Thursday, January 5, 2012

Travel giant TUI Group leverages virtualization management tools to drastically improve IT performance troubleshooting

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: VMware.

Better managing virtualized IT workloads and private clouds is a top concern for IT leaders going into 2012. They may want to follow the lead of global travel and tourism giant TUI Group. The IT organization there, TUI InfoTec, has found ways to manage highly virtualized IT operations better, especially in mixed environments like hybrid clouds.

The critical need to better identify performance issues and outages prompted TUI InfoTec to find ways to cut time to troubleshooting, resulting in a 50 percent reduction in the time needed to identify the causes of such problems.

To learn more about better systems management in heterogeneous cloud environments and in virtualized environments, BriefingsDirect interviewed Christian Rudolph, Infrastructure Architect at TUI InfoTec in Hanover, Germany. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: VMware is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:
Rudolph: We're a very silo-based environment. We have dedicated network storage and a server team responsible for resolving issues in our infrastructure.

What we've seen in the past were a lot of problems in getting these people together. Everybody had different management tools from the different vendors and nobody had an over-all view about the infrastructure.

We're also starting to take a look at how, from a cost perspective, we can do the best for our customers.

We’re 60 percent in the Windows environment, and 20 percent in the UNIX environment, which is virtualized, and we're currently planning to go further -- to 80 percent virtualization in the total landscape. That's our current state, and we’ve driven more and more to a virtualized infrastructure for all the mission-critical systems.

Normally when we have performance issues, our responsibilities are not very clear -- this is a server problem, a network problem, an OS system problem, or this is only the end-user who has a problem. He feels that the application isn't fast enough. In the past, we had a large problem getting information all together.

This is where we evaluated VMware vCenter Operations to get an over-all overview about our infrastructure and to get a deep dive into our infrastructure to take a look at how can we solve problems faster and how this could help us in the normal process.

Now we have vCenter Operations on a single pane of glass that can roll down to the storage network and also the infrastructure CPU memory resources to have a clear overview of what could be the first root cause of an issue or performance for the end user. We've tried to figure out how can we bring it better together, and for us vCenter Operations, it’s a single pane of glass.

We currently use the vCenter Operations 1.0 Standard version, but we're in the beta program currently for 5.0. It's a new version, which comes out [in 2012] with vCenter Operations 5.0. These version give us the ability to do capacity planning and also performance analysis in one view so that we can adapt the things we have discovered in normal business hours for the system and also to do capacity planning for the future.

Gardner: Tell me a little bit about TUI, and TUI InfoTec.

Rudolph: TUI InfoTec is an external IT provider for the TUI AG Group. The TUI AG Group is a European leading company in travel and tourism. They're very large in Germany, in the UK, and also in other European countries. They’re not presently doing a lot of business in the US.

We started as an internal IT organization from TUI Germany, and moved in 2006 to an external service provider for the TUI AG and other companies. We're a joint venture company with Sonata Software Ltd., which holds about 50 percent of the company. We're responsible for all the business-critical IT for TUI AG group like the booking systems, the access planning system, and all the other systems related to the business of the TUI AG group.

If it comes to an outage of the IT systems we lose a lot of money. So we have to take care that everything is working and running in the infrastructure.

Gardner: How is your landscape for cloud?

Rudolph: We’re currently thinking about planning our private cloud for our development team. We're also starting to take a look at how, from a cost perspective, we can do the best for our customers. Maybe we can include peak trading for some of the systems. We have a great opening for producing catalogs for the customer, so that they're able to connect our internal cloud over to external clouds and have the hybrid clouds then in place.

Gardner: Okay. How has that beta with vCenter Operations 5.0 worked out? Are some of these features something that you think will be of value to you?

A good overview

Rudolph: We have two or three good cases there. This has really helped us in the normal business. We've been running with the beta for two months and what we've detected is that we have a good overview, because we have some multi-vCenter environments. We have, in total, three productive vCenters and we need to discover all of them. We had a problem, because we can't use Linked Mode for the vCenters. We had no central view for all the systems to get a performance overview of the system.

And there is a second step. We didn't have the capacity in the same view. So we weren't able to do capacity planning, until we manually got all the information from the different vCenters to have a consolidated planning view. For us, this is one of the most important things that we can do for planning in one place for all our vCenters and also know how many capacity hours are left for new machines. So we increased our time to deliver a virtual machine (VM).

Gardner: What has this better IT visibility in operations and remediation brought to you in technical and in business terms?

Rudolph: The process is very easy, because we've seen that we reduced the time until we can deliver our root cause for our known problem by nearly 50 percent. We reduced the time for doing that, and this is also the best case for our customers -- that we can deliver faster solution for a system problem.

The second thing we've seen is that we can see earlier information about how the system is feeling. Through vCenter Operations and through the health status in the vC Ops we can see how our end-users feel. We can detect some problems before they occur, and that’s the best use case we can ever have.

When we detect problems faster and can resolve them faster, they have faster usage of the product.

Gardner: How about looking toward the future? We talked a little bit about your use of improved operations, but will this become important when you move to more cloud, software-as-a-service (SaaS), and/or mobile types of activities. How important is this proactive ability in management as you innovate?

Rudolph: It's very important for us. We currently have the vCenter orchestration platform implemented, and we're starting to deliver to the end-user a service portal. Where they can request more-and-more VMs. When we didn’t have the products to monitor this system and we come to great trouble. How can we else go further, maybe to a hybrid cloud environment, if we can’t manage our private cloud like now with the vCenter Orchestrator and also with the vC Ops.

Gardner: Taking a step back and reviewing how things have gone, do you have any recommendations or advice for other companies that might be pursuing higher levels of virtualization and perhaps looking for similar reduction in meantime to solution for problems?

Two recommendations

Rudolph: I see two recommendations. Not many people know how powerful vCenter Orchestration is. This is one powerful tool as an automatic way for deployment, for maintaining, and also to do some other basic tasks in your virtual infrastructure. This is one important step for us to go to a higher virtualization ratio, because it can be delivered faster to our end-users.

The second thing is really to take a look at vCenter Operations and definitely to the new version that’s coming up. This really helps us to understand how my infrastructure is working. When I don’t know that, I may have problem with one of my disks and I/O and this reflects back to one VM especially. You have to know that, otherwise you don’t have recognition from the end-user that virtualization is really working and that you can bring mission-critical systems to the virtual infrastructure.
Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: VMware.

You may also be interested in:

Wednesday, January 4, 2012

Overlapping criminal and state threats pose growing cyber security threat to global Internet commerce, says Open Group speaker

Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: The Open Group.

This special BriefingsDirect thought leadership interview comes in conjunction with The Open Group Conference this January in San Francisco.

The conference will focus on how IT and enterprise architecture support enterprise transformation. Speakers in conference events will also explore the latest in service oriented architecture (SOA), cloud computing, and security.

We’re here now with one of the main speakers, Joseph Menn, Cyber Security Correspondent for the Financial Times and author of Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet.

Joe has covered security since 1999 for both the Financial Times and then before that, for the Los Angeles Times. Fatal System Error is his third book, he also wrote All the Rave: The Rise and Fall of Shawn Fanning's Napster.

As a lead-in to his Open Group presentation, entitled "What You're Up Against: Mobsters, Nation-States, and Blurry Lines," Joe explores the current cyber-crime landscape, the underground cyber-gang movement, and the motive behind governments collaborating with organized crime in cyber space. The interview is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:
Gardner: Have we entered a new period where just balancing risks and costs isn't a sufficient bulwark against burgeoning cyber crime?

Menn: Maybe you can make your enterprise a little trickier to get into than the other guy’s enterprise, but crime pays very, very well, and in the big picture, their ecosystem is better than ours. They do capitalism better than we do. They specialize to a great extent. They reinvest in R&D.

On our end, on the good guys’ side, it's hard if you're a chief information security officer (CISO) or a chief security officer (CSO) to convince the top brass to pay more. You don’t really know what's working and what isn't. You don’t know if you've really been had by something that we call advanced persistent threat (APT). Even the top security minds in the country can't be sure whether they’ve been had or not. So it's hard to know what to spend on.

More efficient

he other side doesn’t have that problem. They’re getting more efficient in the same way that they used to lead technical innovation. They're leading economic innovation. The freemium model is best evidenced by crimeware kits like ZeuS, where you can get versions that are pretty effective and will help you steal a bunch of money for free. Then if you like that, you have the add-on to pay extra for -- the latest and greatest that are sure to get through the antivirus systems.

Gardner: When you say "they," who you are really talking about?

Menn: They, the bad guys? It's largely Eastern European organized crime. In some countries, they can be caught. In other countries they can't be caught, and there really isn't any point in trying.

It's a geopolitical issue, which is something that is not widely understood, because in general, officials don’t talk about it. Working on my book, and in reporting for the newspapers, I've met really good cyber investigators for the Secret Service and the FBI, but I’ve yet to meet one that thinks he's going to get promoted for calling a press conference and announcing that they can’t catch anyone.

So the State Department, meanwhile, keeps hoping that the other side is going to turn a new leaf, but they’ve been hoping that for 10 or more years, and it hasn’t happened. So it's incumbent upon the rest of us to call a spade a spade here.

What's really going on is that Russian intelligence and, depending on who is in office at a given time, Ukrainian authorities, are knowingly protecting some of the worst and most effective cyber criminals on the planet.

Gardner: And what would be their motivation?
The same resources, human and technical, that are used to rob us blind are also being used in what is fairly called cyber war.

Menn: As a starting point, the level of garden-variety corruption over there is absolutely mind-blowing. More than 50 percent of Russian citizens responding to the survey say that they had paid a bribe to somebody in the past 12 months. But it's gone well beyond that.

The same resources, human and technical, that are used to rob us blind are also being used in what is fairly called cyber war. The same criminal networks that are after our bank accounts were, for example, used in denial-of-service (DOS) attacks on Georgia and Estonian websites belonging to government, major media, and Estonia banks.

It's the same guy, and it's a "look-the-other-way" thing. You can do whatever crime you want, and when we call upon you to serve Mother Russia, you will do so. And that has accelerated. Just in the past couple of weeks, with the disputed elections in Russia, you've seen mass DOS attacks against opposition websites, mainstream media websites, and live journals. It's a pretty handy tool to have at your disposal. I provide all the evidence that would be needed to convince the reasonable people in my book.

Gardner: In your book you use the terms "bringing down the Internet." Is this all really a threat to the integrity of the Internet?

Menn: Well integrity is the key word there. No, I don’t think anybody is about to stop us all from the privilege of watching skateboarding dogs on YouTube. What I mean by that is the higher trust in the Internet in the way it's come to be used, not the way it was designed, but the way it is used now for online banking, ecommerce, and for increasingly storing corporate -- and heaven help us, government secrets -- in the cloud. That is in very, very great trouble.

Not a prayer

I don’t think that now you can even trust transactions not to be monitored and pilfered. The latest, greatest versions of ZeuS gets past multi-factor authentication and are not detected by any antivirus that’s out there. So consumers don’t have a prayer, in the words of Art Coviello, CEO of RSA, and corporations aren’t doing much better.

So the way the Internet is being used now is in very, very grave trouble and not reliable. That’s what I mean by it. If they turned all the botnets in the world on a given target, that target is gone. For multiple root servers and DNS, they could do some serious damage. I don’t know if they could stop the whole thing, but you're right, they don’t want to kill the golden goose. I don’t see a motivation for that.

Gardner: If we look at organized crime in historical context, we found that there is a lot of innovation over the decades. Is that playing out on the Internet as well?

Menn: Sure. The mob does well in any place where there is a market for something, and there isn’t an effective regulatory framework that sustains it -- prohibition back in the day, prostitution, gambling, and that sort of thing.
The mob does well in any place where there is a market for something, and there isn’t an effective regulatory framework that sustains it.

... The Russian and Ukrainian gangs went to extortion as an early model, and ironically, some of the first websites that they extorted with the threat were the offshore gambling firms. They were cash rich, they had pretty weak infrastructure, and they were wary about going to the FBI. They started by attacking those sites in 2003-04 and then they moved on to more garden-variety companies. Some of them paid off and some said, "This is going to look little awkward in our SEC filings" and they didn’t pay off.

Once the cyber gang got big enough, sooner or later, they also wanted the protection of traditional organized crime, because those people had better connections inside the intelligence agencies and the police force and could get them protection. That's the way it worked. It was sort of an organic alliance, rather than "Let’s develop this promising area."

... That is what happens. Initially it was garden-variety payoffs and protection. Then, around 2007, with the attack on Estonia, these guys started proving their worth to the Kremlin, and others saw that with the attacks that ran through their system.

This has continued to evolve very rapidly. Now the DOS attacks are routinely used as the tool for political repression all around the world --Vietnam, Iran and everywhere you’ll see critics that are silenced from DOS attacks. In most cases, it's not the spy agencies or whoever themselves, but it's their contract agents. They just go to their friends in the similar gangs and say, "Hey do this." What's interesting is that they are both in this gray area now, both Russia and China, which we haven't talked about as much.

In China, hacking really started out as an expression of patriotism. Some of the biggest attacks, Code Red being one of them, were against targets in countries that were perceived to have slighted China or had run into some sort of territorial flap with China, and, lo and behold, they got hacked.

In the past several years, with this sort of patriotic hacking, the anti-defense establishment hacking in the West that we are reading a lot about finally, those same guys have gone off and decided to enrich themselves as well. There were actually disputes in some of the major Chinese hacking groups. Some people said it was unethical to just go after money, and some of these early groups split over that.

In Russia, it went the other way. It started out with just a bunch of greedy criminals, and then they said, "Hey -- we can do even better and be protected. You have better protection if you do some hacking for the motherland." In China, it's the other way. They started out hacking for the motherland, and then added, "Hey -- we can get rich while serving our country."
It is much, much worse than anybody realizes. The US counterintelligence a few weeks ago finally put out a report saying that Russia and China are deliberately stealing our intellectual property.

So they're both sort of in the same place, and unfortunately it makes it pretty close to impossible for law enforcement in [the U.S.] to do anything about it, because it gets into political protection. What you really need is White House-level dealing with this stuff. If President Obama is going to talk to his opposite numbers about Chinese currency, Russian support of something we don’t like, or oil policy, this has got to be right up there too -- or nothing is going to happen at all.

Gardner: What about the pure capitalism side, stealing intellectual property (IP) and taking over products in markets with the aid of these nefarious means? How big a deal is this now for enterprises and commercial organizations?

Menn: It is much, much worse than anybody realizes. The U.S. counterintelligence a few weeks ago finally put out a report saying that Russia and China are deliberately stealing our IP, the IP of our companies. That's an open secret. It's been happening for years. You're right. The man in the street doesn’t realize this, because companies aren’t used to fessing up. Therefore, there is little outrage and little pressure for retaliation or diplomatic engagement on these issues.

I'm cautiously optimistic that that is going to change a little bit. This year the Securities and Exchange Commission (SEC) gave very detailed guidance about when you have to disclose when you’ve been hacked. If there is a material impact to your company, you have to disclose it here and there, even if it's unknown.
Register for The Open Group Conference
Jan. 30 - Feb. 3 in San Francisco.
Gardner: So the old adage of shining light on this probably is in the best interest of everyone. Is the message then keeping this quiet isn’t necessarily the right way to go?

Menn: Not only is it not the right way to go, but it's safer to come out of the woods and fess up now. The stigma is almost gone. If you really blow the PR like Sony, then you're going to suffer some, but I haven’t heard a lot of people say, "Boy, Google is run by a bunch of stupid idiots. They got hacked by the Chinese."

It's the definition of an asymmetrical fight here. There is no company that's going to stand up against the might of the Chinese military, and nobody is going to fault them for getting nailed. Where we should fault them is for covering it up.
Not only is it not the right way to go, but it's safer to come out of the woods and fess up now. The stigma is almost gone.

I think you should give the American people some credit. They realize that you're not the bad guy, if you get nailed. As I said, nobody thinks that Google has a bunch of stupid engineers. It is somewhere between extremely difficult to impossible to ward off against "zero-days" and the dedicated teams working on social engineering, because the TCP/IP is fundamentally broken and it ain't your fault.

... [These threats] are an existential threat not only to your company, but to our country and to our way of life. It is that bad. One of the problems is that in the U.S., executives tend to think a quarter or two ahead. If your source code gets stolen, your blueprints get taken, nobody might know that for a few years, and heck, by then you're retired.

With the new SEC guidelines and some national plans in the U.K. and in the U.S., that’s not going to cut it anymore. Executives will be held accountable. This is some pretty drastic stuff. The things that you should be thinking about, if you’re in an IT-based business, include figuring out the absolutely critical crown jewel one, two, or three percent of your stuff, and keeping it off network machines.

Short-term price

Gardner: So we have to think differently, don’t we?

Menn: Basically, regular companies have to start thinking like banks, and banks have to start thinking like intelligence agencies. Everybody has to level up here.

Gardner: What do the intelligence agencies have to start thinking about?

Menn: The discussions that are going on now obviously include greatly increased monitoring, pushing responsibility for seeing suspicious stuff down to private enterprise, and obviously greater information sharing between private enterprise, and government officials.
But, there's some pretty outlandish stuff that’s getting kicked around, including looking the other way if you, as a company, sniff something out in another country and decide to take retaliatory action on your own.

But, there's some pretty outlandish stuff that’s getting kicked around, including looking the other way if you, as a company, sniff something out in another country and decide to take retaliatory action on your own. There’s some pretty sea-change stuff that’s going on.

Gardner: So that would be playing offense as well as defense?

Menn: In the Defense Authorization Act that just passed, for the first time, Congress officially blesses offensive cyber-warfare, which is something we’ve already been doing, just quietly.

We’re entering some pretty new areas here, and one of the things that’s going on is that the cyber warfare stuff, which is happening, is basically run by intelligence folks, rather by a bunch of lawyers worrying about collateral damage and the like, and there's almost no oversight because intelligence agencies in general get low oversight.

Gardner: Just quickly looking to the future, we have some major trends. We have an increased movement toward mobility, cloud, big data, social. How do these big shifts in IT impact this cyber security issue?

Menn: Well, there are some that are clearly dangerous, and there are some things that are a mixed bag. Certainly, the inroads of social networking into the workplace are bad from a security point of view. Perhaps worse is the consumerization of IT, the bring-your-own-device trend, which isn't going to go away. That’s bad, although there are obviously mitigating things you can do.

The cloud itself is a mixed bag. Certainly, in theory, it could be made more secure than what you have on premise. If you’re turning it over to the very best of the very best, they can do a lot more things than you can in terms of protecting it, particularly if you’re a smaller business.

If you look to the large-scale banks and people with health records and that sort of thing that really have to be ultra-secure, they're not going to do this yet, because the procedures are not really set up to their specs yet. That may likely come in the future. But, cloud security, in my opinion, is not there yet. So that’s a mixed blessing.

Radical steps

You need to think strategically about this, and that includes some pretty radical steps. There are those who say there are two types of companies out there -- those that have been hacked and those that don’t know that they’ve been hacked.

Everybody needs to take a look at this stuff beyond their immediate corporate needs and think about where we’re heading as a society. And to the extent that people are already expert in the stuff or can become expert in this stuff, they need to share that knowledge, and that will often mean, saying "Yes, we got hacked" publicly, but it also means educating those around them about the severity of the threat.

One of the reasons I wrote my book, and spent years doing it, is not because I felt that I could tell every senior executive what they needed to do. I wanted to educate a broader audience, because there are some pretty smart people, even in Washington, who have known about this for years and have been unable to do anything about it. We haven't really passed anything that's substantial in terms of legislation.

As a matter of political philosophy, I feel that if enough people on the street realize what's going on, then quite often leaders will get in front of them and at least attempt to do the right thing. Senior executives should be thinking about educating their customers, their peers, the general public, and Washington to make sure that the stuff that passes isn't as bad as it might otherwise be.
Listen to the podcast. Find it on iTunes/iPod. Read a full transcript or download a copy. Sponsor: The Open Group.
Register for The Open Group Conference
Jan. 30 - Feb. 3 in San Francisco.
You may also be interested in: