Cloud Hosting

What do you think of first when thinking about ensuring the high availability (HA) of your most important applications and data? If you or your customers need to be able to access those applications 99.99 percent of the time, its natural to think first about ensuring access to the compute and storage resources. If youre running SQL Server in the cloud, for example, you can configure a Windows Failover Cluster Instance (FCI) to respond to the failure of compute or storage resources by automatically moving the compute and storage loads to an alternate node of the failover cluster. HA problem solved!

But what if its not the compute or storage resources that fail? There are many links in the availability chain connecting you and your customers to those compute and storage resources. You need to consider all those links to ensure the HA experience you are striving to achieve.

If youre running your critical applications in the cloud, your cloud service provider is going to ensure the availability of the intranet connecting the components of your cloud infrastructure. AWS, Azure, and Google Cloud Platform all provide high speed, robust internal networks with multiple paths, so the core cloud networks are fully capable of supporting your 99.99 percent HA goal.

You cant control how your customers connect to your cloud-based applications, but you can control how you connect to them. You might be using a VPN Gateway or a dedicated connectivity service such as Azure ExpressRoute, AWS Direct Connect, or Google Direct Interconnect. All these options can provide you with a high-speed, low latency connection to the cloud, but they all offer different SLAsand several of them expose weak links in the availability chain. The basic configuration of Azure ExpressRoute offers only a 99.95 percent availability guarantee; the basic configuration of AWS Direct Connect is even loweronly 99.9 percent. If either service fails unexpectedly, access to your critical applications could be constrained for far longer than you are expecting. Indeed, the VMs configured for HA in the Azure or AWS clouds may continue to run without interruptionbut thats cold comfort if you cannot access them because ExpressRoute or Direct Connect is down.

You can configure Azure ExpressRoute or AWS Direct Connect for HA; it just takes planning. Youll need to configure at least two ExpressRoute circuits and four Direct Connect circuits to gain an SLA of 99.99 percent. If youre using the analogous services on GCP, youll want to use the Google Direct Interconnect Service for Production-Level Applications rather than the Google Direct Interconnect Service for noncritical Applications to get the 99.99 percent SLA.

Even if you strengthen the weak links in the network, though, there remain potential weak links within the cloud infrastructure itselfamong load balancers, DNS servers, identity and authentication servers, web server farms, and the like. Remember the very public outage at Facebook in October of 2021? Outages affecting access to Facebooks internal DNS serversnot the production systems supporting Facebooks primary lines of businesswere responsible for bringing down the entire organization for hours. You need to look at these components of your overall infrastructure as well to ensure that youre fully configured for HA.

Googles SLA for DNS server services is 100 percent, which is encouraging, but its SLA for Cloud Identity services is only 99.9 percent. Similarly, AWSs Route 53 private DNS service strives to offer a 100 percent SLA, but its Directory Services offering tops out at 99.9 percent. The Azure Active Directory Basic and Premium Services offer a 100 percent SLA, but the SLA for Azure Active Directory Domain Services tops out at 99.9 percent.

As with network connectivity, there are things one can do to improve the reliability of the internal infrastructure supporting your critical cloud-based applications. For example, you can configure your AWS environment with multiple domain controllers, which can boost the reliability of the AWS Directory Services offering closer to the 99.99 percent accessibility levels you seek.

There are times, though, as in the seven-hour AWS outage of December 7, 2021, where even the most prepared organizations may encounter unexpected downtime. In the case of the AWS outage, the issues stemmed not from systems that customers were using but, as AWS notes, from errors occurring on an internal network designed to host foundational services, including monitoring, internal DNS, authorization services, and parts of the EC2 control plane.* Indeed, in many cases the VMs upon which customer applications were running remained operational and fully compliant with HA SLAsyet customers could not access their applications because of issues with gateways, internal DNS services, load balancers, and other components whose ability to operate properly was compromised by the cascading effects of the errors occurring on the internal network.

How can your applications remain operational and accessible when the weak link in the availability chain turns out to be the cloud itself? Your best option here is to rely on a multi-cloud disaster recovery (DR) solution. Essentially, you would create a mirror infrastructure to support your most vital applications in an entirely separate cloud. If your critical SQL Server infrastructure runs on AWS, for example, you would create an identical instance of SQL Server on Azure or GCP, an instance you could start up manually if the AWS cloud went offline. You will want to select a DR management solution that runs in both the AWS and Azure/GCP environments and that can automatically orchestrate the replication of data from the SQL Server instance in AWS to storage attached to the infrastructure in your Azure/GCP cloud environment. If you dont deploy the same DR management solution in both environments, you may not replicate your data properly between the clouds.

Youll also want to configure a high-speed virtual private network (VPN) connection between your primary and DR infrastructures. AWS, Azure, and GCP all offer VPN services that can enable a secure cloud-to-cloud connection (and there are third-party options as well), and this becomes the conduit through which your DR management solution replicates your critical data between the cloud infrastructures. Yes, if you were using an AWS VPN Solution in December it might have gone offline during the outage but in this case that's okay. The DR management solution running on AWS replicates all the local write operations to its storage counterpart in the DR infrastructure as quickly as the network will allow, so by the time the AWS services went offline the DR software would have replicated all (or nearly all) of the critical AWS data to the DR infrastructure. As soon as it was apparent that the primary cloud had gone offline, you would spin up the infrastructure in the DR cloud and it could begin providing customer access to your critical applications with minimal disruption. You may not be up and running in the sub-five minute timeframe you expect of an HA solution, but you would be operational far faster than you would be if youd had to wait for seven hours for AWS to get its operations back online.

Ultimately, configuring for HA is all about configuring to ensure the high availability of your application. You can create FCIs that will ensure the HA of your VMs and storage without difficulty. All cloud service providers are accustomed to accommodating you at that level. For true end-to-end HA, though, you need to pay extra attention to all the other links in the availability chain. Some will be weaker than you realize unless you take extra steps to strengthen them.

Dave Bermingham, Senior Technical Evangelist, SIOS Technology

View original post here:
Strengthening the availability chain - ITProPortal

Nutanix. Rajiv Ramaswami, President, and CEO

Nutanix was founded in 2009 and shipped its first product in 2011. Moor Insights and Strategy has been researching the company since around 2016, writing severaltechnical analyses and articles.

The company believed that a layer of intelligent software on top of relatively inexpensivecommodity servers could provide the same operational resiliency and data redundancy as more expensive high availability servers. Initially, Nutanix saw the opportunity in traditional storage arrays, developing software to combine local storage across several servers resulting in a solution that looked like a conventional pool of shared storage. The result was the same availability and similar performance to traditional storage arrays, but without the complexity of storage arrays or storage area networks.

Combining the Nutanix AOS Distributed Storage virtual servers established the hyper-converged infrastructure (HCI) market - a fabric of servers and storage integrated, easy to use, and less expensive.

It has not always been smooth sailing for Nutanix, from shipping an appliance as a complete hardware and software stack to discontinuing appliances in favor of software sales on standard OEM configurations.And to now switching from perpetual software licensing to software subscriptions.

A year ago, Rajiv Ramaswami was appointed President and CEO of Nutanix.I had the chance to speak withRamaswamito review his first year and hear his vision for the future of Nutanix.

The second innings for Nutanix

Rajiv characterized 2021 as an eventful year" and the beginning of a second innings for Nutanix. For Rajiv, I'm pretty sure the analogy is cricket rather than baseball! Nutanix was a pioneer in the HCI space with a great platform, well-liked by customers in the first innings. The second innings will be a period of growth and profitability built around four key priorities to become the de facto hybrid multi-cloud company.

Priority 1: Become a software subscription company

As I mentioned, Nutanix has transitioned from selling appliances to selling software to now well on the way to total subscriptions. There is a growing customer desire to subscribe to more services and move away from perpetual licensing models. Adobe and Autodesk are examples of companies showing that the shift has changed the customer relationship to be less transactional, more service-oriented, and more profitable with predictable quarterly revenues.

Nutanix, as an evolving subscription company, has yet to be fully recognized by investors as it trades at a much lower valuation than similar peers.

Priority 2: Simplify the product portfolio

As a former product guy, I can relate to why this priority was high on Rajiv's list. Rajiv noted, "we had over 20 individual products. and that's very hard for sellers to sell and customers to buy and deploy. Confusing product portfolios are nothing new. Many software companies, large and small, fall into this trap.

This past year, Rajiv has made progress in aligning individual products into solutions packages. The goal is to stop selling point products.For example, Nutanix will no longer sell networking as a standalone product. Networking will be part of the cloud infrastructure stack. Similarly, when it comes to management, operations, and automation, it will be sold as a package rather than trying to sell every piece separately.

Priority 3: Expand partner relationships

There is much competition in the hybrid cloud world. You can't swing a cat without hitting somebody who's trying to provide a solution, from infrastructure companies like HPE to software giants like VMware. Partnering in this space requires a high level of finesse. Rajiv is reportedly an avid bridge player, a skill that may have come in handy this year.

This year Rajiv has expanded partner relationships with several companies, includingHPE,Citrix, andRed Hat.

Priority 4: Continue top-line growth

Nutanix is growingannual contract value (ACV) billing - themetric that shows how much a customer contract is worth by averaging and normalizing its value over one year by 33% this past quarter,the highest growth rate in over two and a half years.

Revenues for thefirst quarter fiscal 2022were$379 million, a 20%

increase year over year. And the goal is to achievesustainable free cash flow by the end of calendar 2022 and operating income positive with two quarters after that.

Nutanix beat and raised estimates every quarter for the last four quarters, and clearly, that needs to continue.Rajiv also noted that an essential element of continued growth is tocontinue to build our talent base becoming more diverse across everything, across locations, across gender, and different perspectives."

To be the hybrid multi-cloud company

Nutanix wants to be a hybrid multi-cloud platform company.

The company started by making infrastructure invisible. And for the first ten years, Nutanix did just that, breaking the silos across compute, storage, and the network with HCI.

That vision has now morphed to making clouds invisible." Rajiv noted, " We see the same opportunity in the cloud. And that's a natural extension of what we already do. We're essentially building a hybrid multi-cloud platform while providing flexibility and choice at every layer of the stack."

The focus is on maintaining simplicity and delivering data across multiple cloud providers. There is still much growth in the core HCI market, but workloads have now expanded, and now Nutanix can run any virtualized workload such as ERP, database, security, and modern cloud-native workloads. The direction now is to extend the platform into the public cloud, onto multiple public clouds as a continuum, and then very selectively focus on a set of services above the infrastructure layer.

Today, the big bet for Nutanix is around database as a service (DaaS).The idea is a service that enables customers to set up, operate and scale databases without the need for setting up physical hardware, installing software, or configuring for performance. All of the administrative tasks and maintenance are taken care of by the service provider so that all the user or application owner needs to do is use and access the database.

Wrapping up

It is the first time I have spoken with Rajiv, which is surprising since our careers followed similar trajectories across dot com startups, systems, and chip companies. I found him to be very pragmatic and focused on very realistic goals. After only a yearunder Rajiv's leadership, Nutanix has scaled its product portfolio, partnerships, and customers, and its path to profitability is on track for the second half of 2022.

Rajiv has no illusions about being a smaller web player in the land of giants," and success can only come from clarity on focus rather than trying to boil the ocean." A large part of "focus" is knowing what you will not do, so I posed that question to Rajiv. Rajiv responded by giving two examples. Nutanix had an ambitious program to become a full-stack provider with Kubernetes.Nutanix Karbonis an enterprise-grade Kubernetes Certified distribution that integrates seamlessly with the entire Nutanix cloud-native stack. Nutanix provides aKubernetes distribution but now chooses to partner for all other aspects such as management, backup, and observability.

A second example is the successfulXi Leap Disaster Recovery Service. Nutanix was on a quest to build many data centers worldwide to support the service. Although customers love the service, Nutanix cannot operate data centers at scale. The decision was made to limit the number of data centers and use a public cloud.

In the final minutes of the call, I had a chance to get to know Rajiv beyond the Twitter description of avid reader, tennis and bridge fan." I discovered a passion for education, particularly a charity he is personally involved with that had built over fifty schools in rural villages and towns in India - the hard work of actually building schools, getting them into operation with support from local governments. The charity is calledOne School at a Timewhich is all volunteer-driven, and Rajivs a passion outside of work.

I look forward to discussing Rajivs report card in 2022.

Note: Moor Insights & Strategy writers and editors may have contributed to this article.

Moor Insights & Strategy, like all research and tech industry analyst firms, provides or has provided paid services to technology companies. These services include research, analysis, advising, consulting, benchmarking, acquisition matchmaking, or speaking sponsorships. The company has had or currently has paid business relationships with 88,A10 Networks,Advanced Micro Devices, Amazon,Ambient Scientific,AnutaNetworks,Applied Micro,Apstra,Arm, Aruba Networks (now HPE), AT&T, AWS, A-10 Strategies,Bitfusion, Blaize, Box, Broadcom, Calix, Cisco Systems, Clear Software, Cloudera,Clumio, Cognitive Systems, CompuCom,CyberArk,Dell, Dell EMC, Dell Technologies, Diablo Technologies,Dialogue Group,Digital Optics,DreamiumLabs, Echelon, Ericsson, Extreme Networks, Flex, Foxconn, Frame (now VMware), Fujitsu, Gen Z Consortium, Glue Networks, GlobalFoundries, Revolve (now Google), Google Cloud,Graphcore,Groq,Hiregenics,HP Inc., Hewlett Packard Enterprise, Honeywell, Huawei Technologies, IBM,IonVR,Inseego, Infosys,Infiot,Intel, Interdigital, Jabil Circuit, Konica Minolta, Lattice Semiconductor, Lenovo,Linux Foundation,Luminar,MapBox, Marvell Technology,Mavenir, Marseille Inc, Mayfair Equity, Meraki (Cisco),Mesophere, Microsoft, Mojo Networks, National Instruments, NetApp, Nightwatch, NOKIA (Alcatel-Lucent), Nortek,Novumind, NVIDIA,Nutanix,Nuvia (now Qualcomm), ON Semiconductor, ONUG, OpenStack Foundation, Oracle, Panasas,Peraso, Pexip, Pixelworks, Plume Design, Poly (formerly Plantronics),Portworx, Pure Storage, Qualcomm, Rackspace, Rambus,RayvoltE-Bikes, Red Hat,Residio, Samsung Electronics, SAP, SAS, Scale Computing, Schneider Electric, Silver Peak (now Aruba-HPE), SONY Optical Storage,Springpath(now Cisco), Spirent, Splunk, Sprint (now T-Mobile), Stratus Technologies, Symantec, Synaptics, Syniverse, Synopsys, Tanium, TE Connectivity,TensTorrent,TobiiTechnology, T-Mobile, Twitter, Unity Technologies, UiPath, Verizon Communications,Vidyo, VMware, Wave Computing,Wellsmith, Xilinx,Zayo,Zebra,Zededa, Zoho, andZscaler.Moor Insights & Strategy founder, CEO, and Chief Analyst Patrick Moorhead is a personal investor in technology companiesdMYTechnology Group Inc. VI andDreamiumLabs.

Go here to see the original:
Nutanix Rajiv Ramaswami On His First Year As CEO - Forbes

ThycoticCentrify has announced new and expanded capabilities for its specialised PAM solution, Secret Server.

With the addition of new security controls, automation and design updates, Secret Server builds on its secrets management capabilities and ease of use to offer more protection and higher productivity, the company states.

According to the Verizon 2021 Data Breach Investigations Report, credentials are the primary means by which bad actors hack into an organisation, with 61% of breaches attributed to compromised credentials.

To reduce this threat, all organisations independent of size, location or industry need robust, easy to use solutions in place to protect the accounts and credentials that allow access to these privileges, ThycoticCentrify states.

The latest Secret Server release brings stronger security controls to reduce risk. It allows organisations to rotate Secret Servers master encryption key on demand.

Rotating individual secrets housed within the digital vault provides an additional layer of protection to block external actors from gaining access to it.

Secret Server also streamlines the connection process for organisations that use jump boxes to protect access to critical resources.

Rather than taking time to inject unique credentials at every connection point, users can now use a single key to navigate an entire route from launch, to jump box, to destination within a single session.

Users can launch the end-to-end route via Secret Server or the interface of the Connection Manager session management tool.

"Our continued focus on decreasing the steps required to safeguard secrets reduces the workload on security administrators and the attack surface area," says Jon Kuhn, SVP of Product Management at ThycoticCentrify.

He says, "As an example, our master encryption key rotation capability is simple to implement and provides an additional layer of protection to block external actors from gaining access to all the other keys stored on the platform."

To enhance auditing and compliance, Secret Server ensures that only one privileged user at a time can use a secret. When secrets arent checked back in to Secret Server after use, critical maintenance operations cant be performed and productivity slows.

The latest release also automatically checks in secrets for API connections after expiration. Additionally, users now have more visibility into remaining time on a secret checkout and can extend the checkout if required.

Finally, the latest release includes enhancements to the Secret Server interface, logging and reporting to increase usability and accessibility through improved keyboard navigation and screen reader hints.

ThycoticCentrify is a cloud identity security vendor, focused on enabling digital transformation at scale. The company's PAM solutions reduce risk, complexity and cost while securing organisations' data, devices and code across cloud, on-premises and hybrid environments.

ThycoticCentrify is used by more than 14,000 leading organisations around the globe including more than half of the Fortune 100, and customers include large financial institutions, intelligence agencies and critical infrastructure companies.

Read more:
ThycoticCentrify adds new security controls and automation to Secret Server - SecurityBrief Asia

The issue of data security has been at the forefront since the federal government introduced the national identity database.

In December 2021, Isa Pantami, minister of communications and digital economy, had announced that 71 million Nigerians had been captured on the database.

As more Nigerians registered, is the NIN database free from hackers?

On Monday, a hacker identified asSamclaimed he successfully found a bug on the server of Nigerias National Identity Management Commission (NIMC) revealing how easy it was for him to breach the server and access the personal information of millions of people.

According to Sam, he came across these data while sourcing for something else to help him decompile some applications he was working on.

As usual, I am hunting for something in the source code of the application, As the scope is huge, So I collected all the applications and decompiled them all at once with apktool with this command:find . -iname *.apk -exec apktool d -o {}_out {} ;he said.

Now I started to look for something juicy in decompiled files, but as there are about 50+ applications, I cant look at each of them manually right? I just got an idea of nuclei, and boom I knew there are templates for android applications, I just downloaded them and, started nuclei on the whole directory,

After 1819 mins of a run, Nuclei gave an output saying S3 Bucket Found,I tried to access it via AWS CLI, and its like:Acess denied, No luck there.

Then after a few mins of running, Ive got one more output for s3 bucket, I casually tried to access it without any hope, and damn! the s3 bucket is full of juice.

And I was just like: I just simply got access to their data of internal files, Users, and everything they have, I can download everything, Even the whole bucket.

The hacker also posted the data he obtained in the process a copy of the national identity slip from NIMC but defaced it to hide vital information.

A security expert explained that Amazon secures S3 buckets by default but for a bucket to be publicly accessible to any hacker, as was the case with Sam, someone must have leaked it.

Hours later, the hacker recanted that the leaked sever was not from any Nigerian portal but Tecno Mobile.

He said he reported the case to Tecno, and the bug fixed.

He also edited the article published on Medium and removed a copy of the national ID posted as a screenshot in the story but failed to explain why he mentioned Nigerias ID database in the previous version.

Speaking with TheCable on the development, Boye Adegoke, senior program manager at Paradigm Initiative, said there is the possibility of negligence on the part of NIMC.

If the story is true, it is negligence on the part of NIMC, but what is more worrisome is the fact that after this, what happens next? Are we going to talk and act as if nothing happened? Will someone get punished? Adegoke asked.

The data privacy activist noted that the approach and attitude of NIMC toward the management of national data is poor.

I wouldnt really be surprised if this is true because I have always believed that the cyber security approach and our attitude show we dont understand the process and how it works, he added.

In a statement on Tuesday, NIMC said its servers are secure for identity management and optimised.

The National Identity Management Commission (NIMC) wishes to inform the public that its servers were not breached but are fully optimised at the highest international security levels as the custodian of the most important national database for Nigeria, the statement reads.

The NIMC Director-General stated that the Commission does not use nor store information on the AWS cloud platform or any public cloud despite the usefulness of the NIMC Mobile App available to the public for accessing their NIN on the go.

See original here:
'Our servers are secure' -- NIMC responds as hacker claims he gained access to NIN database - TheCable