Server consolidation: cost saving but what about security? (Security).Through conscientious planning, Year 2K didn't bring the global IT disaster some feared, but it did highlight another problem for IT managers. After years of adding servers in distributed client/server environments A networking environment that is made up of clients and servers running applications designed for client/server architecture. See client/server. , IT managers Finally inventoried their systems. Many found they had more IT resources than they thought, and many that were unused or underused. This and the desire to reduce IT costs overall, has driven managers to think about getting more use out of their existing systems, managing resources effectively and reducing hardware, software and administration costs by consolidating their IT infrastructure. At the same time, the development of high performance Unix- and Intel- based servers by IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Sun and others has meant that individual servers now have sufficient power to allow consolidation. Bringing multiple applications together in a single server and moving mainframe applications and data to a reduced number of highly powerful Unix or Intel servers has become an unstoppable trend, with IBM, Sun and others working on developing servers to meet demand. In its TechStrat survey of 50 US and 15 European chief information officers in 2000, Merrill Lynch Merrill Lynch & Co., Inc. (NYSE: MER TYO: 8675 ), through its subsidiaries and affiliates, provides capital markets services, investment banking and advisory services, wealth management, asset management, insurance, banking and related products and services on a global basis. found enterprise server spending continuing while hardware expenditure on PCs and mainframes had the lowest spending priority among corporates. It is on this trend that companies such as IBM with its `Regatta' p690 and Sun with E15k and Fujitsu Siemens Computers Fujitsu Siemens Computers is a Japanese and German IT vendor, selling consumer and business computing products in the markets of Europe, the Middle East and Africa (products marketed elsewhere are sold under the Fujitsu brand). with its Kayser server are banking. Server Consolidation Consolidation of servers brings together different application server environments into one cohesive whole including transactional servers, workflow and collaborative servers and business intelligence servers. This generates many of the benefits companies currently seek: cost-saving, interoperability The capability of two or more hardware devices or two or more software routines to work harmoniously together. For example, in an Ethernet network, display adapters, hubs, switches and routers from different vendors must conform to the Ethernet standard and interoperate with each other. , integration, and improved levels of performance and service. States IBM" We have found that server consolidation has very little to do with simply consolidating servers. When customers use this term, they are talking about optimizing and simplifying their existing IT infrastructure and integrating existing architectures across applications and data to provide a strong foundation for new solutions like ERP (Enterprise Resource Planning) An integrated information system that serves all departments within an enterprise. Evolving out of the manufacturing industry, ERP implies the use of packaged software rather than proprietary software written by or for one customer. and e-business." But consolidation of applications onto fewer servers also brings challenges in terms of designing a scalable, easily-managed architecture. It also brings the challenge of protecting multiple applications running on fewer, centralised Adj. 1. centralised - drawn toward a center or brought under the control of a central authority; "centralized control of emergency relief efforts"; "centralized government" centralized servers from hacking See hack and hacker. , misuse and misadministration. Mainframe-like security for servers Consolidation of applications onto a single server or small group of servers can lead to open access to data to unauthorised persons. The fact that multiple applications reside on the same server also means that an external or internal attack on one application -- for example by exploiting a bug -- can leave all applications on that server vulnerable, Therefore if you don't want your staff to see the payroll or your resellers to see your direct customer data, how do you provide mainframe-like security in a consolidated Unix server A medium to large-scale computer system in a network that runs under Unix. Unix servers are widely used as application servers and database servers and are available from a variety of vendors, including Sun, IBM, HP and others. environment? The answer lies in securing the underlying operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. of the server on which individual applications run, thus creating a secure application environment (SAE sae abbr (BRIT) (= stamped addressed envelope) → sobre con las propias seƱas de uno y con sello ). Using SAE software, a Unix server can be locked down restricting users and processes to those parts of the server for which they have authorisation and preventing users from wandering off this controlled path into unauthorised areas. Access control is augmented by compartmentalisation. Locating applications in individual, isolated compartments means that if one application is compromised, the damage is limited. In a server protected by SAE software, a hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. can at worst only damage the application to which he has gained access and cannot break outside the compartment to damage other applications or data on the same server or via the server across the network. Secure Application Environments Every application on a system that interacts with the network is a potential attack point. It is essential to secure the operating system on which applications run. The strongest doors and most sophisticated locks can't protect a business if the windows are left open. In the same way, a single secured application cannot protect a system from a strike launched against a weak application on the same system. The sum total of system security is only as strong as the weakest program running on it. As application vendors fall short of providing a total security package for the entire system, as do hard-pressed users, you need to provide an environment that protects the system no matter how weak the applications running on it. How then does an SAE provide this secure foundation? A secure application environment embodies a set of measures that prevent accidental or deliberate damage. These include: * Controls that limit the application's access to files, networks and other applications in order to limit the damage from any exploit of an application, present or future, * Controls that apply no matter what level of administrative access a process has been granted, * Controls external to the application that the application cannot be caused to override, but that do not interfere with the application's ability to run on the system. Today most attacks are against the server. These include denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. , theft from transactional servers, theft of server-held customer data and so on. Protecting server applications is the number one security problem on the Internet. In consolidation however, the focus is not on the hardware but on centralising Adj. 1. centralising - tending to draw to a central point centralizing decentralising, decentralizing - tending away from a central point decentralising, decentralizing - tending away from a central point applications for the good of the business. The solution should also be invisible to users, allow real-time access to improve service levels and involve significantly less administration. In terms of business efficiency and usability, an SAE provides all of these attributes in a secure environment. With an SAE, such as PitBull, multiple isolated compartments can be created allowing users to create "virtual machines" within a single server to protect each application. If one compartment is hacked Modified. Attacked. Having code altered. See hack and hacker. the damage remains in that compartment. In this way multiple, interoperable The ability for one system to communicate or work with another. See interoperability. applications and their data can reside on the same server. With secure multiple compartments the company protects its data, reduces its costs, and administrative headaches and reduces the number of servers while improving interoperability and access to IT resources across the network. www.argsystems.com Katherine Henry Argus Systems Group Europe |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion