Jul
5
2010
The challenge with running a data center is you generally have lots of stuff, both equipment and software, making it all work. Add in 3rd party tools and developer applications, and its a challenge keeping it all running. But hey – That’s our gig – We make it run. Sure these tools make the developers life easier, so they do not reinvent the wheel all the time, but when you rely on third party apps, you inherit their vulnerabilities, and that is a bad thing.
DotNetNuke (DDN) is an example. DotNetNuke bills itself as the leading web content management platform for .net. Well you better check your stuff, because it can be hacked pretty easily if conditions are right. See http://blog.aggregatedintelligence.com/2010/02/dotnetnuke-version-zero-day.html for an excellent example of the exploit.
So did we get hit. Yup. On a in house developed blog system and it is a deface hack. What did we do?
- Site was attacked using a vulnerability in DotNetNuke
- Attacker used the vulnerability to drop a script and deface all sites on the server
- Once discovered, server was immediately taken offline and recovered. The server was virtual and easy to take off line and still continue to access and identify the issue. VM’s are great in these situations. You can take snapshots and duplicate for a variety of uses.
- Appropriate measures were taken to prevent the attack from happening again. See below.
- Server was brought back online.
- Remote attacker IP indicates it was a hacker from Iran (IP Address: 94.183.194.10)
This was pretty easy to resolve. Once we had the box offline, we did the following.
- Deleting all files that were modified or inserted
- Modified the vulnerable file so it could not be accessed again
- Modify permissions on the web site files to deny writing files
- Modified registry permissions to deny access to the scripting object that was used to write the files
- Repaired any missing or altered files for critical applications
We also reviewed the use of DDN in all other systems and went back to mitigate them as well. If you use DDN, be sure your running v4.9.4 and up, or you may be vulnerable. And its a pretty well known vulnerability. Just Google “|| IMAN_TAKTAZ WAS HERE ! ||” and you’ll see tons of references. This was the deface.
The awesome part of this? We had it identified with 15 minutes of the hack, brought the site down, recovered the site to a maintenance page, and then began our internal process of figuring out what happened. This took some time and we were not worried out time anyway, but we were worried about the hack and the possibility of a compromise. So since we had a maintenance page up, we brought a few experts together on a phone bridge and started sorting it all out. You really need the developers and web folks there to sort through the logs and interpret what occurred. We have sharp dev-app guys and they parsed it all and figured it out. Then we had plan for mitigating and we got it back in production. Sure it took a few hours, but we are a careful lot.
How did we catch it? Our monitoring system! It monitors for content. So when the main page was changed, it tossed us all an email. Then we sprang into action. And we were lucky! Always helps if your lucky!
Jul
1
2010
Collaboration is all over CiscoLive 2010. And a lot had to do with social media collaboration. It looks like Cisco is going corporate with trying to access Facebook, Twitter, etc and bring it inside the corporate network. So any of this is going to come inside the data center sooner or later.
It is all very early release stuff, but it seems very interesting, maybe even a little big brother-ish. You post a note somewhere on facebook about product X, and some search engine sucks it up, and they follow up with you. Sounds like good service, but what happened to the old days, when you either complained to them or just narked them out to all your family and friends. Not sure if I want companies poking around my personal social networks.
Anyway, they are working on a collaboration gateway to make it all happen. Together with a portal application called Cisco Quad, it’s interesting, and more to follow. Check out this video. Very highlevel but interesting.
Jun
30
2010
Found what I was looking for. Cisco 5020 Nexus Switches. See http://www.cisco.com/en/US/products/ps9670/index.html for more info.
Anyway, its very cool because not only is it an enterprise 10GB switch, but it is also basically a MDS FC switch. Plug in your storage via some 8GB FC ports, plug your servers in via 10GB ports, uplink it to a 10GB data switch, and BAM! A converged data-FC switch. Sent FCoE and data on the same link to your servers, or send just data, or send just FCoE. Sweet!
We need to converge our HP C7000 chassis’s with 10GB links. The links will carry both FCoE and data. For us it looks like a pair of Cisco Nexus 5020 switches located at the top of the cabinet will do the trick. The switches can consolidate both the data coming from several EMC CX4-240′s, 10Gb from local data center 6509′s and push it all down a single pipe to the C7000. Of course we will run two 10GB links from each 5020 and that means a total of four 10GB links to each C7000 chassis.
We should easily be able to run hundreds of virtual servers on 4-8-16 blades with no problem here. This will reduce FC cables and mgmt to almost zero and just four 10GB links. Plus the 5020′s can act like a FC switch. We do need to decide if we want to use the 5020′s as a switch for zoning, or pass it on to our MDS switches. I think adding 8GB FC to the CX4′s and dropping them to the 5020′s and then doing the zoning for the ESX nodes on the 5020′s is the best solution. This keeps it all 10GB going to the ESX servers. BAM. I like 10GB!
That leaves the C7000. More on that later. I need to review a few things with our HP provider. I know they have a CNA and also 10GB switches for the C7000. So that is next. Once I figure that out I can budget for this and get it in the plans for next year. The sweet thing is our MDS is the 9124/9134 model and limited to 4GB. So it was planned for upgrading. This takes a big chunk off our upgrade list if we can use the 5020′s as an MDS switch.
Guess we will see…..
UPDATE: No CNA adapters for now. That sucks. HP really needs to ship a CNA adapter or they will be left in the dust by IBM and Cisco. Guess time will tell.
UPDATE II: HP will announce new CNA’s and C7000 chassis switches that support FCoE in late Q3/early Q4.
Jun
29
2010
Down in the data center we have been waiting and waiting and waiting to get any of the Cisco Voice applications running on VMWare. Surprise – Surprise. Cisco is now allowing voice applications on VMWare if the hardware is Cisco’s unified computing system (UCS). WOW. That is a big bummer. We have been a Cisco voice shop since v3.3 and it has been good for us and Cisco.
But to only allow UCM, Unity, CCX, etc only UCS, that really is lame. Cisco is a proponent of open source, standards, etc and now they go hardball and only certify their own stuff. The Cisco UCS platform is good stuff. But not everyone can jump in and pop for a UCS platform, especially when you already have an investment in another vendors equipment. Kind of like us. We are an HP shop, but we can not just dump what we have, and go spend a bunch of capital at a moments notice.
Now I heard someone say that Cisco is going down this path because they are cautious of VM’ing voice applications and they want to control it initial release on VMWare, and it’s possible it will work on other hardware in the future. Lets hope so. Lets really hope so.
I guess I’ll quit whining now.
Jun
28
2010
Not really a datacenter item, it may impact the data center, meet the Cisco Cius. The Android-based device delivers virtual desktop integration with anywhere, anytime access to the full range of Cisco collaboration and communication applications, including HD video.
Hey, I love anything Android right now, and this looks cool. The bummer is that it is not epxected until 2011. That is too far out. By then someone else will ahve something cooler. Cisco has to learn from Cisco. Announce it, take pre-orders, ship it. That is how you build demand.
Anyway, see this for more http://newsroom.cisco.com/dlls/2010/corp_062910.html info.