What is Virtualization?

Virtualization is a method of running multiple independent virtual operating systems on a single physical computer.  It is a way of maximizing physical resources to maximize the investment in hardware.  Virtualization technology is a way of achieving higher server density. However, it does not actually increase total computing power; it decreases it slightly because of overhead.  But since a modern $3,000 2-socket 4-core server is more powerful than a $30,000 8-socket 8-core server was four years ago, we can exploit this newly found hardware power by increasing the number of logical operating systems it hosts.  This slashes the majority of hardware acquisition and maintenance costs that can result in significant savings for any company or organization.

When to use virtualization

Virtualization is the perfect solution for applications that are meant for small- to medium-scale usage.  Virtualization should not be used for high-performance applications where one or more servers need to be clustered together to meet performance requirements of a single application because the added overhead and complexity would only reduce performance. 

While some in the virtualization industry like to tout high CPU utilization numbers as an indication of optimum hardware usage, this advice should not be taken to the extreme where application responsiveness gets excessive.  A simple rule of thumb is to never let a server exceed 50% CPU utilization during peak loads; and more importantly, never let the application response times exceed a reasonable SLA (Service Level Agreement).  Most modern servers being used for in-house server duties are utilized from 1 to 5% CPU.  Running eight operating systems on a single physical server would elevate the peak CPU utilization to around 50%, but it would average much lower since the peaks and valleys of the virtual operating systems will tend to cancel each other out more or less.

 

 

Physical to virtual server migration

Any respectable virtualization solution will offer some kind of P2V (Physical to Virtual) migration tool.  The P2V tool will take an existing physical server and make a virtual hard drive image of that server with the necessary modifications to the driver stack so that the server will boot up and run as a virtual server.  The benefit of this is that you don’t need to rebuild your servers and manually reconfigure them as a virtual server—you simply suck them in with the entire server configuration intact!

So if you have a data center full of aging servers running on sub-GHz servers, these are the perfect candidates for P2V migration.  You don’t even need to worry about license acquisition costs because the licenses are already paid for.  You could literally take a room with 128 sub-GHz legacy servers and put them into eight 1U dual-socket quad-core servers with dual-Gigabit Ethernet and two independent iSCSI storage arrays all connected via a Gigabit Ethernet switch.  The annual hardware maintenance costs alone on the old server hardware would be enough to pay for all of the new hardware!  Just imagine how clean your server room would look after such a migration.  It would all fit inside of one rack and give you lots of room to grow.

As an added bonus of virtualization, you get a disaster recovery plan because the virtualized images can be used to instantly recover all your servers.  Ask yourself what would happen now if your legacy server died.  Do you even remember how to rebuild and reconfigure all of your servers from scratch?  (I’m guessing you’re cringing right about now.) With virtualization, you can recover that Active Directory and Exchange Server in less than an hour by rebuilding the virtual server from the P2V image.

Licensing and support considerations

A big concern with virtualization is software licensing.  The last thing anyone wants to do is pay for 16 copies of a license for 16 virtual sessions running on a single computer.  Software licensing often dwarfs hardware costs, so it would be foolish to run a $20,000 software license on a machine on a shared piece of hardware.  In this situation, it’s best to run that license on the fastest physical server possible without any virtualization layer adding overhead.

For something like Windows Server 2003 Standard Edition, you would need to pay for each virtual session running on a physical box.  The exception to this rule is if you have the Enterprise Edition of Windows Server 2003, which allows you to run four virtual copies of Windows Server 2003 on a single machine with only one license.  This Microsoft licensing policy applies to any type of virtualization technology that is hosting the Windows Server 2003 guest operating systems.

 

Microsoft Office Communicator is a unified communications application that helps end users be more productive by enabling them to communicate and collaborate easily with others in different locations or time zones using a range of different communication options, including instant messaging (IM), voice, desktop sharing and video. Integration with programs across the Microsoft Office system — including Word, Excel, PowerPoint, OneNote, Groove, and SharePoint — gives end users many different ways to communicate directly from the context of their task.

 

• Simplify communications with immediate presence awareness.
• Let others know the best way to contact you.
• Manage your contacts more easily.
• Choose the communication method that meets your needs.
• Access powerful phone features through your PC.
• Work faster with intuitive device integration and support.
• Quickly communicate from Microsoft Office applications.
• Take advantage of familiar tools to improve productivity
• Keep a conversation history.
• Connect and communicate from the location of your choice
• Convenient access through multiple devices

DMVPN is a simple, secure, low cost, scalable VPN-Tunnel. DMVPN supports distributed applications including: data, voice, and video, with QoS. All of this can be done in a secure IPSec VPN tunnel over an Internet connection.  The only change is the IP address of the GRE Tunnel.  The spoke uses dynamic discovery of IPSec tunnel end-points, (other spokes). No IPSec static configuration for each spoke.

Because DMVPN supports multipoint GRE tunneling you can run VoIP, Video, and Multicast services across your secure DMVPN link. Hub-and-Spoke, (H&S) and Spoke-to-Spoke, (S2S). With H&S the design.

It’s a cost effective and secure communication for branch offices.

DMVPN Overview

Unified communication is an industry term used to describe all forms of call and multimedia/cross-media message-management functions controlled by an individual user for both business and social purposes. This includes any enterprise informational or transactional application process that emulates a human user and uses a single, content-independent personal messaging channel for contact access.

The essence of communication is breaking down barriers. In its simplest form, the telephone breaks distance and time barriers so that people can communicate in real time or near real time when they are not together. There are now many other barriers to be overcome. People can use many different devices to communicate (wireless phones, personal digital assistants, personal computers, thin clients, etc.), and there are now new forms of communication as well, such as instant messaging. The goal of unified communications involves breaking down these barriers so that people using different modes of communication, different media, and different devices can still communicate to anyone, anywhere, at any time.

Unified communication (UC) encompasses several communication systems or models including unified messaging, collaboration, and interaction systems; real-time and near real-time communications; and transactional applications.

• Unified messaging focuses on allowing users to access voice, e-mail, fax and other mixed media from a single mailbox independent of the access device.
• Multimedia services include messages of mixed media types such as video, sound clips, and pictures, and include communication via short message services.
• Collaboration and interaction systems focus on applications such as calendaring, scheduling, workflow, integrated voice response, and other enterprise applications that help individuals and workgroups communicate efficiently.
• Real-time and near real-time communications systems focus on fundamental communication between individuals using applications or systems such as conferencing, instant messaging, traditional and next-generation private branch exchanges.
• Transactional and informational systems focus on providing access to m-commerce, e-commerce, voice Web-browsing, weather, stock-information, and other enterprise applications.

Cisco Unified Communications

Endpoint security is a strategy in which security software is distributed to end-user devices but centrally managed. Endpoint security systems work on a client/server model. A client program is installed on or downloaded to every endpoint, which, in this case, is every user device that connects to the corporate network. Endpoints can include PCs, laptops, handhelds, and specialized equipment such as inventory scanners and point-of-sale terminals. A server or gateway hosts the centralized security program, which verifies logins and sends updates and patches when needed.

Simple forms of endpoint security include personal firewalls or anti-virus software that is distributed and then monitored and updated from the server. The term is evolving, however, to include security elements such as intrusion detection and prevention, anti-spyware software, and behaviour-blocking software (programs that monitor devices and look for operations and actions that are typically initiated by unsanctioned applications or those with malicious intent).

The most complex endpoint security programs use network access control to grant authentication and specific forms of access to user devices. When a device attempts to log in to the network, the program validates user credentials and also scans the device to make sure that it complies with defined corporate policies before allowing access. Required elements may include an approved operating system, a firewall, a VPN and anti-virus software with current updates, as well as any mandatory corporate software. The program will also scan to ensure the lack of unauthorized software, such as peer-to-peer applications and games. Devices that do not match the policy are given limited access or quarantined

Cisco Endpoint Security

Check Point Endpoint Security

Disaster recovery planning is a subset of a larger process known as business continuity planning and should include applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.

General steps to follow while creating BCP/DRP

1. Identify the scope and boundaries of business continuity plan. First step enables us to define scope of BCP. It provides an idea for limitations and boundaries of plan. It also includes audit and risk analysis reports for institution’s assets.
2. Conduct a business impact analysis (BIA). Business impact analysis is study and assessment of financial losses to institution resulting from destructive event as unavailability of important business services.
3. Sell the concept of BCP to upper management and obtain organizational and financial commitment. Convincing senior management to approve BCP/DRP is key task. It is very important for security professional to get approval for plan from upper management to bring it to effect.
4. Each department will need to understand its role in plan and support to maintain it. In case of disaster, each department has to be prepared for the action. To recover and to protect the critical systems each department has to understand the plan follows it accordingly. It is also important to maintain and help in creation of plan for each individual department.
5. The BCP project team must implement the plan. After approval from upper management plan should be maintained and implemented. Implementation team should follow the guidelines procedures in plan.
6. NIST tool set can be used for doing BCP. National Institute of standards and Technologies has published tools which can help in creating BCP.

Acronis

Acronis, Inc. is a company incorporated in Delaware that produces hard disk utility software, including disk-imaging backup and recovery, partition management, and boot management software. It also develops software for virtualization migration and conversion, for the purpose of migrating a physical server to a virtual server (such as VMware), or what is also termed P2V. Its best-known product, Acronis True Image, creates a software image of a computer disk in order to restore an exact image on the same or another computer. Most software is produced in different versions, from low-priced software for single computers up to versions for companies with many desktop and server computers.

Reference: Wikipedia

Recession gave me to start thinking about cost effective communication solution. In corporate and SMB environment communication cost is one of the major portion of operational cost. Communication can’t be avoided, so how we can reduce with using other effective solutions. Consider the legal aspects, cost of infrastructure, management, maintenance, expertise requirement.

In a run through the present office scenario, we have lot of single man office or mobile office. That too spread across. All the users required to access different services. Some of them are in house hosted or some of them are from internet. Companies are integrated the work flow through the devices. Here users are using different gadgets, laptop, soft phone, note book, Black Berry, I Phone, etc.

All the areas communication cost is an integral one. The ways of cost involved is different ways. Internet charges, telephone charges, leased line cost, ADSL cost, LAN phone cost, mobile phone cost.

Couple of Solution:-

1. Office Communicator
2. Open Source SIP based Unified Communication
3. VPN over ADSL to ADSL
4. BlackBerry

These are just high level of technologies, work each solutions depends on the size of organization, requirement, infrastructure availability, skill set. A detailed exercise required.  Out of the box, the solutions give you a major reduction in communication cost.

Keep updated the status of data center equipments is a challenge for data center owners. Especially we are using multi vendor products. The critical data center physical infrastructures like CCU, UPS, Cooling, Fire, Raw Power, and Generator. There couple of high end sophisticated technologies available in the market. Considering the cost and effectiveness of the solution, we can build cost effective monitoring systems. The devices talk all the physical infrastructure products and collect the alert and generate voice call to 4 different numbers. The call ends until someone acknowledges the call. The auto dialer solutions available in the market, it’s very simple and easy to manage. The beauty of the product is, we get different alarm message counts. If we want to monitor devices, four alarm message device, like that. The requirements to set up the solution are a analog telephone line, auto dialer device, volt free contact connectivity from all the physical devices. Whenever any devices have failure, the auto dialer generates call to phone numbers and play the pre-recorded message.

It’s a cost effective, easy manage and robust solution for data center monitoring.

Now day’s companies facing a big challenge to handle the portable storages. There are several storages carrying by employees, different means and different mode.

a)      Mobile Phone

b)      IPOD

c)      BlackBerry

d)      Flash Memory

e)      USB Hard Disk

f)       Camera

g)      MP3 Player

h)      E-Book Reader

i)        Photo Displayer

j)        Other Gadgets

All the devices are having GB / TB capacity storage. Employees can move data across or bring the security threat to organization. All the devices support different ways of communication.

a)      Wireless

b)      Bluetooth

c)      Infrared

d)      Card Reader

We have to set up different mechanism to handle each of these. Security is more complex and complex in coming days.

The drive will go offline in NetBackup frequently, due to the proper driver installation. This is one of the reasons of drive going offline. We have to install the Symantec Device Driver.

Symantec Device Drivers for Veritas NetBackup ™ Windows Servers – http://seer.entsupport.symantec.com/docs/287850.htm