Posted on November 4, 2013 by Gento | Comment (0)
Recently, our own James Cerwinski (2nd from right in this pic) completed a long flight to attend DCD Melbourne to support our team from Australia. James is one of Raritan Americas’ DCIM thought leaders.
As an international company, Raritan is wired into the differing needs of data centers around the world. The DCD Melbourne website gave clues to the perceived needs in the data center community of Australia. Here’s a snippet from the home page of the Melbourne show:
“As a city with a heritage in telecommunications, finance, technology and services, the data center revolution presents the opportunity to showcase Melbourne’s capabilities beyond its borders. Census analysis indicates that Victoria accounts for around one-third of Australasia’s asset base and that both new build and refit/refresh will continue to represent key requirements for this market.” (emphasis is ours)
Frank Huang, Product Marketing Manager of Raritan Asia Pacific (pic below) takes a more granular view and comes to a similar conclusion.
“In the Asia Pacific Rim, a lot of vendors are focused on DCIM space. Most are pushing a total solution rather than building their data centers from the ground up. Roughly 70% of the companies they’re targeting are small and medium businesses rather than huge data centers. So their budgets will not allow a total DCIM solution. The solution for most of these companies is a refit/refresh so they can more carefully move to DCIM.
“Raritan has a different approach. While we start with the overall vision of DCIM, we work in a consultative way with the customer’s total picture in mind. Often we start with power management.”
Posted on September 12, 2013 by Gento | Comment (0)
One of our roles in every data center installation is to bridge communication gaps between functional groups so goals can be met to everyone’s satisfaction.
That’s a consultative role, one that takes boots on the ground at first, and an ongoing relationship thereafter. At Raritan, we prefer to be on-site at deployments, working side-by-side with customers.Sometimes, the work we do isn’t particularly technical but rather logistical. Knowing, for example, that a customer is going to have 200 racks installed, we make sure that PDUs show up prior to installation so critical dates aren’t missed.
Often, PDU installation is only a small part of the process that gets us about 30% of the way there. Assuming the customer has the power strips, sensors and software running on Day 1, we can then help immediately start extracting value from their investment by Day 2. Now that they have all this great new power consumption and environmental data, what are they going to do differently? By the third day, we can start the iterative process of making those changes and measuring gains.
You’d be surprised to learn how many data centers are still plagued by server underutilization with one or very few applications running on a single server. It’s exacerbated by the fact that this particular server might be the least efficient machine to actually perform these tasks.
People still have a hard time unplugging stuff. Our system gives them the data to take an intelligent step forward. The conversation between Data Center Manager and User might go something like this: “You’re telling me you use this server?” And the user says “Yes, we use it.” With this new data, the manager can show the user that in the last 90 days the server hasn’t fluctuated at all from a power perspective and the network traffic has been essentially zero. The manager can now tell the user, “What you’re telling me doesn’t match the data we’re seeing. Let’s migrate this to a virtual appliance. We’ll decommission the other one, and if you have a service impact, we can discuss reprovisioning it.”
Hard data gives you a firm basis upon which to realize power and cooling efficiencies. It’s very important to Raritan to make sure our customers achieve the value that they are expecting from our product. The faster we can turn data into actionable information. The better the outcome will be.
Posted on September 6, 2013 by Gento | Comment (0)
A University of Michigan team has published their research on IPMI and BMC security issues. Entitled “Illuminating the Security Issues Surrounding Lights-Out Server Management,” this article follows up on the IPMI/BMC security issues highlighted by Dan Farmer and HD Moore as summarized in my previous blog on this subject. The Department of Homeland Security’s US-CERT team has posted an alert on the IPMI security risks.
The researchers provide an introduction to the issues, note the previous research, define IPMI/BMC security risks and analyze a particular implementation and describe their successful attack on this implementation. They found “blatant textbook vulnerabilities” and concluded that the implementations “suggest either incompetence or indifference towards customer security.” They then determine the number of publicly (Internet) accessible IPMI devices, which they determine to be more than 105,000. They provide some defenses and lessons and indicate areas for future work. The Washington Post has published an article on the paper and interviewed one of the authors, who criticizes the embedded device community for their security practices.
Customers who make use of BMC and IPMI based remote management cards and systems need to be aware of these issues and take the proper steps to safeguard their implementations. Given the severity of these issues, they should consider alternative remote management solutions such as KVM-over-IP switches, which can avoid most of these risks.
Posted on August 27, 2013 by Gento | Comment (0)
Thursday, September 12th, 2013
Hilton Bellevue, 300 – 112th Avenue SE, Bellevue, WA 98004
Check back here soon for our booth number.
Friday, July 12th
Be sure to stop by our booth to pick up our famous LED pens and durable Solo coffee cups.
For more information, please email Dorothy Ochs or call at 1.732.764.8886 ext.1220
Posted on August 12, 2013 by Gento | Comment (0)
The US Computer Emergency Readiness Team (US-CERT) issued an alert (TA13-207A) on IPMI usage on July 26th, with recommendations for IT departments. This is based on the work of Dan Farmer and HD Moore that I summarized in my previous blog on this topic.
The US-CERT alert summarizes many of the risks and issues, and provides recommended solutions for administrators. Solutions include: restrict IPMI to internal networks, utilize strong passwords, require authentication, sanitize flash memory at and of life, and identify affected products. A list of BMC’s are provided, although this is not a complete list of these devices and the servers utilizing them.
While these solutions are a step in the right direction, they are not sufficient to address all of the security issues listed by Farmer and Moore. For example, using IPMI on internal networks allows it to be attacked by viruses or worms that may exist on these networks. And if strong passwords are not enforced by systems, then some passwords may not be strong. Furthermore, authentication should be sufficiently strong, and for government and military organizations, FIPS 140-2 encryption is required along with two-factor authentication (e.g. CAC).
These solutions do not address many of the structural issues with BMC’s and IPMI including direct access to the server’s motherboard, storage of clear text passwords, virtually unlimited server control, and access to the BMC from a compromised server.
IT administrators and security officers should directly consult Farmer’s and Moore’s work to understand the specific dangers to their environment and take the appropriate actions. Administrators should follow the security best practices as defined by the server manufacturer and ensure that their servers have the latest BMC firmware, such that the latest security patches are applied. Its a good idea to make sure your security scanner audits these devices for vulnerabilities.