Disaster Recover in the Cloud is a relatively new concept, and like many technology trends, there’s a lot of hype and misinformation out there. Steve Stavridis, Product Marketing Manager APAC at NetIQ recently presented on this topic at the Australia VMware vForum event, November 2012, in Sydney, Australia.
“Should you move your DR to the cloud?”. (Also available as a blog post series: http://bit.ly/UstUqb) captures what Steve spoke about in his presentation:
1. Should you move your DR to the cloud? (this post – introduction)
2. Nobody likes expensive insurance
3. Some DR fundamentals so we’re all on the same page
4. Virtualization has changed nearly everything …. including DR
5. Taking DR to the cloud
6. What are my cloud DR options?
7. The fundamentals of DR don’t change in the cloud (conclusion)
NetIQ's David Mount examines the rise of Social Media networks as identity brokers / providers. Using NYC.gov as the case study, David shows how it is easier to engage customers and give them personalized service or web experience. At the same time increasing customer satisfaction, participation, and decreasing desertion.
Bring Your Own Identity (BYOI) is the enabling of employees, customers, and constituents to use their own defined identities to access organizational resources and or entitlements. This trend is being embraced and extended to use individual social media identities. Organizations that embrace BYOI save on identity management costs as well as enable better directed marketing and communications. As all new trends, the question must come up 'Does BYOI come with hidden costs or exposures?'.
This deck covers the items you need to consider in order to move forward, including:
1) - Benefits of BYOI and why
2) - Potential downsides of blending organizational and personal identities? I.e: What is the potential privacy impact of using BYOI
3) - Issues that may arise with the use of non-organizational / personal identities while accessing information and entitlements?
4) - What can happen if a social identity is compromised? 5) - How can we use them securely?
Geoff Webb, Senior Director of Solution Strategy at NetIQ opens the NetIQ BrainShare 2014 keynote: "The Identity of Everything".
It is getting more difficult to deliver the systems, services and the access to information users expect and demand. Geoff discusses the challenges facing IT Departments today - Cloud, Mobile to name two - and the huge opportunities if we get it right.
The critical element is Identity. Geoff ask's "Who Are You?" - Learn more from Geoff in this the opening segment of NetIQ's BrainShare keynote and watch the presentation at: https://www.youtube.com/watch?v=bcGv7usNlO8
Scrubbing Your Active Directory Squeaky CleanNetIQ
Bytes Technology identified Active Directory issues within their customer base, so they brought in NetIQ as a strategic partner. This deck outlines how scrubbing your environment clean with the right tools and processes will help you keep your Active Directory environment consistent, manageable, auditable and efficient.
The on-going emergence of advanced persistent threats (APTs) and other sophisticated attacks have made it more difficult than ever to develop strategies for protecting IT systems. Further, the systems themselves are increasingly complex, increasing the potential for security gaps. In this deck, Garve Hays - Solution Acrhitect at NetIQ, outlines APTs and evaluating effective responses.
Presented at the Gartner Identity & Access Management Summit, London, Travis Greene discussed the opportunities and challenges of the Internet of Things (IoT), as well as the early indicators of what the IoT world will look like. He also addressed IoT security and privacy, and the critical role that identity will play in the future.
NetIQ's David Mount examines the rise of Social Media networks as identity brokers / providers. Using NYC.gov as the case study, David shows how it is easier to engage customers and give them personalized service or web experience. At the same time increasing customer satisfaction, participation, and decreasing desertion.
Bring Your Own Identity (BYOI) is the enabling of employees, customers, and constituents to use their own defined identities to access organizational resources and or entitlements. This trend is being embraced and extended to use individual social media identities. Organizations that embrace BYOI save on identity management costs as well as enable better directed marketing and communications. As all new trends, the question must come up 'Does BYOI come with hidden costs or exposures?'.
This deck covers the items you need to consider in order to move forward, including:
1) - Benefits of BYOI and why
2) - Potential downsides of blending organizational and personal identities? I.e: What is the potential privacy impact of using BYOI
3) - Issues that may arise with the use of non-organizational / personal identities while accessing information and entitlements?
4) - What can happen if a social identity is compromised? 5) - How can we use them securely?
Geoff Webb, Senior Director of Solution Strategy at NetIQ opens the NetIQ BrainShare 2014 keynote: "The Identity of Everything".
It is getting more difficult to deliver the systems, services and the access to information users expect and demand. Geoff discusses the challenges facing IT Departments today - Cloud, Mobile to name two - and the huge opportunities if we get it right.
The critical element is Identity. Geoff ask's "Who Are You?" - Learn more from Geoff in this the opening segment of NetIQ's BrainShare keynote and watch the presentation at: https://www.youtube.com/watch?v=bcGv7usNlO8
Scrubbing Your Active Directory Squeaky CleanNetIQ
Bytes Technology identified Active Directory issues within their customer base, so they brought in NetIQ as a strategic partner. This deck outlines how scrubbing your environment clean with the right tools and processes will help you keep your Active Directory environment consistent, manageable, auditable and efficient.
The on-going emergence of advanced persistent threats (APTs) and other sophisticated attacks have made it more difficult than ever to develop strategies for protecting IT systems. Further, the systems themselves are increasingly complex, increasing the potential for security gaps. In this deck, Garve Hays - Solution Acrhitect at NetIQ, outlines APTs and evaluating effective responses.
Presented at the Gartner Identity & Access Management Summit, London, Travis Greene discussed the opportunities and challenges of the Internet of Things (IoT), as well as the early indicators of what the IoT world will look like. He also addressed IoT security and privacy, and the critical role that identity will play in the future.
Today's IT environments are complex. You already have Micro Focus Open Enterprise Server and chances are you also have Windows - but it's not an either/or choice. Take a closer look and see why.
Kindred Healthcare is one of the nation’s most respected healthcare providers. Through its subsidiaries, Kindred operates multiple healthcare-related businesses across the United States, including hospitals, nursing centers, institutional pharmacies and a contract rehabilitation-services business.
In line with its stated corporate mission of "eliminating Japan's parking shortage and making things comfortable for our motorized society," Paraca offers an array of parking lot operation and management services, ranging from consulting to financing and business administration. Its company name is a mixture of Spanish and English, hinting at two meanings: "for cars" and "here are some parking spaces."
Paraca's mission-critical systems were running on servers in a data center in the Tokyo area. However, as part of its BCP, the company decided to relocate its backup-and-restore environment to the server room at its Osaka branch. Following this decision, it was looking for an efficient backup solution functioning between the Tokyo-area data center and the Osaka-branch server room, which were to be linked by an Internet virtual private network (VPN).
Read more here: https://www.netiq.com/success/stories/paraca.html
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
Across all these accounts, the University’s IT department must ensure rapid initial provisioning, reliable access to dozens of different academic and administrative systems, and high levels of security. It also aims to provide easy access to data and systems for students and staff and to make new applications available to them quickly. Increasingly, these new applications tend to be cloud-based, but students and staff expect to access them in the same way as they do local applications.
To accomplish all this with a relatively small team, the University needed a powerful set of tools for managing identities across multiple directories.
Read more here: https://www.netiq.com/success/stories/the-university-of-westminster.html
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
Between 700 and 1,000 new graduate students enroll at the London School of Hygiene & Tropical Medicine each year, and the organisation’s small IT team is responsible for creating user accounts for each student in ten or more course modules and eight main applications. Including all the inevitable amendments to module choices and personal details, this process was a month-long job for one IT staff member.
The process was inefficient and also delayed granting access to systems. Historically, students and staff also had to remember multiple credentials for accessing their applications. The School has approximately 20 core applications, and each user typically requires a subset of around 5. Additionally, the School provides authenticated federated access to 80 third-party online journals and databases. The organisation wanted to streamline access, and to reduce the incidence of forgotten passwords.
Read more here: https://www.netiq.com/success/stories/london-school-hygiene-tropical-medicine.html
Swisscard Saves Time and Effort in Managing User AccessNetIQ
User management was a difficult and time-consuming task at Swisscard. The Swiss credit company had to handle access rights to approximately 200 applications manually. A simple request from the business to give a new employee the same access rights as an existing employee required the IT team to first determine the existing access rights, and then laboriously apply them one by one to the new person.
Withdrawing access rights when an employee switched departments or left the company was equally difficult and presented a potential security risk. Swisscard wanted to standardize and, where practical, automate the provisioning and deprovisioning of users. Most important, Swisscard wanted to ensure easier and more efficient compliance with regulations. The company needed to comply with a large number of local and international regulations, and access rights to data and systems needed to be fully auditable.
Read more here: https://www.netiq.com/success/stories/swisscard.html
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
Managing access—to physical buildings, network resources and more than 100 corporate applications—for this workforce is extremely challenging. Contractors may work in different locations on contracts of various lengths, making it difficult for Vodacom to maintain an accurate view of access rights.
Previously, Vodacom relied on line managers to correctly provision and deprovision contractors. Vodacom wanted to close this potential security loophole and simplify and accelerate identity management, enabling zero- day starts for new employees and reducing administrative costs.
Read more here: https://www.netiq.com/success/stories/vodacom.html
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
Because of the University’s diverse computing environment, the IT staff had no means of performing realtime data analysis or creating reports adequate to ensure payment card industry (PCI) security compliance.
The University of Dayton found its solution in Sentinel™ Log Manager. It has been logging, analyzing and responding to an average of three million security events a day.
Read more here: https://www.netiq.com/success/stories/university-of-dayton.html
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
“We needed a system approach based around a business continuity plan (BCP),” said Masayuki Ozaki, systems administrator for NLM’s general planning department. “As part of that, we needed to come up with a reliable disaster recovery (DR) structure.”
NLM previously backed up its systems to tape and stored the tapes offsite. However, restoring service if a problem occurred was proving difficult. “There were several occasions when we couldn’t recover from backup when a server went offline,” said Ozaki.
Read more here: https://www.netiq.com/success/stories/nippon-light-metal-co-ltd.html
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
Nexus provides voice, video, data and convergence networking solutions in the United States and has the highest advanced technology attach rate of any U.S. National Cisco Partner. Nexus leverages its extensive experience in network integration to enable organizations to connect, collaborate and create.
As a managed service provider, delivering transparent and real-time information about the availability of their converged networks is critical for Nexus customers. Existing and prospective Nexus customers were beginning to request that Nexus deliver real-time service views to their network service performance. Additionally, Cisco was requiring Nexus to provide this higher level of service to maintain one of its Cisco certifications. Nexus had an existing homegrown solution but found maintaining a custom solution to be very manual. The customers’ desired level of information was also very hard to provide.
Read more here: https://www.netiq.com/success/stories/nexus.html
With more than 600 banking offices located in Indiana, Kentucky, Michigan, Ohio, Pennsylvania and West Virginia, Huntington Bank set out to improve customer service by consolidating customer data and presenting a unified customer view to its colleagues. Because regulatory mandates are constantly in flux, Huntington also needed a means to continually interpret them and implement control changes to ensure compliance. Of course, as Mark Edson, manager of Enterprise Desktop and Directory Services for Huntington Bank, acknowledged, “Merely complying with government regulations does not equate to good risk management. We also must be great custodians of our information assets.”
Read more here: https://www.netiq.com/success/stories/huntington-bank.html
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
As a professional services company that helps clients expand internationally, this organization maintains a staff of accountants, legal, financial, corporate secretarial, human resources (HR) and payroll professionals in over 70 countries.
To meet local and international audit requirements and protect its reputation, the company makes IT security one of its top priorities. To ensure the best approach to security across its global operations, the company undertook an audit and identified opportunities for improvement in its IT systems and processes.
Read more here: https://www.netiq.com/success/stories/professional-services-company.html
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
The history of Hanshan Normal University (HSNU) can be traced back to the Song Dynasty in 1090 B.C. Today, it employs 905 teachers and staff to educate 15,000 students. Without a university-wide standard, different departments in HSNU developed isolated identity management systems as the organization expanded.
This created significant challenges in administration and user provisioning. “Ensuring that user profiles were set consistently and accurately throughout the university was proving difficult,” said Feng Li, Network and Education Technology Centre Director at HSNU.
Read more here: https://www.netiq.com/success/stories/hanshan-normal-university.html
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
Handelsbanken is one of the largest banks in the Nordic region, with over 10,500 employees. According to a recent study by management consultants Arthur D. Little, Handelsbanken is the third most cost-effective bank in Europe.
As a company operating in the financial sector, Handelsbanken is subject to a variety of financial regulations such as Basel III. As a result, it is important for the bank to keep tight control over its internal processes, particularly its IT systems.
Read more here: https://www.netiq.com/success/stories/handelsbanken.html
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
The Datang Xianyi Technology Co., Ltd (DTXY) System Maintenance Team manages its parent company’s IT infrastructure, and maintains systems control and automation software in the group’s power plants. With numerous physical servers and network devices supporting a range of business systems, it was a challenge for DTXY to monitor and resolve security issues. The systems generated logs in a variety of formats scattered across the network, and IT didn’t have a central point of control. This made identifying and defending against threats difficult and time-consuming.
Read more: https://www.netiq.com/success/stories/datang-xianyi-technology.html
bluesource Uses NetIQ AppManager to Offer Standout Managed ServiceNetIQ
Five years ago, bluesource identified its clients’ growing need for a managed service offering that could assume responsibility for the daily management of a messaging environment. bluesource has built its business through strategic technology partnerships, and thus forged a strong relationship with NetIQ to build the foundations for this newest managed service.
Read more: https://www.netiq.com/success/stories/bluesource.html
Central Denmark Region Strengthens Administrative Security with Identity Mana...NetIQ
Central Denmark Region was created in 2007 as part of the Danish Municipal Reform, which consolidated 13 counties in to five groups. The administration employs 36,000 people and is responsible for provisioning healthcare to 1.2 million inhabitants.
Read more: https://www.netiq.com/success/stories/central-denmark-region.html
The findings of a recent survey, commissioned by NetIQ through IDG Connect, found that increased cloud-based software-as-a-service (SaaS) application use by businesses has led to more confidence amongIT decision-makers that corporate data is better secured now than it has been in the past.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Today's IT environments are complex. You already have Micro Focus Open Enterprise Server and chances are you also have Windows - but it's not an either/or choice. Take a closer look and see why.
Kindred Healthcare is one of the nation’s most respected healthcare providers. Through its subsidiaries, Kindred operates multiple healthcare-related businesses across the United States, including hospitals, nursing centers, institutional pharmacies and a contract rehabilitation-services business.
In line with its stated corporate mission of "eliminating Japan's parking shortage and making things comfortable for our motorized society," Paraca offers an array of parking lot operation and management services, ranging from consulting to financing and business administration. Its company name is a mixture of Spanish and English, hinting at two meanings: "for cars" and "here are some parking spaces."
Paraca's mission-critical systems were running on servers in a data center in the Tokyo area. However, as part of its BCP, the company decided to relocate its backup-and-restore environment to the server room at its Osaka branch. Following this decision, it was looking for an efficient backup solution functioning between the Tokyo-area data center and the Osaka-branch server room, which were to be linked by an Internet virtual private network (VPN).
Read more here: https://www.netiq.com/success/stories/paraca.html
The University of Westminster Saves Time and Money with Identity ManagerNetIQ
Across all these accounts, the University’s IT department must ensure rapid initial provisioning, reliable access to dozens of different academic and administrative systems, and high levels of security. It also aims to provide easy access to data and systems for students and staff and to make new applications available to them quickly. Increasingly, these new applications tend to be cloud-based, but students and staff expect to access them in the same way as they do local applications.
To accomplish all this with a relatively small team, the University needed a powerful set of tools for managing identities across multiple directories.
Read more here: https://www.netiq.com/success/stories/the-university-of-westminster.html
The London School of Hygiene & Tropical Medicine Accelerates and Streamlines ...NetIQ
Between 700 and 1,000 new graduate students enroll at the London School of Hygiene & Tropical Medicine each year, and the organisation’s small IT team is responsible for creating user accounts for each student in ten or more course modules and eight main applications. Including all the inevitable amendments to module choices and personal details, this process was a month-long job for one IT staff member.
The process was inefficient and also delayed granting access to systems. Historically, students and staff also had to remember multiple credentials for accessing their applications. The School has approximately 20 core applications, and each user typically requires a subset of around 5. Additionally, the School provides authenticated federated access to 80 third-party online journals and databases. The organisation wanted to streamline access, and to reduce the incidence of forgotten passwords.
Read more here: https://www.netiq.com/success/stories/london-school-hygiene-tropical-medicine.html
Swisscard Saves Time and Effort in Managing User AccessNetIQ
User management was a difficult and time-consuming task at Swisscard. The Swiss credit company had to handle access rights to approximately 200 applications manually. A simple request from the business to give a new employee the same access rights as an existing employee required the IT team to first determine the existing access rights, and then laboriously apply them one by one to the new person.
Withdrawing access rights when an employee switched departments or left the company was equally difficult and presented a potential security risk. Swisscard wanted to standardize and, where practical, automate the provisioning and deprovisioning of users. Most important, Swisscard wanted to ensure easier and more efficient compliance with regulations. The company needed to comply with a large number of local and international regulations, and access rights to data and systems needed to be fully auditable.
Read more here: https://www.netiq.com/success/stories/swisscard.html
Vodacom Tightens Security with Identity Manager from NetIQNetIQ
Managing access—to physical buildings, network resources and more than 100 corporate applications—for this workforce is extremely challenging. Contractors may work in different locations on contracts of various lengths, making it difficult for Vodacom to maintain an accurate view of access rights.
Previously, Vodacom relied on line managers to correctly provision and deprovision contractors. Vodacom wanted to close this potential security loophole and simplify and accelerate identity management, enabling zero- day starts for new employees and reducing administrative costs.
Read more here: https://www.netiq.com/success/stories/vodacom.html
University of Dayton Ensures Compliance with Sentinel Log ManagerNetIQ
Because of the University’s diverse computing environment, the IT staff had no means of performing realtime data analysis or creating reports adequate to ensure payment card industry (PCI) security compliance.
The University of Dayton found its solution in Sentinel™ Log Manager. It has been logging, analyzing and responding to an average of three million security events a day.
Read more here: https://www.netiq.com/success/stories/university-of-dayton.html
Nippon Light Metal Forges a Disaster Recovery Solution with NetIQNetIQ
“We needed a system approach based around a business continuity plan (BCP),” said Masayuki Ozaki, systems administrator for NLM’s general planning department. “As part of that, we needed to come up with a reliable disaster recovery (DR) structure.”
NLM previously backed up its systems to tape and stored the tapes offsite. However, restoring service if a problem occurred was proving difficult. “There were several occasions when we couldn’t recover from backup when a server went offline,” said Ozaki.
Read more here: https://www.netiq.com/success/stories/nippon-light-metal-co-ltd.html
Nexus Differentiates Itself and Grows Its Capabilities with Operations CenterNetIQ
Nexus provides voice, video, data and convergence networking solutions in the United States and has the highest advanced technology attach rate of any U.S. National Cisco Partner. Nexus leverages its extensive experience in network integration to enable organizations to connect, collaborate and create.
As a managed service provider, delivering transparent and real-time information about the availability of their converged networks is critical for Nexus customers. Existing and prospective Nexus customers were beginning to request that Nexus deliver real-time service views to their network service performance. Additionally, Cisco was requiring Nexus to provide this higher level of service to maintain one of its Cisco certifications. Nexus had an existing homegrown solution but found maintaining a custom solution to be very manual. The customers’ desired level of information was also very hard to provide.
Read more here: https://www.netiq.com/success/stories/nexus.html
With more than 600 banking offices located in Indiana, Kentucky, Michigan, Ohio, Pennsylvania and West Virginia, Huntington Bank set out to improve customer service by consolidating customer data and presenting a unified customer view to its colleagues. Because regulatory mandates are constantly in flux, Huntington also needed a means to continually interpret them and implement control changes to ensure compliance. Of course, as Mark Edson, manager of Enterprise Desktop and Directory Services for Huntington Bank, acknowledged, “Merely complying with government regulations does not equate to good risk management. We also must be great custodians of our information assets.”
Read more here: https://www.netiq.com/success/stories/huntington-bank.html
Professional Services Company Boosts Security, Facilitates Compliance, Automa...NetIQ
As a professional services company that helps clients expand internationally, this organization maintains a staff of accountants, legal, financial, corporate secretarial, human resources (HR) and payroll professionals in over 70 countries.
To meet local and international audit requirements and protect its reputation, the company makes IT security one of its top priorities. To ensure the best approach to security across its global operations, the company undertook an audit and identified opportunities for improvement in its IT systems and processes.
Read more here: https://www.netiq.com/success/stories/professional-services-company.html
NetIQ Identity Manager Unites Hanshan Normal UniversityNetIQ
The history of Hanshan Normal University (HSNU) can be traced back to the Song Dynasty in 1090 B.C. Today, it employs 905 teachers and staff to educate 15,000 students. Without a university-wide standard, different departments in HSNU developed isolated identity management systems as the organization expanded.
This created significant challenges in administration and user provisioning. “Ensuring that user profiles were set consistently and accurately throughout the university was proving difficult,” said Feng Li, Network and Education Technology Centre Director at HSNU.
Read more here: https://www.netiq.com/success/stories/hanshan-normal-university.html
Handelsbanken Takes Control of Identity Management with NetIQNetIQ
Handelsbanken is one of the largest banks in the Nordic region, with over 10,500 employees. According to a recent study by management consultants Arthur D. Little, Handelsbanken is the third most cost-effective bank in Europe.
As a company operating in the financial sector, Handelsbanken is subject to a variety of financial regulations such as Basel III. As a result, it is important for the bank to keep tight control over its internal processes, particularly its IT systems.
Read more here: https://www.netiq.com/success/stories/handelsbanken.html
Millions of People Depend on Datang Xianyi Technology and NetIQNetIQ
The Datang Xianyi Technology Co., Ltd (DTXY) System Maintenance Team manages its parent company’s IT infrastructure, and maintains systems control and automation software in the group’s power plants. With numerous physical servers and network devices supporting a range of business systems, it was a challenge for DTXY to monitor and resolve security issues. The systems generated logs in a variety of formats scattered across the network, and IT didn’t have a central point of control. This made identifying and defending against threats difficult and time-consuming.
Read more: https://www.netiq.com/success/stories/datang-xianyi-technology.html
bluesource Uses NetIQ AppManager to Offer Standout Managed ServiceNetIQ
Five years ago, bluesource identified its clients’ growing need for a managed service offering that could assume responsibility for the daily management of a messaging environment. bluesource has built its business through strategic technology partnerships, and thus forged a strong relationship with NetIQ to build the foundations for this newest managed service.
Read more: https://www.netiq.com/success/stories/bluesource.html
Central Denmark Region Strengthens Administrative Security with Identity Mana...NetIQ
Central Denmark Region was created in 2007 as part of the Danish Municipal Reform, which consolidated 13 counties in to five groups. The administration employs 36,000 people and is responsible for provisioning healthcare to 1.2 million inhabitants.
Read more: https://www.netiq.com/success/stories/central-denmark-region.html
The findings of a recent survey, commissioned by NetIQ through IDG Connect, found that increased cloud-based software-as-a-service (SaaS) application use by businesses has led to more confidence amongIT decision-makers that corporate data is better secured now than it has been in the past.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Recovery As A Service: Should you move your Disaster Recovery to the Cloud?
1. Recovery As A
Service:
Should you
move your
Disaster
Recovery to the
cloud?
Steve Stavridis
Product Marketing Manager - APAC
steve.stavridis@netiq.com
Twitter: @sstavridis
2. Agenda
1. Intro to Disaster Recovery (DR)
2. Virtual Disaster Recovery
3. Taking Disaster Recovery to the Cloud
4. Recovery as a Service (RaaS) Options
5. How NetIQ enables RaaS?
2
4. Definition: Server Workload
Server workload:
• the contents of a server, including the operating
system, applications and data
4
5. What is Workload Protection?
Workload protection means:
1. Backup of entire server workloads,
2. Recovery of workloads to virtual machines
during an outage, and
3. Restore of workloads to their original
production locations after the outage.
5
6. Key Disaster Recovery Concepts
RPO: Recovery Point Objective
• A measure of maximum acceptable data loss in
terms of time (minutes, hours, days).
RTO: Recovery Time Objective
• The target maximum allowable time to recover
from an outage.
Availability tiers: 99.9%, 99.99%, Five 9’s, etc.
6
7. Key Disaster Recovery Concepts:
Downtime and Availability
Availability Maximum Maximum Cost Products Typical
Allowable Allowable RPO/RTO
Downtime Downtime
per Year per Month
90% (“one nine”) 36.5 days 72 hours
95% 18.25 days 36 hours 12-24 hours
99% (“two nines”) 3.65 days 7.2 hours
99.5% 1.83 days 3.6 hours
?? 15 minutes to
4 hours
99.9% (“three nines”) 8.76 hours 43.2 minutes
99.99% (“four nines”) 52.56 minutes 4.32 minutes <5 minutes
99.999% (“five nines”) 5.26 minutes 25.9 seconds
7
8. Traditional Disaster Recovery
$$$$ Offsite Replication
Expensive; requires a secondary
site, redundant hardware (which is
idle / under-utilized most of the time)
Cost Local Replication
Only good for individual server failure.
No protection against site failures.
Virtual
Disaster Vaulting (tape, imaging)
Recovery Recovery can take days or
weeks. Difficult to test.
$
Best RPO/RTO Worst
8
10. Get Back to Business As Usual Faster
Recovery Failback to Failback with
workload runs dissimilar sync to
on virtual hardware repaired
infrastructure hardware
Virtual recovery
(remote site)
Internal web server
Repaired Email server New web server
10
11. Trust Your Plans
Rapidly test Testing logged
Isolated testing
recovery for reporting
of recovery
workloads and
workloads
compliance
Virtual recovery
(remote site)
Internal web server
Email server
11
12. Maintain Control
Demonstrate Actionable Failure
policy alerts notification
compliance
Virtual recovery
(remote site)
Internal web server
Smart
Email server phone
12
13. Protect All Your Workloads
Windows Physical Universal
or Linux or Virtual Solution
Virtual recovery
(remote site)
.Net Application server
Block-based replication
LAMP server
File-based replication
13
15. Cloud-Based Disaster Recovery Delivery
Do-It-Yourself: Configure & manage
your own solution using public cloud
resources
Disaster Recovery-as-a-Service:
Prepackaged pay-as-you-go recovery
services to the cloud with specified RPO
& RTO SLAs
Cloud-to-Cloud Disaster Recovery:
Failover from one cloud environment to
Source: Forrester (March 2012)
another
15
16. Storage as a Service
Advantages
Fixed per-gigabyte
cost Disadvantages
Off-site cloud-based Data only, not workloads
storage Static storage can’t run
Scale up or down on server workloads
demand If a local outage occurs,
Service provider data needs to be copied
handles hardware to recovery environment
maintenance, backups first
16
17. Recovery as a Service (RaaS)
RaaS = Storage as a Service + IaaS
Advantages
Fixed per-gigabyte cost Protect whole
Off-site cloud-based workloads, not just data
storage Replicate to the cloud,
Scale up or down on recover and run in the
demand cloud
Service provider Live restore back to
handles hardware repaired data center
maintenance, backups
17
18. Cloud Based Workload Recovery
The benefits of offsite disaster recovery
at a fraction of the price
Offsite Replication Cloud Recovery
Recovery Minutes-Hours Minutes-Hours
Cost High: Fixed monthly price
• Disaster Recovery site
purchase / lease
• Redundant hardware
• Software licenses
• Setup & monitoring
Maintenance Hardware upgrades, None (done on the MSP side)
maintenance contracts
Flexibility New workloads need to wait Scale up or down on demand
for hardware orders
(or keep extra idle
18
hardware)
19. RaaS vs. Traditional Disaster Recovery
$$$$
Offsite Protection
Cost Local Protection
RaaS
Vaulting
$
Best RPO/RTO Worst
19
21. Private/Hybrid RaaS
• Dedicated backup hardware at service provider
premise
• Scale by adding hardware
• Hardware owned, managed, maintained by customer
or service provider
• Replicate workloads directly to offsite facility
• Run recovery workloads in dedicated environment
21
22. Public RaaS
Shared backup hardware at
service provider premise
Scale using service
provider’s resource pool
Hardware owned,
managed, maintained by
service provider
Replicate workloads
directly to offsite facility
Run recovery workloads in
shared environment
22
23. Cloud-Based DR Resources & Service Providers
Do-It-Yourself DR as a Service
Amazon Web Microsoft Windows
Services Azure / Geminaire
Microsoft Windows RackSpace
Azure CA
Rackspace Vodacom
Carpathia Hosting Bluefire
Hosting.com
Infoplex
23
25. NetIQ PlateSpin Protect
Software based workload protection for
Windows/Linux workloads
Physical
servers
Virtual
Image archives hosts
Blade Workload decoupled
servers from hardware
Backup to Incremental One-click
Easy to test
virtual machines replication failover
25
26. NetIQ PlateSpin Forge
All in one Disaster Recovery appliance for
Windows/Linux workloads
World’s first disaster recovery hardware appliance with
virtualization
Protects up to 25 workloads
Plug-in & protect solution for: PlateSpin Forge includes:
• Storage
• Medium enterprises
• Replication software
• Branch use for large enterprises
• Hypervisor
26
27. Should you move your DR to the Cloud?
Review your existing DR plan
• How well does it map to the RTO/RPO requirements
for servers/applications?
Rethink how you are doing DR today
• A good starting place to consider RaaS:
• The “other” or 80% category (under-insured servers)
• Start small with RaaS
• Choose a few servers and test to see if it makes sense
Building DR as a service offerings?
• NetIQ can help
Visit our booth
27
28. Thank You!
Check out our
FREE eBook:
5 Things You
Need to Know
Today About
Disaster Recovery
Planning
http://bit.ly/5DRSecrets
28
Editor's Notes
My name is Steve Stavridis and I am a Product Marketing Manager for NetIQ covering the Asia Pacific Region. I focus on our PlateSpin Disaster Recovery and server consolidation products.In my travels across the Asia Pacific region in recent months, I've been talking to several Managed Service/Cloud Providers and customers about Recovery as a Service.So today, I hope to share with you my views on “Recovery As A Service: Should you move your Disaster Recovery to the cloud?”Upon looking at the Agenda, I notice that some of the other vendors sponsoring this event are talking about this topic as well. I won’t comment on what is being covered in these other sessions but what I will say that:If you’re wanting to know about “Disaster Recovery in the cloud” thank you for coming today. You’ve chosen the right session … Disaster recovery in the cloud is a relatively new concept, and like many technology trends, there's a lot of hype and misinformation out there. Sit back, relax and I hope to make the session entertaining by sharing a story and telling some jokes of my mother in law – which you may or may not find entertaining!
So this is our Agenda that I have put together for our session today.To begin, we will take a look at some Disaster Recovery important concepts/acronyoms that are essential before delving into any Disaster Recovery discussion so we’re all on the same page We will look at the benefits of Virtual Disaster Recovery where we are able to leverage Disaster Recovery technologies to bridge the gap in traditional Disaster Recovery solutionsMoving on, we will take a look at how virtual Disaster Recovery has evolved into “Disaster Recovery in the cloud” – which is referred to as “Recovery as a service”What RaaS options are available today How can NetIQ help – what are some of the technologies that we offer that enable RaaS whether you are a user or a service provider here todayI will finish off by reviewing the question on “should you move your Disaster Recovery to the cloud” – how you can begin and which applications are a good fit for RaaS or “Disaster Recovery in the cloud”I will run for about 30 minutes and leave some time at the end for some questions.
Before delving any further, let’s go through some important Disaster Recovery important concepts/acronyms that are essential in any Disaster Recovery discussion so we’re all on the same page …….
The first is a Server workload.Workload:Workload – defineImportant today - Virtual & Physical – workload is decoupled from its underlying hardware – moves around – physical/virtual & cloudFurther in business - Workload /collection of workloads makes up a business service – what end-user consumes!Disaster Recovery is about protecting workloads whereas backup is about protecting data. In the event of an outage, we want to be able to bring up our entire server workload quickly and not just the data ……so server workload protection is key in Disaster Recovery .
Server workload protection is like having a spare tyre in your car.Disaster Recoveryaw analogy.Go through 3 steps.- Backup whole server workloads (data, application, operating system) into a warm standby consolidated virtual environment-Run the failed workloads directly off of the secondary system in the event of downtime in minutes- Restore the workload to original or new hardware in hoursImportant to failback ….several solutions on the market today are one way and don’t provide the fail back …. Keep running on your spare tire.Backup and restore is about protecting data. It covers steps 1 and 3 and struggles to adDisasterRecoveryess step 2 which is recovery – during the outage, how do I recover my workloads quickly so that users are able to continue to access business services.
So in Disaster Recovery – recovery is what its all about and we need a way to measure recovery time ….The 2 most important measures of recovery time are RPO & RTO.RPO - A measure of maximum acceptable data loss in terms of time (minutes, hours, days). An RPO of 4 hours means that the most recent backup has to be no more than 4 hours old at the time of an outage.RTO -The target maximum allowable time to recover from an outage. An RTO of 4 hours means systems have to be back up and operational no more than 4 hours after an outage.In addition to RTO & RPO, availability tiers are also important as they define uptime requirements or servers and applications, or maximum allowable downtime per year ……
So bringing together RTO, RPO and availability together, we essentially are able to map downtime and availability to Disaster Recovery technologies. Looking at the table up on the slide, what we realise is that traditional Disaster Recovery solutions today do a good job at adDisasterRecoveryessing opposite ends of the availability tiers leaving a big in the middle.Essentially high cost expensive duplication mirroring solutions provide near instantaneous recovery for servers that require 4 to 5 9’s availability. The trade-off is that these solutions are extremely expensive (clustering SAN replication and can be complex to manage).Low cost / low performance backup solutions tend to be used to for servers that can be offline for some time (one nine). The challenge with backup is that it really is about data restore and falls short for system recovery as a number of other things need to take place prior to bringing a system online.The gap in the middle is where traditional solutions fall short – the 15 minute to 4 hour recovery. More and more customers that I speak to are looking for an economical Disaster Recovery solution that fits in this recovery window.
So this gap in traditional disaster recovery is what Virtual Disaster Recovery technologies adDisasterRecoveryess.Virtualization has changed the way companies plan and execute disaster recovery (Disaster Recovery).The flexibility and consolidation in a virtual infrastructure makes virtual disaster recovery more efficient and cost-effective.With Virtual Disaster Recovery, we are able to achieve a low recovery time (low RPO/RTO ) that is close to replication at a price that is closer to backup.
1. So let’s take a look at the benefits of Virtual Disaster Recovery a little closer 2. and how they bridge this 15 minute to 4 hours recovery gap.
The first benefit of Virtual Disaster Recovery is that we can get back to business faster. We don’t want downtime that = days or weeks.We do this by quickly creating an image of our production servers in the virtual environment and in the event of an outage, we essentially “powering” then on as a virtual machine in our recovery environment.This is achieved by Production source workloads being automatically replicated into virtual machines inside the recovery environment.Any changes to the source workload can be replicated to the VM across the network at a particular time interval as defined by the recovery policy.In the event of a production workload outage, we can failover (recover) the workload to a VM allowing users to continue accessing the server and business to continue in a matter of minutes.In the event of the original server being repaired, we can restore the workload to the original location or we could potentially restore the workload to dissimilar hardware.
The second benefit is that we remove risk fromDisaster Recovery by being able to trust our Disaster Recovery plans. Virtual Disaster Recovery does this by allowing for simple testing to be done without affecting production servicesAs they say - "any recovery is as good as the last tested backup". Most customers using traditional Disaster Recovery that I speak to test their Disaster Recovery perhaps once or twice a year at best.With Virtual Disaster Recovery , testing Disaster Recovery is a case of powering on a protected workload’s virtual machine at the recovery site in an isolated environment. Testing can be done on this workload without affecting production and ensures that in the event of a disaster, we can trust that our workload will work and come online. We can also validate our RPO and RTO for the workload.
The third benefit is that we can maintain control of Disaster Recovery by:Being able to demonstrate policy compliance that our production servers are protected (by simply running a report or logging into the Virtual Disaster Recovery system)In the event of a production workload outage, actionable alerts or failure notifications can be sent via email or to smart phone devices.Administrators can then initiate a failover operation remotely without even being onsite.With the control we have in Virtual Disaster Recovery, we can facilitate better management of our disaster recovery plan.And generate reports that you’re actually meeting your RPO’s and RTO’s as defined by the business.
The flexibility and consolidation in a virtual infrastructure makes virtual disaster recovery ideal for protecting all workloads – both virtual & physical running Windows & Linux.Virtual Disaster Recovery allows for a Universal solution allowing customers to leverage existing VMware infrastructure they may already own to provide a smarter, faster way to replicate and protect whole server workloads.
So extending on Virtual Disaster Recovery, I would like to take a look at its natural evolution in taking Disaster Recovery to cloud ….
So what is cloud based Disaster Recovery?Theterm "cloud-based disaster recovery" is very broad and there are many definitions.Forrester research have summarised it quite well and Cloud Based Disaster Recovery delivery falls into one of three categories being:1) Do-it-yourself (DIY): Using the public cloud to architect a custom failover solution leveraging the agility and speed of the cloud.2) Disaster Recovery-as-a-service (Disaster RecoveryaaS): Prepackaged services that provide a standard Disaster Recovery failover to a cloud environment that you can buy on a pay-per-use basis with varying rates based upon your recovery point objective (RPO) and recovery time objective (RTO). Data is either sent using backups or replication.The 3rd and more advanced … referred to as the silver lining in Cloud Disaster Recovery is 3)Cloud-to-cloud disaster recovery (C2C Disaster Recovery): The ability to failover infrastructure from one cloud data center to another, either within a single vendor's environment or across multiple vendors.I will focus on the second category being Disaster Recovery-as-a-service and take a look at how it’s evolved.
The first approach to Disaster Recovery-as-service or Disaster Recovery in the cloud is via Storage-as-a-service.Storage-as-a-service is essentially where an enterprise rents storage capacity from a cloud service provider at a fixed per-gigabyte cost. Instead of paying for hardware, physical storage space and personnel to manage the storage, an enterprise can effectively only pay for the capacity they consume and scale this up or down based on demand. This provides significant cost savings.The challenge when using Storage-as-a-service for Disaster Recovery is that just copying data to the cloud is not true recovery.If a local outage occurs, data needs to be copied to a recovery environment adding time and complexity to the recovery process.The core feature required of any cloud-based recovery is theability to actually recover the entire server workloads at the providers' location using their cloud assets.
This is where Recovery-as-service comes in.RaaS is the combination of SaaS and IaaSand offers enterprises the ability recover the entire server workloads at the providers' location using their cloud assets.RaaS includes the same advantages as Storage-As-a-Service – the main difference is that the entire server workload is protected and not just the data. So in terms of Disaster Recovery, RaaS is ideal as the entire workload is replicated, recovered and run in the cloud – in the event of an outage.
So RaaS is about cloud-based workload recovery.It provides the benefits of traditional offsite recovery at a fraction of the price!Cloud based workload recovery has the potential to adDisasterRecoveryess many of these concerns with traditional approaches. Cost being the main concern - by eliminating significant hardware and maintenance costs, they cut out large upfront capital expenses. Disaster Recovery then becomes a flexible, pay-as-you-go operating expense, where companies only pay for the capacity they consume, and can fine-tune or terminate services altogether on demand.Flexibility is next. Making the process easier, they can enable many overburdened IT organizations to actually get a Disaster Recovery solution deployed in the first place. Without having to wait for new hardware or software to come online.All in all, cloud-based workload recovery moves the discussion from data centre space and hardware to one about cloud capacity planning.
Earlier we saw the gap the Virtual Disaster Recovery fills when compared to traditional disaster recovery.RaaS is the next evolution of Virtual Disaster Recovery.By combining the benefits virtual infrastructure and cloud, RaaSoffers the befits of offsite Disaster Recovery at a fraction of the price!
So the benefits are great, what RAAS options are available today ?
The first option is Private / Hybrid RaaS.Essentially, this option involves dedicated backup hardware that is not shared between customers.The dedicated hardware resides at the service provider premises and is either owned/managed/maintained by the Service Provider or the customer.The workloads are replicated to the offsite facility and in the event of an outage, the workloads are recovered and run in the dedicated recovery environment.
The secondoption is Public RaaS.Essentially, this option involves shared backup hardware that is shared between customers. Or what is referred to as a Multi-tennented environment.The shared hardware resides at the service provider premises and is owned/managed/maintained by the Service Provider.The workloads are replicated to the offsite facility and in the event of an outage, the workloads are recovered and run in the shared recovery environment.
In the market, there are quite a few Disaster Recovery service providers.I have named a few up on the slide. Locally, it is interesting to observe what BlueFire and InfoPlex offer in terms of their Disaster Recovery-as-a-service offerings. They are both sponsors at this event so its worth having a chat with the guys at their booths about their Disaster Recovery-as-a-service offerings.
So whether you a customer or a Managed Service Provider, NetIQ provides relevant technology whether you’re investigating Virtual Disaster Recovery or looking at RaaS options.
The first is NetIQ PlateSpin Protect.PlateSpin Protect leverages the VMware infrastructure you already own to provide a smarter, faster way to replicate and protect whole server workloads – both physical and virtual.
The second isPlateSpin Forge.PlateSpin Forge is the PlateSpin Protect Software in the form of an appliance.It is a simple & inexpensive Disaster Recovery appliance for protecting up to 25 windows or Linux workloads per appliance.If you are looking at a private/hybribRaaS, Forge is ideal as the appliance can quickly be installed as a dedicated appliance installed at the service providers premises.Talk about success of Forge across APAC and customer verticals.
So to finish up, I will go back to the question in my presentation title: Should you move your Disaster Recovery to the cloud?Gartner states that by 2014, over 30% of midsize companies will have adopted Disaster Recovery in the cloud or recovery-as-a-service. Whether your business can take advantage of the benefits of RaaS will depend on taking a hard look at your Disaster Recovery needs and matching them to a service that fits.Whether you’re looking at traditional or RaaS solutions, the fundamentals of Disaster Recovery don’t change.It begins with a Disaster Recovery plan. When was the last time you looked at your Disaster Recovery plan? How well does it map to the RTO/RPO requirements for servers/applications ?In the event of an outage, how confident are you that your services will come back online as you expect ?RaaS – provides you with an opportunity to rethink how you are doing Disaster Recovery today.The other “80 %” that our friend Geoffrey neglected in his insurance policy, the non mission critical servers is a good place to start when considering RaaSPerhaps start small – choose a few servers – and test it to see if it makes sense for your business.If you’re a Service Provider building Private/Public Disaster Recovery in the cloud offerings, our PlateSpin technology is cloud ready and allows you to build RaaS offering into your portfolio.I will finish up by saying that implementing a Disaster Recovery solution is never simple. The emergence of cloud-based Disaster Recovery services can make it much easier, affordable and reliable. Let’s have a chat at the end of the session or visit our booth to further the conversation.