016. Fabian Duarte, a senior storage engineer working out of Prosper’s Phoenix office, said the company deploys Panzura to make content available for collaboration from any data center and for long-term archiving on AWS.

Prosper tested Vizion.ai by uploading streams of content from AWS tiers, where it stores 3 PB of data, Duarte said. Prosper asked Panzura for access to hotter data in the local cache through a URL-enabled link that a user could click to open the file. The system downloads and rehydrates the file into the Panzura platform’s retrieval folder, Duarte said.

The Vizion.ai service looks promising, Duarte said, and Prosper will likely purchase it. He said its index and search could benefit customer service representatives who need to access call logs for training, playback or other purposes. The Vizion.ai service could also assist departments that deal with access log and audit information for compliance and risk management. Duarte said Prosper has been testing the uploading and manipulation of content inside the file system to track usage patterns.

“We’ve already gone through the route of using tools like Active Directory for multifactor authentication,” he said. “But now, to have the visibility to see who’s working on files, moving files, trying to access files allows us a greater level of granularity to bring an additional level of security.”

The usage-tracking info collected by Vizion.ai could show the cost to rehydrate archived content and determine which content is a good candidate to move to cheaper cloud storage, Duarte said.

Panzura Vizion.ai architectural diagram
Where Panzura Vizion.ai fits in.

Hybrid cloud data management

“With Vizion.ai, Panzura has the potential to evolve from the traditional cloud storage gateway use case toward global hybrid cloud data management,” Gartner research director Julia Palmer wrote in an email.

Legacy gateways and other hybrid storage products, until recently, have focused on backup, archiving and tiering data to the cloud, Palmer said. They wrote data in a proprietary format that other vendors’ technology couldn’t use.

Steven Hill, a senior analyst at 451 Research, said Panzura’s traditional competitors include cloud NAS and gateway companies such as Actifio, Ctera Networks, Microsoft’s Avere Systems, Nasuni and SoftNAS, along with Dell EMC, Hewlett Packard Enterprise and IBM.

“Today, there are dozens of vendors in the secondary storage market that are merging file and object as part of a more advanced storage architecture that focuses on the problems of information management, security and protection, rather than providing traditional ‘dumb’ storage,” Hill wrote in an email.

Newisys NVMe flash array chases hyperscale market

Newisys today formally expanded beyond its server roots with the launch of a dense NVMe all-flash storage system: the NSS-2560, which packs nearly 1.7 petabytes of raw capacity in 2U.

The latest Newisys NVMe flash storage was introduced during a demonstration at Flash Memory Summit 2018 in Santa Clara, Calif. At that trade show last year, Newisys won a best-of-show award for its introductory NDS-22482F NVMe over Fabrics Ethernet JBOF (just a bunch of flash) product.

The NSS-2560 server is designed with a drop-down side panel to load 56 NVMe U.2 SSDs. The enclosure contains two Newisys storage server modules, each equipped with dual Intel Broadwell CPUs. Intel Skylake-based server modules are on the Newisys NVMe flash storage roadmap.

The Newisys servers run in parallel and both can access all the NVMe SSDs in the system. Customers can swap out failed drives or servers nondisruptively.

Newisys does not package an operating system on the NSS-2560 hardware. The system supports Microsoft Windows, Red Hat Enterprise Linux and open source Linux variants CentOS, Fedora and Ubuntu.

Newisys is an independent engineering subsidiary of Sanmina Corp., an electronics manufacturing contractor. Sanmina acquired Newisys in 2003.  Newisys is best known for its OEM server partnerships with storage vendors.

The Newisys NVMe storage brand was launched several years ago, but the vendor is now looking to ramp up marketing and customer awareness. Other NVMe storage in the Newisys lineup includes the 2U NDS-2244 PCIe over Fabric JBOF, the 2U NSS-2247G quad server, and 1U NSS-1160G database-acceleration server.

“We have been selling in volume to the largest hyperscale data centers for years, but we’re not well-known [for storage]. We had a restructuring and management change and we’re now coming out of stealth mode,” said Dan Liddle, a Newisys vice president of marketing for servers and storage.

The price of an NSS-2560 array will vary depending on the type of NVMe SSD needed, Liddle estimated, with the price between $50,000 and $200,000 per unit according to the type of NVMe SSD configuration a customer chooses. Newisys plans to sell directly to enterprises and cloud service providers, and Liddle hinted that plans are under way to firm up its channel strategy.

Liddle said Newisys’ history of selling storage servers “gives us an advantage in going to NVMe because we’re not starting from scratch. We’ve got a base of understanding that makes [for] a cleaner transition to an NVMe platform.”

Newisys NSS-2560
Newisys NSS-2560 stores nearly 1.7 PB of raw NVMe capacity in 2U.

Newisys NVMe flash elbows into crowded market

Industry analysts say the emerging NVMe standard for flash and memory-based storage technologies drastically reduces latency by streamlining the transport of SCSI commands. NVMe enables storage to access a computer processor directly across a PCI Express link. Legacy SAS and SATA SSDs incur latency due to host bus connectors that send commands across a network in multiple hops.

Analyst firm IDC projects NVMe-based flash storage will account for more than half of all sales of external primary storage by 2021. Gartner pegs NVMe adoption at 30% by 2021, compared with 1% presently.

The NSS-2560 is designed with a Newisys SAS server chassis reconfigured for the NVMe protocol, said Rick Kumar, Newisys senior vice president of servers and storage marketing. Four 16-lane PCIe add-in cards and up to eight dual inline memory modules per CPU are standard. The 64 PCIe lanes are evenly divided: 32 lanes to the NVMe SSDs and 32 lanes to networks, with connectivity across four 100 Gigabit Ethernet ports.

Newisys claims the NSS-2560 is rated to provide 50 Gbps read performance, 12.5 million read IOPS and 64 Gbps of bandwidth between servers and SSDs.

“Our system is built to be balanced across the entire platform. We make sure there is sufficient connectivity between the drives and the network connections. People are [buying] high-end NVMe drives for performance and latency, and we want to make sure the unit can handle their workloads,” Liddle said.

Tom Coughlin, president of data storage consulting firm Coughlin Associates in Atascadero, Calif., said the Newisys NVMe flash capacity holds appeal for service providers and specialized data center applications, including online transaction processing.

“This is a pretty dense 2U package with almost 2 petabytes (PBs) of raw native capacity. This platform gives you a lot of availability. It’s a pretty impressive box,” Coughlin said.

A compelling selling point, Coughlin added, is relatively low performance penalty for internal-to-external network traffic. “It’s only about 14 Gbps [of consumed throughput] out of the 64 Gbps” to connect the drives to servers, he said.

‘Our NVMe flash array won’t compete with storage vendors’

Newisys plans to continue selling storage servers to OEMs, which raises the possibility its NVMe-based storage could wind up competing with some of its own customers. That’s a conundrum that larger server vendors have also faced.  

Before merging with Dell Technologies in 2015, EMC partnered with Cisco to bundle its storage and VMware virtualization on Cisco UCS servers and networking. The relationship worked well — at least until VMware broadened into network virtualization, posing a threat to Cisco’s server business and straining the EMC-Cisco partnership. Legacy EMC storage now uses Dell PowerEdge servers.

Kumar said the vendor expects to continue to partner with, not compete, with its OEMs.

“We’ve been very sensitive to that. We’ve talked to our partners and they’re comfortable with it, as long as we don’t disclose anything under NDA (nondisclosure agreements). We’re confident we won’t be perceived as a competitor,” Kumar said.

Ping adds AI-driven API protection with Elastic Beam acquisition

BOSTON — Ping Identity is moving beyond single sign-on and further into API security with its latest acquisition.

At the Identiverse 2018 conference on Tuesday, the Denver-based identity and access management (IAM) provider announced the acquisition of Elastic Beam, a Redwood City, Calif., cybersecurity startup that uses artificial intelligence to monitor and protect APIs. Terms of the deal were not disclosed.

Ping CEO Andre Durand discussed the importance of API protection in the past as part of the company’s “intelligent identity” strategy. The company, which specializes in IAM services such as single sign-on, had previously introduced PingAccess for API management and security.

Elastic Beam, which was founded in 2014, will become part of Ping’s new API protection offering, dubbed PingIntelligence for APIs. Elastic Beam’s API Behavioral Security (ABS) automatically discovers an organization’s APIs and monitors the activity using AI-driven behavioral analysis.

“The moment it detects abnormal activity on an API, it automatically blocks that API,” said Bernard Harguindeguy, founder of Elastic Beam.

Harguindeguy, who joined Ping as its new senior vice president of intelligence, said ABS’ use of AI is ideal for API monitoring and defense, because there are simply too many APIs and too much data around them for human security professionals to effectively track and analyze on their own.

“API security is a very hard problem. You cannot rely on roles and policies and attacker patterns,” he said. “We had to use AI in a very smart way.”

Durand said the explosion of APIs in both cloud services and mobile applications has expanded the attack surface for enterprises and demanded a new approach to managing and securing APIs. While Durand acknowledged the potential for AI systems to make mistakes, he said improving API protection can’t be done without the help of machine learning and AI technology.

“We’re in the early stages of applying AI to the enormity of traffic that we have access to today,” he said. “We want to limit the space and time that users have access to, but there’s no policy that can do that. I don’t think there’s a way to have that breakthrough without machine learning, big data and AI.”

PingIntelligence for APIs is currently in private preview, and it will be generally available in the third quarter this year.

North Korea’s Lazarus Group sets sights on cryptocurrency

The North Korean state-sponsored hacking outfit known as Lazarus Group has moved beyond ransomware attacks and shifted its focus to cryptocurrency.

Lazarus Group stands accused of perpetrating the widespread WannaCry ransomware attacks earlier this year. Several private companies and governments, including the U.S., have attributed the attacks to the North Korean hacker group. Now, researchers from cybersecurity vendors Proofpoint, Inc., and RiskIQ say Lazarus Group has initiated attacks on cryptocurrency exchanges and owners in at least two different countries.

“Earlier this year, the activities of the Lazarus group in South Korea were discussed and analyzed, as they managed to compromise accounts on various South Korean cryptocurrency exchanges,” wrote Yonathan Klijnsma, threat researcher at RiskIQ, in a blog post. “More recently, they were seen targeting a United Kingdom-based cryptocurrency exchange.”

Several cryptocurrency exchanges have been hit by cyberattacks in recent weeks including South Korean exchange Youbit, which declared bankruptcy after it lost 17% of its assets in a breach last week. While the Youbit attack hasn’t been attributed to the Lazarus Group or other North Korean nation-state hackers, others incidents, including a massive spearphishing campaign targeting a UK-based cryptocurrency business, have been connected to the group.

“The Lazarus Group has increasingly focused on financially motivated attacks and appears to be capitalizing on both the increasing interest and skyrocketing prices for cryptocurrencies,” wrote Darien Huss, senior security researcher at Proofpoint, in the company’s report.

While Proofpoint and RiskIQ don’t name the organizations victimized by the Lazarus Group, researchers from the two vendors outlined the group’s new techniques for stealing cryptocurrency from both exchanges and owners. Proofpoint, for example, described several “multistage attacks” that lure victims into downloading malware, including a backdoored version of PyInstaller, a free application that bundles Python programs into a single executable package, and PowerShell malware known as “PowerRatankba” used for reconnaissance. After the initial infections are completed, Huss said, the attackers hit victims with a second wave of malware that harvests credentials for both individual cryptocurrency wallets and exchange accounts.

RiskIQ, meanwhile, identified a large phishing campaign that claimed to be bitcoin wallet software and featured links that impersonated the domain of Bitcoin Gold. According to RiskIQ researchers, Lazarus Group hackers abused internalized domain name registration to trick victims into believing the malicious site was genuine. In addition, Proofpoint’s report highlights a new type of point-of-sale (POS) malware, dubbed “RatankbaPOS,” that targets the POS framework of KSNET, a major South Korean payment provider.

Huss warned the Lazarus Group has a financially-motivated arm that has branched out beyond typical nation-state activity and is targeting individuals the same way that organized cybercrime outfits have.

“This group now appears to be targeting individuals rather than just organizations: individuals are softer targets,” Hess wrote, “often lacking resources and knowledge to defend themselves and providing new avenues of monetization for a state-sponsored threat actor’s toolkit.”

VirtualWisdom brings visibility to the cloud

Expanding beyond storage, Virtual Instruments has integrated the analytics and performance management technology from its Xangati acquisition into its VirtualWisdom platform.

VirtualWisdom 5.4 includes tools that give administrators deeper visibility between the application and infrastructure for performance management. The product now includes a new NetFlow Probe tool that discovers and maps LAN traffic flow among the applications, hosts, virtual machines, NAS controllers and software-defined-storage (SDS) nodes.

VirtualWisdom now supports additional protocols such Fibre Channel over Ethernet (FCoE) within its SAN Switch Probe and SMB within its NAS Performance Probe, which previously only monitored the NFS protocol. Virtual Instruments also added monitoring of VMware vSAN, Dell EMC ScaleIO and Nutanix hyper-converged appliances  for application-centric performance management.

“For us, these are different sources to evaluate the health of the infrastructure,” said Len Rosenthal, chief marketing officer at Virtual Instruments. “We are collecting more sources of data to analyze the infrastructure so you can understand the infrastructure that the application is running on. Previously, we were 100% storage-based.”

The new capabilities come from virtualization infrastructure performance monitoring vendor Xangati, which Virtual Instruments acquired in November 2016.

Steve Brasen, research director of systems and storage management at Enterprise Management Associates, said the cloud has reduced visibility between applications and the infrastructure for administrators. That makes Virtual Instruments’ application performance management a valuable tool, he said.

“If you have a performance problem, all you see is that it has something to do with the cloud,” Brasen said. “VirtualWisdom can see through the virtualization, cloud and grid layers. It provides visibility from the application through the virtualization layer to the infrastructure.

“The product can map down to the storage, network and server levels,” he said. “And it can move applications to a location where it works better. It can dynamically place workloads. Virtual Instruments has the broadest visibility into the infrastructure.”

Virtual Instruments initially did performance monitoring of SANs with its SAN Performance Probe appliances for Fibre Channel (FC) storage but expanded to include network attached storage (NAS) with a NAS probe after merging with Load Dynamix.

VirtualWisdom has an analytics layer with tools that target performance optimization. A storage port balancer analytics tool performs workload and capacity optimization at the array level while the collaboration investigation runbooks helps debug problems that are hindering performance.

“In the past in was a manual process for customers to debug problems, such as which array do I use and what sequence of events do I implement to solve problems,” Rosenthal said. “What we have done is taken all our knowledge and we built a runbook or workflow that sets the sequence to solve a problem. Now it’s all automated.”

VirtualWisdom’s storage port analyzer helps fine-tune performance at the array level.

“This means you can look at the storage port utilization on the arrays,” Rosenthal said. “And look at the traffic patterns across those ports. We had this for the virtual servers for a number of years, but we did not have it on the arrays.”

Office 365 admin roles give users the power of permissions

When a business moves to the Office 365 platform, its collaborative capabilities can go beyond joint efforts on…

team projects — it also extends into the IT department by letting users handle some tasks traditionally reserved for administrators.

Office 365 admin roles let IT teams deputize trusted users to perform certain business functions or administrative jobs. While it can be helpful to delegate some administrative work to an end user to reduce help desk tickets, it’s important to limit the number of end users with advanced capabilities to reduce security risks.

Organizations that plan to move to Office 365 should explore the administrative options beforehand. Companies already on the platform should review administrative rights and procedures on a regular basis.

Two levels of administrative permissions

By default, new accounts created in the Office 365 admin center do not have administrative permissions. An Office 365 user account can have two levels of administrative permissions: customized administrator role and global administrator role.

In a customized administrator role, the user account has one or more individual administrator roles. Available Office 365 admin roles include billing administrator, compliance administrator, Dynamics 365 administrator, Exchange administrator, password administrator, Skype for Business administrator, Power BI service administrator, service administrator, SharePoint administrator and user management administrator.

Some Office 365 admin roles provide application-specific permissions, while others provide service-specific permissions. For example, end users granted an Exchange administrator role can manage Exchange Online, while users with the password administrator role can reset passwords, monitor service health and manage service requests.

Customized administrator configurations benefit both large and small organizations. In large organizations, it’s common for separate administrators to manage different services, such as Exchange, Skype for Business and SharePoint. Conversely, small organizations typically have fewer administrators who manage multiple — if not all — systems. In either scenario, if additional help is needed for certain tasks, you can assign appropriate administrative roles to the most qualified users, allowing them to make modifications to the tenancy.

The global administrator role provides complete control over Office 365 services. It’s the only administrator role that can assign users with Office 365 admin roles. The first account created in a new Office 365 tenancy automatically gets the global administrator role. An organization can give the global administrator role to multiple user accounts, but it’s best to restrict this role to as few accounts as possible.

Managing Yammer requires careful planning because it’s separate in the Yammer admin center. The highest level of administrative permissions in Yammer is the verified admin role. An organization can give all Office 365 global administrators this role, but regular users with a Yammer verified role shouldn’t have it.

Security and compliance permissions

An organization must also decide how to configure permissions in the Security & Compliance Center. These permissions use the same role-based access control (RBAC) permissions model that on-premises Exchange and Exchange Online use.

The Security & Compliance Center features eight role groups that allow a user to perform administrative tasks related to security and compliance. For example, members of the eDiscovery Manager role group receive case management and compliance search roles that allow the user to create, delete and edit eDiscovery cases. These users also can perform search queries across mailboxes.

Office 365 provides 29 different roles that an organization can add to role groups, and each role holds different security and compliance permissions. This comprehensive range of role groups and available roles means that an organization must determine the most appropriate security and compliance permissions model.

It’s important to understand differences in role groups and plan permissions accordingly. For example, both the Security & Compliance Center and Exchange Online have role groups named organization management, but they are separate entities and serve different permissions purposes.

Multifactor authentication matters

Enabling Azure multifactor authentication adds another layer of protection around Office 365 accounts with administrator access. Administrators provide proof of their identity via a second authentication factor, such as a phone call acknowledgement, text message verification code or phone app notification, each time they log into the Office 365 account.

If the business uses Azure multifactor authentication, it should educate administrators and service desk staff to ensure everyone knows operational and service desk procedures involved with the security service.

Keep tabs on administrator actions

As administrators make changes to the systems and grant or revoke permissions to users and other administrators, you’ll need a way to review these actions.

In the Office 365 Security & Compliance Center, an organization can enable audit logging and search the log for details of administrator activities from the last 90 days. This log tracks a wide range of administrator actions, such as user deletion, password resets, group membership changes and eDiscovery activities.

Powered by WPeMatico