Storage Switzerland Blog

Proof That The Cloud is Ready For Prime Time

Sat, 28 Feb 2009 19:18:39 -0600

One of the concerns of Cloud Storage is access. What if I can’t get to my data? What if I can’t get to Salesforce.com?

Well as you can see from this picture I am sitting at the Minute Maid Park in Houston Texas, enjoying the 2009 Houston College Baseball Classic (huge baseball fan by the way) and I have free high speed WiFi access! Even if I didn’t I had brought my broadband card and could have accessed the Cloud that way. Nine Games, Three days and access to the Cloud. Can it get any better?

8GB vs. FCoE

Thu, 26 Feb 2009 11:48:28 -0600

2009 Will be about 8GB FC

In a recent article I wrote for SearchStorage, I laid out a case for 8GB fibre channel. Companies like Brocade, Xyratex (the first with an 8GB storage platform), Q-Logic and Emulex are all shipping products based on 8GB. Missing from the article is mention about FCoE and judging from the emails I have received there are a lot of questions about how this new protocol will fit into the mix. While I am preparing an extensive article specifically on unifying the infrastructure under FCoE I’ll give you some details here.

First FCoE is a new infrastructure which allows standard fibre protocol to run over ethernet. It will require new cards to go in servers, called CNA’s, it will require new cabling, standard copper ethernet is not going to cut it AND it will require new access, either in the form of adding blades to an existing chassis as Brocade has implemented or a new access layer switch from Cisco.

The challenge is that solutions are already available from storage vendors that are 8GB FC based; storage systems, Fibre HBA’s and Fibre Switches. While FCoE sounds like utopia, it is not here yet, it is not fully ratified and the cost for an incremental rollout is not as sound and as cost effective as 8GB FC.

If you were building a new data center from scratch or even planning on refreshing a significant number of servers in your enterprise, a FCoE strategy might be worth considering but given the realities of the current economic environment it is a strategy that you should keep an eye on but sit this one out for now. 8GB FC on the other hand is here now and ready for prime time.

What are these Encryption Standards

Fri, 13 Feb 2009 06:41:19 -0600

Every time there is an article on encryption there are AES, FIPS, DES or Triple DES descriptions for the encryption techniques…where did these come from and more importantly does it matter which one to use?

Surprisingly prior to 1972 computer security was not recognized as a problem and was relegated to the military and intelligence organizations. The Enigma Machine used by Germany from 1920 to the end of WWII is an example of the military use of an electro-mechanical device to encode and decode messages. The Enigma was basically a simple substitution encryption that added complexity by adding rotors that changed the substitution key. Adding rotors added complexity and thus difficulty in decoding the message. A substitution algorithm is a simple replacement system; A is substituted for M; B is substituted for N and so on. The basic algorithm is very easy to break, Enigma complicated matters by having multiple substitutions (via rotors) in a single message.

Also used are single use keys which really complicate matters. An example of a single use key is using a book, say Moby Dick that is handed out to everyone. When a message is coded one page or a group of pages are used for the substitution code, all someone needs is the page number for the decoding. There was nothing special about the page number because the page number could be buried in a newspaper want ad for example. The problem was that everyone had to have the exact same copy of Moby Dick; any other publisher and the page numbers would not make the key work.

In 1972 the NBS Institute for Computer Sciences and Technology (ICST)
began a project to develop an algorithm to be used to protect data during transmission. In 1974 the NBS issued a solicitation for an encryption solution; IBM responded and in 1977 the Data Encryption Standard (DES) was adopted as the Federal Information Processing Standard (FIPS) 46.

The DES uses a key of 64 bits, 56 which are randomly generated and used by the algorithm. The additional 8 bits are used for error detection. DES was updated with Triple DES that used three 64 bit keys for a total of 192 bits. The Triple DES uses the exact same algorithm as DES but is repeated three times. The penalty for Triple DES was speed of encryption but a much stronger encryption.

DES and Triple DES fell out of favor in the mid 90s with increased power of computers. DES or Triple DES encryption could be broken in as little as 56 hours. DES was intended for hardware and is relatively slow when implemented in software. Both DES and Triple DES are used today but only as a gesture towards security to prevent casual intrusions.

In 1997 the National Institute of Standards and Technology (NIST) began a solicitation to replace DES. 15 competing designs were evaluated and in 2001 the Rijndael entry was selected as the Advanced Encryption Standard (AES) also known as FIPS 197.

The AES comes in various flavors of key sizes of 128, 192 and 256 bits. The concept of the Rijndael model is based on a 4x4 matrix (symmetrical block) in a substitution-permutation network. The algorithm was designed to handle larger block sizes and key lengths but these have not been implemented for commercial use at this time.

AES is a block cipher that uses a matrix with an initial substitution, mixes the key into the elements of the matrix and then permutes the entries in the rows and transforms the columns 10 (128 bit key), 12 (192 bit key) or 14 (256 bit key) times. The longer the key the better the encryption.

The only known successful attack of AES came from is so called ‘side channel attacks’. A side channel attack works by looking at the computer during an decryption and finding theoretical weaknesses including timing, power, electromagnetic leaks and even sound. A considerable technical knowledge of the computer where the AES is running is required and is not a trivial task. In the intelligence community, Tempest Rooms are used to prevent any leakage of electromagnetic information, both incoming and outgoing.

The relationship between AES and FIPS is one of certification. To sell anything using encryption to the Federal Government the product must have a FIPS certification. FIPS-197 is the document that covers the AES algorithm. Certification is approached under the NIST Cryptographic Module Validation Program (CMVP) while FIPS-140-2 is the Security Requirements for Crytographic Modules.

Summary
The AES and FIPS-140-2 are exactly the same. AES is for commercial use and FIPS-140-2 is for Federal use. Do not buy anything that is DES or Triple DES protected. Even for commercial use find out if the manufacturer has the FIPS-140-2 certification. The final note is to use the largest key available as AES is easy to implement, fast and doesn’t use a large amount of memory or processing with the larger keys.

Integrity

Thu, 5 Feb 2009 12:38:26 -0600

Capitalistic integrity: A thought about Inauguration Day

If you don’t mind, I’m occasionally going to take a break from storage and write about another topic: capitalism. I can’t think of a better way to start than to quote our new president:

"Our challenges may be new. The instruments with which we meet them may be new. But those values upon which our success depends -- honesty and hard work, courage and fair play, tolerance and curiosity, loyalty and patriotism -- these things are old. These things are true. They have been the quiet force of progress throughout our history."

If you have ever spoken to me off-topic, meaning about something other than storage, you know that I am a big believer in capitalism and free markets. (I’ll explain why in a future post.) If you have had a conversation about capitalism with me, you may recall that I said something similar to what the president said this week, but I was focused on capitalism. Capitalism needs to return to the principles that the president listed..

Throughout this post when I say CEO, I mean any person that has influence over an organization of people. It can be a CEO, a business owner, a VP of a department, a manager, a teacher and especially a mother or a father. I have had many of these roles, and try to apply the contents of this post to running Storage Switzerland.

If CEOs would be more humble and understand that they are merely stewards and that their responsibility is to their employees first, their communities second, stockholders third and themselves last, this would be a much different business climate and a much better world.

What would the ramifications be of a CEO publicly making a statement that they are going to take care of the company’s employees first, their communities second and their stockholders third? I would guess that the company’s stock would plummet for a bit. However, if the CEO put action behind these words and really started taking care of their employees and those employees began to love where they work and took pride in the difference their employer made in the community, I can assure you that within a few quarters they would be producing record profits.

Yes, I think the change would be that fast. Never underestimate the power and productivity of a motivated, proud employee who thinks they are part of something. Something that is making a difference.

Taking care of your employees also means not laying them off. You may ask them to make a little less or work a little harder, this includes the CEO (lead from the front). You CEOs, instead of laying people off, cut your pay and you work harder before you ask anyone else to sacrifice. What good does laying anyone off really do anyway? If Company A lays people off and then Company B lays people off and Company C lays people off, and so on, all you have is a bunch of people who are unemployed. Company A’s layoff triggered subsequent layoffs at other companies that made their future customers unemployed. It’s a vicious cycle. I’m not saying you should keep employees who are not delivering an honest day’s work, but make sure to keep the ones who are.

Capitalism and business need an improvement in public image -- a big one. We need to return to the core values of “hard work, courage and fair play, tolerance and curiosity, loyalty and patriotism.”

The only change I would make to President Obama’s statement is that God and country (patriotism) should come before the other. And I would add creativity to the list, Americans invent, and we need to encourage that.

These core values need to be embraced. I can think of no other way to demonstrate that than by taking care of your employees and your community. And there’s no better time to do that than now.

Before you say that it’s impossible, stop yourself, we have to try. I’ve argued that trying to be green is futile, and green proponents argue back that we have to try anyway. Both are worthy causes and can't be legislated; change has to occur in people’s hearts and minds, but for that change to start someone has to tell them and show them.

So CEOs, business owners, VPs ... change your titles. You are not owners or founders or presidents, you are Stewards; go forth and act like one.

George Crump
Chief Steward, Storage Switzerland

Label and Cable Naming Conventions

Wed, 21 Jan 2009 16:32:31 -0600

In the past few posts we have discussed cable management and label management. In this post we are going to discuss the burning need for naming conventions. One of the things that I learned early on in my end user career as a storage administrator was the fact that labeling and cabling were important, but even more important than that was a standard naming convention for all the devices that live in the data center. This is a standard that is approved and enforced by IT management; otherwise device names can get out of hand very fast.