Tag Archives: channel

For Sale – KINGSTON FURY WHITE 32GB (2X16GB) DDR4 PC4-19200C15 2400MHZ DUAL CHANNEL KIT – Brand new

FURY WHITE 32GB (2X16GB) DDR4 PC4-19200C15 2400MHZ DUAL CHANNEL KIT

This kit was used for a day before I decided to go back to 16GB RAM so it’s barely had any use at all. These kits are £330 new so I am asking £295 including special delivery

—–

Asus VX24AH IPS 1440p monitor for sale

The monitor is in perfect condition, it is fully boxed

I can’t see any stuck pixels on the monitor and backlight bleed doesn’t seem to be an issue

I’m asking £120 for a quick sale, but may consider close offers if you’re a serious buyer

SOLD

Price and currency: £Various
Delivery: Delivery cost is included within my country
Payment method: Bank transfer
Location: Stoke on trent
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – KINGSTON FURY WHITE 32GB (2X16GB) DDR4 PC4-19200C15 2400MHZ DUAL CHANNEL KIT – Brand new

FURY WHITE 32GB (2X16GB) DDR4 PC4-19200C15 2400MHZ DUAL CHANNEL KIT

This kit was used for a day before I decided to go back to 16GB RAM so it’s barely had any use at all. These kits are £330 new so I am asking £295 including special delivery

—–

Asus VX24AH IPS 1440p monitor for sale

The monitor is in perfect condition, it is fully boxed

I can’t see any stuck pixels on the monitor and backlight bleed doesn’t seem to be an issue

I’m asking £120 for a quick sale, but may consider close offers if you’re a serious buyer

SOLD

Price and currency: £Various
Delivery: Delivery cost is included within my country
Payment method: Bank transfer
Location: Stoke on trent
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – KINGSTON FURY WHITE 32GB (2X16GB) DDR4 PC4-19200C15 2400MHZ DUAL CHANNEL KIT – Brand new

FURY WHITE 32GB (2X16GB) DDR4 PC4-19200C15 2400MHZ DUAL CHANNEL KIT

This kit was used for a day before I decided to go back to 16GB RAM so it’s barely had any use at all. These kits are £330 new so I am asking £295 including special delivery

—–

Asus VX24AH IPS 1440p monitor for sale

The monitor is in perfect condition, it is fully boxed

I can’t see any stuck pixels on the monitor and backlight bleed doesn’t seem to be an issue

I’m asking £120 for a quick sale, but may consider close offers if you’re a serious buyer

SOLD

Price and currency: £Various
Delivery: Delivery cost is included within my country
Payment method: Bank transfer
Location: Stoke on trent
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – FURY WHITE 32GB (2X16GB) DDR4 PC4-19200C15 2400MHZ DUAL CHANNEL KIT – Brand new

FURY WHITE 32GB (2X16GB) DDR4 PC4-19200C15 2400MHZ DUAL CHANNEL KIT

This kit was used for a day before I decided to go back to 16GB RAM so it’s barely had any use at all. These kits are £330 new so I am asking £295 including special delivery

—–

Asus VX24AH IPS 1440p monitor for sale

The monitor is in perfect condition, it is fully boxed

I can’t see any stuck pixels on the monitor and backlight bleed doesn’t seem to be an issue

I’m asking £120 for a quick sale, but may consider close offers if you’re a serious buyer

SOLD

Price and currency: £Various
Delivery: Delivery cost is included within my country
Payment method: Bank transfer
Location: Stoke on trent
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

OVHcloud expands US footprint with channel partner program

Europe’s largest cloud provider has stepped up its channel presence in the U.S. with a new partner program.

OVHcloud, which has its global headquarters in Roubaix, France, broke into the U.S. market only recently, following its acquisition of VMware’s vCloud Air business. With its U.S.-based partner program, launched this week, OVHcloud hopes to expand the reach of its IaaS portfolio, spanning VMware-based hosted private cloud, bare-metal server and public cloud options.

David WigglesworthDavid Wigglesworth

“I think we are the best-kept technical secret nobody has heard of,” said David Wigglesworth, chief revenue officer at OVHcloud, which has its U.S. corporate headquarters in Reston, Va.

The OVHcloud channel program features four partner tiers with incremental benefits and requirements. Partners will have access to training; marketing support, such as market development funds; and sales activity planning, the company said.

OVHcloud has already signed a handful of U.S.-based partners, including solution provider FusionStorm. Wigglesworth noted that OVHcloud’s offerings will also be sold by VMware sales reps.

HPE updates Partner Ready program

Hewlett Packard Enterprise (HPE) this week unveiled enhancements to the Partner Ready program, which now features increased rewards for resellers.

According to HPE, resellers can now earn increased rebates and other incentives for selling products in “high-growth markets,” specifically storage, composable infrastructure, hyper-converged technology, software and consumption services. The Partner Ready program enhancements will take effect on Nov. 1, HPE said.

“Because of the changes that we have made, resellers and other partner business types ought to look at this as an opportunity to redouble their focus and efforts around HPE because it will prove to be very rewarding,” said Terry Richardson, vice president of North American channels and alliances at HPE.

HPE’s products that align with the market opportunities it is targeting include HPE Nimble Storage and 3PAR for storage, SimpliVity and Synergy for composable and hyper-converged technology, and GreenLake and Datacenter Care for service-led offerings.

HPE said it will also enhance the Partner Ready program with the following features:

  • Further simplifications. For example, partners will now receive rewards from the first sale without gates, caps or targets, HPE said.
  • A push to increase HPE’s consumption-based offerings. HPE said it will roll out a new competency for the HPE GreenLake suite of pay-per-use on-premises offerings, in addition to a rebate for partners enabled in consumption-based models.
  • Expanded technical enablement, especially around HPE’s high-growth market opportunities.

RapidFire Tools expands MSP offerings

RapidFire Tools Inc., based in Atlanta, is expanding its managed services provider (MSP) offerings with InDoc, a tool that provides web-based access to clients’ network data.

InDoc, an Amazon cloud-based portal, is built into RapidFire Tools’ Network Detective Reporter product for scheduling automated network scans and reports. MSP technicians can use InDoc to obtain network data via desktop or mobile devices and can also store information on the portal, such as client-specific notes, remediation procedures, checklists and passwords. Information is stored in an encrypted data store. InDoc employs additional layers of encryption for confidential data and passwords. The tool includes a usage log that provides an audit trail of technicians who have accessed data and when they did so, according to RapidFire Tools.

Michael Mittel, CEO at RapidFire Tools, said more than 95% of the company’s business is to MSPs, noting service providers “are still a growing part of our business.”

He said RapidFire Tools now has more than 6,000 MSPs using its tools worldwide. He added the company is expanding its offerings to include products that MSPs can resell to their customers.

InDoc will be offered to existing Network Detective Reporter customers as a free upgrade. New subscribers to Network Detective Reporter will receive InDoc as a value-added feature at no extra charge. An unlimited amount of data can be stored via InDoc for each MSP location subscribing to Network Detective Reporter. The company said MSPs with multiple locations should purchase separate Network Detective Reporter subscriptions for each office.

Kaseya reports 30% growth, MSP signings

Kaseya cited MSP growth as it reported year-over-year growth in excess of 30% and projected annual bookings of more than $250 million.

The IT infrastructure management solutions provider said uptake of the latest version of its remote monitoring and management product, VSA, has exceeded the company’s expectations. In the first several months since its release, more than 300 organizations have adopted the technology, according to Kaseya. In addition, the company said about 400 MSPs have signed up for Unitrends MSP thus far in 2018. Kaseya acquired Unitrends, a business continuity and disaster recovery (DR) technology vendor, in May.

Other news

  • Sungard Availability Services, a DR and cloud service provider in Wayne, Pa., has expanded its Payment Card Industry Data Security Standard certification, offering compliant production and DR services on AWS and its managed private cloud.
  • AWS introduced a new program for channel partners in the public sector to grow their cloud businesses within a 110-day time frame. The AWS Public Sector Partner Transformation Program offers a cloud-readiness assessment, training and enablement resources.
  • HCL Technologies, a global technology company that provides infrastructure services, is partnering with ScienceLogic’s IT operations management technology. The partnership addresses the need for automated IT operations among HCL’s enterprise clients embarking on digital transformation projects, according to ScienceLogic. The arrangement also lets HCL’s DRYiCE division use ScienceLogic’s SL1 Automation Engine.
  • Cloud communications provider Avoxi unwrapped a global partner program. Through the program, partners can provide Avoxi’s virtual numbers in more than 120 countries for packaged minutes. Avoxi said it will soon roll out a new partner portal featuring partner sales and management tools and materials.
  • Calligo, a cloud infrastructure services provider based in St. Helier, Jersey, is offering Microsoft Azure Stack services from its Toronto branch. The company said the Toronto installation is its fifth Azure Stack deployment.
  • PSIGEN Software Inc., a document capture, business process automation and document management solutions developer, has inked a distribution pact with Access Control Devices Inc. (ACDI). PSIGEN Software, based in Madison, Ala., said ACDI will serve as its exclusive distributor in North America and Latin America. ACDI, a PaperCut Authorized Solution Center, targets the office equipment reseller channel.

Market Share is a news roundup published every Friday.

Lucidworks Fusion platform to scale via channel partnerships

Lucidworks, a vendor of search and discovery applications, has revealed a channel program designed to make partners central to its business growth.

The program, launched this week, offers channel staples such as deal registration, a partner portal, and training and certification. The program also features engagement models to support various channel partner types, including technology vendors, systems integrators, value-added resellers, managed services providers (MSPs) and SaaS providers, Lucidworks said.

“The design philosophy around this was to formalize the way that partners engage with us,” said Simon Taylor, vice president of worldwide channels and alliances at Lucidworks, based in San Francisco. The vendor, which developed the Lucidworks Fusion platform, currently has about 60 to 80 core partners, he noted.

The company launched the program on the heels of a $50 million funding round and an alliance struck with storage vendor Commvault in June. Looking to expand, Lucidworks identified the channel as the means for transforming “our scale and growth as a company,” Taylor said.

“What we decided to do … is to really change the way the organization operates and make it as much as possible 100% channel-centric,” he added.

The tracks for different channel partner types within the Lucidworks program are intended to develop the vendor’s relationships “so that we could focus on partners that were meaningful to our business,” he said.

What we decided to do … is to really change the way the organization operates and make it as much as possible 100% channel-centric.
Simon Taylorvice president of worldwide channels and alliances, Lucidworks

The reseller program is structured with three partner tiers — Authorized, Gold and Platinum — with incremental requirements and benefits. Benefits include market development funds, qualified sales leads and technical assistance.

Other partner tracks within the program include the following:

  • an OEM and SaaS partner program, providing tools for embedding Lucidworks Fusion technology into solutions or using the Fusion software development kit and App Studio platforms to build apps and connectors.
  • a Certified Partner Consultant program for partners qualified to design and deploy offerings using the Lucidworks Fusion platform and applications, according to the vendor.

Taylor noted the company has invested significantly — and will continue to invest — in hiring channel management staff.

“It is a core part of our overall business plan: to embrace partners and grow this way,” he said.

Informatica ramps up partner training

Informatica, an enterprise cloud data management vendor, plans to train thousands of partner employees over the next year, as it seeks digital transformation resources.

Richard Ganley, senior vice president of digital transformation solutions and global partners at Informatica, based in Redwood City, Calif., said the company aims to cultivate partners that can help its customers navigate digital transformation projects.

“As good as we think our technology is … we really need partners to help us,” he added, noting the complexity of transformative IT initiatives.

Informatica’s training push includes a series of Elevate enablement events, which will conclude next week in Denver. The Denver event, scheduled for Aug. 20 to 23, follows training events held earlier this year in Copenhagen, Denmark, and Bangkok. The events include presales, sales and implementation tracks.

Over the course of the three events, Informatica will have trained some 750 people, Ganley estimated.

In another training effort, Informatica plans to send a training team to visit the campuses of eight of the largest systems integrators in India. Ganley said the company aims to train several thousand people over the course of the next year. Not all of the integrator personnel will be trained to the deepest level, but some will, he added.

Informatica’s goal is to provide a “much bigger pool of trained resources in the market,” he said.

“We are trying to train our partners on our technology on an industrial scale,” Ganley said.

Accenture focuses on digital twin tech

Accenture’s Industry X.0 practice, which focuses on the smart connected products market, is concentrating on digital twin technology.

Craig McNeil, managing director at Accenture and North American lead for Industry X.0, said digital twin is “one of the bigger areas of focus in our current fiscal year and definitely will be in the next fiscal year.” Accenture’s fiscal year begins Sept. 1.

A digital twin is a virtual representation of a product that can be used in design and simulation.

In other news, Accenture has entered an alliance with Malong Technologies, an AI startup based in Shenzhen, China. Accenture also made a minority investment in the company. Malong and Accenture’s Applied Intelligence practice will provide “computer vision and product recognition capabilities” to customers.

Other news

  • Cloudreach, a cloud services provider based in London, has inked a letter of intent to purchase Relus Cloud, an Amazon Web Services partner in Peachtree Corners, Ga. Relus Cloud, founded in 2013, is a Premier Consulting Partner in the AWS Partner Network, focusing on the North American market.
  • Qualys, a cloud-based security and compliance vendor, revealed it will release a version of its cloud platform for consultants, consulting firms and MSPs. Qualys Consulting Edition provides vulnerability assessments capabilities, as well as features such as customizable reporting and trending reports and dashboards, Qualys said. The vendor said Qualys Consulting Edition will be available by the end of this month.
  • Beachhead Solutions reported 72% year-over-year revenue growth for the first half of 2018 on the strength of managed service provider partnerships. The company said about 250 MSPs now work with the company, which provides cloud-managed PC and mobile device encryption, security and data access control offerings.
  • OPAQ, a network security cloud vendor, is teaming with Palo Alto Networks’ MSSP Partner Program in an alliance that lets MSPs and managed security services providers deliver Palo Alto’s security-as-a-service offering to midsize companies.
  • Cask LLC has joined Unified Compliance’s partner network as a value-added reseller.
  • ERGOS, an MSP based in Houston, has tapped Liongard’s Roar platform, which automates system discovery and documentation.

Market Share is a news roundup published every Friday.

Digital marketing partnerships key to vendors’ channel strategies

For some vendors, the key to a thriving channel ecosystem means engaging and supporting a variety of partner types, including digital marketing partnerships.

Digital marketing organizations were among the earliest firms to recognize the IT budgets for marketing shifting from the purview of customers’ IT departments to marketing executives. Vendors took note of the agencies’ influence and unique reach within customer organizations. While on the surface, digital marketing agencies didn’t appear to be direct competition for traditional channel partners, some industry watchers asserted the agencies did in fact pose a potential threat. For example, agencies working on digital initiatives with a client’s marketing department could hypothetically annex the client’s infrastructure decisions, cutting channel partners out from those deals.

Vendors, however, view their digital marketing partnerships as an important subgroup of their overall partner ecosystems that, if anything, is complementary to a traditional channel base.

Progress cites potential partner synergies

Progress Software, an application development and deployment software vendor, said it sees an opportunity for digital marketing agencies to partner up with traditional channel firms.

Progress began to pursue digital marketing partnerships following its acquisition of app development vendor Telerik in 2014, said Matthew Gharegozlou, vice president of sales at Progress. The Telerik buyout brought with it Sitefinity, a content management system, as well as digital marketing agencies that had been working with the product.

Matthew Gharegozlou, vice president of sales, Progress SoftwareMatthew Gharegozlou

“The acquisition of Telerik and Sitefinity gave us the ability to go after these relationships,” Gharegozlou said.

He noted that about 65% of Progress’ content management business is now derived from channel partners. About 80% of those partners are digital marketing agencies.

Progress’ traditional partners typically share a few traits: They work in the app development space, deal with customers’ IT departments and lack skill sets related to digital experience and digital marketing. “So far, we haven’t had any conflict” between traditional and agency partners, he said, because “the bulk of the experience needed on the digital side, our traditional partners don’t have it.”

Traditional Progress partners also usually have expertise in vertical industries, he said, adding that most are based in markets such as financial services, government, healthcare and education. “Our traditional partners are extremely knowledgeable” and have strong relationships in their vertical spaces, he said.

Because of traditional partners’ strengths, Gharegozlou said Progress looks to pair them up with digital marketing agencies for certain leads. Combining the expertise in back-end work and vertical markets with agencies’ expertise in web development and related technologies can produce compelling offerings. 

But while optimistic about these synergies, he recognized that a “full-service” digital marketing agency, which can do both the front-end and back-end work for a customer, diminishes the value that traditional partners may offer. In this sense, full-service agencies may be preferable to customers “because they can do the entire project,” he said.

Salesforce supports acquisition trend

For Salesforce, digital marketing partnerships play a critical role in advancing its marketing platform.

Stephane Viallet, vice president of global alliances, agencies, at SalesforceStephane Viallet

Salesforce has signed numerous digital marketing agencies over the last six years, spurred by several acquisitions to build out its business-to-commercial and marketing portfolio, said Stephane Viallet, vice president of global alliances, agencies, at Salesforce. Salesforce’s acquisitions have included digital marketing software company ExactTarget in 2013, as well as e-commerce provider Demandware and data management platform Krux in 2016. Viallet also cited Salesforce’s alliance with Google as a driver behind the company’s growing digital marketing agency partnerships.

“Partners, including digital marketing agencies, are the lifeblood of Salesforce, extending our platform in new and exciting ways and fueling our growth,” Viallet said in an email. He said Salesforce and its partners are pursuing opportunities created by “our ability to merge media, adtech and martech to execute on a whole new way for brands to connect with customers.”

Digital marketing organizations use Salesforce’s products such as Salesforce Commerce Cloud, Marketing Cloud and Service Cloud to offer “transformative digital experience that enable clients to meet consumer expectations,” he noted.

I think often agencies can help us get into areas of the business or with clients that we may not thoroughly be in today.
Adrianna Bustamantedirector of digital sales and alliances, Rackspace

In addition to having digital marketing and advertising skills, Viallet said Salesforce seeks partners that understand “the importance of merging data, technology and creativity” to deliver customer experience strategies.

Viallet also pointed to a trend among digital marketing organizations acquiring Salesforce practices, such as Publicis.Sapient’s 2016 buyout of Vertiba, a Gold-level Salesforce Consulting partner.

Other notable acquisitions have included the following:

  • Wunderman bought a majority stake in Salesforce consultancy Pierry Inc. in September 2017.
  • Dentsu Aegis purchased Swiss digital marketing company Blue-Infinity in January 2017.
  • MRM//McCann acquired e-commerce service provider Optaros in December 2014.

“Digital marketing agencies haven’t just built Salesforce practices around the globe organically — they’ve been acquiring them as well,” he said. “Salesforce supports these collaborations as we work to provide our partners with an edge that enables them to exceed customers’ expectations.”

Rackspace: Little overlap between the channels

Managed cloud provider Rackspace, meanwhile, looks at digital marketing partnerships differently: Traditional channel firms and digital marketing agencies can do business with the same customers without necessarily encroaching on each other’s turf.

Rackspace’s alliances with digital marketing agencies stem from its digital services practice. Launched in 2014, Rackspace Digital provides application and infrastructure hosting for web content management systems, e-commerce products, and mobile and critical application services. Adrianna Bustamante, Rackspace’s director of digital sales and alliances, noted that the company has formally developed strategic digital marketing partnerships since about 2010.

Adrianna Bustamante, director of digital sales and alliances, RackspaceAdrianna Bustamante

“I think often agencies can help us get into areas of the business or with clients that we may not thoroughly be in today,” Bustamante said.That’s partly because digital marketing organizations tend to target a customer’s marketing department — versus the IT department.

“Nowadays … your traditional agencies have to be more digitally focused. … But still their main focus is very much around the consulting, the service and the creative — potentially integration and development,” Bustamante said.

She noted that the line between digital marketing organizations and systems integrators are blurring. Digital marketing organizations now look a lot more like systems integrators, while systems integrators “look a lot more like agencies,” she said.

Rackspace works with its agency partners in reseller and referral models. The company offers enablement resources for creating “sticky engagements for their customers and successful projects,” she said, while Rackspace focuses on the back end to ensure their projects meet scale, security and compliance requirements.

“We are heavily focused on trying to … accelerate now in certain verticals and certain segments, now in midmarket and enterprise. We can form a strong partnership when the agency realizes and understands that we are that trusted partner for them,” she said.

Rackspace generally doesn’t see any tension between its traditional and digital marketing partnerships, according to Bustamante.

“There might be several partners that we might have within … a certain customer that we are working with, but they might be working on five different projects, 20 different workloads, across three different business units,” she said.

Hyper-V HyperClear Mitigation for L1 Terminal Fault

Introduction

A new speculative execution side channel vulnerability was announced recently that affects a range of Intel Core and Intel Xeon processors. This vulnerability, referred to as L1 Terminal Fault (L1TF) and assigned CVE 2018-3646 for hypervisors, can be used for a range of attacks across isolation boundaries, including intra-OS attacks from user-mode to kernel-mode as well as inter-VM attacks. Due to the nature of this vulnerability, creating a robust, inter-VM mitigation that doesn’t significantly degrade performance is particularly challenging.

For Hyper-V, we have developed a comprehensive mitigation to this attack that we call HyperClear. This mitigation is in-use by Microsoft Azure and is available in Windows Server 2016 and later. The HyperClear mitigation continues to allow for safe use of SMT (hyper-threading) with VMs and, based on our observations of deploying this mitigation in Microsoft Azure, HyperClear has shown to have relatively negligible performance impact.

We have already shared the details of HyperClear with industry partners. Since we have received questions as to how we are able to mitigate the L1TF vulnerability without compromising performance, we wanted to broadly share a technical overview of the HyperClear mitigation and how it mitigates L1TF speculative execution side channel attacks across VMs.

Overview of L1TF Impact to VM Isolation

As documented here, the fundamental premise of the L1TF vulnerability is that it allows a virtual machine running on a processor core to observe any data in the L1 data cache on that core.

Normally, the Hyper-V hypervisor isolates what data a virtual machine can access by leveraging the memory address translation capabilities provided by the processor. In the case of Intel processors, the Extended Page Tables (EPT) feature of Intel VT-x is used to restrict the system physical memory addresses that a virtual machine can access.

Under normal execution, the hypervisor leverages the EPT feature to restrict what physical memory can be accessed by a VM’s virtual processor while it is running. This also restricts what data the virtual processor can access in the cache, as the physical processor enforces that a virtual processor can only access data in the cache corresponding to system physical addresses made accessible via the virtual processor’s EPT configuration.

By successfully exploiting the L1TF vulnerability, the EPT configuration for a virtual processor can be bypassed during the speculative execution associated with this vulnerability. This means that a virtual processor in a VM can speculatively access anything in the L1 data cache, regardless of the memory protections configured by the processor’s EPT configuration.

Intel’s Hyper-Threading (HT) technology is a form of Simultaneous MultiThreading (SMT). With SMT, a core has multiple SMT threads (also known as logical processors), and these logical processors (LPs) can execute simultaneously on a core. SMT further complicates this vulnerability, as the L1 data cache is shared between sibling SMT threads of the same core. Thus, a virtual processor for a VM running on a SMT thread can speculatively access anything brought into the L1 data cache by its sibling SMT threads. This can make it inherently unsafe to run multiple isolation contexts on the same core. For example, if one logical processor of a SMT core is running a virtual processor from VM A and another logical processor of the core is running a virtual processor from VM B, sensitive data from VM B could be seen by VM A (and vice-versa).

Similarly, if one logical processor of a SMT core is running a virtual processor for a VM and the other logical processor of the SMT core is running in the hypervisor context, the guest VM could speculatively access sensitive data brought into the cache by the hypervisor.

Basic Inter-VM Mitigation

To mitigate the L1TF vulnerability in the context of inter-VM isolation, the most straightforward mitigation involves two key components:

  1. Flush L1 Data Cache On Guest VM Entry – Every time the hypervisor switches a processor thread (logical processor) to execute in the context of a guest virtual processor, the hypervisor can first flush the L1 data cache. This ensures that no sensitive data from the hypervisor or previously running guest virtual processors remains in the cache. To enable the hypervisor to flush the L1 data cache, Intel has released updated microcode that provides an architectural facility for flushing the L1 data cache.
  2. Disable SMT – Even with flushing the L1 data cache on guest VM entry, there is still the risk that a sibling SMT thread can bring sensitive data into the cache from a different security context. To mitigate this, SMT can be disabled, which ensures that only one thread ever executes on a processor core.

The L1TF mitigation for Hyper-V prior to Windows Server 2016 employs a mitigation based on these components. However, this basic mitigation has the major downside that SMT must be disabled, which can significantly reduce the overall performance of a system. Furthermore, this mitigation can result in a very high rate of L1 data cache flushes since the hypervisor may switch a thread between the guest and hypervisor contexts many thousands of times a second. These frequent cache flushes can also degrade the performance of the system.

HyperClear Inter-VM Mitigation

To address the downsides of the basic L1TF Inter-VM mitigation, we developed the HyperClear mitigation. The HyperClear mitigation relies on three key components to ensure strong Inter-VM isolation:

  1. Core Scheduler
  2. Virtual-Processor Address Space Isolation
  3. Sensitive Data Scrubbing

Core Scheduler

The traditional Hyper-V scheduler operates at the level of individual SMT threads (logical processors). When making scheduling decisions, the Hyper-V scheduler would schedule a virtual processor onto a SMT thread, without regards to what the sibling SMT threads of the same core were doing. Thus, a single physical core could be running virtual processors from different VMs simultaneously.

Starting in Windows Server 2016, Hyper-V introduced a new scheduler implementation for SMT systems known as the “Core Scheduler“. When the Core Scheduler is enabled, Hyper-V schedules virtual cores onto physical cores. Thus, when a virtual core for a VM is scheduled, it gets exclusive use of a physical core, and a VM will never share a physical core with another VM.

With the Core Scheduler, a VM can safely take advantage of SMT (Hyper-Threading). When a VM is using SMT, the hypervisor scheduling allows the VM to use all the SMT threads of a core at the same time.

Thus, the Core Scheduler provides the essential protection that a VM’s data won’t be directly disclosed across sibling SMT threads. It protects against cross-thread data exposure of a VM since two different VMs never run simultaneously on different threads of the same core.

However, the Core Scheduler alone is not sufficient to protect against all forms of sensitive data leakage across SMT threads. There is still the risk that hypervisor data could be leaked across sibling SMT threads.

Virtual-Processor Address Space Isolation

SMT Threads on a core can independently enter and exit the hypervisor context based on their activity. For example, events like interrupts can cause a SMT thread to switch out of running the guest virtual processor context and begin executing the hypervisor context. This can happen independently for each SMT thread, so one SMT thread may be executing in the hypervisor context while its sibling SMT thread is still running a VM’s guest virtual processor context. An attacker running code in the less trusted guest VM virtual processor context on one SMT thread can then use the L1TF side channel vulnerability to potentially observe sensitive data from the hypervisor context running on the sibling SMT thread.

One potential mitigation to this problem is to coordinate hypervisor entry and exit across SMT threads of the same core. While this is effective in mitigating the information disclosure risk, this can significantly degrade performance.

Instead of coordinating hypervisor entry and exits across SMT threads, Hyper-V employs strong data isolation in the hypervisor to protect against a malicious guest VM leveraging the L1TF vulnerability to observe sensitive hypervisor data. The Hyper-V hypervisor achieves this isolation by maintaining separate virtual address spaces in the hypervisor for each guest SMT thread (virtual processor). When the hypervisor context is entered on a specific SMT thread, the only data that is addressable by the hypervisor is data associated with the guest virtual processor associated with that SMT thread. This is enforced through the hypervisor’s page table selectively mapping only the memory associated with the guest virtual processor. No data for any other guest virtual processor is addressable, and thus, the only data that can be brought into the L1 data cache by the hypervisor is data associated with that current guest virtual processor.

Thus, regardless of whether a given virtual processor is running in the guest VM virtual processor context or in the hypervisor context, the only data that can be brought into the cache is data associated with the active guest virtual processor. No additional privileged hypervisor secrets or data from other guest virtual processors can be brought into the L1 data cache.

This strong address space isolation provides two distinct benefits:

  1. The hypervisor does not need to coordinate entry and exits into the hypervisor across sibling SMT threads. So, SMT threads can enter and exit the hypervisor context independently without any additional performance overhead.
  2. The hypervisor does not need to flush the L1 data cache when entering the guest VP context from the hypervisor context. Since the only data that can be brought into the cache while executing in the hypervisor context is data associated with the guest virtual processor, there is no risk of privileged/private state in the cache that needs to be protected from the guest. Thus, with this strong address space isolation, the hypervisor only needs to flush the L1 data cache when switching between virtual cores on a physical core. This is much less frequent than the switches between the hypervisor and guest VP contexts.

Sensitive Data Scrubbing

There are cases where virtual processor address space isolation is insufficient to ensure isolation of sensitive data. Specifically, in the case of nested virtualization, a single virtual processor may itself run multiple guest virtual processors. Consider the case of a L1 guest VM running a nested hypervisor (L1 hypervisor). In this case, a virtual processor in this L1 guest may be used to run nested virtual processors for L2 VMs being managed by the L1 nested hypervisor.

In this case, the nested L1 guest hypervisor will be context switching between each of these nested L2 guests (VM A and VM B) and the nested L1 guest hypervisor. Thus, a virtual processor for the L1 VM being maintained by the L0 hypervisor can run multiple different security domains – a nested L1 hypervisor context and one or more L2 guest virtual machine contexts. Since the L0 hypervisor maintains a single address space for the L1 VM’s virtual processor, this address space could contain data for the nested L1 guest hypervisor and L2 guests VMs.

To ensure a strong isolation boundary between these different security domains, the L0 hypervisor relies on a technique we refer to as state scrubbing when nested virtualization is in-use. With state scrubbing, the L0 hypervisor will avoid caching any sensitive guest state in its data structures. If the L0 hypervisor must read guest data, like register contents, into its private memory to complete an operation, the L0 hypervisor will overwrite this memory with 0’s prior to exiting the L0 hypervisor context. This ensures that any sensitive L1 guest hypervisor or L2 guest virtual processor state is not resident in the cache when switching between security domains in the L1 guest VM.

For example, if the L1 guest hypervisor accesses an I/O port that is emulated by the L0 hypervisor, the L0 hypervisor context will become active. To properly emulate the I/O port access, the L0 hypervisor will have to read the current guest register contents for the L1 guest hypervisor context, and these register contents will be copied to internal L0 hypervisor memory. When the L0 hypervisor has completed emulation of the I/O port access, the L0 hypervisor will overwrite any L0 hypervisor memory that contains register contents for the L1 guest hypervisor context. After clearing out its internal memory, the L0 hypervisor will resume the L1 guest hypervisor context. This ensures that no sensitive data stays in the L0 hypervisor’s internal memory across invocations of the L0 hypervisor context. Thus, in the above example, there will not be any sensitive L1 guest hypervisor state in the L0 hypervisor’s private memory. This mitigates the risk that sensitive L1 guest hypervisor state will be brought into the data cache the next time the L0 hypervisor context becomes active.

As described above, this state scrubbing model does involve some extra processing when nested virtualization is in-use. To minimize this processing, the L0 hypervisor is very careful in tracking when it needs to scrub its memory, so it can do this with minimal overhead. The overhead of this extra processing is negligible in the nested virtualization scenarios we have measured.

Finally, the L0 hypervisor state scrubbing ensures that the L0 hypervisor can efficiently and safely provide nested virtualization to L1 guest virtual machines. However, to fully mitigate inter-VM attacks between L2 guest virtual machines, the nested L1 guest hypervisor must implement a mitigation for the L1TF vulnerability. This means the L1 guest hypervisor needs to appropriately manage the L1 data cache to ensure isolation of sensitive data across the L2 guest virtual machine security boundaries. The Hyper-V L0 hypervisor exposes the appropriate capabilities to L1 guest hypervisors to allow L1 guest hypervisors to perform L1 data cache flushes.

Conclusion

By using a combination of core scheduling, address space isolation, and data clearing, Hyper-V HyperClear is able to mitigate the L1TF speculative execution side channel attack across VMs with negligible performance impact and with full support of SMT.

Shadow IT channel outpaces traditional partners

The traditional channel is fading, while a new shadow IT channel consisting of cloud consultants, tech-oriented professional services firms and startups is on the rise.

That’s the analysis of Jay McBain, principal analyst for global channels at Forrester Research. McBain, speaking at CompTIA’s ChannelCon 2018 conference, said this emerging shadow channel is adding thousands of new companies to the partner ecosystem, while conventional resellers of hardware, software and services are slowly dwindling in number.

“The traditional channel isn’t dead; it isn’t dying, but it is declining,” he said.

McBain said the population of traditional channel players has dropped 36% since the 2008 recession. He also noted that 40% of channel partner owners plan to retire by 2024, noting that the average age of an owner or principal is 58.

In contrast, shadow IT channel companies are rapidly growing in number. McBain cited several categories of such companies. He termed one group everything-as-a-service (XaaS) ecosystem consultants. Those companies help enterprises install, implement and secure software-as-a-service and infrastructure-as-a-service platforms.

According to McBain, XaaS ecosystem consultants are line-of-business experts who understand cloud-driven best practices and typically partner with a handful of vendors, such as Salesforce or Amazon Web Services.

McBain pointed to the surge in growth in the AWS ecosystem. AWS said it added 10,000 new AWS Partner Network companies in 2017. He said AWS could have a total of 100,000 companies in its partner ecosystem in the next 18 months.

“People are flooding into these ecosystems,” he said.

Industry-based professional services firms are another aspect of the shadow IT channel. Accounting firms, digital agencies, architectural companies and law offices are moving into IT services to support their clients in industries undergoing digital disruption.

“They’re technology companies,” McBain said, who noted that there are about as many certified public accountant (CPA) firms as there are value-added resellers.

The traditional channel isn’t dead; it isn’t dying, but it is declining.
Jay McBainprincipal analyst for global channels, Forrester Research

While the depth of the CPA-as-IT-provider shift may be a recent development, the largest accounting firms were rolling out IT strategy consulting and systems integration services 30 years ago.

Other participants in the shadow IT channel include ISVs, an area also seeing explosive growth. Bain estimated 100,000 ISVs exist today worldwide, compared with 10,000 software houses a decade ago. He predicted the number of ISVs will grow to 1 million by 2027, a rise driven by customers’ demand for increasing levels of specialization.

Large IT vendors such as Cisco help fuel the ISV trend. As Cisco pursues a software-led strategy, the company is encouraging its traditional channel partners to develop software and is cultivating expanded ties with ISVs.

In addition, McBain identified born-in-the-cloud firms that focus on back-end project-based services as another example of shadow channel companies. He also said he sees the potential of companies stemming from the startup community as channel disrupters.

The traditional partner response to the shadow IT channel trend could include partnering or merging with the new channel players, McBain suggested, noting that channel partners may be better at such things as business continuity than a digital marketing firm. Such skill set combinations are already coalescing in the emergence of digital consulting firms, which combine elements of traditional systems integration and digital marketing.

Microsoft Azure platform sparks partner offerings

With Microsoft Azure platform revenue doubling, channel partners are rolling out services and products to spark further adoption and consumption of the public cloud environment.

A number of Azure-oriented partner offerings were unveiled at Microsoft Inspire 2018, the company’s annual partner conference, which concludes today, July 19, in Las Vegas. The launches run the gamut from hybrid cloud bundles to workspace products, but all aim to take advantage of Azure’s market momentum and its status as a pivotal Microsoft platform.

Jason Zander, executive vice president of the Microsoft Azure team in the company’s cloud and AI group, said Azure experienced 100% year-over-year consumed revenue growth. That growth, he said, translates into partner momentum, noting that every dollar of Azure cloud consumption drives $5 of partner services business.

In addition, the Microsoft Azure platform lies at the heart of the company’s vision of a ubiquitous computing fabric that extends from the edge to the cloud.

“The core of the intelligent cloud and the intelligent edge is Microsoft Azure,” Zander said.

Partners build on the Microsoft Azure platform

Partners showcasing offerings for the Microsoft Azure platform at Inspire included Dell EMC, which expanded its Azure Stack hardware bundle debuted in 2017. Azure Stack extends the Azure public cloud to private settings, such as service provider or end customer data centers.

Dell EMC’s new Azure Stack additions include an all-flash VxRack Azure Stack configuration option, an automated hyper-converged infrastructure (HCI) patch and updated orchestration tool, and SecureVM integration available via Azure Marketplace. In addition, Dell EMC now lets customers and partners acquire Azure Stack through its Cloud Flex pay-as-you-go consumption model, which the company offers to encourage adoption of its HCI product line. Dell EMC treats its Azure Stack hardware bundles as an HCI offering.

The upshot for Dell EMC’s channel partners is the ability to rapidly roll out Azure Stack to customers, said Paul Galjan, senior director of product management and engineering for Azure Stack at Dell EMC.

Chart showing top IaaS providers worldwide
Microsoft Azure has solidified its position among the top IaaS options.

“From a channel partner perspective this is something their customers are interested in,” Galjan said. “Any customer that has a Microsoft cloud strategy will be talking to them about Azure Stack.”

Azure-based offerings on the rise

One of the clear takeaways from Inspire is the rise in Azure-based solutions.
Max PrugerChief revenue officer, CloudJumper

Meanwhile, CloudJumper, a workspace-as-a-service platform provider, launched Cloud Workspace for Azure at Microsoft Inspire 2018. The platform links together CloudJumper’s Cloud Workspace Management Suite with Microsoft’s Remote Desktop modern infrastructure (RDmi). The integration provides increased visibility into users’ Azure, Office 365 and Cloud Workspace experiences, according to the company.

Max Pruger, chief revenue officer at CloudJumper, cited the uptick in offerings around the Microsoft Azure platform as a key development at the partner conference.

“One of the clear takeaways from Inspire is the rise in Azure-based solutions, as organizations further integrate their cloud-forward IT initiatives,” he said. “Microsoft is capitalizing on this, and the conference is relaying their vision to build out the modern workspace with the integration of [Office] 365, Azure Active Directory Sync and RDmi — all built on top of the Azure stack.”

Other partners showcasing Microsoft Azure platform offerings include Atmosera, a managed Azure solutions provider based in Beaverton, Ore. The company featured its Three-Tier Azure Management Suite at Microsoft Inspire 2018. The suite delivers managed, comanaged and self-managed Azure solutions.

“There’s a tremendous opportunity — and an equal amount of pressure to do so — for Microsoft partners to innovate, embrace new capabilities and leverage Azure for business outcomes,” said Jon Thomsen, CEO at Atmosera.