1. EMERGING TECHNOLOGY
TRENDS
A VIEW FROM A CAMPUS DATACENTER
David Horton
Geoff Wilson
Kendall George
Mark Ferguson
Chris Jones
University of Oklahoma Information Technology
Tuesday, May 18, 2010
2. 10 TRENDS & LOTS OF
QUESTIONS
Going forward, these trends will require close
collaboration to protect your university.
• Computing Power • Cloud Computing
• Virtualization • The Other Campus Network
• Green IT • Consumerization
• Storage Growth • Social Computing
• Data Centers • Emerging Threats
Tuesday, May 18, 2010
3. TO PARTICIPATE TODAY
Please, turn your electronic devices on.
We want to hear from you!
• Tweet: Use #b12iac to tag your tweet
• Email: send
comment or question to
b12iac@tweetmail.com
• Join the discussion
Tuesday, May 18, 2010
4. 10 TRENDS
• Computing Power • Cloud Computing
• Virtualization • The
Other Campus
Network
• Green IT
• Consumerization
• Storage Growth
• Social Computing
• Data Centers
• Emerging Threats
Tuesday, May 18, 2010
5. COMPUTING POWER
Today’s desktop computer can challenge an enterprise-
class server from just 5 years ago.
Tuesday, May 18, 2010
6. COMPUTING POWER
Today’s desktop computer can challenge an enterprise-
class server from just 5 years ago.
• Moore’s Law
• Multi-Core
• 64-Bit
• More power, smaller package
Tuesday, May 18, 2010
8. COMPUTING POWER
Today’s desktop computer can challenge an enterprise-
class server from just 5 years ago.
• Moore’s Law
• Multi-Core
• 64-Bit
• More power, smaller package
Tuesday, May 18, 2010
10. COMPUTING POWER
Today’s desktop computer can challenge an enterprise-
class server from just 5 years ago.
• Moore’s Law
• Multi-Core
• 64-Bit
• More power, smaller package
Tuesday, May 18, 2010
11. COMPUTING POWER
Today’s desktop computer can challenge an enterprise-
class server from just 5 years ago.
• Moore’s Law
• Multi-Core
• 64-Bit
• More power, smaller package
Tuesday, May 18, 2010
12. COMPUTING POWER
Today’s desktop computer can challenge an enterprise-
class server from just 5 years ago.
Auditing Impact
• What are we going to do with all this power?
• What if this power falls into the wrong hands?
Tuesday, May 18, 2010
13. VIRTUALIZATION
A data center in a box.
Tuesday, May 18, 2010
14. VIRTUALIZATION
A data center in a box.
• What is virtualization?
Tuesday, May 18, 2010
15. APP APP APP
OS OS OS
ESX
Tuesday, May 18, 2010
19. VIRTUALIZATION
A data center in a box.
Auditing Impact
• Where is my server?
• Where is my data?
• How can we leverage this technology to protect the
university’s data?
Tuesday, May 18, 2010
20. GREEN IT
Cost-containment, data security and environmental
impact are all factors driving interest
Tuesday, May 18, 2010
21. GREEN IT
Cost-containment, data security and environmental
impact are all factors driving interest
• Energy Efficiency
• Disposal
Tuesday, May 18, 2010
23. GREEN IT
Cost-containment, data security and environmental
impact are all factors driving interest
• Energy Efficiency
• Right Sizing
• Shared Resources
• Run Hotter
• Power-Off and Sleep
• Consolidated Data
Centers
Tuesday, May 18, 2010
24. GREEN IT
Cost-containment, data security and environmental
impact are all factors driving interest
• Disposal
• Reduce
• Reuse
• Recycle
Tuesday, May 18, 2010
25. GREEN IT
Cost-containment, data security and environmental
impact are all factors driving interest
Auditing Impact
• Who drives green?
• How do we incentivize green?
• What is being measured to be green?
• What has to be considered to responsibly and safely dispose
of equipment?
• Who gets your old computers? And do they get your old
data too?
Tuesday, May 18, 2010
26. 10 TRENDS
• Computing Power • Cloud Computing
• Virtualization • The Other Campus
Network
• Green IT
• Consumerization
• Storage Growth
• Social Computing
• Data Centers
• Emerging Threats
Tuesday, May 18, 2010
27. STORAGE GROWTH
Digital Data continues to grow exponentially creating
technical, security, and compliance challenges.
Tuesday, May 18, 2010
28. STORAGE GROWTH
Digital Data continues to grow exponentially creating
technical, security, and compliance challenges.
Technology Changes
• Enterprise Search – finding the • Encryption (CPU power)
needle has never been easier • De-duplication
• Snapshot Backups • Secure erase
• Solid-State Drives • File/Thin Virtualization
• Spin-down technologies
Continuous innovation (more, smaller, cheaper, faster)
Tuesday, May 18, 2010
29. STORAGE GROWTH
Digital Data continues to grow exponentially creating
technical, security, and compliance challenges.
Gigabyte 1000 Megabytes
Terabyte 1000 Gigabytes
Petabyte 1000 Terabytes
? 1000 Petabytes
Zettabyte 1000 Exabytes
Yottabyte 1000 Zettabytes
Tuesday, May 18, 2010
30. STORAGE GROWTH
Digital Data continues to grow exponentially creating
technical, security, and compliance challenges.
Why so much growth?
• Knowledge workers/students create • Medical data
and consume data • Security cameras
• Classroom content • Log data
• Research data creation, federation • Data replication for reliability and
• Data mining across disparate disaster recovery
sources, combining large • Backups
warehouses
• Archive
• Document Imaging
Digital world (music, photos, video, eBooks)
Tuesday, May 18, 2010
31. STORAGE GROWTH
Digital Data continues to grow exponentially creating
technical, security, and compliance challenges.
Enterprise Data Center Storage Growth
Industry Example
• 3,304 Petabytes shipped in Q409 +
33% from Q408 (source:IDC)
OUHSC Example
• Doubled every 18 months since
2002
• 76M emails archived
• ~1M new per week
• 4M files archived
Tuesday, May 18, 2010
32. STORAGE GROWTH
Digital Data continues to grow exponentially creating
technical, security, and compliance challenges.
Multiplier Example: Email
Primary Site Disaster Recovery
orig copy
archive
archive
b/u
b/u
Off-site storage
tape
Tuesday, May 18, 2010
33. STORAGE GROWTH
Digital Data continues to grow exponentially creating
technical, security, and compliance challenges.
Enterprise Spectrum of Management
Managed User Managed
Portable, mobile, office, desks, homes, laptops, bags,
protected in data center
purses
Rigorous daily operational procedures for small teams;
Varies with user - 10,000 users
backup, off-site storage, DR copies
Designed with compliance in mind, encryption, AUP,
Often bypasses compliance
Data retention, eDiscovery, data destruction
1 Petabyte 10 Petabyte
Mixed use data, personal and university; sometimes
Data classification
confidential
Expensive, cost sharing to campus Individually inexpensive - costs often hidden or bundled
Understood risk, largely mitigated Risk is significant and widespread
Tuesday, May 18, 2010
34. STORAGE GROWTH
Digital Data continues to grow exponentially creating
technical, security, and compliance challenges.
Auditing Impact
Where does University data reside? “Show me the data.”
How do we classify all of this data?
We have new tools that search for SSNs, account numbers, credit cards: What is it OK to do?
Are university policies and procedures relevant to the digital age?
With growing use of encryption, how do we recover important data?
How do we pay/chargeback departments, researchers, users for “managed” storage?
How do we “push forward” 1,000s of Terabytes of data across every changing technologies?
How do we verify data integrity over time?
Do the capabilities of the organization match the magnitude of the problem?
Tuesday, May 18, 2010
35. DATA CENTERS
Protect, power and cool your data and computing assets
with a strategy not just a facility.
Tuesday, May 18, 2010
36. DATA CENTERS
Protect, power and cool your data and computing assets
with a strategy not just a facility.
“Machine Rooms”
• OU HSC – 10 years ago IT primarily housed administrative
systems
• We built “machine room” data centers
• Retrofitted
• Multiple small rooms around campus
• Minimal redundancy
• We designated one of these on-campus as our “DR” site
Tuesday, May 18, 2010
37. DATA CENTERS
Protect, power and cool your data and computing assets
with a strategy not just a facility.
Then We Hit a Growth Spurt
• Compliance and closer attention to management and security because
hackers loved higher ed
• Consolidation of distributed servers
• Too difficult to secure servers in small closets/offices across campus
• For OU HSC, HIPAA response included moving PHI into our data
center
• Now located in the data center, applications and data grew rapidly
• Electronic medical applications and data
• High Performance Clusters (HPC) for research cyber infrastructure
• Security tools and technologies
Tuesday, May 18, 2010
38. DATA CENTERS
Protect, power and cool your data and computing assets
with a strategy not just a facility.
Growth Collides with Deficiencies
• Space
• All that compute power and
storage requires power and
generates heat
• Additional Cooling
• Service Availability
Tuesday, May 18, 2010
39. DATA CENTERS
Protect, power and cool your data and computing assets
with a strategy not just a facility.
User Expectations Up, Tolerance Down
Uptime % Downtime
3 days 15 hours
99%
36 minutes
8 hours 46
99.9%
minutes
99.99% 53 minutes
99.999% 5 minutes
Tuesday, May 18, 2010
40. DATA CENTERS
Protect, power and cool your data and computing assets
with a strategy not just a facility.
Data Center Options for Reliability & Availability
• Utility Feeds • Cooling Sources
• Generators • Cooling Units
• Battery Systems • N, N+1, 2N, 2(N+1)
• A + B Circuit Paths • Multiple Data centers
Multipliers = $$$$ = Business decision
Tuesday, May 18, 2010
41. DATA CENTERS
Protect, power and cool your data and computing assets
with a strategy not just a facility.
OU Data Center Strategy
Considerations
• Outsourcing given serious thought for Norman campus
• Container data centers are interesting – follow the energy
Planned
• Consolidating from machine rooms into two new, higher reliability centers –
one at Norman and one at OKC HSC
• Modular design – build in phases
• Modular reliability – build in pods
• DR across campuses instead of across buildings
Tuesday, May 18, 2010
42. DATA CENTERS
Protect, power and cool your data and computing assets
with a strategy not just a facility.
Auditing Impact
Facilities are the basic building blocks for availability and
security of IT assets and services – what is your institutional
strategy for data centers?
Do your campuses work closely together enough to
collaborate on a university strategy?
Are your business applications understood well enough for
IT to apply the appropriate facility reliability investments?
Tuesday, May 18, 2010
43. CLOUD COMPUTING
Your data and services are “out there” on the Internet
and may not be under your control.
Tuesday, May 18, 2010
44. CLOUD COMPUTING
Your data and services are “out there” on the Internet
and may not be under your control.
What is Cloud Computing?
• IT services delivered in an on-demand, subscription model relying on
economies of scale from (massively) shared services
• Cloud Computing is as much a business model as it is an IT architectural
and support model
• Promises to let you focus on your core business and forget about the
underlying technology (i.e. surrender control)
• Not new – combination of models taking advantage of technology
trends
• Often thought of today as a form of outsourcing – moving Email, ERP,
student systems – “out to the cloud”
Tuesday, May 18, 2010
45. CLOUD COMPUTING
Your data and services are “out there” on the Internet
and may not be under your control.
Not all clouds are the same
• Dominated by massive “Public Cloud” service providers like Google, Microsoft,
& Amazon
• Many small service providers use the Public Cloud model to deliver specialty
applications and services
• Large multi-site, multi-division enterprises are adopting the cloud model for
internal use building “Private Clouds”
• Don’t forget this is also a business model so these large enterprises typically
chargeback for IT services
• Hybrid Clouds integrate internal Private clouds with external Public cloud
services for elastic supply management and Disaster Recovery
Tuesday, May 18, 2010
46. CLOUD COMPUTING
Your data and services are “out there” on the Internet
and may not be under your control.
Cloud Computing & Higher Education
• Lots of interest, lots already in place today
• OUHSC uses hosted LMS, hosted specialty applications for
medical student management, IT service desk tools, IT security
monitoring services
• OU continues to evaluate student and alumni email services
• Important considerations for linking cloud services back to
campus for Identity Management, authentication, encryption
• OU is offering departments a growing number of services using a
private-cloud model
Tuesday, May 18, 2010
47. CLOUD COMPUTING
Your data and services are “out there” on the Internet
and may not be under your control.
Cloud Computing & Higher Education
• Example: Dropbox
Tuesday, May 18, 2010
48. CLOUD COMPUTING
Your data and services are “out there” on the Internet
and may not be under your control.
Auditing Impact
Can you find your data?
Was your data destroyed properly?
Who all has access?
Is the cloud-based service available when you need it?
Is the SLA your only auditable control?
What recourse do you have?
Mega providers are large, attractive targets for cyber-warfare
Globalization concerns – world unrest
Venture capital hotspot (think: dot-com) subsidizing costs for many
Tuesday, May 18, 2010
49. 10 TRENDS
• Computing Power • Cloud Computing
• Virtualization • The Other Campus
Network
• Green IT
• Consumerization
• Storage Growth
• Social Computing
• Data Centers
• Emerging Threats
Tuesday, May 18, 2010
50. THE “OTHER” CAMPUS NETWORK
The mobile provider network provides us with high speed
connectivity in the palms of our hands.
Tuesday, May 18, 2010
51. THE OTHER CAMPUS NETWORK
The mobile provider network provides us with high speed
connectivity in the palms of our hands.
High Speed Applications
• Security controls focused on
traditional networks that we own
and operate
• Mobile provider network is putting
high speed connectivity in the palm
of our hands
• LTE (Verizon & AT&T) and WiMAX
(Sprint) are the upcoming 4G
networks
• 1+ Mbps, one-way latency < 50
milliseconds
Tuesday, May 18, 2010
52. THE OTHER CAMPUS NETWORK
The mobile provider network provides us with high speed
connectivity in the palms of our hands.
• Growing reliance and expectation of
mobile provider networks
• Mobility as an enabler
• Users are doing more with their
smartphones
• Security controls of mobile devices
need heavier scrutiny
• Often security policies are
inconsistently enforced
• Business data will end up on
mobile devices
• Security controls often will not
carry over to mobile devices
Tuesday, May 18, 2010
53. THE OTHER CAMPUS NETWORK
The mobile provider network provides us with high speed
connectivity in the palms of our hands.
Network Perimeter
Tuesday, May 18, 2010
54. THE OTHER CAMPUS NETWORK
The mobile provider network provides us with high speed
connectivity in the palms of our hands.
Auditing Impact
What kinds of controls are available for the other campus network?
Are these controls verifiable? Have you verified that these controls
work?
What kind of networking will the university need to provide in the
future?
How do we control the access to the network in the classroom?
What is the network strategy for existing in a hybrid environment?
How do we balance investments across the two networks?
Tuesday, May 18, 2010
55. 10 TRENDS
• Computing Power • Cloud Computing
• Virtualization • The Other Campus
Network
• Green IT
• Consumerization
• Storage Growth
• Social Computing
• Data Centers
• Emerging Threats
Tuesday, May 18, 2010
56. CONSUMERIZATION
Employees & students are technology consumers and
they are blurring the lines between work and home.
Tuesday, May 18, 2010
57. CONSUMERIZATION
Employees & students are technology consumers and
they are blurring the lines between work and home.
"The consumerization of IT focuses on
how enterprises will be affected by and
can take advantage of new technologies
and models that originate and develop
in the consumer space, rather than in
the enterprise IT sector."
Gartner, 2009
Tuesday, May 18, 2010
58. CONSUMERIZATION
Employees & students are technology consumers and
they are blurring the lines between work and home.
Speed Usability
Connectivity Availability
Storage Reliability
Tuesday, May 18, 2010
59. CONSUMERIZATION
Employees & students are technology consumers and
they are blurring the lines between work and home.
Influences
• Samsung, the largest technology company in the world, sees half of its
revenue being generated by consumer devices.
• By 2013, mobile devices will outnumber PCs as the most common
device for accessing the web. Gartner, 2009
• In 2009, for the first time, the amount of data in text, e-mail messages,
streaming video, music and other services on mobile devices surpassed
the amount of voice data. New York Times, May 13, 2010
Tuesday, May 18, 2010
60. CONSUMERIZATION
Employees & students are technology consumers and
they are blurring the lines between work and home.
Auditing Impact
Synchronizing rapidly changing consumer technology with
organizational controls.
Complicates long term planning for the organization.
"Whack-a-mole" approach to managing new technology.
Presumptions of privacy
Tuesday, May 18, 2010
61. SOCIAL COMPUTING
People are living and working in shared, online spaces
with little concern for “institutional” needs.
Tuesday, May 18, 2010
62. SOCIAL COMPUTING
Much life is being lived in shared, online spaces with little
concern for “institutional” needs.
"Social computing is the way
people use technology to
interact and create
communities..."
Gartner 2008
Tuesday, May 18, 2010
63. SOCIAL COMPUTING
Much life is being lived in shared, online spaces with little
concern for “institutional” needs.
Why Social Computing? How are They Used?
•Low Barrier To Usage •In The Classroom: Ustream/
•Alerting YouTube For Lecture Capture
•Staying Up With Current •I Hate Ozone
Activities •Microblogging/Activity
•Self-organization Stream
•Unexpected Connections
Tuesday, May 18, 2010
64. SOCIAL COMPUTING
Much life is being lived in shared, online spaces with little
concern for “institutional” needs.
Tuesday, May 18, 2010
65. SOCIAL COMPUTING
Much life is being lived in shared, online spaces with little
concern for “institutional” needs.
Auditing Impact
Flow of information into and out of the institution.
Communities of interest will extend beyond organizational
boundaries
Life-Work: Balance vs. Conflict
Tuesday, May 18, 2010
66. 10 TRENDS
• Computing Power • Cloud Computing
• Virtualization • The Other Campus
Network
• Green IT
• Consumerization
• Storage Growth
• Social Computing
• Data Centers
• Emerging Threats
Tuesday, May 18, 2010
67. EMERGING THREATS
The nature and capability of threats have reached a new
level of sophistication and impact.
Tuesday, May 18, 2010
68. EMERGING THREATS
The nature and capability of threats have reached a new
level of sophistication and impact.
In the Year 2000
ILOVEYOU virus
VBScript worm
Used Outlook email to mass mail
itself to all of your contacts
Executes a password-stealing trojan
Infected 10,000,000+ systems
Estimated 5.5 billion in damages
Tuesday, May 18, 2010
69. EMERGING THREATS
The nature and capability of threats have reached a new
level of sophistication and impact.
How malware has changed
Motivation: from credibility to profit
Internet Safety: nothing is safe
Blending into the crowd: using standard ports (http/https)
Control Structure: IP whack-a-mole
Sophistication: packed, obfuscated, self-protecting, stealth,
encryption
Tuesday, May 18, 2010
70. EMERGING THREATS
The nature and capability of threats have reached a new
level of sophistication and impact.
Next level malware: Torpig
Targets financial data via phishing
(300 banks preconfigured)
!"#$%&$'()$*(+$,-$,( ;,/-$<=>(;5?"@5A'(
Waits for user to visit site +$,-$,(
:$*,55&(898(+$,-$,(
Inserts fake forms onto page C(
B(
45,6/7(898(+$,-$,(
./%01(23$,(
Tuesday, May 18, 2010
71. EMERGING THREATS
The nature and capability of threats have reached a new
level of sophistication and impact.
Next level malware: Torpig
Targets financial data via phishing
(300 banks preconfigured)
!"#$%&$'()$*(+$,-$,( ;,/-$<=>(;5?"@5A'(
Waits for user to visit site +$,-$,(
D( :$*,55&(898(+$,-$,(
Inserts fake forms onto page C( E( F(
B( G(
45,6/7(898(+$,-$,(
./%01(23$,(
Tuesday, May 18, 2010
72. EMERGING THREATS
The nature and capability of threats have reached a new
level of sophistication and impact.
Next level malware: Torpig
Targets financial data via phishing
(300 banks preconfigured)
!"#$%&$'()$*(+$,-$,( ;,/-$<=>(;5?"@5A'(
Waits for user to visit site +$,-$,(
D( :$*,55&(898(+$,-$,(
Inserts fake forms onto page C( E( F(
B( G(
H(
45,6/7(898(+$,-$,(
I(
J(
./%01(23$,( BK(
Tuesday, May 18, 2010
75. EMERGING THREATS
The nature and capability of threats have reached a new
level of sophistication and impact.
Next level malware: Torpig
Incredibly sophisticated design
Persists across reboots
!"#$%&$'()$*(+$,-$,( ;,/-$<=>(;5?"@5A'(
+$,-$,(
Shifts cmd+control server
domain based on Twitter trendsC( :$*,55&(898(+$,-$,(
Copies all user documentsB( to
HelpAssistant user 45,6/7(898(+$,-$,(
Very difficult to find
./%01(23$,(
Tuesday, May 18, 2010
76. EMERGING THREATS
The nature and capability of threats have reached a new
level of sophistication and impact.
Auditing Impact
Compromise will happen, are we prepared to respond?
Are you sure you know where the sensitive data resides?
What are the appropriate layers of defenses for these
threats?
Can we really give users rights to install software yet maintain
control of a system?
Tuesday, May 18, 2010
77. Auditing Impact & Discussion
• Are you sure you know where the sensitive data • Are university policies and procedures relevant to the
resides? digital age?
• Can we really give users rights to install software yet • With growing use of encryption, how do we recover
maintain control of a system? important data?
• What kinds of verifiable “controls” are available for the • How do we pay/chargeback departments, researchers,
other campus network? users for “managed” storage?
• What is the network strategy for existing in a hybrid • How do we “push forward” 1,000s of Terabytes of data
environment? across every changing technologies?
• What are we going to do with all this power? • How do we verify data integrity over time?
• What if this power falls into the wrong hands? • Do the capabilities of the organization match the
magnitude of the problem?
• Where is my server?
• Facilities are the basic building blocks for availability and
• Where is my data?
security of IT assets and services – what is your
• How can we leverage this technology to protect the institutional strategy for data centers?
university’s data?
• Do your campuses work closely together enough to
• Where does University data reside? “Show me the collaborate on a university strategy?
data.”
• Are your business applications understood well
• How do we classify all of this data? enough for IT to apply the appropriate facility reliability
• We have new tools that search for SSNs, account investments?
1
numbers, credit cards: What is it OK to do? • Can you find your data?
• Was your data destroyed properly?
Tuesday, May 18, 2010
78. Auditing Impact & Discussion
• Who all has access? • What is the network strategy for existing in a hybrid
environment?
• Is the cloud-based service available when you need it?
• Synchronizing rapidly changing consumer technology
• Is the SLA your only auditable control?
with organizational controls.
• What recourse do you have?
• Complicates long term planning for the organization.
• Mega providers are large, attractive targets for cyber-
• "Whack-a-mole" approach to managing new
warfare
technology.
• Globalization concerns – world unrest
• Presumptions of privacy
• Venture capital hotspot (think: dot-com) subsidizing
• Flow of information into and out of the institution.
costs for many
• Communities of interest will extend beyond
• What kinds of controls are available for the other
organizational boundaries
campus network?
• Life-Work: Balance vs. Conflict
• Are these controls verifiable? Have you verified that
these controls work? • Compromise will happen, are we prepared to
respond?
• How do we balance investments across the two
networks? • Are you sure you know where the sensitive data
resides?
• What kind of networking will the university need to
provide in the future? • What are the appropriate layers of defenses for these
threats?
• How do we “control” the access to the network in the
classroom? • Can we really give users rights to install software yet
Tuesday, May 18, 2010
2
79. 10 TRENDS & LOTS OF
QUESTIONS
Going forward, these trends will require close
collaboration to protect your university.
Users Audit IT
Admin
Compliance Security Legal & Finance
Tuesday, May 18, 2010
80. 10 TRENDS & LOTS OF
QUESTIONS
Going forward, these trends will require close
collaboration to protect your university.
T H A N K YO U !
Get the slides at http://bit.ly/b12iac
david-horton@ouhsc.edu
mark-ferguson@ouhsc.edu
ggwilson@ou.edu
kendallg@ou.edu
chris-jones@ouhsc.edu
Tuesday, May 18, 2010