AUSTIN, TX–(Marketwire – January 27, 2010) - SolarWinds, Inc. (NYSE: SWI), a leading provider of powerful and affordable IT management software to more than 88,000 customers worldwide, today announced that it has acquired certain of the assets of Tek-Tools, Inc., a privately-held company with offices in Dallas, TX and Chennai, India, with a combination of cash and stock for up to $42 million. Tek-Tools’ Profiler suite of products gives users visibility into the performance of storage and virtualized server infrastructures. The addition of Tek-Tools’ offerings to theSolarWinds Orion product portfolio will add management of enterprise storage infrastructure to existing network and applications management capabilities, delivering an end-to-end IT management solution. “As the need for comprehensive management of highly networked physical and virtualized IT resources becomes more and more critical to enterprises of all sizes, we believe that this transaction uniquely positions us to provide a more complete solution that IT teams need to support their environments,” said Mike Bennett, SolarWinds’ Chairman and CEO. “Over the past 10 years, we’ve proven that our technology solves complex problems in very simple ways and that our business model of delivering powerful, easy to use, low-cost management solutions can succeed for a wide range of customers. The integration of Tek-Tools’storage and virtualization management products is an important addition to our product portfolio that will allow us to respond to customer demand for an end-to-end IT management solution that offers deeper visibility into networked storage and virtualized environments,” said Bennett. The SolarWinds Orion product family has long offered companies of all sizes network, systems and application management through products such as Orion Network Performance Monitor (NPM) and Orion Application Performance Monitor (APM). Tek-Tools’ products will add deeper storage and virtualization management to the SolarWinds portfolio, delivering broader IT management capabilities and increasing IT organizations’ efficiency and responsiveness. “The collision of technologies like virtualization and cloud computing with business forces like ‘lean IT’ is putting pressure on IT organizations to rethink their management approach; functions that were once discrete will need to merge or collaborate more effectively,” said Kenny Van Zant, SolarWinds’ SVP and Chief Product Strategist. “Today’s data centers include application servers, virtualization layers and storage all dependent on an ‘always available’ network, and the ongoing adoption of virtualization and the associated storage needs continue to drive the demand for and importance of networked storage,” continued Van Zant. “Systems administrators have to be more network-aware, storage teams must tighten integration with the virtualization teams and network engineers need visibility beyond the routers and switches they manage today.” Tek-Tools’ Profiler Suite will continue to be available from SolarWinds and select channel partners. For more information on Tek-Tools and the company’s portfolio of storage and virtualization management solutions, visit www.tek-tools.com. For more information on SolarWinds, the acquisition and SolarWinds IT management solutions, please visitwww.solarwinds.com. In support of this announcement, SolarWinds will host a teleconference on Wednesday, January 27 at 7:30 am CT. The domestic dial-in number for this call is 877-627-6544; international participants can dial +1 719-325-4838 to access the call. Please dial in 5-10 minutes before the scheduled start time. A live webcast of the call will be available on the SolarWinds Investor Relations website at http://ir.solarwinds.com. A replay of the webcast will be available on a temporary basis shortly after the event at the same location. Forward-Looking Statements This press release contains “forward-looking” statements that are subject to safe harbors created under the U.S. federal securities laws. These statements include, among others, statements regarding SolarWinds’ ability to achieve the expected synergies and other strategic benefits as a result of the acquisition, including the ability of SolarWinds’ to fulfill its customers’ demands for a more complete software solution, and management’s beliefs on industry trends. These forward-looking statements are based on management’s beliefs and assumptions and on information currently available to management. Forward-looking statements include all statements that are not historical facts and may be identified by terms such as “will,” “expects,” “believes” or similar expressions and the negatives of those terms. Forward-looking statements involve known and unknown risks, including without limitation the potential impact on the business of Tek-Tools, Inc. due to the acquisition, the retention of employees of Tek-Tools, Inc. and the ability of SolarWinds to successfully integrate Tek-Tools, Inc.’s market opportunities, technology, personnel and operations and to achieve planned synergies. Therefore, actual results may differ materially and adversely from those expressed in any forward-looking statements. For information regarding other related risks, see the “Risk Factors” section of SolarWinds most recent Form 10-Q filed on October 27, 2009. All information provided in this release is as of the date hereof and SolarWinds undertakes no duty to update this information except as required by law. About SolarWinds SolarWinds (NYSE: SWI) provides powerful and affordable IT management software to more than 88,000 customers worldwide — from Fortune 500 enterprises to small businesses. Focused on the real-world needs of IT professionals, SolarWinds products are downloadable, easy to use and maintain, and provide the power, scale, and flexibility needed to manage today’s complex IT environments. SolarWinds’ growing online community, thwack, is a gathering-place for problem-solving, technology-sharing, and participating in product development for all of SolarWinds’ products. Learn more today at http://www.solarwinds.com. SolarWinds, SolarWinds.com, and Orion are registered trademarks of SolarWinds. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies
Microsoft Corp. has been transforming desktop virtualization as a way of making Windows 7 work nicely with old applications, for example Windows XP’s apps. But, after the support from the software giant, can the enterprises adopt the desktop-virtualization? The answer would be diffused. It is predicted that the desktop virtualization will see a possible uptick in the acceptance for various reasons. At present, different vendors are providing Virtual Desktop Infrastructures (VDI), which uses similar hypervisors that allow many virtual machines to run on a single physical host and the end user will have a private “desktop.” VDI can permit upto 50 PC operating systems, each of which serves a single end user. Further, the services also changes support for peripherals, multimedia and other Web- and PC-focused technologies. Therefore, the enhancements in the user interface have made desktop virtualization more acceptable. Extending the life of an old PC According to various analysts, some companies are unwilling to upgrade their PC hardware enough to support migrations to Windows 7. Desktop Virtualization is the phenomenon, which delivers and manages corporate desktops and to respond to various user needs in a flexible way. Further, it is possible to use a computer or other device to access data or applications that live somewhere else. Migration to Windows 7 It is reported that running virtual Windows 7 desktops would be cheaper than using the original software individually, but is costlier than using the virtual XP desktops. Meanwhile, market analysts suggest that by migrating to virtual Windows 7 desktops, it provides more control to IT for conserving the whole process inside the data center and by saving the hardware and support costs as well. According to various consultants, Windows 7 implementation requires upgrading hardware, updating custom-built software, training end users and updating the security on PCs with the new operating system. The process can be very costly and requires service disruption, therefore needs proper guidance before switching. Microsoft’s impasse Besides supporting desktop virtualization, the software giant also wants to run its main business computing platform. The company does not want that all of a major company’s PCs would be virtualized. But, the company says that customers should virtualize according to their usage and flexibility – not just aims to cut costs. The new OS, Windows 7 itself has better management, security and stability compared to Vista, therefore saves money. Hence, it could save further costs in VDI implementations that involve instances of the OS running in separate VMs. Various Virtual applications Users can have various web applications like browser interface for an application running on a server, view their data remotely and streaming applications. Streaming application provides more PC-based memory and processing power, but exerts more pressure on the network than remote viewing. Discussion According to a leading research firm, the desktop virtualization market will be around $1.8 billion in 2012. Therefore, it seems that Windows 7 could be a catalyst for some additional virtualization, but the switch over to Windows 7 platform will certainly requires proper consultancy and backup.
OVERVIEW In this the penultimate virtualisation article, we look at key aspect of virtualisation security; memory design. BEYOND THE VENDOR GLOSS Virtualised resources and appliances are now a major revenue stream for a number of vendors, virtual resources are widely deployed in a number of sectors, and this is a trend that is expected to continue. Virtualised resources are being deliberately targeted at those organisations that wish to make cost savings, and are mooted by many as being a secure, flexible and high availability technology. Beyond the vendor gloss however, virtualised resources suffer from many of the same issues that currently face conventional networked infrastructure, and have challenges that are unique. STALLING THE CPU It is a difficult to discuss virtualisation as a subject area without first considering computer memory design models, as both virtualised platforms and resources are reliant upon virtual memory models. Although there are a number of memory models that have been employed with regard virtualised technologies and parallel computing modern CPUs still run faster than the main memory that they may be attached to. To avoid CPUs stalling, and becoming memory starved, a number of research projects have been undertaken to allow for high speed memory access for CPUs. NUMA (Non-Uniform Memory Allocation) is one of many such memory models, and attempts to provide separate memory for each processor, and thus avoid the difficulties inherent in multi-processor environments. NUMA become problematic when considered in relation to the von Neumann architecture programming model and its attendant bottleneck. In the von Neumann model, a processing unit, and a single storage area for data and instructions are separated. This separation between CPU and memory leads to a scenario whereby there is limited throughput between the CPU and memory compared to the available amount of memory, and subsequently the CPU stalls, consequently there have been limited implementations of NUMA. CACHE FLOW Cache Coherent NUMA (CCNUMA) was introduced, and is widely deployed as the memory model of choice in a number of assets. CCNUMA seeks to maintain the integrity of data that is stored within the local cache controllers of shared resources, as well as that stored in the memory of multiprocessor systems. CCNUMA is used in the majority of current cluster computing models and virtualised resources and servers including HP Superdomes and Integrity Servers, as well as assets produced by Sun and IBM. CCNUMA utilises both local physical nodal and remote, shared memory to complete data transaction processes. When local memory is full, CCNUMA architecture allocates remote memory pages to facilitate CPU access and recall. In a HP Superdome virtualised resource, the composition is as follows Figure 1: Components of a HP Superdome HP Superdomes can be broken down into a number of distinct components: 64 processors 16 individual cells Local and interleaved memory instances Communication interconnections via crossbar instances I/O connections (both internal and external to cell instances) In the current HP model if an individual processor cannot write to another processor instances within a cell, it will attempt to write to its neighbours with the proviso that data will not cross more than two crossbar instances. The CCNUMA implemented within Superdomes utilises locality domains (LDOM) to control logic domains, but also data flows. In relation to how these relate to virtualised resources, each LDOM may consist of a separate, independent domain and a related collection of processors and memory, or in relation to data flows specifically, data will be passed quicker between two adjoining cells or processors than those situated elsewhere in the architecture. Within the context of this architecture, local memory is restricted to the storage of private objects and data structures. However, this does not imply that it cannot be accessed by other processor instances. The main local memory restriction being that the further a processor is away from the memory instance, the longer access will take. Many vendors employ this working model with regards to virtualised resources however it is not without a potentially security flaw. INJECTING MALICIOUS CODE It may be possible utilising the model detailed in Figure 1, for malicious code to not only impact upon the memory of individual cells/processors but also the interleaved and local memory of all cells within the environment. Rather than the injection of a malicious code base into an individual processor memory instance, it possible for an attacker to inject and infect all memory instances in the virtualised resource environment. It should be noted that many implementations of virtualised resources, are in fact acting in one form or another as a replacement for a conventional local area network, with associated application, application server and database instances. Therefore, if an application enters an error state, becoming a ‘processor hog’ it may impact significantly the integrity/stability of associated processors both within an individual cell, and beyond. A number of protections are exist to prevent the scenario detailed above within commercially available virtualised resources. However, these are by no means universal, and many protection mechanisms may well be treated as commercially sensitive by technology vendors. The principle holds true however, that memory within a virtualised resource is no different to that which is associated with a monolithic memory instance with a number of processors attached to it. In the latter scenario if an attacker (or their code base) can gain privileged access to an individual processor they can write to the shared memory space and corrupt execution flows. There is however one significant differential between these two scenarios, namely that a virtualised resource may well be operating in the capacity of a fully networked instance. Rather than impacting upon the stability of an individual system component within a LAN. If the hypothetical attack can be enacted, it has the potential to impact upon the security of the whole network. Consequently, the impact of malicious increases thanks to shared and interleaved memory areas within the virtualised resource. NEXT TIME… In our final article we discuss the wider security implications of virtualisation for business.
Server virtualization is the means by which a network administrator is able to “hide” the actual physical servers and network hardware (known as “masking”) from the network users. The network users no longer see a particular server or drive on the network, instead they see a “virtual” environment which contains their applications and files. The network administrator achieves this masking by using software which divides a physical server into multiple “virtual” environments which are also isolated from each other. These private environments are also known as Virtual Private Servers (VPS), but they are also known by a number of other names too – guests, containers, emulations and instances. Why should a business consider using server virtualization? Server virtualization itself is part of an information technology development concerning servers and data storage. By using server virtualization your network will be able to respond to the demand placed upon by users rather than an always-on state. In plain English, you don’t need so many servers in your network because the virtual servers are only created when users need them; when one user has finished, their VPS environment effectively disappears. Using server virtualization, you can increase the efficiency of your network from around 20% to up to 80%. Fewer servers and the associated hardware (racking, hosting, power, routers, cabling etc) means reduced capital and operating cost and this is likely to be a highly significant reduction. Server virtualization also prevents what is known as “server sprawl”, which is where new servers are added to host new applications when there is already spare capacity in the existing server farm. This leads to reductions in the capital and operating cost of implementing new solutions, in many cases, this leads to enhancing proposed solutions and projects which otherwise would not be viable even in their basic proposed form. You are also able to simplify and reduce the costs of associated with your disaster recovery strategy. Replicating VPS off-site is simple and cheap to do, and again you need not replicate your server farm or have stand-by servers which represent a huge saving in terms of cost. Network support and helpdesk costs are also significantly reduced as virtual desktops do not need an engineer to physically visit the user. The support staff are also able to access all of the applications and the operating system being used by employees on their laptops and desks from a central location. This also leads to a huge reduction in operating costs associated with support but in addition, less hardware also means there is less to go wrong so clients experience reduced costs, greater uptime and greater efficiencies leading to a higher Return on Investment (ROI). Implementation and migration to a virtual server environment can be performed with minimal interruption to network users and operations. User adoption is also not relevant because users do not see any difference in their desktops nor with the service they are experiencing. The changeover is seamless, so there are no issues regarding user education or barriers to adopting new technology and techniques.
An evolving workforce, reared on Web 2.0 technologies, is bringing a different perspective to how computers are used within an organization. With a mindset that is highly tuned to sharing information and applications, and emailing and messaging friends, the new “employee 2.0” is redefining how individuals interact with the internet and the IT environment as a whole. While the new internet technologies they are exploiting can bring business value in helping employees communicate, share files and work collaboratively online, they also pose a range of new threats. Internet-enabled applications such as Instant Messaging (IM), peer-to-peer (P2P) file-sharing applications and Voice over Internet Protocol (VoIP) services have been causing concern for some time. A Sophos online poll asking IT administrators what kind of software applications they would like to prevent their users from being able to access and use shows that even by late 2006 they recognized the need to be able to exert more control and to prevent users from installing and using unwanted applications. Today the problem is even more pressing. While businesses have put in place systems and processes to defend against malware, these defenses do not typically provide adequate protection against the new set of threats posed by today’s user behavior. Employees, many of whom have considerable IT knowledge and expertise, continue to introduce applications onto their desktops – very often simply to make the tools they work with more suited to their own idiosyncrasies – unaware of the associated potential risk. Internet browsers Many people are rejecting company-approved web browsers in favor of other browsers. Although these are a very real threat as hackers regularly exploit unpatched vulnerabilities in browsers to infect users’ computers, nearly a third of respondents to a Sophos poll said they did not consider browser control important. 28% Virtualization Of particular concern currently is the growth in the use of unauthorized virtualization software on company desktops and laptops. Virtualization separates the logical (software) from the physical (hardware) allowing multiple systems to be run on one piece of hardware. It can represent real value at time of increasingly constrained IT budgets and organizations deploying managed virtual desktops are running no significant increased risk. Unmanaged virtual computers, on the other hand, create a black hole in an organization’s security system, with applications running in an environment about which IT administrators are completely unaware. The ease with which virtual computer image files can now be downloaded means there is a much higher risk of end users running unauthorized applications – from games to browsers to beta software – in a virtual environment, making corporate systems and data much more vulnerable than in the past. Removable storage devices An organization’s vulnerabilities are exacerbated by the unchecked ability to launch unauthorized applications from removable storage devices like USB keys, CDs and DVDs, and wireless networking protocols, such as WiFi, Bluetooth and Infrared – particularly if these applications are then run in a virtual environment. Compounding the problem is the use of these devices and protocols to transfer business data around and out of an organization. In a recent survey, the inadvertent exposure of company confidential information was cited as the number one threat, above viruses, Trojans and worms. The business risk The unauthorized or uncontrolled installation and use of applications, devices and network protocols can negatively impact organizations in several ways. Security risks The risk of infection through unauthorized applications is clear. IM-based malware attacks, for example are growing exponentially, and P2P applications are similarly on the increase and are notorious vectors for malicious code such as remote command execution, remote file system exploration or file-borne viruses. Infected files can also come in through wireless connections. Once infected, computers can be used to send out spam or launch denial of service attacks, or to spy on and capture confidential business data. As discussed above, data can also be easily taken outside an organization on CDs and USB keys and many recent high-profile incidents confirm how easy it is for these then to be accidentally lost. Legal and compliance breaches The installation of unauthorized applications and devices can pose significant legal risk as well as security risks. The need to protect data is particularly important. Government regulations such as the USA’sSarbanes-Oxley Act and HIPAA (Health Insurance Portability and Accountability Act), Canada’s PIPEDA Personal Information Protection and Electronic Documents Act), and the UK’s Data Protection Act place requirements on IT administrators to maintain and protect data integrity within their networks. There is further pressure from recognized industry bodies, such as the Center for Internet Security (CIS Benchmarks) and the Payment Card Industry (PCI DSS). In addition to the repercussions of failing to protect data properly, there are other legal pitfalls. For example, the content of IM chat often includes attachments, jokes, gossip, rumours and disparaging remarks, confidential information about the company, employees and clients, and sexual references. Extra IT support burden As discussed, unauthorized applications and devices can introduce infection to the network, but even without this, they can create an additional IT support headache. Applications that are not properly tested and deployed can cause stability performance issues across the network. Network and system overhead The corporate network bandwidth and computer processor power consumed by unauthorized applications can have a direct negative impact on network resources and availability. For example, distributed computing projects harness the “spare” processing power of millions of computers to help create models or simulations of scenarios such as climate change. VoIP also uses such spare capacity. Employee productivity issues Although applications like VoIP and IM can have business value, in most cases they are a distraction and are not required by end users for business purposes. In a virtual environment, applications that are normally banned by an organization, such as games, can be freely run, or users can simply use the environment to organize their own private affairs, all of which has a hugely adverse effect on productivity. The challenge of the legitimate The difficulties presented by some legitimate software applications raise particular challenges over and above “straightforward” protection against malware. The fundamental step for organizations to increase security and productivity is to create and enforce an acceptable use policy setting out rules on what applications and devices are and are not approved, containing prescriptive advice on best practice, and clearly defining prohibited behavior. Beyond this, from the IT administrator’s perspective there are two distinct challenges: Allowing controlled use of authorized applications, devices and network protocols. Preventing use of unauthorized applications, devices and network protocols. In practice this presents a significant challenge, not least because many users have to be allowed to be local administrators, being given privileges necessary to download applications that they need to do their job, for example downloading updated Adobe Acrobat software. However, this means that they can also download a variety of other software that they might want to install and use. This makes life particularly difficult for the IT administrator: malicious software would be blocked by anti-virus software but applications like IM are not malicious in any way. Skype End User License Agreement 3.3…Skype Software may utilize the processor and bandwidth of the computer (or other applicable device) You are utilizing, for the limited purpose of facilitating the communication between You and third parties. Control strategies In response to the wide-ranging threats posed by the unauthorized use of applications and devices, IT administrators have tried a number of different strategies. While each strategy has some merit, there are also disadvantages. Locking down computers One of the most straightforward ways to stop the installation of unauthorized applications is simply to enforce a blanket lockdown on all computers, or to ban the unauthorized use of removable storage media, and to assign only limited administrator rights. However, this is precisely where application control has broken down in the past. Some departments – notably IT and technical support – have a clear and obvious need for administrator rights. It might seem an obvious answer to allow these technical groups to install applications and to prevent everyone else from doing so. Unfortunately in practice this is not as simple as it sounds. Many organizations find it expensive to lockdown computers for some or all of their non-technical end users. The inflexibility of the strategy means that countless policies need to be created. For example, many simple Windows functions, such as adding a printer driver, changing time zones and adjusting power management settings, are not allowed with a standard user account and therefore do require constant changing of the assigned rights. The increased staffing requirements and response times related to centrally administering every change to a computer create a significant cost for the business. Installing specialist control products There are products on the market that are designed specifically for controlling which applications can and cannot be run on a computer. These products typically involve validating usage against large databases of allowed and blocked applications. For IT administrators they are yet another product that needs to be evaluated, purchased, installed and managed. Management of these [...]
