VOL NO OCTOBER IBM ships record breaking new servers

VOL.11 NO. 10 OCTOBER 2005 IBM ships record-breaking new POWER5+ servers IBM began shipping new UNIX systems for small- and medium-sized businesses (SMB) on Oct. 15 that use an enhanced version of the POWER5 chip to shatter 15 world records in key benchmarks for entrylevel UNIX and Linux servers. The new IBM System p5 Express servers are equipped with POWER5+ microprocessor technology and are specifically designed for the processing requirements of SMB companies or branch locations running business-critical database applications in retail, wholesale, distribution and financial services. The introduction of the new IBM System p5 servers with POWER5+ technology provide SMBs with new choices for deploying high-performance computing capabilities in their IT infrastructure. Additionally, new software tools make management of the new servers simple with the new Integrated Virtualization Manager and IBM Director 5.1. The new IBM System p5 servers range from a new eight-way server for scale up environments and server consolidation, to dense rack form factors for e-mail, web, file and print serving and dense clustering in scale out environments, to new “scale within” capabilities. New p5 systems from IBM are available with a combination of AIX 5L UNIX, Red Hat or Novell SuSE Linux operating systems. They include: The IBM System p5 550Q: This system uses the industry’s first Quad Core Module for database applications and delivers the fastest eight-way SPECjbb2005 results ever recorded. The new 1.5 GHz quad-core POWER5+ processor package can run up to twice as many workloads as previous four-way IBM eServer p5 550 servers. For example, using Simultaneous Multi-Threading, the new eight-way p5-550Q with POWER5+ processor – through two quad-core modules See IBM page 11 BAMS accurately forecasts hurricanes Despite an unprecedented 17 named storms, the devastation of Hurricane Katrina and Hurricane Rita, the 2005 Hurricane Season is not over. Silicon Graphics (sgi.com) supercomputer technology empowers one company’s mission to provide advanced warning with highly developed weather forecasting models. Baron Advanced Meteorological Systems (BAMS), a division of Baron Services Inc., is constantly providing more than 200 broadcast television customers across the country with the latest real-time, site-specific forecast data, modeled using technology from SGI. BAMS (baronservices.com) processes hurricane weather information multiple times daily, employing SGI Altix systems and SGI InfiniteStorage solutions to run high-performance atmospheric modeling programs. These proprietary models are used to predict potential storm paths and changes. By using a technique called “ensembling,” in which sophisticated programs running on SGI Altix systems analyze many possible atmospheric variations, BAMS is able to provide greater accuracy in weather forecasting. The BAMS forecast model received nationwide recognition in 2004 when it was the only model to correctly forecast the path of Hurricane Charley. Making landfall as a Category Four hurricane, Charley ravaged Florida’s southern Gulf Coast – notably the town of Punta Gorda. Other forecasts had the hurricane’s eye making landfall up to 150 miles north. “The major benefit of the SGI Altix system is that it has allowed us to expand our numerical weather prediction domains to much larger sizes than before, at much higher resolution,” said John McHenry, chief scientist for BAMS. “We can also run forecasts much more frequently, at greater speed, with a larger number of model variants. That’s important, because different model formulations allow us to produce an ensemble forecast that takes more possibilities into account. Faster storage allows us to get models into system memory faster, eliminating bottlenecks. Additionally, with the Altix, our turnaround time has improved by a factor of 4-8X, and that allows us to disseminate weather data to clients much more quickly.” The public receives BAMS’ vital forecasting data through a product called VIPIR, developed by Baron Services. As the parent company of BAMS, Baron develops localized weather analysis The day-ahead rainfall forecast for Hurricane Rita as it makes landfall on Sept. 23. New UltraSPARC IV+ Processors provide performance boost Sun Microsystems (sun.com) has released Sun Fire servers powered by new UltraSPARC IV+ (USIV+) processors, offering customers up to a fivefold increase in performance over previous UltraSPARC processor generations. Sun also announced a series of world-record benchmarks for performance and scalability that surpasses competing servers from IBM and Hewlett-Packard. Sun President Jonathan Schwartz said these new offerings deliver the industry’s only “on the fly” upgrade path that allows customers to leverage the binary compatibility of the UltraSPARC microprocessor and the Solaris Operating System to take advantage of the latest server technology. Schwartz said upgrading with Sun servers cost half as much as it does with an IBM system and these new systems offer better price/performance than servers using IBM’s POWER5 processors and AIX operating system. “This introduction makes it clear that SPARC and POWER are going headto-head, now that IBM and Dell have de-committed to Itanium and Hewlett Packard has effectively end-of-lifed HPUX,” Schwartz said. “And of the two, only SPARC benefits from the features and volume of the open source Solaris 10 operating system, which supports industrystandard servers from Sun as well as IBM, HP and Dell.” The new Sun Fire V490, V890, E2900, E4900 and E6900 servers are powered by 1.5 GHz (USIV+) processors and run Solaris 10. Benchmarks Sun also announced several benchmarks. The Sun Fire E4900 server achieved world-record performance for SPECjbb2005. IBM, HP, and Fujitsu have not published results on this new benchmark that demonstrates Java server performance. The Sun Fire E6900 server achieved a world record on Manugistics Fulfilment on Oracle9i Database and Oracle real application clusters, demonstrated a 32 percent performance advantage and a 2.7x price/performance advantage over the IBM p5-590. The Sun Fire E2900 server achieved an overall world record on IBM’s own Lotus Domino R6iNotes benchmark, with 34,000 users, producing the highest number of NotesMark transactions/min (28,268 N-Mark). This result beats the IBM i5-570 in performance by 19 percent at half the price per user. products for on-air use by broadcast meteorologists, as well as foreign and domestic governments. Its products include realtime radar display and storm tracking, advanced Doppler radar, instant alert systems, weather sensors, weather vans and Internet radar displays. The VIPIR See HURRICANE page 9 The Sun Fire V890 server achieved world-record price/performance for servers with more than two sockets on IBM’s Lotus Domino R6iNotes benchmark. The Sun Fire V890 delivered 18 percent better dollar per user than the IBM p5-570 and 49 percent better performance. Sun has also proved additional compelling performance comparisons against competitors. On SPECjbb2000 the 24-way Sun Fire E6900 outperformed 32-way Itanium-based HP servers, a 32-way Fujitsu PRIMEPOWER 1500 and a 16-way IBM p5-570. For scientific computing on the LINPACK “N” benchmark, the Sun Fire E6900 also outperformed a 1.9GHz IBM p5-570 by 22 percent. The new Sun Fire Servers running the USIV+ processors start at $30,995. ENS 2 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 3 Datagate is currently recruiting nationally for Field Service Engineers. Contact us if you are: Experienced on HP medium and high end computers and SAN’s Are above average technically Have strong customer service skills Think that “whatever it takes” is more than a slogan Work well with limited supervision (Equivalent experience considered) To learn about current or future openings send your resume to hr@datagateinc.com or call Jim Kelly at 800-824-1540 extension 111. Since 1978, Datagate has been the largest alternative support company for Hewlett Packard computer and instrumentation systems. The company enjoys an outstanding reputation by providing the highest quality maintenance support in the industry. Our customers are mostly fortune 1000 companies and government agencies. We look forward to exploring these opportunities with you. 4 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS CLASSIFIED • Large Inventory • Same Day Shipping • 90 Day Warranty • Tech Support • Buy and Sell Refurbished Buy & Sell 4 4 4 4 4 4 4 4 5-2005 dtSearch 7 AD: PCI News 1/3 page Vertical 2-5/16 x 8 tall Colors: Cyan, Magenta, Yellow, Black NEW Version 7 Terabyte Indexer 1-763-475-2900 • Fax: 1-763-475-0409 3850 Annapolis Lane, Suite 100 Plymouth, MN 55447 trish.s@altatechnologies.com www.altatechnologies.com 1-800-546-2582 Cisco Systems Sun Foundry Networks F5 Big IP Extreme Networks Juniper Networks Oracle products vvvvvvv Spider ($199) Desktop with m $800) h Spider (fro Network wit 99) ider (from $9 Web with Sp (from $2,500) CD/DVDs Publish for Win & .NET Engine for Linux Engine for The Smart Choice for Text Retrieval since 1991 � over two dozen indexed, unindexed, fielded ® www.recurrent.com 3431 DeLaCruz Blvd. Santa Clara, CA 95054 800.727.1419 408.727.8002 Fax 800-657-9555 x202 email: sherisa@regentsales.com and full-text search options � highlights hits in HTML, XML and PDF while displaying embedded links, formatting and images � converts other file types (word processor, database, spreadsheet, email, ZIP, Unicode, etc.) to HTML for display with highlighted hits Reviews of dtSearch � “The most powerful document search tool BUY & SELL new and refurbished SUN, HP, DEC, COMPAQ, CISCO, Hard to find and discountiuned items. 15 years since 1989 EIMS Direct.com We’ll help you find what your’re looking for! We ship emergency servers overnight! Call for inventory availability! on the market” — Wired Magazine � “dtSearch ... leads the market” — Network Computing � “Blindingly fast” — Computer Forensics: Incident Response Essentials � “A powerful arsenal of search tools” — The New York Times � “Super fast, super-reliable” — The Wall Street Journal � “Covers all data sources ... powerful Web-based engines” — eWEEK � “Searches at blazing speeds” — Computer Reseller News Test Center See www.dtsearch.com for hundreds more reviews & case studies 888-404-3467 Without adequate power protection your data and equipment are at constant risk. Computer Power Solutions offers the most comprehensive and technologically advanced midrange power solutions in the industry including the Powerware 9170+ . This scaleable, modular and redundant UPS, offers the highest level of backup power protection, power quality and reliability, and lowest cost of ownership, of any UPS power supply in the 3-18 kVA range. Call today to customize your complete power solution including Kwikool portable cooling systems. Computer Power Solutions 800.444.1938 • bmiller@cpshq.com 4644 Katella Avenue • Los Alamitos, CA 90720 1-800-IT-FINDS www.dtsearch.com ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 5 NEWS Cisco updates Nlets for end-to-end encryption Nlets, the International Justice and Public Safety Information Sharing Network, has been upgraded to a standards-based Cisco Internet Protocol (IP) network, delivering transmissions over the network in a matter of seconds, with greater security and enhanced capabilities. With its more than 41 million transmissions per month encrypted end-to-end across the Cisco infrastructure, Nlets now meets and even exceeds the Federal Bureau of Investigation (FBI) mandate for improved security while supporting rapid message exchange. Nlets, the nation’s primary interstate law enforcement network, interconnects 18,000 local, state and federal law enforcement and public safety agencies. Any time one of these agencies needs information from another, the inquiry travels over the Nlets network. Nlets users can query out-of-state databases for motor-vehicle and driver data, criminal histories, Canadian “hot file” records, U.S. citizenship and immigration services records and aircraft-tracking and registration information. Nlets also routes homeland security messages and Amber alerts of missing children. “Both citizen and first-responder safety is at stake with the communications over Nlets, so it’s critical that we deploy the highest performance, most secure and reliable capabilities available,” said Steve Correll, executive director of Nlets. “We simply must work to ensure that Nlets is never compromised or out of service in any way. Public safety agencies rely on the information that travels over the network to make decisions, and some critical information — such as, ‘Is this person armed and dangerous?’ must be determined in seconds. “For instance, in the wake of Hurricane Katrina, Nlets’ network provided the means for public safety and law enforcement first responders in the affected areas to communicate among themselves and outside the area. While we had one outage at the user end when systems were wiped out, we were able to keep continuous contact in most areas at lightning speeds, due to our state-of-the art system. Undoubtedly, some lives were saved as a result of the information sharing capabilities that has been a priority for the 18,000 agencies we serve throughout the nation.” Nlets, owned jointly by the 50 U.S. states and territories, was established nearly 40 years ago. In addition, all federal agencies involved in criminal justice and public safety subscribe to the network. In 2000, after the FBI Advisory Policy Board passed a motion requiring public safety agencies to encrypt data end-to-end by 2005, Nlets administrators decided to upgrade the frame relay infrastructure to an IP-based foundation. “We were looking for a partner that could deliver the upgrade that could work with us for the long term. Not only did Cisco offer the right solution, we were pleased that the company enjoys a solid reputation among our members,” Correll said. “The members felt comfortable replacing their legacy network equipment with Cisco routers, and one way we provide excellent service is by using vendors that our members trust.” With a Cisco router deployed at each of the member agencies, Nlets now performs the required, end-to-end encryption. “Even if an intruder were able to intercept a message sent across Nlets, the message could not be read or altered,” said Morgan Wright, global industry solution manager for justice and public safety, with Cisco Systems (cisco.com). Plus, this enhanced level of security comes at no cost to network performance.” ENS IBM targets SMB with server line IBM (ibm.com) has introduced a complete line of new entry servers including the new IBM xSeries 100 server. The x100, along with the new xSeries 206m and xSeries 306m systems, provide enterprise-class capabilities to small-medium businesses (SMB). Designed specifically for small businesses up to 50 users, the x100 combines built-to-last server quality with the latest technologies such as dual core processing, in an affordable, easy-to-configure, and easy-to-use system. The x100 can help manage and protect vital business data such as inventory records and e-mail applications. For small business customers who demand greater levels of availability and performance, the new x206m is a great solution for distributed and retail environments, while the new x306m is ideal for datacenters, Web traffic and network infrastructure. The new xSeries 206m and xSeries 306m are built on the second generation of IBM’s Xtended Design Architecture (XDA), characterized by industry standard server innovation that delivers outstanding performance, availability, manageability and flexibility. New high availability features help keep small businesses up and running even if the hard drive or power supply fails, or if a power circuit overloads. Those features, available in this class of server only from IBM, include: • a choice of affordable or high performance hot swap hard drives for enhanced ease of use and increased uptime, • redundant server power supply options to help maximize data availability, • standard integrated IBM ServeRAID 8e delivers non-OS based hard drive data redundancy, and • new integrated open standards based (IPMI) management controller for remote server control from anywhere on the network. These three new servers are part of the IBM Express Portfolio, developed to meet the needs of start-up, small and mid-sized companies. Express Offerings provide robust capabilities while taking into account the limited resources many SMBs face. IBM Express Offerings enable SMBs to better serve customers, increase revenue and reduce acquisition and maintenance costs with open, easy-to-purchase solutions. The x100 is shipping now, starting at $599; the x206m will be available Oct. 15, starting at $699; and the x306m will be available Oct. 15, starting at $1,159. All three servers will be available with Microsoft Small Business Server, Microsoft Server 2003, Red Hat or Novell SUSE Linux operating systems. ENS Ciena sells its DeVry adds online net degrees DeVry University will begin offering among many others. DeVry University’s Adaptive WAN two new online degree programs in the network and communications managegrowing networking field through DeVry ment bachelor’s degree program develops to Slovenia utility University Online. A bachelor’s degree skills to create and manage business netThe Republic of Slovenia’s largest producer of electricity, HSE&DEM, has selected optical multiservice switches, optical multiplexers, storage extension platforms and network management systems from Ciena Corp. to interconnect its locations nationwide with an Adaptive WAN to deliver IT services used in the production and delivery of electrical energy to customers. Ciena Corp. (ciena.com), a Linthicum, Md.-based network company was selected by Holding Slovenske elektrarne (HSE), Slovenia’s largest supplier of electricity, and Dravske elektrarne Maribor (DEM), governing eight hydropower plants under HSE, after a competitive review process. HSE&DEM chose Ciena’s CN 3620 Intelligent Optical Multiservice Switch, CN 2100 Passive Optical Multiplexer, CN 2000 Storage Extension Platform, ONCenter 3600 Management System and ON-Center CN 2000 Manager for support of next-generation SDH transport, DWDM optical transport and storage extension capabilities. The production and delivery of electricity to the market is a mission-critical, multi-step process that is monitored and controlled by a variety of IT applications, program in network and communications management and an associate degree program in network systems administration is now available. According to the Bureau of Labor Statistics’ 2002-2012 employment projections, networking is the second fastest growing occupation in the United States, with networking jobs expected to increase by 57 percent. Steven P. Riehs, vice president and general manager of DeVry University Online, said graduates of these programs will be able to tap into career opportunities that exist in fields such as health care, retail, entertainment, and telecommunications, works. Students in the network systems administration associate degree program will learn to administer networks for virtually any type of company or organization. The networking curriculum has an emphasis on the latest high-demand technologies, including wireless, security, VoIP, as well as business management skills. In addition to the two new programs, DeVry University offers five other undergraduate and seven graduate degree programs online. For more information about the program, visit http://www.devry.edu/PRinfo. ENS the demanding utility environment with its Adaptive WAN solution, a widearea network that optimizes and switches traffic at the lowest possible layer — providing maximum throughput, low latency and applications transparency. As a network that is always available, never drops packets and delivers deterministic response, the Adaptive WAN moves utilities beyond overlapping, single-application networks to a unified, scalable and high-performance network that supports time-sensitive, mission-critical business processes. ENS so the performance and availability of utility telecommunications networks and services are critical. Smart Com (smart-com.si), a provider of integrated communications and IT management services with headquarters in Slovenia, is working with Ciena to complete installation and testing of HSE&DEM’s network. Smart Com is a certified reseller of Ciena solutions. Leveraging more than 12 years of engineering Layer 1 and Layer 2 networking platforms for the carrier marketplace, Ciena brings carrier-class expertise to 6 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS NEWS Sun rolls out new x64 enterprise servers Sun Microsystems Inc. (sun.com) has released a new family of enterprise-class x86, 64-bit multi-core servers that have set new standards for performance, reliability and energy efficiency. Powered by AMD Opteron processors, the highest-performance x64 processors on the market, and running the Solaris 10 Operating System, the new industrystandard servers consume about one-third the power, deliver one-and-a-half times the performance, and cost half as much as comparably configured four-way servers from Dell. Additionally, the company announced Sun System Service Plans for Microsoft Windows Server. This new service offering provides integrated hardware and Microsoft Windows Server support for the latest Sun Fire x64 servers. The new industry-standard x64 multicore available server family begins with the Sun Fire X2100, the lowest cost singlesocket x64 rack-mount server, starting at $745, and includes the two-socket, fourway Sun Fire X4100 and Sun Fire X4200 servers. Future servers in this same family are being designed to accommodate up to eight multi-core processors to achieve 16way midrange system performance levels. “Today’s announcement is an extension of the growing collaboration between Microsoft and Sun, which is helping deliver new choices for customers who want interoperable server products from leading technology vendors,” said Chris Phillips, general manager of the Windows Server Division at Microsoft Corp. “The move from 32-bit to 64-bit computing offers a dramatic improvement in performance and reliability, enabling people to use computing resources in exciting new ways. The new Sun Fire servers running Windows Server 2003 x64 Editions, Microsoft SQL Server 2005 and the range of 64-bit applications on the Windows platform help deliver 64bit computing into the mainstream. We look forward to Sun’s new systems earning qualification on Windows Server 2003 and are pleased with Sun Service’s offering for Windows support on Sun Fire x64 systems.” The Sun Fire x64 servers are designed to save customers millions of dollars in operational expenses, in areas such as power and cooling when running High Performance Computing (HPC) and Web-based applications, and are also optimal for databases and server consolidation. The industrystandard Sun Fire x64 servers offer: • Highest performance on many industry-standard benchmarks, based on single- or multi-core AMD Opteron processors. With outstanding world-record results on several industry-standard benchmarks, the new servers have proven to perform at least 28 percent better than any x64 Intelbased server in its class and more than 12 percent faster than competitive systems powered by AMD Opteron processors. • Simplified management capabilities and high reliability with built-in hot swap functionality, enabling customers to remove and replace system components while the systems are running. Sun also offers the Sun N1 System Manager software, which extends the powerful capabilities of the Sun Fire x64 servers, offering customers a more efficient way of managing groups of Sun systems. • Complete portfolio of services to support heterogeneous computing. • The Sun Fire X4100 and Sun Fire X4200 are the first x64 servers based on designs from the team of one of Sun’s founders and legendary computer designers, Andy Bechtolsheim, who is also senior vice president of the Network Systems Group. Bechtolsheim said the new Sun Fire X4100 and Sun Fire X4200 servers are designed to deliver the highest CPU performance in an enterprise-class 1U and 2U chassis, with complete remote management capabilities. “These systems deliver a combination of performance, features and value to customers that is not available from any other server supplier today.” He said the Sun Fire X4000 series has proven to be faster than any two-socket Xeon-based server (www.sun.com/nc), designed in areas such as transaction processing and secure web serving. The new servers achieved a SPECweb99_SSL world record for two-core servers. The SPECweb99_SSL benchmark measures the performance of servers conducting secure Web transactions. In this benchmark, the X4100 beats the best HP twocore Xeon by 21 percent. The Sun Grid Rack Systems integrate Sun Fire x64 servers in a rack, including the Sun Fire X2100, Sun Fire X4100 and Sun Fire X4200 servers, the new Sun Secure Application Switch - N1000 Series, the Solaris 10 OS and the Sun N1 System Manager. A Sun Grid Rack System containing 32 Sun Fire X4100 servers, the Solaris 10 OS and the Sun Java System Application Server is 50 percent less expensive than comparable offerings from IBM or HP equipped with Intel Xeon processors. The entry-level price for the compact, single rack-unit, up to two-way Sun Fire X2100 server starts at $745, and includes the Solaris 10 OS, one AMD Opteron processor Model 146 and 512MB memory. The Sun Fire X4100 entry-level server configuration comes equipped with the Solaris 10 OS, one AMD Opteron processor Model 248, 1GB memory, one power supply unit and one service processor, priced at $2,195. The Sun Fire X4200 entry-level server configuration comes equipped with the Solaris 10 OS, one AMD Opteron processor Model 248, 1GB memory, one power supply unit and one service processor, priced at $2,595. ENS ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 7 NEWS HP speeds data flow in SANs with switch technology HP’s new 4-gigabit (4Gb) Fibre Channel switch technology offers twice the performance at comparable costs of current Fibre Channel offerings to help IT administrators eliminate bottlenecks in storage area networks (SANs). Network slowdowns in data availability occur as server bandwidth is consumed by applications, especially if there are large amounts of data being shared from server to server. For example, the oil and gas, entertainment and scientific research industries must move streaming video, complex algorithms or other data-intensive files off storage systems onto servers, thus generating massive demand for high-performance SAN environments. HP (hp.com) is offering new 4Gb products and services to provide customers a cost-effective storage infrastructure that can adapt to changing business needs and the growing demand for additional storage capacity. New offerings include: HP StorageWorks 4/8 SAN and 4/16 SAN Switches; HP StorageWorks 4/256 SAN Director; HP StorageWorks Fabric Manager; HP StorageWorks 4/16 SAN Switch Power Pack and 4/256 SAN Director Power Packs; and HP StorageWorks FC2142SR and FC2242SR Host Bus Adapters. HP has already shipped more than 2 million switch ports and was first to market with 4Gb embedded switches for blade servers. As part of its technology roadmap, HP plans to incorporate 4Gb technology into HP StorageWorks arrays and tape systems starting in early 2006. Backward compatible with existing 2Gb and 1Gb switches, the 4Gb technology helps increase application performance and shorten backup windows by doubling network bandwidth. Customers also can realize immediate benefits as a result of purchasing fewer ports and consuming less power. The new HP StorageWorks 4/8 SAN Switch for entrylevel and departmental SANs gives customers the ability to grow to a core-to-edge infrastructure and offers features that reduce operating costs by automating many installation and management tasks. The switches offer pay-as-you-grow scalability up to 16 ports so customers can start small and expand their storage networks in a non-disruptive manner. They are also easy to deploy, manage and integrate into a wide range of IT environments. For customers who want increased performance and functionality for SANs, HP offers the HP StorageWorks 4/16 SAN Switch, which spokesmen say offers high-performance connectivity and faster transfer for application performance improvement such as backups. The product’s simplicity and ease of use helps increase productivity, and its Inter Switch Links lower the cost of management for customers. The new HP StorageWorks 4/256 SAN Director delivers high-density connectivity while satisfying availability and scalability requirements for enterprise-class SAN environments. With 256 ports of connectivity within a single domain, the 4/256 SAN Director provides double the number of ports than previous switches, offering flexible scalability for large core-to-edge SAN architectures. In addition, redundant, hot-swappable components offer no single point of failure. The new HP StorageWorks Fabric Manager is a scalable, Java-based application that manages multiple switches and fabrics in real-time, providing the essential functions for efficiently configuring, monitoring, dynamically provisioning and managing SAN fabrics on a daily basis. Fabric Manager provides intelligent scalable management of storage fabric resources that enables customers to reduce infrastructure costs and improve efficiency of SAN management. It also includes support for fabric security and new routing services. The new HP StorageWorks 4/16 SAN Switch Power Pack and 4/256 SAN Director Power Pack provide SAN administrators with the necessary tools to monitor the health and performance of the network. The Power Packs also offer software features either pre-configured on the switch or as an upgrade, giving SAN administrators the ability to manage entire environments through a single pane of glass. ENS DigiSoft, Osmosys demonstrate single middleware using ADB set-top boxes Single middleware (MHP) middleware supplier Osmosys (osmosys.tv) and iTV software developer DigiSoft (digisoft.tv) are demonstrating multi-platform technology at the IBC show in Amsterdam. The software is operating on ADB’s 3100 IPTV set-top box optimized for hybrid digital terrestrial and IPTV applications. A single middleware provides great benefit to operators in minimizing infrastructure, licensing, eliminating dual application development and maintenance, in addition to providing the consumer with a unified and more consistent viewing experience. The demonstration features MHP applications running on a hybrid IPTV and DTT platform. The applications are provided by DigiSoft and its DigiHost Development Group members and Deployment Group customers. The applications have been developed using the DigiHost SDK (within a variety of IDEs and authoring tools), which allows for rapid deployment for a roadmap of differentiating services and will run off a single DigiHost server. The applications run on ADB’s hybrid, DTT and IPTV, 3100 series set-top box incorporating a single MHP stack from Osmosys. DigiSoft.tv Ltd works in partnership with other leaders of the TV industry to design and develop software solutions for Interactive TV. ENS Intel pushes down power-optimization path Completing an era in enterprise computing and signaling the beginning of a new generation of platforms and capabilities, Intel Corp. has released its last planned single-core Intel Xeon processor. Intel also announced new low voltage versions of its Intel Xeon processor line as the company shifts to enterprise platforms with processors having two or more cores. As part of its strategy to improve power efficiency, Intel has introduced low voltage versions of its Intel Xeon processors. They include the 64-bit Intel Xeon processor LV 3 GHz1 with only a 55W processor power envelope and the 64-bit Intel Xeon processor MV 3.20 GHz with a 90W processor power envelope. Both processors are targeted at server rack and blade designs. Intel also introduced a new 64-bit Intel Xeon processor with 2MB of L2 cache running at 3.80 GHz that is drop-in compatible with the previous Intel Xeon processor platforms and continues to offer power-saving features with Demand Based Switching, enhanced performance and flexibility with support for HyperThreading Technology, DDR2-400 memory and PCI Express. Additionally, Intel introduced a 64-bit Intel Xeon processor 2.80 GHz with 2MB L2 cache for servers used in small and medium business environments. Intel will soon introduce its first dualcore Intel Xeon processor, codenamed “Paxville.” Originally scheduled in 2006, Paxville will deliver improved performance for both dual-processor (DP) and multi-processor (MP)-based servers. In early 2006, Intel will deliver another server platform, codenamed “Bensley,” including a dual-core Intel Xeon processor, codenamed “Dempsey,” a chipset optimized for dual-core, codenamed “Blackford,” and technologies that will improve performance, manageability, reliability and productivity. At that time Intel will bring to market a dual-core Intel Xeon processor-based workstation platform, codenamed “Glidewell,” also including the Dempsey processor, and a new chipset, optimized for workstations, codenamed “Greencreek.” To further efforts in reducing server power consumption, in 2006 Intel also plans to deliver a new dual-core processor, codenamed “Sossaman,” targeted at power-constrained environments. Later in 2006, Intel will introduce a dual-core Intel Xeon processor-based platform, codenamed “Woodcrest,” designed on Intel’s advanced 65-nanometer technology manufacturing process. Woodcrest, based on the company’s next-generation, poweroptimized micro-architecture, will offer dramatically improved performance and greatly reduced power consumption. The 64-bit Intel Xeon processors with 2MB L2 cache at operating speeds of 3.80 GHz and 2.80 GHz are available now for $851 and $198, respectively, in 1,000unit quantities. The 64-bit Intel Xeon processor LV 3 GHz is priced at $519 in 1,000-unit quantities. And the 64-bit Intel Xeon processor MV 3.20 GHz is priced at $487 in 1,000 unit quantities. For more information, see intel.com. ENS IBM consults on departing boomers IBM is now consulting with organizations preparing for the potential loss of highly valued skills and knowledge as the baby-boom generation reaches traditional retirement age. Available consulting services will provide companies with diagnostic tools based on advanced analytics, strategies and methodologies to understand their employee base in real-time, retain employees, transition knowledge and transform business processes to cope with the demographic change and significant skill shift. “The aging population will be one of the major social and business issues of the 21st Century, and companies worldwide are starting to examine what this means in terms of skills, knowledge, and growth,” said Mary Sue Rogers, global leader for the IBM Business Consulting Services Human Capital Management Group. “The scale of this age-driven change will alter the way work and knowledge are managed within companies moving forward. Many companies are taking this opportunity to evaluate their workforce skills globally, rethink internal knowledge management, optimize people-based processes, and examine a more globally integrated business model.” ENS 8 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS NEWS Dell offers multi-core technology SGI, Army work on finding bunkers in dual-socket server systems Dell (dell.com) has added multicore technology to its portfolio of dual-socket servers and workstations, delivering up to 52 percent greater performance while maintaining a common system image for both singleand multi-core systems. The updated servers and workstations also provide the investment protection and flexibility of the industry’s most widely used and scalable architecture. Dual-core technology combines two processing units into a single processor chip. The result can be dramatic increases in performance and power efficiency compared to single-core processors, especially when running multiple applications. The dual-socket Dell PowerEdge 1850, 2800, 2850 and 1855 blade servers, along with the Dell Precision 470 and 670 workstations, will now incorporate dualcore, Intel Xeon processors. These new processors incorporate the same Intel chipsets used in single-core Intel Xeon processors for servers and workstations which give customers an easy migration path to multi-core computing. Dell Precision workstation customers who depend on independent software vendor-certified hardware can experience performance boosts of up to 52 percent on multi-threaded applications in such areas as CAD, digital content creation and scientific analysis. These systems target customers concerned about balancing performance demands with power consumption; the dual-core processors can increase the total performance per watt of PowerEdge servers and Dell Precision workstations by up to 43 percent. The new server and workstation configurations are supported by Dell Services (www.dell.com/services). The PowerEdge 1850, 1855, 2800, and 2850 servers can be pre-ordered with factory-installed Microsoft Windows Server 2003 (32/64-bit edition) and Red Hat Enterprise Linux (32/64bit edition). Prices for the servers start at $2,448, $2,448, $2,548 and $2,748, respectively. The Dell Precision 470 and 670 can be pre-ordered with factory-installed Microsoft Windows XP Professional (32/64-bit edition) and Red Hat Enterprise Linux (32/64-bit edition). Prices for the workstations start at $2,479 and $2,779 respectively. ENS Silicon Graphics (sgi.com) has announced that its Technology Solutions Organization is collaborating with the U.S. Army Battle Command Battle Laboratory at Fort Huachuca, Ariz., to develop promising technology that is expected to significantly enhance the U.S. military’s abilities to locate and identify underground structures. Under the Subterranean Target Identification (STI) program, SGI will help the Battle Command Battle Lab develop a much-needed prototype capability to identify and characterize underground facilities through the use of advanced sensing and data processing capabilities. Working with the Battle Lab and leading software providers, SGI expects to develop cutting-edge military technology for the advanced acquisition, processing and analysis of land surface seismic data based on its proven solutions for the energy industry, which widely uses SGI visualization and compute technology to help discover new oil and gas supplies far beneath the earth’s surface. Major oil and gas companies rely on SGI solutions to analyze large volumes of complex scientific and engineering data in order to confidently identify and develop onshore and offshore oil and gas prospects. Under the STI program, SGI will leverage the same expertise that has allowed oil and gas companies to achieve dramatic time and cost savings for their underground barrier imposed by traditional 32-bit only systems. Integrated in the ExtremeStor-DI PRO provides video professionals with the improved system efficiency and application performance required for running multiple digital intermediate applications simultaneously and for streaming multithreaded applications. drilling activities by providing highly accurate and detailed seismic analysis to the U.S. military for locating and identifying subterranean structures. “Programs like STI are critical to our national security. This R&D effort at Fort Huachuca directly supports our military in its fight against global terrorism,” said U.S. Sen. Jon Kyl of Arizona. “By leveraging the latest advanced sensing and data processing capabilities, Fort Huachuca and SGI can develop technologies that are much more effective in identifying underground facilities, posing less risk to our military men and women.” Caves burrowed into mountainsides and subterranean concrete bunkers often serve as underground havens for housing command centers and ammunition depots. Because they are buried underground, they are often difficult for the U.S. military to find. To help address this problem, Congress appropriated monies in the Fiscal 2005 Defense Appropriations Act to fund the STI program at Fort Huachuca to better identify underground facilities. Under the STI program, the Battle Command Battle Lab and SGI will also work closely with the DoD Thunder Mountain Evaluation Center at Fort Huachuca to endorse the development of promising technology that is expected to significantly enhance the U.S. military’s abilities to locate and characterize underground structures. ENS Available for direct sale through Globalstor Data or to OEMs for development into specific applications, the new AMD Opteron Dual Core ExtremeStor-DI PRO is available now with a two-year factory warranty. Pricing for 2.3TB solutions start at $36,500. For more information, call 818-7017771 or see globalstor.com. ENS Globalstor Data ExtremeStor DI-PRO available on Opteron Globalstor Data Corp., designer and builder of digital intermediate servers, has released the ExtremeStor-DI PRO based on new Dual Core AMD Opteron processors to give digital content professionals even faster processing of uncompressed 2K, HD and SD video files. Recognized as a premier platform for Digital Intermediate applications such as Assimilate Scratch, the new Dual Core AMD Opteron processor-based ExtremeStor-DI Pro will provide professional colorists and postproduction facilities with true multitasking capability without sacrificing video quality. Dual Core AMD Opteron processors enable simultaneous 32- and 64-bit computing and eliminate the 4GB memory HURRICANE continued from page 1 weather system is the first to combine photorealistic mapping, powerful 3D graphics and BAMS forecasting data into a single, real-time environment. Its timeliness and accuracy help television viewers get a clear understanding of the location, path and intensity of approaching storms, so they can make informed decisions about seeking shelter. To ensure continued broadcasting to the areas hardest hit by Hurricane Katrina, Baron Services responded two days before Katrina made landfall in the Gulf, providing technology, equipment and technicians to eight television stations in Louisiana, Mississippi and Alabama. The company also supplied a VIPIR system to CNN to aid in its continuous weather coverage. During the outbreak of hurricanes in fall 2004, Baron sent 40 systems and representatives to assist clients in the path of those storms. While BAMS is a rising force in the broadcast industry, the Baron subsidiary provides year-round weather forecasting to government, scientific and academic entities. For the last two years, BAMS has relied on an SGI Altix 3700 high-performance compute system powered by Intel Itanium 2 processors and running the Linux OS and SGI Advanced Linux Environment and ProPack. Because its data requires fast access, BAMS employs two SGI InfiniteStorage TP9100 systems. In addition, the company uses SGI Altix 350 systems for research, and runs weather and atmospheric modeling programs on an SGI Origin 3800 that has been in use for four years. “The Altix combines a powerful Intel processor with SGI technology that allows for computing and scalability with both shared and distributed memory,” said McHenry. “You cannot be dealing with systems that constantly need to be watched and fixed in a 24/7 operational environment, so we appreciate the stability and robustness of SGI products. Our company slogan is ‘technology and people dedicated to saving lives.’ That’s why we’re here. And we need the best equipment to give our customers the information they need to properly inform the public.” ENS ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 9 NEWS ’06 will be RFID’s inflection point QUALCOMM recognizes Unisys Radio Frequency Identification (RFID) technology will reach a significant turning point by the end of 2006, according to Unisys Global Visible Commerce experts. Companies will move beyond the pilot phase, implementing RFID infrastructures that will increasingly become a core element of their businesses in 2006. “Skeptics of RFID, who see significant technical and regulatory challenges or no return on investment, are wrong,” said Peter Regen, vice president, of Global Visible Commerce at Unisys. “The same was true with barcode technology 30 years ago – many in the retail and consumer products industry considered it to be costly, technically flawed and unnecessary. “Today, barcodes are on 87 percent of the items in the supermarket, and the adoption rate of RFID across multiple industries is already faster. Many of the key building blocks are already in place, and market drivers across industries will fuel adoption.” According to Unisys, adoption within the aviation industry will more than double in 2006 due to the recent ruling, which allows passive RFID to be used for goods carried on airplanes and aircraft parts. The international shipping and transportation industry will also make great strides by using lessons learned by the early adopters – retail and consumer goods, automotive, healthcare and life sciences, and the military. Dr. Donald Bowersox, a professor at Michigan State University, said RFID is a winning technology. “It will eliminate uncertainty in the supply chain, reduce the need for inventory ‘safety stocks,’ and enhance productivity. Clearly, we will experience significantly higher adoption rates as RFID applications enhance supply chain visibility.” John Fontanella, senior vice president of Supply Chain Services at the Aberdeen Group, said RFID adoption made great strides with significant milestones in 2005. Building blocks such as the completion of the Gen 2 passive RFID standard – which makes the use of one, secure tag around the world possible – will aid adoption across industries. “All of the companies I have spoken with that are involved in RFID are justifiably proud of their accomplishments, but there remains a great deal of work to be done,” Fontanella said. “The Gen 2 standard has to receive worldwide endorsement, the price of tags has to drop, and the installation of the technology needs to be greatly simplified. “The good news is that we are progressing on the path of RFID adoption and there is no turning back.” Unisys’ Regen said suppliers have been implementing RFID to meet the mandates established by major retailers since 2003. According to Unisys, in 2006 the outsourcing of support for RFID infrastructures will increase more than 400 percent. This will be a direct result of companies beginning to treat these infrastructures as a core part of their business, which will be a testament to the technology’s growing maturity. “Cynics will be astounded by the technology’s increased maturity,” he said. “Major advances will also be made as organizations learn to manage the data generated through their RFID implementations and use it to increase efficiencies. Companies will save billions of dollars through these efficiencies in the coming years.” ENS QUALCOMM Inc. (qualcomm.com), a developer and innovator of Code Division Multiple Access (CDMA) and other advanced wireless technologies, has named Unisys (unisys.com) the winner of the third annual 3G A-List Award in the Large Company Category (more than 5,000 employees). The award, honoring a wireless solution with major business effect, recognized a Unisys program that enables the company’s approximately 1,700 North America-based field service representatives supporting clients’ IT infrastructure to speed up customer service, reduce the cost of service management and improve measurement of service delivery. The solution enables Unisys Client Infrastructure Representatives (CIRs) to obtain changes to service orders as soon as they occur and report the results of service calls at the time of completion, rather than call them in later. Unisys anticipates that the solution will significantly reduce involvement by Unisys call center personnel, freeing them and the CIRs to focus more attention on client contact and service. The North American program is part of a global Unisys initiative to deploy a mobile infrastructure that enables Unisys CIRs, who answer more than 10,000 service calls daily, to continually enhance customer service. Employing wireless personal digital assistant (PDA) smart phones, the Unisys solution relies on CDMA2000 1X and is powered by Sprint’s CDMA network. Running Microsoft Windows Mobile 2003 operating environment, the PDAs communicate over the CDMA network with Unisys central Service Request Management System (SRMS). Without modifying the SRMS application, serverbased mobility middleware employing the Microsoft Windows environment converts Web-based transactions from SRMS into displays that Unisys service personnel can easily read and respond to. The solution’s security capability, employing both data encryption and password-enabled identity and access management, provides access only for authorized personnel and helps prevent sensitive service and client information from being compromised during transmission. Unisys implemented this solution in less than three months, using the same service delivery process deployed for customers. Relying on Unisys proven global service delivery processes and infrastructure, the company dramatically reduced anticipated per-user deployment time. ENS To service the more than 100 federal correctional institutions in the United States and Puerto Rico, Unisys will rely on its own ES3120 servers, as well as telephony hardware from Intel Corp. and the inmate telephone software application, which is being provided by Value Added Communications, based in Plano, Texas. With ITS-3, inmates will be able to make calls in three ways: direct debit from their prison commissary accounts, collect or pre-paid collect. ENS Unisys to facilitate new federal prison phone system The U.S. Federal Bureau of Prisons (BOP) has awarded Unisys Corp. (unisys. com) a contract for the nationwide deployment and operation of the next-generation federal inmate telephone system. Under the Inmate Telephone System-3 (ITS-3) contract, Unisys will provide hardware, installation, maintenance and program management support. The contract has a three-year base period and three one-year options exercisable at the sole discretion of the government. The estimated value for the three-year base period is $37 million. If all option years are exercised, the estimated value to Unisys could be $96 million. Revenue during the base and option periods includes revenue generated by inmate calling. Chief among the benefits of ITS-3 are cost savings, hardware space reduction and scalability. The Unisys solution requires just one-eighth the hardware space of the current inmate telephone system and is comprised of advanced commercial off-the-shelf hardware and software applications. The company is poised to offer similar solutions to U.S. state and local and international correctional institution markets. Air cargo online booking growing Electronic booking of cargo continues to increase rapidly, according to the third annual Chicken & Egg survey of key logistics providers for international shipping conducted by the Unisys-operated Cargo Portal Services (CPS), an electronic booking and shipment management service. The survey, completed by 450 freight forwarders – key logistics providers for international shipping – assesses current views on electronic booking in the air cargo industry. The survey’s name refers to the mutual need for both freight forwarders and airlines to use online services for booking, although each party generally expects the other to take the initial step. The survey asked forwarders to specify the percentage of their carrier bookings done electronically today and expectations for a year from now. Currently, 30 percent of respondents book a majority of their cargo online. More than double (64 percent) expect to book a majority of their cargo online by mid-2006. This compares to the 2003 survey results when just 10 percent of respondents said that they were booking the majority of their cargo online, and it shows the confidence they now have in the technology. Respondents were asked to rate the importance of booking cargo shipments online. An overwhelming majority of the respondents placed a very high value on being able to do business electronically – 90 percent of respondents said it was “valuable” to “very valuable.” The top four reasons respondents provided as to why online booking is important to them included: ability to make bookings 24 hours per day; faster than telephone transactions; better tracking history; and easier to do business with carriers who offer online services. ENS Unisys, Synapsis partner on oil outsourcing pact Unisys Corp. (unistys.com) and Synapsis (synapsis-it.com) have won a contract from ECOPETROL, Colombia’s state-owned oil company, for outsourcing services to manage its IT infrastructure and enterprise applications. The contract, signed in the first quarter of 2005, has a total value of approximately $27 million over four years, and is worth approximately $14 million to Unisys and $13 million to Synapsis. Unisys will manage the network, security and service-desk operations as well as maintain more than 200 servers located at ECOPETROL sites in Bogotá, Barrancabermeja and Cartagena. ENS 10 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS NEWS IBM continued from page 1 with up to 16 simultaneous threads – allows customers to consolidate multiple servers into one, easy-to-manage system. The IBM System p5 520: The fastest two-way Java business server in the industry, the p5 520 is built with IBM’s most advanced microprocessor technology, IBM POWER5+. It is designed for use as a small database server, a branch applications server and for highly secure e-business and business intelligence (BI) and high-performance computing (HPC) applications for enterprises of all sizes. The IBM System p5 550: This system is a four-way database server with 1.9 GHz POWER5+ dual-core modules. It can function as a scalable database or versatile departmental or regional server for businesses of all sizes and is a strategic platform for scalable database servers, e-commerce application servers, web servers, operations systems and for BI and HPC workloads. In addition, the p5 550 is the fastest four-way Java business and web application server, the fastest four-processor SAP SD 2-tier application server on the Linux OS, and scored world-record performance on the Notesbench benchmark. The IBM System p5 505: This is an all new dense rack server in a 1U form factor using 1.5Ghz and 1.65Ghz POWER5 processors in one- and two-way configurations. Perfect for scale-out implementations, the new p5-505 can help SMBs reach new levels of performance, flexibility and functionality in their IT infrastructures or dense high performance computing clusters. The p5 505 delivers twice the storage and memory capacity, and faster SPECfp performance than the Sun Fire X4100. The new server systems are part of the IBM Express Portfolio, developed to meet the needs of start-up, small and mid-sized companies. Express Offerings provide robust capabilities while taking into account the limited resources many SMBs face. IBM Express Offerings enable SMBs to better serve customers, increase revenue and reduce acquisition and maintenance costs with open easy-to-purchase solutions. The new IBM System p5 Express offerings come in two new editions: the AIX 5L Edition for customers preferring a UNIX operating system, and the OpenPower Edition for customers who prefer the open source Linux operating system. Customers can add additional AIX 5L or Linux partitions to either edition and run both operating systems simultaneously. All System p5 Express models come with a standard three-year warranty. The New System p5 servers are some of the most decorated servers in computing history, attaining the top results (spec.org) in 15 key performance benchmarks ranging from enterprise resource planning (ERP), web and File Serving and collaboration applications to Java Business and High Performance Computing. POWER5+ is a “server on a chip” containing two processors, a high-bandwidth system switch, a large memory cache and I/O interface. The latest version is available in 1.5 and 1.9 ghz, and up to 72MB of on-board cache memory and is based on technologies that enable IBM eServers systems to provide customers improved performance and decreased IT footprint size through logical partitioning. With the POWER5+ processor, IBM is enhancing the features and speed that have made the POWER5 processor the measuring stick of UNIX servers, while offering customers the price performance value they need to justify a long-term investment in their data centers HPC computing IBM also announced new POWER5+ systems for high performance computing. They include The 16-way IBM eServer p5 575: This system is designed for supercomputing applications and intensive numerical calculation, the new p5 575 offers more than 50 percent more performance than the eight-way p5-575. The p5 575 cluster node is capable of sustaining 87.3 Gflop/s of performance, marking a major step in the evolution of high-powered, off-the-shelf building blocks that are tailored to meet the demands of a broad range of compute-intensive or memory bandwidth-intensive applications. With up to 192 processors installed in a single 24- inch wide system frame, this ultra-thin p5-575 can be used to advance high performance computing projects in the areas of engineering problem solving, drug design, oil reservoir modeling and weather forecasting. The IntelliStation POWER 285: This system is the first POWER5+ workstation and provides new levels of UNIX performance for computer aided engineering applications like CATIA, broadly used by the world’s leading automotive and aerospace companies. The IntelliStation POWER 285 offers more than twice the performance of the Sun Blade 2500 with outstanding floating point performance — critical for numeric-intensive engineering applications. . With the new Integrated Virtualization Manager (IVM), IBM is simplifying p5 Systems virtualization deployment. Using the new wizard-driven, browser-based user interface, customers can create a micropartition ready for installation of either the AIX 5L or Linux OS with a mere 3 clicks of the mouse. IVM comes packaged at no additional cost with the optional purchase of Advanced POWER Virtualization on IBM’s p5 servers. The Integrated Virtualization Manager is designed to dramatically reduce the complexity and time involved to setup and configure multiple partition environments, using IBM’s Micro-Partitioning capabilities. IBM Director 5.1 is a software tool that provides cross-platform systems management to help maximize system availability and reduce IT costs. Planned to be available as a no-charge download on Nov. 25, IBM Director allows IT administrators to distribute software, view and track hardware and software inventory, issue commands and monitor the usage and performance of critical components such as processors, disks and memory across distributed systems. Director is controlled from a simple, point-and-click graphical interface and provides significant automation such as automated responses and management-by-group to help reduce errors and increase operator efficiency. The p5-505 has a starting price of $3,684. The p5-520 has a starting price of $11,699 for a two-way 1.9Ghz minimum configuration, while the p5 550 starts at $14,053 for a two-way 1.9Ghz minimum configuration, and the p5-550Q starts at $19,048 for a fourway 1.5Ghz minimum configuration. Support for AIX 5L V5.2, AIX 5L V5.3, SUSE Linux Enterprise Server 9 (SLES 9) for POWER and Red Hat Enterprise Linux AS 3 (RHEL AS 3) for POWER operating systems operate independently or simultaneously through logical partitions. The Integrated Virtualization Manager is provided at no additional cost with purchase of the Advanced POWER Virtualization optional feature. ENS IBM BladeCenter delivers fully enabled 4Gb SAN solutions IBM has announced the availability of the industry’s first fully enabled 4 gigabit per second (4Gb) Storage Area Network (SAN) solutions for blade servers. Developed with BladeCenter Alliance partners QLogic and McDATA, IBM’s blade offering now offers customers new levels of price, performance and flexibility to help them manage their total IT infrastructure and build stronger on demand business environments. The new IBM BladeCenter 4Gb offering features the QLogic Fibre Channel host bus adapter, the QLogic 4Gb switch module and McDATA 4Gb switch module. When configured with the IBM TotalStorage DS4800, it provides businesses of any size a high performance SAN solution that is simple to deploy, easily scalable and lowers total cost of ownership. Each switch module is available in 10 and 20 port models and upgrades are accomplished easily via software keys. Previously first-to-market with embedded Fibre Channel switching for blade servers with switch modules developed by QLogic and McDATA, today’s announcement further expands IBM’s portfolio of embedded SAN switches. IBM continues to deliver on its strategy of providing industry leading SAN switch support, price/performance and flexibility for BladeCenter and continues to lead the blade server market overall, as it has for the past eight quarters. QLogic 4Gb switches for IBM BladeCenter start at $8,999. McDATA 4Gb switches for IBM BladeCenter start at $10,999. For more information, see ibm.com/ bladecenter. ENS ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 11 NEWS INDEPTH Meaningful traffic reports require carefully placed probes BY CHARLES THOMPSON I magine that you are a traffic reporter. Your job is to monitor the roads across a big city via posted cameras and report your findings to the commuters. By 7 a.m. every morning, you get hounded by calls from angry commuters. “Why is traffic so slow?” they demand to know. You explain that you are closely monitoring the roadways and you don’t see any problems. Those calls start to let up around 10:30 a.m. as traffic patterns change and you figure that everything must be okay now. However, things are not okay. A semi just rolled over on a major highway. But you don’t know that because your cameras only provide visibility across three of the city’s roads. Traffic backs up once again and you are bewildered by the many angry calls. That’s exactly what it’s like to monitor a network with insufficient visibility. The most flexible, economical method of analyzing and monitoring switch-based networks is the distributed analyzer, which consists of any number of probes reporting back to a central console. In this manner, probes provide visibility–the traffic cameras per se–of any segment of the network. Similar to traffic cameras, they observe and collect the data traversing links. The most efficient probes do analysis on site and only send display updates to the console to minimize network overhead. Without probes, you would have to connect a dedicated analyzer to multiple switches, and even then you would have no way of seeing all of the data in a comprehensive view. Deploying probes across every segment of the network for 100 percent visibility is not practical, and typically not necessary. Imagine having to monitor hundreds of cameras to report traffic on every single road in the city! Realistically, probes should be deployed on mission-critical links; in our case, major highways or those roads vulnerable to outside conditions. Ultimately, where to deploy probes depends on the design of the particular will be applicable to most situations. • Ethernet Probe —An Ethernet probe connected to a switch SPAN or port mirror can show you top network users connected to that switch, help enforce corporate usage policies, and aid in troubleshooting station connections • WAN Probe — A WAN probe deployed via a Test Access Port (TAP) on a WAN link network and where you require visibility. For example, placing probes on the fullduplex links that connect servers or server farms to core switches lets you see all traffic between servers and their clients. Connecting additional probe appliances at the edge of the network will let you focus in on select segments or stations on the network for detailed problem resolution. Deploying a specialized probe on a WAN link makes WAN frames visible in addition to showing all traffic flowing in and out through the link. The diagram below is an example of probe placement on a “typical” network. Because every network is different, the examples shown may not look like your network but the concepts demonstrated can help to verify Service Level Agreements, monitor for intruders, and aid in troubleshooting branch office connections • Gigabit Trunk Probe — A trunkaware probe deployed via a TAP on a trunk can show server, link, and application performance as well as aid in tweaking and troubleshooting trunk performance, and troubleshooting station connections • Wireless Probe — A wireless probe helps to detect security threats, detect and shut down rogue access points, and troubleshoot 802.11 connections Failure to deploy probes in the right places on the network can result in blind spots, which can lead to inefficient troubleshooting and expensive mistakes. Deploying probes at critical areas on the network should give you sufficient visibility and the confidence that you are getting a comprehensive and accurate picture of the network. However, even if probes are deployed at the most effective places on a network, they only show your analyzer the data that is visible to those probes. An Ethernet probe, for example, is limited to what a particular switch’s SPAN can deliver. SPAN ports do not report errors and will drop information if bandwidth utilization is high. Using a TAP on designated links will provide all data–including errors–that traverse that link, even if bandwidth is running at maximum capacity. Therefore, you are less likely to be caught off-guard. So TAPs are essential on critical links (major roads) while SPANning may be sufficient on less critical links (smaller, less traveled roads). Nobody likes to get bombarded with angry calls. Understanding traffic patterns and conditions could help you help users quickly get out of a jam or even avoid it in the first place. Deploying probes across the network that are connected to a switch or TAP, gives you the visibility to effectively monitor the network and boost troubleshooting power to ensure optimal traffic across the network. ENS Charles Thompson, senior systems engineer for Network Instrument LLC, works with the Network Instruments sales organization to provide technical expertise and in-depth product information to enterprise accounts. Network Instruments develops network management, analysis and troubleshooting solutions. Thompson can be reached at charlest@networkinstruments.com. 12 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS NEWS INDEPTH Strengthening the weakest link in corporate backup BY RAY MCGOLDRICK AND RICHARD SHIN W hy does data loss still occur with current backup solutions? Why are the richest companies unable to eliminate data loss despite employing top IT personnel and implementing cutting-edge storage technologies? The reason is because there is a weak link in the corporate backup process. In fact, despite increased awareness about data loss prevention, human errors account for 30 percent of data loss; in 2003, data losses cost U.S. businesses an estimated $18.2 billion, up from $12 billion in 1998. Finding a solution is important because in addition to the weak link, data is still vulnerable to inevitable hard drive failures, computer crashes, virus infections and other disasters. Weakest link? In a typical corporate work environment, server-located data is commonly protected by various backup solutions, but client data is less frequently protected. In other words, the responsibility to protect user data is largely left to corporate users themselves. This is a key reason why data losses occur more frequently on client workstations than on servers: even if a company implores its users to regularly back up their data, the task is often left for the users to personally implement. For example, many companies have Hence, the weakest link in the backup process is the users who, for whatever reason, do not take the necessary steps to protect their data against inevitable disasters. Even if a company has procedures and software designed to frequently back up data, users may not comply because they view the backup process as being a work interruption, a time killer or too confusing to understand. Without user compliance in the backup process, not all data will be protected; therefore, companies will experience data losses more frequently, lose more time and money trying to recover data, and run further behind on project deliveries. Removing the weak link Although there may be various solutions to getting users to regularly back up their data, the simplest way is to create a real-time backup system on all user workstations that makes it quick and easy to protect important data. There are many different applications that offer easy data protection, so it is important to describe what to look for in a solution. In general, the solution should: be easy to operate and configure, offer automation, execute transparently and support network drives. Easy to operate, configure It can be difficult to measure whether a certain application is more user-friendly than another, but easy-to-use backup software should have a few key features and abilities. First, it should be easy to initially configure the software. IT personnel are often responsible for the installation and configuration of new software on every machine in a company. To ease the rollout of backup software, the IT personnel should be able to install the software, create a basic backup job and configure the software to back up important data. An example of important data is the My Documents folder and Microsoft Outlook e-mails. Next, it should be easy for users to select which data to back up. At the very least, users should be able to browse through an Explorer-like interface to select folders and files. One valuable addition would be a filtering feature that allows users to select pre-existing filter settings to back up certain file types; for example, photos, videos, music files, text files and other important data. To add more flexibility to the filtering feature, the user should be allowed to create customized file filters by inputting file type extensions they desire to back up. continuous backup. Continuous backups ensure that the backup data always mirrors the source data from the user workstation. In contrast, non-continuous backups are only able to restore data from the last time the backup was executed; for example, you could potentially lose today’s work because the backup was last executed yesterday. Choosing backup software that supports continuous backup can help prevent this occurrence. Transparency The backup solution also needs to be transparent to users so they are more likely to tolerate it being installed and running on their systems. It should feel like the backup software isn’t even running — it should wait silently in the background for the scheduled backup to execute. Even when the software is actively backing data up, it should not require a large portion of the system resources that can make the computer essentially unusable. Why? The more intrusive the backup software is and the more resources it takes up, the more likely it is that users will disable or not use the backup software, therefore failing to protect their data. Network drive support Finally, the solution should be easy to configure to back-up to network drives. Companies frequently instruct users to back-up to network drives for good reason: it can be a cost-effective solution, it offers convenient access and it can be very reliable. It is the recommended option for companies that are serious about eliminating the risk of data loss, and it is important that the software support backing up to network drives. Conclusion Removing the weakest link in the backup process is essential if a company wants to reduce data loss incidents and minimize productivity losses. The recommended solution is to shift the responsibility of protecting data away from users and toward an easy-to-use, continuous, native-format backup solution. ENS Ray McGoldrick is a senior product manager and Richard Shin is a software engineer with NewTech InfoSystems (NTI) in Irvine, Calif. NTI Shadow is a continuous backup program designed to be automatic, easy-touse, and transparent to the user. They may be contacted by calling 949-421-072 or through the web at ntius.com. For instance, if a user wanted to select only Microsoft Word documents, he or she could enter *.doc and have all Word documents added to the backup data set. Restoring data should be simple as well. Restoring backed up data can be either simple or complicated, depending on which application is used. But it is most efficient when backed up files are kept in their native format and are not compressed. If files are kept in their native format, then recovering data can be as easy as dragging and dropping the files to their original location. Automation If the goal of the backup process is to protect data quickly and easily, then the execution of the backup should have a certain level of automation. One example of this automation is the ability to run a backup job without user input or supervision. The ability to schedule periodic, unattended backups shifts the burden of protecting data off of users’ shoulders. This is a beneficial change because users are often irresponsible when it comes to backing up data. Running a scheduled, unattended backup is a superior way to ensure that users back up their workstations regularly, allowing users to set it and forget it. However, one issue with automated backups is finding the optimal frequency of execution. To ensure the freshness of the backup data, backups should be run as frequently as possible without interrupting the user. The most efficient solution is to instantly back up any files once they have been modified on the hard drive, called a users back up important data to a mapped network drive but how many will actually back up regularly? Although there is no exact figure or statistic, it is probable that some users who have the capability to back up their data do not take the necessary steps to insure their workstations against data loss. ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 13 NEWS INDEPTH SATA recasts spotlight on RAID 6, but is it right for you? BY SCOTT CLELAND T here is no doubt that SATA RAID is rapidly permeating business and vertical applications. Non transactional data, video and multimedia files can quickly balloon into the petabytes. With fiber channel costing upwards of $5.50 per gigabyte, and SCSI RAID costing as much as $5.15 per gigabyte, at only $1.05 per gigabyte, SATA’s price, performance, and reliability positions it as the ideal network storage solution for non-critical data storage backup. Traditionally RAID 5 is the more popular array in most SATA RAID applications, but with individual drive capacity reaching upwards of 400GB, rebuild times flirt with more than 12-hour rebuild times per drive. Now RAID 6 is slowly gaining traction, once again among the masses but especially in SATA, which offers advantages and disadvantages to protect against the unlikely scenario of multiple drive failures. Yes, RAID 6 was promoted in the last several years by HP and Compaq (now HP), which at the time was marketed as Advanced Data Guarding (ADG). ADG, was really aimed at SCSI installations and was not widely adopted by the masses because of its – at the time – niche focus. Since then, SATA RAID installations have skyrocketed. In mega capacity, data storage hungry environments where SATA drives are RAIDed together with hundreds or thousands of other drives such as ISP server farms, digital asset management, database management, random drive failures are common. And now, in some cases, multiple, simultaneous drive failures can occur when least expected. Is RAID 6 right for your storage application? Let’s start by evaluating RAID 6. RAID 6: an introduction In a RAID 5 array, data is striped across all drives in the array. Parity information is rotated and stored across all the disks. If an individual drive fails, the surviving array operates in degraded mode until the failed drive is replaced and its data is rebuilt from the parity information retained on the surviving disks. However, RAID 5 arrays are most vulnerable while in degraded mode because everything will be lost if a second drive fails during the rebuild – and data loss combined with lost time can be costly to any organization. Rebuild times are getting increasingly longer due to today’s increased hard disk capacity and longer rebuild times widen the window of likelihood that a second drive will fail, resulting in catastrophic data loss. RAID 6 is designed to mitigate the risk Figure 1: Two sets of parity data, P & Q are striped across the disks. RAID 6 safeguards data against a second drive failure. of a second hard disk drive failure while the RAID array is rebuilding. In a RAID 6 enabled system, a second set of parity is calculated, written and rotated across all the drives. This second parity calculation provides significantly more robust fault tolerance and allows the array to survive up to two consecutive drive failures without losing data. A RAID 6 implementation is diagrammed in Figure 1. Double-parity RAID, commonly known as RAID 6, safeguards against data loss during rebuild mode by allowing up to two consecutive drive failures. Is RAID 6 right? RAID 5 write performance is influenced by the number of disk accesses that are required during the write process. While there is no adverse effect on RAID 5 read performance, write performance drops by almost 50 percent between RAID 0 (data striping across multiple drives) and RAID 5 (data striping across multiple drives with rotating parity calculation), based on performance bench- marks completed on AMCC’s 9000 series RAID controllers. The effect on overall performance will always depend on the ratio between reads and writes for a given application; more writes equates to lower performance. RAID 6 requires a second set of parity Storage Requirement 1.2 terabytes 1.2 terabaytes Capacity Drives 400G 200G # Drives for RAID 5 4 7 Drive Cost $312 $109 Avoiding a 2nd drive failure RAID 5 provides robust redundancy during normal operation. RAID 6 further protects the RAID array against data loss during degraded mode by allowing up to two drives to fail during this vulnerable stage. It is possible, however, to insure against the vulnerability of the system in degraded mode without incurring the penalties associated with RAID 6. In general, the faster the rebuild is, the lower the risk of a second drive failure during rebuild. Building RAID 5 systems with reduced rebuild times in mind will minimize the chances of a second drive failure. The host controller plays a critical role during this stage. There are several ways of doing this: 1. Hot sparing with automatic rebuild. This does not speed up the rebuild, but does remove the time delay between drive failures and drive replacement. Multiple arrays on a single controller can share a single hot spare for automatic rebuild. 2. Set the rebuild priority to highest level. This will slow the application down during rebuilds but will minimize the exposure time. 3. Minimize the number of drives per array in line with the storage requirements. The greater the number of drives in a single array, the higher the probability of a second drive failure. Controller Cost $282 $450 Hot Spare Cost $312 $109 Total Cost w/Hot Spare $1,842 $1,322 Total Cost $1,530 $1,213 Prices based on www.pricewatch.com 2/16/05 Table 1 calculations to protect data against a second drive failure. This additional datahandling step adversely affects performance. Independent performance benchmarks show that a RAID controller can suffer a 20 percent drop in overall performance in RAID 6 compared to a RAID 5 implementation, based on the previously cited benchmarks. As with RAID 5, read performance is unaffected. Affects of Parity Calculation on Arrays Array Capacity used for parity% # Drives 3 4 8 12 RAID 5 33.3 25.0 12.5 8.3 RAID 6 N/A 50.0 25.0 16.6 Table 2 4. The higher the MTBF (Mean time between failure) of the drive, the lower the probability of a drive failure to begin with. Always look for the highest rated drives for your RAID 5 array. 5. Use a higher number of smaller drives. As stated before, the bigger the drive the longer the re-build time. Smaller drives will shorten the drive re-build time. In addition, smaller capacity drives tend to be significantly cheaper so the cost savings may cover the cost of a hot spare, as shown in Table 1. Capacity RAID 5 implementations require a minimum of three drives and have the storage capacity of N-1 drives because the equivalent capacity of one drive is exclusively dedicated to holding parity data. For example in a four-drive, 200GB per drive array, the total available storage capacity is 600GB out of 800GB. RAID 6 implementations require a minimum of four drives and have the storage Storage efficiency (%) RAID 5 66.7 75.0 87.5 91.7 RAID 6 N/A 50.0 75.0 83.4 14 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS NEWS INDEPTH On-demand is changing the call center landscape BY CHARLES CIARLO W e’ve all heard the term “ondemand.” Hardware giants such as IBM and HP have released computer systems that allow you to turn on or off processing power as your needs dictate. Software firms such as Computer Associates and Oracle have garnered a lot of attention by making some of their products available on a pay-per-use basis. Startups like Salesforce.com and WebEx have pioneered application delivery over the web for such vital services as CRM and web meetings. According to Karen Moser, an analyst with research firm International Data Corp. (IDC), the market for web-based applications will reach $1.5 billion within one year. You can be sure that the same trend will soon catch hold in the contact center. After all, the level of sophistication required today to set up call center operations means that you can’t enter the game without deep pockets. With budgets being so tight, some are already searching out hosted alternatives – letting someone else worry about the hardware, software and maintenance of the IT infrastructure so that they can get on with the job at hand — interacting with customers. This will eventually reach the point where all the technology in back of the call center —VoIP, ACD, call queuing, skillsbased routing, predictive dialer, IVR, call recording, etc. — can be delivered easily over the web. All a contact center will need are phones, computer screens and an Internet connection. Everything else is handled offsite at a remote data center. Of course, such changes won’t happen immediately. Only the very brave will abandon overnight the tradition of hosting hardware and software onsite. Rather, companies will test the waters gradually. Applications such as workforce management (WFM), in particular, are ideal for the on-demand model. Think about it. Most companies have long since realized that manual forecasting and agent scheduling is unworkable beyond about 20 seats (if you route calls by agent skills then it is unworkable at any size). To implement WFM, however, means an upfront investment in hardware and software. Say you purchase 50 licenses for your average demand, yet twice a year need to ramp up to 100 seats. If these seasonal peaks last only a few weeks, you are wasting a lot of money buying 50 extra licenses for WFM (as well as other call center applications) that sit unused most of the year. By purchasing these services on an on-demand basis, you only pay for the extra seats for the time required. But there are many other benefits to on-demand WFM. Gone are the large upfront expenses that can sometimes delay the implementation of the technology, replaced by a manageable monthly bill. Gone is the need for additional IT resources onsite to manage your WFM hardware and software. Gone is the space requirement of additional servers or software to download onto each desktop — a zero footprint, in other words. On-demand WFM even means you can, if desired, dispense with the necessity of hiring your own workforce planner. Depending on the size of the contact center, it may be wiser to purchase professional services from a WFM vendor. Once-a-week scheduling and forecasting assistance is a way for some contact centers to maintain high efficiency while keeping costs down. When the ramp-up from 50 to 100 or more seats is required, the transition is made seamless by the on-demand model. The monthly bill rises, of course, but only for as long as the additional functionality is being utilized. During peak periods, it might also mean a ramp-up in professional services. But for some operations, this is far less expensive than having a full-time workforce planner on a salary. Another scenario to investigate is starting a new contact center with low overhead using on-demand services. As business improves, you can add more seats without a permanent licensing and hardware commitment. At some point, though, you may expand enough so it actually makes more sense to host your own software and hardware. Smart on-demand vendors make this transition easy by enabling customers to buy the complete package at a reduced rate. But even where the customer determines that it has reached the point where it is easier or cheaper to bring WFM in-house, there is still an important role for ondemand. Say the center has expanded to a stable 500 seats. It is unlikely that business will remain stable throughout the year. WFM tools can help the company determine how many permanent seats it requires all year. The company can then match its hiring to that level, and buy the appropriate number of license. For peak periods, though, temporary hiring and on-demand usage of workforce management software ensures the highest possible profits. Core competency The underlying reason for on-demand can be summed up in two words – core competency. If your core strength is inbound and/or outbound calling, you may not want to get into the IT business. You may not even want to get into the workforce scheduling business. Ideally, you can just focus on your areas of competence and pay a monthly rate for vital ancillary services such as WFM hosting, planning and IT infrastructure. According to IDC, industry specific software such as WFM will follow in the footsteps of CRM as being a hot area for adoption as an on-demand service. Essentially, on-demand will change the call center landscape over the next couple of years. And expect workforce management to be at the forefront of this shift. Salesforce.com already boasts 275,000 subscribers and WebEx hosts web conferences for tens of thousands of companies. Expect the same thing to happen initially with specific contact center tools such as WFM. Over time, however, the ondemand wave will spread throughout every aspect of the call center sector. ENS Charles Ciarlo is founder and CEO of Left Bank Solutions, a workforce optimization software vendor based in Los Angeles. He began his contact center career in 1978 and has since led three successful call center companies. Ciarlo named his own company Left Bank Solutions after the Left Bank of the Seine River in Paris, a haven for artists. Similarly, he named his signature product after the famous impressionist painter Monet. Ciarlo’s aim is to put the art back into workforce management, and to offer affordable world class workforce optimization solutions to contact centers of all sizes. He can be contacted by phone at 310207-6800 or see leftbanksolutions.com. RAID 6 At a Glance RAID 6: Greater Fault Tolerance • Higher data availability Data is safeguarded against up to two consecutive drive failures • Two-Drive Parity Data from two failed drives can be rebuilt with assured data accessibility • RAID Protection in Degraded Mode Data is protected against a single drive failure during rebuilds RAID 6 Trade-offs • Reduced write performance Second parity calculation causes system to work harder processing write transactions • Longer rebuild times Twice the parity is used to reconstruct data • Minimum four drives required Two of four drives exclusively dedicated to storing parity (N-2) capacity of N-2 drives. The total available storage capacity, using the same example, is 400GB out of 800GB. The percentage of usable system capacity is greater in larger RAID 5 and RAID 6 configurations. In a typical eight-drive SATA RAID array, 25 percent of the total drive capacity will be used for RAID 6 parity, compared to 12.5 percent of a RAID 5 array (see Table 2). Summary At the end of the day, RAID 6 provides higher fault tolerance when compared to RAID 5 arrays. By assuring data availability following a second drive failure, RAID 6 protects the RAID array during degraded mode, its most vulnerable state. RAID 6 does not come without its costs, however. Overall RAID 6 system performance can suffer a 20 percent drop compared to RAID 5; write performance is also adversely affected due to additional parity calculations on writes. Additionally, RAID 6 requires the equivalent capacity of two drives in the array to be dedicated to only storing parity information. At current market pricing, using 400GB drives, an eight-drive RAID 6 array would deliver 2.4TB of actual data storage against a total array capacity of 3.2TB, an additional cost to the system of approximately $300. While SATA is breathing new life into RAID 6 arrays, it’s important to assess the pros and cons of all RAID levels to determine the greatest ROI and protection for your application. ENS Scott K. Cleland is director of marketing for AMCC Storage in Sunnyvale, Calif. He has worked in the storage industry since 1983 and has held engineering, sales and marketing positions at storage companies including 3ware, IBM, Mylex Corp., Exabyte Corp. and Conner Peripherals. ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 15 NEWS INDEPTH PCI Express proves dependable bus for facilitating failover BY CRAIG SZYDLOWSKI H ighly reliable storage systems achieve five 9s availability by implementing various processes, technologies and service features. The sum contribution of stringent testing, RAID, redundancy, hot service and spares is needed to reach aggressive availability goals. Failover strategy is a key component to support redundancy and hot service in storage area networks (SAN). In both cases, primary control responsibilities are switched over from one compute system to another. For I/O intensive applications such as storage, failover mechanisms for the high speed I/O bus must be considered. Today, many storage systems employ proprietary busses to satisfy the high bus bandwidth and high-availability requirements. The downside to proprietary busses is they can be relatively expensive compared to standard busses, in terms of development and component cost. Standard busses typically benefit from economies of volume scale and a range of components and tools supplied by multiple companies. Traditionally, standard PCI busses have not been used for high-speed storage fabrics due to their relatively low speed, lack of robust availability features and a strict requirement of one master device managing the bus. PCI Express is a far more suitable bus than legacy PCI because of its higher speed, simpler physical layer and reliability, availability and serviceability (RAS) features. The single-bus master model can make the failover of bus masters non-trivial. This is in contrast to busses such as InfiniBand where all devices are equal, and no single device is the bus master. Although PCI Express still follows the PCI legacy of one master per bus, PCI Express switches have mechanisms for exchanging the PCI Express bus master from a primary host processor to a standby processor to facilitate failover processes. Cache-centric SAN A cache-centric storage area network (SAN) is depicted in Figure 1 with a dataplane connecting I/O directors, cache memory, and storage directors. These subsystems are often redundant and implement failover capability to increase availability. In the case of failure, storage subsystems may need to transition control from their primary host processor over to another processor, which may reside on the same board or on separate boards connected through the dataplane. A storage director subsystem is shown in Figure 2, with a PCI Express switch connecting redundant storage director boards on configurable upstream/downstream links and disk adaptors on downstream busses can continuously interrogate and monitor the status of the processors. Upon failure of the active processor in a storage director, several events may be triggered. The PCI Express link could go down because the active processor is incapable of serving as the bus master and the disk adapters begin to experience incomplete transactions. This condition may cause the PCI Express bus to enter a dysfunctional state called Data Link Down (DL_DOWN) and result in the PCI Express bus or the storage director resetting itself. System recovery System recovery may begin after the standby processor learns that the active processor fails. Initially, the primary host processor is demoted to a downstream link which may be initiated by the standby processor or an external monitoring device, depending upon the capabilities of the PCI Express switch. Ideally, the recovery stage begins prior to system or bus reset so the standby processor has more flexibility to deal with the situation. Some PCI Express switches can suppress the reset caused by a DL_DOWN and perhaps circumvent a disruptive and time consuming bus reset. In any case, the standby processor needs to be prepared for either a system or bus reset and work to get the storage director up as quickly as possible. An additional consideration is PCI Express power management, which employs a special set of transactions to control various events including the transitions between four defined link states, L0 through L3. The recovery process needs to comprehend the different possible states of the devices connected to the switch. If DL_DOWN is not suppressed, the PCI Express bus hierarchy should reset and wait for the link to come back up. A benefit from a bus reset is the disk adapters, a.k.a. the endpoints, will be in a known state. PCI Express supports both level sensitive and message signaled interrupts (MSI). Level sensitive interrupts require dedicated signal lines (e.g. INTX#) on the printed circuit board, and a multiplexing scheme may be needed to wire to both primary and standby processors. MSI interrupts are transmitted on the PCI Express bus so there are no incremental hardware considerations, which potentially simplifies the task of transferring interrupt control to the standby processor. Processor failover can occur after the standby processor takes over interrupts and is ready to disposition outstanding transactions, including error messages. If the system circumvents the DL_DOWN reset, then the standby processor must be able to handle backlogged and incomplete transactions between the disk adapters. The standby processor should “sink” the Figure 1: Cache-centric Storage Array Network links. There is one active upstream link and it connects to the bus master, also called a Root Complex. The standby processor is connected to a downstream link, but it can be reconfigured as the upstream link when failover is required. The storage director boards typically implement server class processors and chipsets, such as the Intel Xeon processor and the Intel E7520 chipset. Switch components from PLX Technologies Inc. and NEC Electronics, such as the PEX 8523/8516 and the µPD720401/µPD720403 respectively, are examples of PCI Express switches that support failover. Although the word “bus” is used to describe PCI Express, it is a point-topoint serial interface with a well-defined switching architecture specification. PCI Express supports a feature called “nontransparent bridging” that can be used to assist failover as it provides a mechanism to isolate primary and standby host processors, which is available with PCI technology as well. Another key feature of the PCI Express architecture is its ability to support peer-topeer communication on a switch without host processor involvement. This results in faster communication between disk adapters, for example, in storage applications. Failover processes Failover processes involving high-speed busses may encompass several stages such as operation monitoring, system or bus reset, system recovery and standby processor failover. Operation monitoring is conducted by the system to regularly check the health of the primary host and standby processors utilizing mechanisms such as heart beat messages, scratchpad registers or external monitoring devices. Bi-directional heart beat messages can be transmitted over the PCI Express bus containing timerelated data to indicate the state of both the primary host and standby processors. Some PCI Express switches offer shared read/write scratchpad registers, which can be used to share information to all the connected devices without generating interrupts associated with standard bus transactions. Otherwise, external watchdog devices residing on system management 16 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS NEWS INDEPTH Figure 2: Usable system capacity is greater in larger RAID 5 and RAID 6 systems. RAID 6 uses more capacity for additional parity storage. backlogged transactions. Some switches allow the standby processor to promote itself to bus master by writing to a register in the PCI Express switch. Other switch devices communicate commands over a system management bus to manage the failover from the primary host processor to the standby processor. In addition to the failover mechanisms discussed previously, one should not underestimate the importance of intelligent system design and the corresponding software required to implement a successful failover solution. Storage applications benefit from a set of new PCI Express features associated with RAS. Reliability has been enhanced in PCI Express by way of error detection and signal integrity. PCI Express supports two levels of Error Correction Codes (ECC) checking for both Data Link Layer and Transaction Layer errors. Error reporting has been expanded as well. Signal integrity is improved by utilizing differential pairs for signal lines with greater noise immunity than a fast speed parallel bus. The 8b/10b decoding scheme embeds the clock in the data signal which minimizes timing issues. PCI Express has fewer trace lines than prior PCI busses, and therefore has fewer possible points of failure. By implementing fewer, yet more robust signal lines, PCI Express is a reliable high speed bus. PCI Express provides an opportunity for storage developers to utilize a standard bus for their high speed fabric, yet still satisfy their high I/O bandwidth, RAS and failover requirements. There is a broad range of currently available off-the-shelf components such as PCI Express switches, PCI/PCI-X to PCI Express bridges and end-devices ready for design-in. ENS Craig Szydlowski is a strategic marketing engineer for the infrastructure processor division at Intel Corp. Szydlowski has a BSEE from Yale University and an MBA from the Wharton School. He can be reached at craig. p.szydlowski@intel.com. ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 17 NEWS INDEPTH Essential storage strategy is to survive legal compliance needs BY DANIEL DELSHAD T he regulatory burden on data retention continues to increase with no signs of abating. Companies, therefore, must pay close attention to the mandates of HIPAA, Sarbanes Oxley and other legislation, incorporating these requirements into their IT infrastructure. From the perspective of information storage, here are several critical elements: Health Information Portability and Accountability Act (HIPAA) This legislation improves health care by putting medical records online, while also protecting patient privacy. Originally enacted in 1996, the privacy regulations are in effect now, and security regulation enforcement also began in 2005. The privacy requirements concern non-disclosure of individually identifiable patient information, either by name, address, relative’s names, etc. Security regulations specify the administrative standards must cover: individual user authentication; access controls; audit trails; physical security and disaster recovery; protection of remote access points (for example, every PC in the hospital); secure external electronic communications; software discipline; and system assessment Medical emergencies demand fast response to online queries. The law does not specify the storage technology but makes it clear that organizations of all sizes must do whatever it takes to secure private information. Although data encryption was in the proposed security regulations, it was dropped from the final version. Hospitals must store patient’s medical records from birth to age 21, and then can reduce the data retention to five years. The complete data retention requirements are: • Medical Records – Child records, birth to 21 years of age; adult records – five years, continuing until two years after death. • Records of information disclosures – six years. • Compliance standards, implementations, policies, procedures – 6 years HIPAA implications The need for fast response to queries in medical diagnostic and insurance can today only be met by magnetic storage rather than tape or optical disk. A disaster that destroys or corrupts all of a hospital’s online records puts patients into immediate danger and could close down the business. A geographically separated, secondary synchronized data center should also be considered. Data encryption at the source is probably the best way to protect the privacy of patients. Electronic documents act Enacted by the Canadian government in 2000 and in full effect in 2004, this act is unique because it follows a national privacy standard: the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information. The act covers personal privacy, electronic documents and electronic signatures, and applies to all personal information collected, used or disclosed in commercial activity. Courts can order offending companies to change their methods, and victims of unauthorized disclosure can sue for damages and humiliation. The organization must obtain the individual’s consent before disclosing personal information to any third party. Well-planned and documented privacy policies must be known and followed within the company. The act requires “personal information shall be protected by security safeguards appropriate to the sensitivity of the information.” Corresponding layers of security go up to and including data encryption at the source. Data must be retrievable on demand by customer or law enforcement, and retained only as long as required by law. Electronic documents must be stored in the original format, or at least in a format that does not change the information. (encryption is allowed.) The retrieved information must be readable or understandable by any authorized person. The document must retain information about points of origin, destinations, dates and times. Implications Storage managers must work closely with operations managers to thoroughly understand the classes of information and must determine the appropriate levels of security. Encryption on the disk is encouraged, and encryption at the source may be justified. For fast web-based secure applications, encryption appliances might improve response time. Storage managers must work with legal departments to determine data retention periods defined under various laws. Destroying bad disks and old equipment is also important, as the Bank of Montreal found out after old computers containing hundreds of confidential customer files went up for auction on eBay. Gramm-Leach-Bliley Enacted by the U.S. federal government in 1999, the Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) applies to a range of financial, credit, insurance and many more types of money-handling institutions. It prohibits disclosing customer information to non-affiliated third-party organizations and protects the integrity of the information. The federal agencies have published the “Interagency Guidelines Establishing Standards for Safeguarding Customer Information (12 CFR)” to assist executives in developing security standards. Company executives must: participate in companywide risk assessment; and manage risk, including implementing some or all of the following, as appropriate to the particular institution. The law recognizes not all may apply to some cases. • Data access controls. • Physical access controls. • Encryption while in transit on networks or at rest in storage, or both. • Monitor system modifications to assure security. • Dual control procedures (two authorized persons needed to access), segregation of duties, and employee background checks. • Monitoring systems to detect actual or attempted attacks or intrusions into the system. • Response procedures to be taken after an actual or attempted attack or intrusion. • Protection against environmental hazards or technological failures, including: — Train the staff in security procedures. — Regularly test security systems. — Maintain vigilance against future methods of attack or intrusion. — Oversee third-party providers to assure security. Implications Implementing all of these methods, although not necessarily required, would put a strong, safe storage system in place. Storage managers will be called upon for risk assessment and standards. California Senate Bill 1386 “1386” went into effect in July 2003 and applies to companies doing business in California and all companies holding personal information of California residents. The intent is that anyone whose personal information may have been disclosed to unauthorized persons can quickly begin taking countermeasures against identity theft, misuse of information, etc. Victims can bring civil suit for damages. The organization must disclose, in specified ways, any security breach in which an unauthorized person might have acquired unencrypted personal information. The law states …“personal information” means an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: • Social security number. • Driver's license number or California Identification Card number. • Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.” Implications There is no definition of the level of encryption, but this clearly implies encryption at the source. The company must have procedures to identify and contact persons affected, therefore storage managers need to be able to determine the boundaries of the compromised area. Sarbanes-Oxley Act Enacted by the U.S. Government in 2002 in response to corporate financial scandals, the Sarbanes-Oxley Act applies to all publicly held companies in the United States. that have more than $75 million equity market capitalization and that report quarterly to the Securities and Exchange Commission (SEC). It covers financial reporting to the SEC, auditing practices and associated document retention. By holding CEOs and CFOs directly responsible for the accuracy of financial reports, this act has had a major effect on U.S. corporations and has already sent one executive to jail. The intent is to preserve all records of business dealings and financial audits for long enough to allow detailed investigations of questionable business activities. The company must save all documentation used to create financial reports and audits. Sarbanes-Oxley defines documentation as relevant records such as workpapers, documents that form the basis of an audit or review; memoranda, correspondence, communications; other documents; and records (including electronic records) which are created, sent or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review. The law requires risk assessment, either across the entire company, or by a summation of narrower risk assessments on individual transactions and operations within the company. Storage risk assessment is part of the overall requirement. The document retention period is seven years and recovery time is limited to a very few days following a federal request. 18 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS NEWS INDEPTH Sticking with HP3000? Third parties can help BY TIM PETERSON W ith HP’s support of the HP3000 platform ending next year, a large number of U.S. companies find themselves at an IT crossroads. Many have already begun their migration off the platform. Others, however, have decided against migration and are determined to continue running their business on the HP3000. There are literally thousands of companies that have invested as much as $1 million in their HP3000 servers and custom application programming in the MPE language. For a significant number of these companies, the investment required to migrate all of their data and custom applications to Windows or Linux is simply not feasible. For those companies determined to stick with the HP3000 platform, third-party midrange service providers can pick up where HP’s support leaves off. Our recent survey showed that a large majority of corporate IT managers are unaware of the existence of third-party computer service providers — so it’s easy to understand why selecting such a company can seem like a daunting task. Choosing the right third-party service company to keep HP3000 systems running smoothly can be as simple as remembering a series of keywords we call the “Five Es”. When evaluating third-party service providers, remember the words expert, equipped, extensive, efficient and elastic. Expert: To determine if the service company is truly staffed by expert professionals, ask to see their credentials. You’ll want to make sure the company is comprised of former HP field engineers who have supported the platform for many years. Equipped: It’s also critical to ensure the service company is equipped with an impressive stockpile of obsolete parts for the HP3000. Inquire about the size and location of their parts depots and insist that they keep the most common failure parts — such as tape drives and hard drives — at your location. Extensive: If your company is national in scope, you’ll gain confidence if the service company you choose has an extensive, nationwide field support staff, capable of dispatching a technician to your location within four hours. Efficient: Above all, the service contracts offered by a thirdparty provider must reflect the efficient nature of their business. Large, experienced third-party service providers know how to contain operating costs so their fees are about half those charged by manufacturers. Elastic: Their contracts should also be highly elastic, customized to your individual requirements. You should have a choice of at least three different service levels, providing same-day, next-day or two-day service. Companies choosing to continue running the HP3000 platform can secure the qualified service and support they need for years to come. And, should they decide to migrate away from HP3000 at some point in the future, they will have established a valuable professional connection to help navigate that delicate process — which can require two years or more. ENS Tim Peterson is director of sales and marketing for Amtek Computer Services. He can be reached by calling 951-316-4632 or by e-mailing tpeterson@amtek.net. Because of the legal importance of these documents, Write-Once-Read-Many (WORM) magnetic disk storage should be considered. Security is vital to protect against malicious use of this gold mine of company information. Implications The storage manager should meet with operations managers to determine what documents of these types exist in the company and the magnitude of the storage required, as well as to arrange for automatic collection and routing to secure storage. A document management system that precisely identifies, queries and retrieves sets of documents is necessary to quickly respond to requests from federal agencies and to maintain operational requirements. Secure, geographically separated secondary storage on magnetic disk would provide disaster recovery while maintaining document recovery time. SEC Rule 17a The SEC has expanded Rule 17a that covers exchange member and brokerage house record keeping. Rule 17a now includes all forms of internal and external electronic communication, such as e-mails, instant messages, order tickets, approvals and more. There seems to be nothing in writing from the SEC that extends e-mail and IM retention to companies covered under Sarbanes-Oxley, but some experts advise all Sarbanes-Oxley companies to observe the electronic message requirements of Rule 17a. The major U.S. stock exchanges have established standards based on this rule. Brokerage houses have always had to quickly and accurately verify records of a large volume of trading orders. This act is explicit in the demand for “non-rewritable, non-erasable” storage of all documents. This makes WORM storage mandatory. Each document must be stored in duplicate, with time stamps and showing the origin and destination. Duplicates must be kept off-site. Data retention is for six years, with the first two years in fast storage. The company must “immediately” provide a copy of any document upon SEC request. Implications The effect is to mandate WORM magnetic disk, at least for the first two years, and an excellent document retrieval system. The fast retrieval time and off-site backup requirements imply a separate, synchronized storage center. If the brokerage or trading house is also covered by Sarbanes-Oxley, storage design must target the most demanding requirements of both Sarbanes-Oxley and SEC 17a. Summary We see common requirements in many of these regulations. Administrative work for developing and implementing storage standards is rising. Encryption, WORM storage, synchronized alternate storage, and indexed document retrieval are becoming standard. These laws reflect the best practices of the storage industry at the time they were drafted, and they raise the general standards of data security and integrity. The volume of information in secured storage will continue to rise. The storage manager must work more closely with operations managers to minimize the volume by eliminating redundant occurrences of personal data items on multiple forms and records. Storage managers need to continue educating themselves in the next waves of technologies to keep their companies ahead of the growing legislative demands. ENS Daniel Delshad is founder and chairman of the Association of Storage Networking Professionals, the largest end-user group in the storage industry with more than 2,000 members. For more information, see www.asnp.org. ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 19 EDUCATION NetFlow collects traffic data; IPFIX standardizes NetFlow BY PETER J. WELCHER I ’ve been doing some work with Fluke Networks recently. This article is about the subject of some of that work, namely NetFlow and NetFlow reporting. We’ll talk a little bit about what NetFlow is and how it collects traffic data for us. We’ll then look at how useful that information can be. We’ll also briefly discuss how to configure NetFlow and usage considerations. When we discuss configuring NetFlow below, I’ll include some show command output. That’s the easiest way for you to check out NetFlow: enable it on one or a couple of devices, and then you can see the sort of data it makes available. This article updates an article from 2001: http://www.netcraftsmen.net/welcher/papers/ netflow.html. About NetFlow When Cisco first introduced NetFlow a while ago, in or before the Cisco IOS 11.1 CA code, it was a caching technique based on “flows.” It still is, but the emphasis is now on statistics collection. NetFlow caching is still present and may help when you have long access lists. A network flow is a unidirectional stream of packets, identified by source and destination IP addresses, IP protocol, source and destination ports (where relevant), and Type of Service (TOS) byte. Inbound interface and other information can be tracked per flow. The crucial statistics tracked by NetFlow are packet and byte counts. When you enable NetFlow on a router or switch, statistics are collected on the IP traffic passing through that device. The expiring flow data can then be exported to a collection system for post-processing and storage. Reporting software then gives you access to the information. Flow expiration is based on obvious termination of the flow (TCP FIN or RST) and timers, including a longevity timer to ensure that data is occasionally exported, to prevent loss of information. Using NetFlow data NetFlow data export allows you to gather data from across a network about the traffic passing through that network. What reports you can pull out then depend on the choice of reporting tool. For example, I experimented some recently with ntop, an interesting freeware (except on Windows) tool that can work with either packet capture or NetFlow data. I found the reports showed me top talkers and ports used to some extent. But the reporting didn’t let me slice and dice the data in the ways I needed. I wanted site to site flows. Instead, I was buried in a mass of host-specific information. Don’t get me wrong, ntop has its uses. What else could you want? Well, NetFlow contains information about interfaces. So one might want reporting on how much traffic passes through each interface, and what the application mix is on that interface. One might also want to report on the top transmitters and receivers, also on top conversations. This could be useful, for example, when there is a report that a WAN site is experiencing slowness. One group I’ve worked with uses distributed Sniffer for this. But NetFlow can provide the same information, in near realtime. (There is a little delay due to the export processing). Another use that’s being seen in the field is cost recovery due to identification of wasted bandwidth. Are your users running peer-to-peer file/music sharing? Perhaps they are acting as an ad hoc server, and not aware of the bandwidth effects, and legal and other implications (risks). For that matter, identifying applications that are major bandwidth consumers helps you focus on where to focus efforts to increase efficiency. Several NetFlow vendors as well as Cisco have realized that NetFlow can provide good information about virus or worm outbreaks and other unusual activity. You are receiving data on every source and destination IP, as well as ports. You can then watch traffic headed to a well-known port such as 445. A sorted report on sources of traffic flows going to port 445 then quickly identifies infected computers. If the infected computer runs say an FTP serverlet to download malware, you can also look at clients, that is, hosts sending FTP traffic to that computer. NetFlow data export packets The following screen capture shows an Ethereal decode of a NetFlow export packet. Note the version is 5. The packet contains a version-specific header, followed by flow records. The capture expands one of the flow records so you can see what’s in a typical flow record. There’s an excellent Cisco reference document about NetFlow. If you want more detail about packet formats, which NetFlow variants are supported in which IOS/CatOS versions, that sort of thing, it is the place to look. It is the first Cisco reference below. About IPFIX The IETF has been working to standardize NetFlow. The effort is named IPFIX, which stands for IP Flow Information eXport. The IETF considered working implementations as a starting point, and elected to work from Cisco NetFlow version 9. Version 9 extends classic NetFlow by using templates to describe the flow records. This provides extensibility. The charter for the working group also lead them to allow securing the flow information — SCTP secure stream transport can be used instead of TCP or UDP for transport. IPsec or TLS can also be used. The IPFIX standard also allows for sampled data, which alleviates the burden on devices of classifying and reporting on each and every packet. Cisco is recommending random sampling (probabilistic sampling) to ensure you don’t miss flows, for example when there are recurrent (periodic) data patterns. More IPFIX information can be found at the IPFIX URL’s listed below. Most major vendors including Cisco appear to intend to support IPFIX going forward. Fluke Networks ReporterAnalyzer Fluke Networks has been moving up the OSI stack, and now supplies a range of link testing tools and “higher level” reporting tools. Their website is at the URL http://www.flukenetworks.com/us/default.htm. Fluke Networks is now selling a NetFlow-based product, ReporterAnalyzer. It is an OEM version of NetQoS’s product of the same name. I’m including it here because it has some interesting and useful NetFlow capabilities. I’ve driven the user interface, but haven’t used this product in production. The site administrator was rather enthusiastic about the product, however! Product information can be found at http://www.flukenetworks.com/us/WAN/Monitorin g+Analysis+Diagramming/ReporterAnalyzer/Overview.htm. The screen capture of a sample “calendar graph” for one interface over time (color indicates percent utilization) follows on page 19. There is an interesting white paper by NetQoS at http://www.cisco.com/warp/public/732/ partnerpgm/docs/netqos_netflow_rmon2.pdf. It shows some examples of how NetFlow data solves customer problems. Yes, it is a marketing document, but it nicely makes some points about where this sort of data can be useful. When you compare to the freeware below, bear in mind that the usual choice applies here. 20 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS EDUCATION IETF Drafts and RFCs URL IETF Draft: Architecture for IP http://www.ietf.org/internet-drafts/draft-ietf-ipfixFlow Information Export architecture-08.txt IETF Draft: Information Model http://www.ietf.org/internet-drafts/draft-ietf-ipfixfor IP Flow Information Export info-09.txt IETF Draft: IPFIX Protocol Specification IETF Draft: IPFIX Applicability http://www.ietf.org/internet-drafts/draft-ietf-ipfixprotocol-17.txt http://www.ietf.org/internet-drafts/draft-ietf-ipfix-as06.txt RFC 3917: Requirements for IP http://www.ietf.org/rfc/rfc3917.txt Flow Information Export RFC 3955: Evaluation of http://www.ietf.org/rfc/rfc3955.txt Candidate Protocols for IP Flow Information Export (IPFIX) Generally you can pay for a supported product that works smoothly and does a lot, or sink time and energy into freeware. With commerical network management software, I have lately been recommending trying it in your network, to ensure it gets you the reports you want, and that it works reasonably well in production. NetFlow freeware I’ve recently been experiencing a certain amount of frustration with freeware tools. Admittedly, I’m running cygwin and not one of the more standard Linux variants. Having said that, much of the freeware is very poorly documented, especially concerning what versions of other freeware the build process actually works with. I have a hypothesis (“Pete’s Law of Freeware”): the hassle factor goes up with square of # of free tools included. So for example I’m pro-Cacti, because it is available on Windows and involves relatively few (5?) disparate components. Ethereal is great – 2 components, seems to work well. RRFW / Torrus looks interesting and powerful, builds on Fedora, but has too many components (20?) that apparently only sometimes work together. The more complete NetFlow reporting freeware packages below look a bit risky, in that they involve getting a fair number of other components to work well together. Impact of NetFlow If you’re thinking about deploying NetFlow, you might want to think about and plan for the following potential issues or concerns: Netflow Freeware Site ntop Comments Traffic analyzer can also receive and report on NetFlow stats. Reports tend to be host-specific and not as comprehensive as some of the others below. Site is a guide to assembling freeware tools, capturing and storing NetFlow data into RRD, and graphing it. It seems a bit thin on detail. Quite polished and apparently detailed site on building a NetFlow reporting system from freeware. Amazingly long list of free and commercial NetFlow tools. CLI tools for working with NetFlow data. Basis for several of the freeware NetFlow reporting systems. Cisco Documents Cisco Netflow Services Solutions Guide Cisco NetFlow Export Formats Cisco IOS 12.4 NetFlow Configuration Guide Cisco IOS 12.4 Netflow Configuration Reference URL h t t p : / / w w w. c i s c o . c o m / e n / U S / p r o d u c t s / s w / n e t mgtsw/ps1964/products_implementation_design_ guide09186a00800d6a11.html http://www.cisco.com/en/US/products/ps6350/products_ configuration_guide_chapter09186a008043903f.html http://www.cisco.com/univercd/cc/td/doc/product/software/ ios124/124cg/hnf_c/index.htm http://www.cisco.com/univercd/cc/td/doc/product/software/ ios124/124cr/hnf_r/index.htm Cisco NetFlow Performance http://www.cisco.com/en/US/tech/tk812/technologies_ Analysis white_paper0900aecd802a0eb9.shtml Technical Research Documents URL Predicting Resource Usage http://www.research.att.com/~duffield/pubs/p313-duffieldand Estimation Accuracy lund.pdf in an IP Flow Measurement Collection Infrastructure Building a Better NetFlow Sampled NetFlow Links to More NetFlow References Swiss Education and Research Network page of references http://www.caida.org/outreach/papers/2004/betternetflow/ betternetflow.pdf http://ipmon.sprint.com/pubs_trs/pubs/supratik/lsni-sigmetrics2005-netflow-sampling.pdf URL http://www.switch.ch/tf-tant/floma/references.html NetFlow Guide Dynamic Networks Swiss Education and Research Network flow-tools • meeting hardware and software prerequisites, • effect on infrastructure devices (processor, memory), • network bandwidth, and • collector capacity The prerequisites are easy: check your vendor (if non-Cisco). If Cisco, run code that's not ancient. Done! Ok, if you want IPFIX/NetFlow version 9, you need relatively recent code. Concerning other effects, you don't want to just go turning on NetFlow everywhere, you want to think about what the key reports are, what you're trying to get out of NetFlow. Often NetFlow on data center Layer 3 switches or on WAN routers suffices. You also want a gradual deployment plan: bugs and surprises do happen. The device impact comes from two sources: traffic needs to be characterized so the proper packet and byte counts can be incremented. This includes cache management. That takes CPu and memory. The CPU is also used to build the UDP NetFlow export packets and transmit them. Sending that data then consumes some network bandwidth. Per Cisco, processor impact is generally low, but does need to be considered if your CPU See WELCHER next page ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 21 EDUCATION is high or spiking already. Our reference based on testing says about 4 percent CPU impact for 10,000 active flows, up to 16 percent for 65,000 active flows. “Your mileage may vary.” Memory effect is about 64 bytes per cache entry, and can be controlled by adjusting the cache size, at least in software-based platforms (1 to 512 KB). The 6500 does NetFlow in hardware and cache size isn't configurable (from 32 to 230 K flows, based on PFC2 to PFC3BXL). Concerning network bandwidth, the rule of thumb appears to be 1-1.5 percent of the total bandwidth of interfaces where NetFlow is enabled. A research study seems to fall in the same ballpark, reporting about 8 Mbps of export traffic per million active flows. I like having two ways to estimate, because that allows a cross-check. I can’t speak to the accuracy of these formulas. The last planning factor is ensuring sufficient collector capacity. This is a characteristic of the operating system and collection software used. Fluke Networks’ collector (“Harvester”) can handle approximately 20 routers, sometimes as many as 50, but this depends on the rate at which it is receiving flow information. That can be more than 100,000 flows/second. I haven’t researched the capacity of collectors from other vendors (or freeware). Configuring NetFlow You need to make sure CEF (distributed CEF, fast caching) is running first. You then configure “ip flow ingress” on the desired interfaces. The old syntax was “ip routecache flow.” That starts statistics collection, which can be viewed using show commands. This can be a good idea. Among other things, the number of active flows can be used with the above information to estimate export traffic volume before you actually go and activate NetFlow export. To start NetFlow export, configure the destination collector and port (and version, optionally) as follows: router(config)# ip flow-export destination 10.1.1.1 9995 router(config)# ip flow-export version 5 router(config)# ip flow-export source loopback0 It is a good idea to specify a loopback interface (last line above) to avoid any potential confusion by the receiving collector. See my prior article for some of the more detailed configuration options. And the Cisco documentation (links below) for full details. NetFlow references The table on the next page includes some of the best references I found while researching NetFlow. There are many more research papers out there doing statistical and lab analysis of NetFlow or IPFIX. Some do get rather technical. Reader participation I’ve got a reader-participation project this month, one I’d appreciate your (brief!) thoughts and e-mail on. I’d like to write an article titled something like “Surprise: Top 10 (or 20) Things That Defeat or Disable CEF.” For example: • Using a packet or QoS classification ACL with “log” in it. • Large packets sent out a GRE tunnel needing fragmentation and being process switched because of that What other things disable CEF? I'm particularly interested in those that most surprised you. Bragging rights go to the “best” entry. Summary For those worried that I ignored other commercial products, my grounds are that I don't know much about them. I've talked to a couple of vendors of NetFlow software at trade shows, but I'm left feeling that these tools really need a little “test drive” time before you can spot what they do well, and what they don't do or don't do all that well. Here's a Google link for those wishing to investigate other NetFlow vendors: http://www.google.com/search?hl=en& q=netflow+reporting+product. I'd like to say thanks to all the folks that came up to say hello and catch up at Networkers 2005 in Las Vegas. I hope to see you there again next year! Also thanks to the people who have emailed me. It's very gratifying to know these articles are being read! Your comments, questions, and suggestions for future articles are of course welcome! See below to decipher. ENS Dr. Peter J. Welcher (CCIE #1773, CCSI #94014, CCIP) is a senior consultant with Chesapeake NetCraftsmen. NetCraftsmen is a high-end consulting firm and Cisco Premier Partner dedicated to quality consulting and knowledge transfer. NetCraftsmen has ten CCIE's, with expertise including large network high-availability routing/switching and design, VoIP, QoS, MPLS, IPSec VPN, wireless LAN and bridging, network management, security, IP multicast, and other areas. See http://www.netcraftsmen.net for more information about NetCraftsmen. Pete’s links start at http://www.netcraftsmen.net/welcher . New articles will be posted under the Articles link. Questions, suggestions for articles, etc. can be sent to pjw netcraftsmen net (formatted this way to fool email harvesting software). 22 OCTOBER 2005 ENTERPRISE NETWORKS & SERVERS EDUCATION A firewall may not solve all problems, but it’s a good first step BY SWAYAM PRAKASHA A firewall is a hardware, a software or a combination of these, that restricts access between the Internet and an internal network. Users typically install a firewall at the point where the network connects to the Internet. The existence of a firewall at a site can greatly reduce the chances of external penetration throughout your internal systems and networks. When you are building a firewall, the very first thing you need to worry about is what you are trying to protect. This includes your data, your resources and your reputation. As far as data is concerned, there are three characteristics that need to be protected. • Security — you might not want other people to know it. • Integrity — you probably do not want other people to change it. • Availability — you almost certainly should be able to use it yourself. As mentioned earlier, firewalls are a very powerful type of network security. An Internet firewall prevents the dangers of the Internet from spreading to your Intranet network. All traffic coming from the Internet or going out from your internal network passes through the firewall. Because the traffic passes through it, the firewall has the opportunity to make sure that this traffic is acceptable. A firewall can also be used to log all attempts of entry into a private network and trigger an alarm when an unauthorized entry is made. Firewalls can filter traffic based on its source and destination addresses and port numbers. This is referred to as address filtering. Firewalls can also filter specific types of network traffic. This is known as protocol filtering because the decision to forward or reject a packet is dependent upon the protocol uses. The physical implementation of the firewall varies from site-to-site. A firewall is a set of hardware components – a router, a host computer or some combination of routers, computers and networks with appropriate software. Because all traffic passes through the firewall, it provides a good place to collect information about the systems and network use and misuse. As a single point of access, the firewall can record what occurs between the protected network and the external network. Firewalls offer excellent protection against network threats. But they are not a complete security solution. Certain threats are beyond the control of a firewall. You need to figure out other ways to protect against such threats. Firewalls are capable of doing a lot for your site’s security. One can consider a firewall as a point of focus for all security decisions. A firewall allows you to concentrate all your security measures at a single point – the point where your network connects to the Internet. It can also enforce a security policy. It enforces the site’s security, physical security, host security and user education into your overall security plan. Firewalls can protect both individual computers and corporate networks from hostile intrusion from the Internet. A true firewall requires dedicating an entire computer to the firewalling func- tion. This can be a substantial administrative and financial burden. All firewalls interfere with legitimate network use to some extent. This can cause difficulties for system administrators and users may be tempted to subvert the firewall. Most real firewall solutions are expensive, either in time, money or both. When people ask if your system has a firewall, what they really are asking is what kind of security measures are you taking to keep the bad guys out. Most firewalls provide a wide range of capabilities for logging traffic and network events. Some security relevant events that should be recorded on the firewall’s audit trail logs are – hardware and disk media errors, login/logout activity, connect time, use of system administrator privileges, inbound and out-bound e-mail traffic, TCP network connect attempts, in-bound and out-bound proxy traffic type. Some experts claim that the expected widespread deployment of Ipv6 (and thus IPSec) will make firewalls unnecessary. A closer look at the typical reasons why firewalls are used today show why IPSec cannot replace firewalls. Firewalls protect against weaknesses in various server programs by allowing access only to servers that are known to be secure and by denying access to all other servers. IPSec doesn’t protect against this weakness; it will just provide an attacker with a perfectly secure connection to an insecure server like Sendmail. Firewalls protect against administrator errors. In large local area networks it is almost impossible to secure all hosts. There will probably be at least one host, which still has some unpatched servers, or has exposed its file-systems to the whole Internet. IPSec doesn’t protect against administrator errors. In fact, administrators who don’t understand the concepts in IPSec are likely to configure their hosts in an insecure fashion. A firewall greatly improves network security and reduces risks to servers on your network by filtering inherently insecure services. As a result, your network environment is exposed to fewer risks because only selected protocols are able to pass through the firewall. This provides the benefit of preventing the services from being exploited by outside attackers, but at the same time permits the use of these services with a reduced risk of exploitation. Firewalls can also provide protection from routing-based attacks, such as source routing and attempts to redirect routing paths to compromised sites through ICMP (Internet Control Message Protocol) redirects. They could reject all source-routed packets and ICMP redirects and then inform administrators of the incidents. The problem with firewalls is that they limit access to and from the Internet. ENS Swayam Prakasha has a master’s degree in computer engineering. He has been working in information technology for several years, concentrating on areas such as operating system, networking, network security, electronic commerce, Internet services, LDAP and Web servers. He can be reached at swayam.prakasha@gmail.com. ENTERPRISE NETWORKS & SERVERS OCTOBER 2005 23