|Read the Digest in
You need the free
The digest of current topics on Continuous Availability. More than Business Continuity Planning.
BCP tells you how to recover from the effects of downtime.
CA tells you how to avoid the effects of downtime.
Thanks to This Month's Availability Digest Sponsor
In this issue:
Browse through our Useful Links.
Check our article archive for complete articles.
Sign up for your free subscription.
Join us on our Continuous Availability Forum.
Check out our seminars.
Check out our writing services.
Our Managing Editor Will Speak at the OpenVMS Boot Camp
The OpenVMS Boot Camp is coming up. It will be held in Bedford, Massachusetts, USA, from March 18th through March 21st. In addition to a full-day preconference seminar on achieving high availability with OpenVMS systems, the Boot Camp features over three dozen breakout sessions and a Partner Pavilion for OpenVMS vendors. Our article entitled OpenVMS Boot Camp is Coming in March has further details.
I will be presenting one of the breakout sessions. My talk is entitled “Help! My Data Center is Down!” Nothing strikes fear in the hearts of management so much as losing a company’s entire corporate IT infrastructure. To make sure this never happens, companies invest heavily in their data centers with technologies ranging from fault-tolerant systems to redundant architectures and even redundant data centers.
However, the unexpected happens. In this presentation, I will review from the archives of the Availability Digest many horror stories that highlight unlikely events that have taken down entire data centers and the lessons that can be learned from such disasters. These lessons apply to any data center, including those with OpenVMS systems.
I look forward to seeing you at my talk.
Dr. Bill Highleyman, Managing Editor
Since our last summary of multiple data-center failures, published in our September, 2012, issue of the Availability Digest, we have reported on several major outages. They included the DDoS (Distributed Denial of Service) attacks on several major U.S. banks, attacks that took down their online websites for several days in retaliation for the YouTube video entitled “The Innocence of Islam;” a Republican-party secret weapon whose failure may have cost Mitt Romney the U.S. Presidential Election; a memory leak that took down an Amazon Web Services Availability Zone for several hours; several data centers that were out for days after Hurricane Sandy flooded generators located in basements in lower Manhattan; and a violent storm (not Sandy) that left millions of residents of Northern Virginia without 911 service for four days.
Several other outages made headlines during this time and are summarized in the article. The outages were caused by a wide range of problems, including user errors, software bugs, and hardware failures. However, for the first time, cyber attacks were predominant. As we see data centers become less immune to failures, we are now witnessing more problems with major malware infections.
The OpenVMS Boot Camp has successfully supported the OpenVMS community for years. Its time is coming again. Connect, The HP Business Technology User Group, has announced the 2013 OpenVMS Boot Camp, to be held Monday, March 18, through Thursday, March 21, 2013. The Boot Camp will take place at the Bedford DoubleTree Hotel.
The four days comprising the OpenVMS Boot Camp will include a preconference day on Monday followed by three education days. The education days will include several tracks featuring content presented by HP, customers, consultants, and OpenVMS vendors.
The 2013 OpenVMS Boot Camp is an essential continuation for the OpenVMS community of HP Discover 2012. At Discover 2012, attendees learned all that is new in HP’s converged infrastructure initiative. However, Discover 2012 had to cover so much material about so many topics that any one particular niche could be given only limited exposure. This is the purpose of the 2013 OpenVMS Boot Camp – to drill down into all things OpenVMS.
The OpenVMS Boot Camp is the event to catch up on what’s new with OpenVMS and to meet HP OpenVMS staff, OpenVMS customers, and OpenVMS partners. Plan to attend, and we’ll see you there.
The Department of Homeland Security (DHS) Office of Cybersecurity and Communications publishes a detailed list of the twenty-five most egregious programming errors that lead to exploitable security vulnerabilities in computer applications. International in scope and free for public use, the Common Weakness Enumeration (CWE) is a community-developed dictionary of software weaknesses.
The top twenty-five CWEs represent the most significant exploitable software constructs that have made software so vulnerable to hackers and cybercriminals. The software security holes are often easy to find and to exploit. The CWE provides detailed descriptions of these common erroneous software constructs, and it therefore can aid in the education and training of programmers on how to eliminate all-too-common errors that can be compromised by malware.
The CWE top twenty-five vulnerabilities are updated each year. The hundreds of vulnerabilities listed on the CWE web site are prioritized using inputs from over twenty organizations. Prioritization is based on prevalence, importance, and likelihood of exploit.
The CWE is another example of the Department of Homeland Security’s fight against cybercrime. Last December, 2012, the DHS issued a warning to disable Java 7 because of vulnerabilities that Oracle has yet been unable to correct.
Early adapters have proven the feasibility and cost advantages of moving applications to the cloud. Though most applications running in the cloud are still low-risk applications, more and more core applications are being moved, aided by the provision of redundant cloud services such as Amazon’s Availability Zones, which lets a backup copy of an application run in another fault-isolated Zone.
The new killer-app for the cloud may be Recovery-as-a-Service (RaaS), which uses the cloud to back up and to recover critical services that are running in a company’s data center. Though RaaS has yet to become mainstream, cloud-service providers, IT resellers, and startups are jumping on the bandwagon.
Implementing a disaster-recovery solution is never simple. Cloud-based recovery can make the task much easier and less costly for many companies.
Large companies already have disaster-recovery infrastructures in place and may not be so ready to move recovery to the cloud. Small companies are less likely to have a formal DR strategy.
However, cloud recovery will become attractive, especially to medium-sized companies. Gartner predicts that 30% of mid-sized companies – those with annual revenues from $150 million to $1 billion – will have adopted RaaS by 2014. That is up from 7% in 2011.
Sign up for your free subscription at http://www.availabilitydigest.com/signups.htm
Would You Like to Sign Up for the Free Digest by Fax?
Simply print out the following form, fill it in, and fax it to:
+1 908 459 5543
The Availability Digest is published monthly. It may be distributed freely. Please pass it on to an associate.
Managing Editor - Dr. Bill Highleyman firstname.lastname@example.org.
© 2013 Sombers Associates, Inc., and W. H. Highleyman