Recently I came across a great bit of prose, written by Max Ehrmann. Just to be safe on copyright issues (thank you, David), I've linked to a site that has the piece in its entirety.
Hope you enjoy.
Server Sprawl
Because we are a Church, we are considerably more cost conscious than a typical enterprise would be. In an effort to save power, cooling & hardware costs in our data center, we've begun implementing virtualization. We've been using virtualization for quite some time with our AIX servers, but we've now begun to virtualize Windows and Linux boxes.
Most of you know what virtualization is, but for those who don't, I'll try to explain.
<virtualization_explanation>
In the past, when a team needed a server in the data center, we would purchase them their own server. Their application might use, on average, 10% of the capabilities of that server. Or less. It was a waste, not just for our shop, but for the entire industry. A potential, but not always viable, solution was to load multiple solutions onto one box, but those solutions shared the application server and operating system and consequently could interfere with each other by crashing the operating system or the application server and/or just utilizing too much of the computer's brain (CPU).
Virtualization allows us to load multiple instances of an operating system on a single box. So on one machine, we could load several solutions, each with its own instance of the application server (Websphere) and the operating system (typically Linux). So if one solution crashes its instance of the OS, the other solution is just fine because it's running on top of its own instance of the OS.
And because each solution was previously only using around 10% of the total resources of the server, you can run, say, 5 solutions on one server and still only use around 50% of the server's resources. You just cut your power, cooling and hardware costs by roughly 80% (minus a little overhead for the virtualization technology itself).
Pretty amazing.
</virtualization_explanation>
We have seen significant, and maybe even extraordinary, savings on our "per server" costs as a result of virtualization.
The unintended consequence has been "server sprawl." The ease, speed and extremely low cost of creating a new server (because it is virtual) has increased the demand for servers. Without great governance and management tools, this is becoming a problem for most enterprises.
How are you dealing with "server sprawl" in your shops?
Most of you know what virtualization is, but for those who don't, I'll try to explain.
<virtualization_explanation>
In the past, when a team needed a server in the data center, we would purchase them their own server. Their application might use, on average, 10% of the capabilities of that server. Or less. It was a waste, not just for our shop, but for the entire industry. A potential, but not always viable, solution was to load multiple solutions onto one box, but those solutions shared the application server and operating system and consequently could interfere with each other by crashing the operating system or the application server and/or just utilizing too much of the computer's brain (CPU).
Virtualization allows us to load multiple instances of an operating system on a single box. So on one machine, we could load several solutions, each with its own instance of the application server (Websphere) and the operating system (typically Linux). So if one solution crashes its instance of the OS, the other solution is just fine because it's running on top of its own instance of the OS.
And because each solution was previously only using around 10% of the total resources of the server, you can run, say, 5 solutions on one server and still only use around 50% of the server's resources. You just cut your power, cooling and hardware costs by roughly 80% (minus a little overhead for the virtualization technology itself).
Pretty amazing.
</virtualization_explanation>
We have seen significant, and maybe even extraordinary, savings on our "per server" costs as a result of virtualization.
The unintended consequence has been "server sprawl." The ease, speed and extremely low cost of creating a new server (because it is virtual) has increased the demand for servers. Without great governance and management tools, this is becoming a problem for most enterprises.
How are you dealing with "server sprawl" in your shops?
Risk Magic
Last week at the Research Board, I had the pleasure of sitting down to talk with Peter Tippett, a security guru who bucks common risk management wisdom and has made an enemy of many security folks who find his focus on being "practical" naive. He was both delightfully insightful and hilarious.
He offered many tidbits of wisdom.
For example, he talked about endpoint protection. Security best practices dictate that laptops, particularly ones carried by executives or other folks who might be carrying sensitive data, be encrypted with heavy duty encryption stuff. Tippett argues that this practice is silly.
In order for something bad to happen, ALL of the following must be true:
What is the likelihood that even the first three of these things might happen, let alone the last two?
A good security professional will know the potential attacks and best defenses. An excellent security professional will temper the desire to "continually batten down the hatches" by considering the probability of successful attacks and planning accordingly.
Peter was refreshing and fun.
He offered many tidbits of wisdom.
For example, he talked about endpoint protection. Security best practices dictate that laptops, particularly ones carried by executives or other folks who might be carrying sensitive data, be encrypted with heavy duty encryption stuff. Tippett argues that this practice is silly.
In order for something bad to happen, ALL of the following must be true:
- The individual must lose (by negligence or through theft) a laptop
- The laptop must have information on it that could actually be used in some harmful way
- The person who acquires the laptop (through whatever means) must desire to get data off of the laptop and not just sell the laptop for drug money, which is probably much more often the case.
- The bad guy must have the ability to get through the basic security protection on the laptop
- The bad guy then must have the ability to use that information in some hurtful way
What is the likelihood that even the first three of these things might happen, let alone the last two?
A good security professional will know the potential attacks and best defenses. An excellent security professional will temper the desire to "continually batten down the hatches" by considering the probability of successful attacks and planning accordingly.
Peter was refreshing and fun.
Risk Magic
Last week I had the pleasure of listening to Peter Tippett, a security guru who bucks common risk management wisdom and has made an enemy of many security folks who don't see things his way. He was both delightfully insightful and hilarious.
He offered many tidbits of wisdom.
For example, he talked about endpoint protection. Security best practices dictate that laptops, particularly ones carried by executives or other folks who might be carrying sensitive data, be encrypted with heavy duty encryption stuff.
PaulWilmot
He offered many tidbits of wisdom.
For example, he talked about endpoint protection. Security best practices dictate that laptops, particularly ones carried by executives or other folks who might be carrying sensitive data, be encrypted with heavy duty encryption stuff.
PaulWilmot
Dear Vendors
Dear Vendors,
I have the following suggestions for how to deal with our shop.
I have the following suggestions for how to deal with our shop.
- Send me emails all you want, introducing your new product, whatever. I get them almost daily. Please realize that they don't do any good. I usually delete them outright. Please don't feel badly that I don't respond. I just don't have time.
Subscribe to:
Comments (Atom)