The Future of Disaster Recovery Solutions is Here
For years Information Technology professionals have relied on conventional
backup technology to ensure that their data may be retrieved in the
event of server failure or database corruption. Advances in disaster
recovery technologies have also helped to get businesses back online
should disaster occur. But the increasing amount of data being exchanged
between servers at multiple locations and a dependence on this data
has driven the need for new technologies to ensure information is
being protected in real time. Continuous backup technologies have
emerged to address this need for uninterrupted backup of vital information
on SQL and Exchange platforms.
This article will address the following questions:
What are continuous backup technologies?
How are continuous backup technologies different from traditional
approaches such as tape, snapshot, disk array and mirroring technologies?
How do these new technologies work with an existing technology
infrastructure?
How do continuous data protection technologies boost availability
on multiple platforms including Microsoft Exchange, SQL and Oracle
products?
Why are continuous data protection technologies the future of
disaster recovery solutions?
Leonid Shtilman
ARTICLES
Monitoring Linux with Native Tools: Part One
Linux is gaining interest as a solution across many hardware platforms:
x86 based machines, Sun and Apple proprietary hardware and IBM zSeries
platforms. But once applications are ported to an open source operating
system, what options are available to monitor their performance and
availability? This article, the first in a two part series, covers
native Linux solutions for monitoring performance and collecting statistics
for capacity planning. We will look at tools ranging from real time
monitors through those that can build a database of historical system
performance. Robert Andresen
Keys to Practicing Proactive Network Management
Whether trying to improve a company’s profit margins, its staff
performance, or the functioning of its IT infrastructure, the familiar
maxim holds true – if you can’t measure it, you can’t
manage it. This article will address what is involved in managing
a network in a preventative, proactive manager rather than merely
performing troubleshooting. Effectively managing a network means obtaining
accurate, objective, and pertinent metrics before you make decisions,
especially decisions to spend money Charles Thompson
PHP v5 Gets Serious About Objects: Part 1
This article takes an in-depth look at the new features of PHP v5
and why they are important. Rather than reinventing the proverbial
wheel, PHP’s developers are seeing further by standing on the
shoulders of giants. In this case, one of those giants is Java, and
programmers used to Java will notice many familiar features in the
new PHP. Scott Courtney
COLUMNS
Wireless LAN Security – Why Encryption Isn’t
Enough
Due to the transient, self-deploying nature of wireless, hackers can
spoof the MAC address of laptops beaconing for an AP, causing the
laptop to connect to it. Access points are simple bridges that take
information from the wired side and pass it to the wireless side.
Without proper configuration, they can leak sensitive information,
such as network protocols and/or multicast and broadcast traffic in
the air. Any hacker who gets a hold of the information could use it
to “reroute” and insert himself into the network (referred
to as a spanning tree attack). Numerous types of denial of service
attacks exist, all of which can be directed against a specific station
to prevent that station from communicating with the network, against
a specific access point to prevent stations connecting with it, or
as a broadcast that shuts down all WLAN activity. In these situations,
it wouldn’t matter if data is encrypted if the problem exists
that the laptop or device cannot communicate at all. Denial of service
attacks are feared because they result in significant downtime and
loss of productivity. This article discusses how organizations should
take a layered security approach to securing the network. This means
taking such measures as locking down the devices (changing default
settings, hiding SSIDs), locking down communication between devices
(encryption and authentication) and monitoring the air space. Anil Khatod
Planned Downtime: How Your Disaster Recovery Solution
Can Reduce Costs and Shrink Outage Windows
Today many companies rely on clustering, volume management and replication
technologies as a line of defense against unplanned downtime –
server failures, site outages, and other natural events that threaten
customer service levels. These technologies can also be leveraged
to reduce the costs and outage windows associated with planned downtime
events – providing a significant return on investment (ROI)
bonus. Sherri Atwood
Yes, We’re Open for Business! Utilizing Identity
Management’s Open Services
Over the past few years we have been witness to amazing growth within
the computer security industry, particularly the security discipline
focused on people and their regulated access to resources, Identity
Management. To satisfy the requirements of this growth, the Identity
Management industry has developed a number of technologies and processes,
collectively referred to as Open Services architectures, and these
are an integral hub in the Identity Management environment. This integration
middle-tier is designed to provide a common and consistent interface
for interconnecting identity services and processes with various front
end applications, data stores, and application clients. Chris Williams
IP is Not for Everything and Everyone
With the proliferation of Internet access and content, usage of international
bandwidth is expected to grow quickly, generating a huge demand for
Internet Protocol (IP) based data services. Such rapid developments
have changed the preference of many primary users of wholesale data
services – carriers, tier two service providers, Internet service
providers and content service providers, to name a few – whose
purchasing decision is now heavily skewed toward buying IP transit
services. Overall, many organizations are feeling pressure to create
infrastructures based entirely on IP. But is this the right solution? Ian Graham
How to Un-Spam Yourself
Unsolicited commercial messages, or “spam” constitute
between 15% and 40% of all email today, and the figure continues to
grow rapidly. Spam results in enormous costs to enterprises in terms
of bandwidth usage, the risk of embedded viruses, user productivity
impact, and potential litigation due to inappropriate material being
stored on enterprise servers. There are several approaches to reduce
spam in an organization. Some of these are technology based, while
others are best practices. By combining these, spam can be reduced
significantly in the workplace. By Aurobindo Sundaram
ARTICLES
Cross-Platform Authentication and Identity Management
Using Microsoft Active Directory
The world of enterprise management is at a crossroads, with several
forces pulling at the support and management staff organizations of
all sizes. On one hand, the modern enterprise is a complex mix of
Windows, Unix (often several different flavors of Unix), Linux, Java,
and even Mac systems, each requiring unique and specialized management
attention. On the other hand, organizations are constantly charged
with streamlining operations, reducing costs, and gaining firmer control
of the total cost-of-ownership (TCO) of computing resources. Add to
the mix the glut of federal regulations-such as Sarbanes-Oxley, HIPPA,
and Gramm-Leach-Bliley-that require greater security, and a higher
level of corporate accountability for data. Suddenly the mission of
centralizing IT support and management in a more cost-effective infrastructure
seems impossible. By Matt Peterson
PHP v5 Gets Serious About Objects: Part Two
Part one of this article looked at some of the interesting new features
for object-oriented (OO) programming in PHP version 5. This new version
introduces OO features that put PHP’s object support in the
same league as Java and other OO languages, although PHP is still
(by choice and by design) not a “pure” OO language. This
article we looks at some of the more advanced OO features in the new
PHP – tools that not only help with basic object-oriented programming,
but which also help the designer to model the problem in more elegant
ways. If you are new to PHP and/or new to OO programming (OOP), you
may want to read Part 1 of this article before delving into the material
in this article. By Scott Courtney
Monitoring Linux with Native Tools: Part Two
Part one of this article discussed native Linux solutions for monitoring
performance and collecting statistics for capacity planning. We covered
the reasons to monitor Linux performance in order to meet the different
needs of system administrators and capacity planners. This article
covers /proc filesystems and sysstat project, and how they help monitor
Linux performance. By Robert Andresen
COLUMNS
Perspectives in Storage Incremental Advances in Backup By Ira Goodman
Wireless Serial Device Servers: Leveraging Investments
in Legacy Equipment While Upgrading Network Accessibility
Serial communication is at the heart of many I/O intensive applications
in a broad variety of industries. From the bar code scanners at POS
stations to card readers in ATMs, cash drawers at teller stations,
CNC machines on production lines, access control gates and warehouse
inventory systems, serial communication is the interface of choice
because it is a reliable, robust, and time-tested solution. However,
as newer PC technologies are introduced to accommodate more sophisticated
application software demands, and as wireless computing becomes more
practical, affordable, and convenient, IT managers increasingly need
to leverage their investment in existing serial equipment while increasing
accessibility. Wireless device servers solve this problem by embedding
a wireless bridge into a standard Ethernet serial device server, which
enables connecting RS-232 and RS-422/485 serial devices to communicate
over local area and wide-area networks without routing Ethernet cables.
This article discusses the technology behind wireless device servers,
and explores some common system implementations. It also provides
information about product features, access point location, antenna
selection, and other key issues to consider when deploying wireless
device servers on a network. Lisa Hephner and David Johnson
ARTICLES
.Net vs. J2EE
.NET vs. J2EE again! Yes, one more article on the virtues and vices
of these two competing specifications for Enterprise Application Development.
This article will compare the Microsoft .NET Framework .NET to the
Sun Microsystems Java 2 Platform Enterprise Edition (J2EE). The goal
of this article is to gain insight into both specifications. We will
not attempt to identify the winner between the two, rather we’ll
look at how to best use each product. John Papproth
Looking for Trouble (Tickets)
When it comes to IT service, it’s both who you know and what
you know that matters. The person on the phone doesn’t care
whether he reported his problem to someone else on another shift,
he expects you to know who he is and the exact status of his service
request without having to repeat what he told the last person he spoke
with. Keeping track of your trouble tickets can be difficult, and
this article will present some different options for keeping them
all organized. Drew Robb
Help Desk and Technical Support Certifications
This article covers the different certifications available for Help
Desk and Technical Support individuals, including certifications offered
by Apple, Microsoft, Brainbench, and the Help Desk Institute. Ed Tittell
Preventing SQL Injections
When SQL statements are dynamically created as software executes,
there is an opportunity for a security breach: if the hacker is able
to pass fixed inputs into the SQL statement, then these inputs can
become part of the SQL statement. If the hacker knows his SQL, he
can use this technique to gain access to privileged data, login to
password-protected areas without a proper login, remove database tables,
add new entries to the database, or even login to an application with
admin privileges.
The traditional attempt to avoid this problem is to validate all
user inputs. This is generally an effective way of dealing with malicious
user input. However, it's possible to prevent these attacks altogether
by building the statements in such a way that it is impossible for
hackers to hijack them even with the most well-designed and malicious
inputs. This can be accomplished by leveraging best practices. This
article introduces SQL injection attacks, demonstrates how these attacks
could occur, then explains how readers can leverage best practices
to prevent these attacks Adam Kolowa
Blended threats combine elements of worms, viruses, trojans (collectively
known as malware), spam and even social engineering into a variety
of more dangerous, malicious forms. They propagate via both wired
and wireless networks, spreading through email, web pages, P2P and
instant messaging. Successful blended attacks often exploit vulnerabilities
found in systems and networks, and can mutate rapidly to avoid detection.
Protecting against blended threats requires a comprehensive approach,
which must include user education, securing all possible local and
wide area network entry and exit points, and developing strong partnerships
with vendors and law enforcement. Without a unified threat management
solution, it is certain that a company will be a target of a blended
attack.
ARTICLES
Host-based
Intrusion Prevention Systems and their Place in Securing the Enterprise By Brian O’Higgins
Information security has never been a tougher challenge. At the same
time that organizations are providing deeper access to their networks
to employees, partners and customers enabling flexible work environments
and more efficient business relationships, organizations are faced
with an increasingly hostile threat environment as well as rising
complexity associated with corporate and regulatory compliance. This
article focuses on host-based intrusion systems, and their place in
securing the enterprise.
Web
Application and Web Service Security: Avoiding Internal Application
Vulnerabilities
By Adam Kolawa
When most people in the software industry refer to “security”
they mean security of the network, operating system, and server. Organizations
that want to protect their systems against security attacks invest
a lot of time, effort, and money ensuring that these three components
are secure. A multi-tier strategy can help identify, correct, and
prevent security vulnerabilities, and this article shows how this
can be done.
Applied
Biometrics & Encryption to Secure Computing Resources
By John B. Holder
This article demonstrates how to use COTS (Commercially available
Off The Shelf) software and hardware to secure mobile or fixed computer
systems to ensure confidentiality and protect valuable data.
Book
Review: Resilient Storage Networks—Designing Flexible Scalable
Data Infrastructures
By Jeff Gallagher
A review of the book Resilient Storage Networks – Designing
Flexible Scalable Data Infrastructures by Greg Schulz.
JavaScript
is Not Just for Web Pages
By Bob Pyette
There is nothing like a good scripting language when it comes to
a clean, easy to use, high level toolkit for both the programmer and
the non-programmer alike. Generally, scripting languages are easier
and faster to code in than the more structured and compiled languages
such as C++ and Java, yet they still lend themselves to a wide range
of applications.
JavaScript is Netscape’s scripting language often used in web-based
development. It was originally designed to add interactivity to HTML
pages you see via your web browser. Similar to IBM’s REXX and
other scripting languages, it provides support for variables, language
constructs, such as “if” statements, “for”
and “while” loops, and many other scripting elements.
In 1997, the ECMA international standards body standardized the core
portion of the language. The result was a language, technically called
ECMAScript, that looks and feels like JavaScript without browser-specific
parts.
ARTICLES
Using
a Network Analyzer in Fighting Virus and Hack Attacks By Charles Thompson
Network analyzers perform specific network management functions that
include monitoring traffic and bandwidth levels, identifying issues
and alerting administrators of problem scenarios. These features make
the analyzer an excellent tool for detecting network security breaches
and helping identify and quarantine virus-infected systems. This article
shows how network analyzers can be used to improve network security,
which analyzer features are ideal for this task, and why an analyzer
should be a key component of any IT professional’s security
incident response plan.
Industry
Standards and Other Next Steps to Security Networks in a Spyware World
By Tori Case and Sioux Fleming
Education within the enterprise and the development of policies to
guide how employees interact with the Internet is an ongoing challenge
for IT and for the anti-spyware industry. IT infrastructure and policies
must support the implementation of anti-spyware technology.
Cost
of Losing Information: A Framework for Information Management Planning
By Eric Jackson
What is the proper concern of the IT department of a modern enterprise?
Is it backing data up or making sure that data is available? The answer
to that is obvious. The primary information management concern in
the enterprise today is to ensure that the knowledge necessary to
drive critical business processes is available where it needs to be,
when it needs to be there.
How
to Prevent Data Loss with Automatic Backup and Recovery
By Sam Trachtenberg
It’s 2:30 am Monday morning and your Fortune 500 company’s
helpdesk gets a call from the frantic Senior VP of Marketing who set
his laptop down “for just a moment” after he landed on
the red-eye. Now tomorrow’s presentation for the tradeshow has
been wiped from the drive, and if your VP doesn’t get it back
by 11:00 am tomorrow, he’s going to have to use shadow puppets.
Let’s take a look at this again in slow motion replay: where
did the problem really start? We all know that we should back up our
computers, but no one really does it. And if we do back up, it’s
sporadic with no real science behind it … less than 8 percent
of end users comply with corporate backup policies. But, the problem
can be avoided if the company implements a policy or technology that
automatically backs up nightly every computer on or off the network.
The network is now really only a small part of a company’s computing
universe. More and more people are on the road or located in remote
offices and need the same level of support as if they were on site.
This article will explore how new technologies and delivery methods
can greatly improve a company’s productivity and uptime by ensuring
that all employees’ systems are supported whether on-site or
remote.
The Future of Disaster Recovery Solutions is Here