Archive

Author Archive

See You At Structure09 and Cisco Live!

June 18th, 2009 No comments

I managed to squeak out some additional time at the end of my first docking with the Mothership in San Jose next week such that I can attend Cisco Live!/Networkers the week after.  I’ll be at Live! up to closing on 7/1.

It will be a great opportunity to meet a bunch of Cisco folks, partners and customers…not to mention reunite with my best friend from high school whom I have not seen/heard from in twenty years 😉

If you’re going to be there, let’s either organize a tweet-up (@beaker) or a blog-down…

Contact information is in the right-hand galley, down toward the bottom.

/Hoff

Categories: Cisco Tags:

Incomplete Thought: The Opportunity For Desktop As a Service – The Client Cloud?

June 16th, 2009 8 comments

Please excuse me if I’m late to the party bringing this up…

We talk a lot about the utility of Public Clouds to enable the cost-effective and scalable implementation of “server” functionality, whether that’s SaaS, PaaS, or IaaS model, the concept is pretty well understood: use someone else’s infratructure to host your applications and information.

As it relates to the desktop/client side of Cloud, we normally think about hosting the desktop/client capabilities as a function of Private Cloud capabilities; behind the firewall.  Whether we’re talking about terminal service-like capabilities and VDI, it seems to me people continue to think of this as a predominantly “internal” opportunity.

I don’t think people are talking enough about the client side of Cloud and desktop as a service (DaaS) and what this means:

If the physical access methods continue to get skinnier (smart phones, thin clients, client hypervisors, virtual machines, etc.) is there an opportunity for providers of Infrastructure as a Service to host desktop instances outside a corporate firewall?  If I can take advantage of all of the evolving technology in the space and couple it with the same sorts of policy advancements, networking and VPN functionality to connect me to IaaS server resources running in Private or Public Clouds, isn’t that a huge opportunity for further cost savings, distributed availability and potentially better security?

There are companies such as Desktone looking to do this very thing in a way to offset the costs of VDI and further the efforts of consolidation.  It makes a lot of sense for lots of reasons and despite my lack of hands-on exposure to the technology, it sure looks like we have the technical capability to do this today.   Dana Gardner wrote about this back in 2007 and it’s as valid a set of points then as it is now — albeit with a much bigger uptake in Cloud:

The stars and planets finally appear to be aligning in a way that makes utility-oriented delivery of a full slate of client-side computing and resources an alternative worth serious consideration. As more organizations are set up as service bureaus — due to such  IT industry developments as ITIL and shared services — the advent of off the wire everything seems more likely in many more places

I could totally see how Amazon could offer the same sorts of workstation utility as they do for server instances.

Will DaaS be the next frontier of consolidation in the enterprise?

If you’re considering hosting your service instances elsewhere, why not your desktops?  Citrix and VMware (as examples) seem to think you might…

/Hoff

Cloud Computing Security: (Orchestral) Maneuvers In the Dark?

June 14th, 2009 8 comments

OMDLast week Kevin L. Jackson wrote an insightful article titled: Cloud Computing: The Dawn of Maneuver Warfare in IT Security.  I enjoyed Kevin’s piece but struggled with how I might respond: cheerleader or pundit.  I tried for a bit of both while I found witty references to OMD.*

Kevin’s essay is an interesting — if not hope-filled — glimpse into what IT Security could be as enabled by Cloud Computing and virtualization, were one to be able to suspend disbelief due to the realities of hefty dependencies on archaic protocols, broken trust models and huge gaps in technology and operational culture.  Readers of my blog will certainly recognize this from “The Four Horsemen of the Virtualization Security Apocalypse” and “The Frogs Who Desired a King: A Virtualization and Cloud Computing Security Fable

To the converse, I’ve certainly also done my fair share of trying to change the world both by thought and action in the stance of “cheerleader”; I’ve been involved in everything from massive sensornet deployments to developing AI/Neural Networking based security technologies, so I think I’ve got a fair idea of what the balance looks like.  The salty pragmatist often triumphs, however…

Kevin’s article represents a futurist’s view, which is in no way a bad thing, but I fear it is too far disconnected from the realities of security and operational maturity outside of the navel:

The lead topic of every information technology (IT) conversation today is cloud computing. The key point within each of those conversations is inevitably cloud computing security.  Although this trend is understandable, the sad part is that these conversations will tend to focus on all the standard security pros, cons and requirements. While protecting data from corruption, loss, unauthorized access, etc. are all still required characteristics of any IT infrastructure, cloud computing changes the game in a much more profound way.

Certainly Cloud is a game changer, but just because the rules change does not mean the players do.  We haven’t solved those issues as they pertain to non-virtualized or Cloud infrastructure, so while sad, it’s a crushing truth we have to address.  Further, to get from “here” to “there,” we do need to focus on these issues because that is how we are measured today; most of us don’t get to start from scratch.

To that point, check out “Incomplete Thought: Cloud Security IS Host-Based…At The Moment” for why this gap exists in the first place.

I should make it clear that this does not mean I necessarily disagree with the exploration of Kevin’s future state, in fact I’ve written about it in various forms several times, but it’s important to separate what Cloud will deliver from a security perspective in the short term from the potential of what it can possibly deliver in the long term; this applies to both the cultural and technical perspectives.

I think the most significant challenges I had in reading Kevin’s article revolved around three things:

  1. Mixing tenses in some key spots seemed to imply that out of the box today, Cloud Computing can deliver on the promises Kevin is describing now.  Given the audience, this can lead to unachievable expectations
  2. The disconnect between the public, private and military sectors with an over-reliance on military analogies as a model representing an ideal state of security operations and strategy can be startling
  3. Unrealistic portrayals of where we are with the maturity of Cloud/virtualization mobility, portability, interoperability and security capabilities

In the short term, there are certainly incremental improvements will occur with respect to security thanks to the “lubricant-like” functionality provided by virtualization and Cloud.

These “improvements” however represent gains mostly in automation of manual processes and a resultant increase in efficiency rather than a dramatic improvement in survivability or security given what we have to work with today.

The lack of heterogeneous closed-loop autonomics, governance and orchestration in conjunction with the fact that a huge amount of infrastructure and applications are not virtualization- or Cloud-ready means this picture a vision, not a mission.

Kevin juxtaposes the last few decades of static, Maginot Line IT/Information Security “defense-in-depth” strategy with the unpredictable and “agile, hostile and mobile” notions of military warfighter maneuvers to compare and contrast what he suggests Cloud will deliver with an enlightened state of security capabilities:

Until now, IT security has been akin to early 20th century warfare.  After surveying and carefully cataloging all possible threats, the line of business (LOB) manager and IT professional would debate and eventually settle on appropriate and proportional risk mitigation strategies. The resulting IT security infrastructures and procedures typically reflected a “defense in depth” strategy, eerily reminiscent of the French WWII Maginot line . Although new threats led to updated capabilities, the strategy of extending and enhancing the protective barrier remained. Often describe as an “arms race”, the IT security landscape has settled into ever escalating levels of sophisticated attack versus defense techniques and technologies. Current debate around cloud computing security has seemed to continue without the realization that there is a fundamental change now occurring. Although technologically, cloud computing represents an evolution, strategically it represents the introduction of maneuver warfare into the IT security dictionary.

The concepts of attrition warfare and maneuver warfare dominate strategic options within the military. In attrition warfare, masses of men and material are moved against enemy strongpoints, with the emphasis on the destruction of the enemy’s physical assets. Maneuver warfare, on the other hand, advocates that strategic movement can bring about the defeat of an opposing force more efficiently than by simply contacting and destroying enemy forces until they can no longer fight.

The US Marine Corps concept of maneuver is a “warfighting philosophy that seeks to shatter the enemy’s cohesion through a variety of rapid, focused, and unexpected actions which create a turbulent and rapidly deteriorating situation with which the enemy cannot cope.”   It is important to note, however, that neither is used in isolation.  Balanced strategies combine attrition and maneuver techniques in order to be successful on the battlefield.

The reality is that outside of the military, “shock and awe” doesn’t really work when you’re mostly limited to “compliance and three analysts with a firewall.”  Check out “Security & the Cloud — What Does That Even Mean?

Here’s where the reality distortion fields trumps the rainbows and unicorns:

With cloud computing, IT security can now use maneuver concepts for enhance defense. By leveraging virtualization, high speed wide area networks and broad industry standardization, new and enhanced security strategies can now be implemented. Defensive options can now include the virtual repositioning of entire datacenters. Through “cloudbursting”, additional compute and storage resources can also be brought to bear in a defensive, forensic or counter-offensive manner. The IT team can now actively “fight through an attack” and not just observe an intrusion, merely hoping that the in-place defenses are deep enough. The military analogy continues in that maneuver concepts must be combined with “defense in depth” techniques into holistic IT security strategies.

Allow me to suggest that “fight[ing] through an attack” by simply redirecting/re-positioning the $victim isn’t really an effective definition of an “active countermeasure” anymore than waiting the attack out because there’s no offense, only defense.  There is no elimination of threat.  I’ve written about that a bit: Incomplete Thought: Offensive Computing – The Empire Strikes BackThinning the Herd & Chlorinating the Malware Gene Pool… and Everybody Wing Chun Tonight & “ISPs Providing Defense By Engaging In Offensive Computing” For $100, Alex. Mobility does not imply security.

To wit:

A theoretical example of how maneuver IT security strategies could be use would be in responding to a  denial of service attack launched on DISA datacenter hosted DoD applications. After picking up a grossly abnormal spike in inbound traffic, targeted applications could be immediately transferred to virtual machines hosted in another datacenter. Router automation would immediately re-route operational network links to the new location (IT defense by maneuver). Forensic and counter-cyber attack applications, normally dormant and hosted by a commercial infrastructure-as-a-service (IaaS) provider (a cloudburst), are immediately launched, collecting information on the attack and sequentially blocking zombie machines. The rapid counter would allow for the immediate, and automated, detection and elimination of the attack source.

To pick on this specific example, even given the relatively mature anti-DDoS capabilities we have today without virtualization or Cloud, simply moving resources around in response to an attack does nothing if the assets are bound to the same IP addresses and hostnames. Fundamentally, the static underpinnings holding the infrastructure together hinder this lofty goal.  You can Cloudburst till the cows come home, but the attacks will simply follow.  You transfer all those assets to a new virtual datacenter and for the most part, the bad traffic goes with it. Distributed intelligence can certainly reduce the pain, but with distributed botnets whose node counts can number in the millions, you’re not going to provide for the “…elimination of the attack source.”

With these large scale botnets as an example, the excess capacity and mobility of the $victim could even have unintended worse ramifications such as what I wrote about here: Economic Denial Of Sustainability (EDoS)

In closing, we’ve got two parallel paths of advancing technology: the autonomics of the datacenter and the evolution of security.  I’ll wager we’ll certainly see improvements in the former that are well out-of-phase and timing with the latter, not the least of which is due to what Kevin closed with:

This revolution, of course, doesn’t come without its challenges.  This is truly a cultural shift. Cloud computing provides choice, and in the context of active defense strategies, these choices must be made in real-time.  While the cloud computing advantages of self-service, automation, visibility and rapid provisioning can enable maneuver security strategies, successful implementation requires cooperation and collaboration across multiple entities, both within and without.
The cloud computing era is also the dawning of a new day in IT security.  In the not to distant future, network and IT security training will include both static and active IT security techniques. Maneuver warfare in IT security is here to stay.

It’s absolutely a cultural issue, but we must strive to be realistic about where we are with Cloud and security technology and capabilities as aligned.  As someone who’s spent the last 15 years in IT/Security, I can say that this is NOT the “…dawning of a new day in IT security,” rather it’s still dark out and will be for quite some time.  There is indeed opportunity to utilize Cloud and virtualization to react better, faster and more efficiently, but let’s not pretend we’re treating the problem when what we’re doing is making the symptoms less noticeable.

I am absolutely bullish on Cloud, but not Cloud Security as it stands, at least not until we make headway toward fundamentally fixing the foundational problems we have that allow the problems to occur in the first place.

/Hoff

* I thought that out of all of OMD’s tracks, the most apropos titles to match to this blog post would be “Pandora’s Box,” “Dreaming,” or “The New Stone Age” 😉  Thanks for the motivation, @csoandy

Hey, Uh, Someone Just Powered Off Our Firewall Virtual Appliance…

June 11th, 2009 11 comments

onoffswitchI’ve covered this before in more complex terms, but I thought I’d reintroduce the topic due to a very relevant discussion I just had recently (*cough cough*)

So here’s an interesting scenario in virtualized and/or Cloud environments that make use of virtual appliances to provide security capabilities*:

Since virtual appliances (VAs) are just virtual machines (VMs) what happens when a SysAdmin spins down or moves one that happens to be your shiny new firewall protecting your production VMs behind it, accidentally or maliciously?  Brings new meaning to the phrase “failing closed.”

Without getting into the vagaries of vendor specific mobility-enabled/enabling technologies, one of the issues with VMs/VAs is that there’s not really a good way of designating one as being “more important” or functionally differentiated such as “security” or “critical application” that would otherwise ensure a higher priority for service availability (read: don’t spin this down unless…) or provide a topological dependency hierarchy in virtualized network constructs.

Unlike physical environments where system administrators (servers) are segregated from access to network and security appliances, this isn’t the case in virtual environments. In Cloud environments (especially public, multi-tenant) where we are often reliant only upon virtual security capabilities since we have no option for physical alternatives, this is an interesting corner case.

We’ve talked a lot about visibility, audit and policy management in virtual environments and this is a poignant example.

/Hoff

*Despite the silly notion that the Google dudes tried to suggest I equated virtualization with Cloud as one-in-the-same, I don’t.

Dear Mr. Schneier, I Was A Jackass & I’m Sorry…

June 10th, 2009 6 comments
Humble Pie

Humble Pie

This is a particularly difficult blog to write.  As humble as I try to be, I think I might have believed my own marketing for a while there.  I feel badly.

Ever since I wrote this piece titled “Dear Mr. Schneier, If Cloud Is Nothing New, Why Are You Talking So Much About It?” I’ve been churning on it.  I couldn’t put my finger on why I felt, well, guilty.

So here’s the rub: I added some petty color in that post that was rude and disrespectful to Bruce. Nothing major, but unnecessary.  Time to own it.

When I wrote it at 1:30am out of frustration with Bruce’s comments it seemed funny at the time.

Then I re-read it the next morning and thought to myself, “that was a bit pointed for no particular reason.”

I let it slide because I don’t make a habit of editing posts once they’re up and normally, it’s just part of the shtick.  I also figured he’d never read it anyway.

Then Bruce emailed me, and what he said, despite my own rationalization, really kicked me in the butt for days:

I linked to it from my blog post.  I did so because it was interesting, but almost didn’t because it was rude.  Honestly, your points are good enough to stand on their own.

Bruce

Wow.

I apologized poorly in email and annotated the post to say I was a dick, but that’s not enough because if what Bruce said is true — that my points are good enough to stand on their own — then I owe him the respect of removing the things that don’t need to be there — and shouldn’t have been in the first place.

So I’m going to do that.

You might think I’m overreacting or you might disagree with my actions as a betrayal of my supposed personality.  Doesn’t matter.  I should do better.

Thanks for the humility reminder, Bruce.

I still don’t agree with you, but I respect your right to an opinion.  Sorry for the snark.

/Hoff

Categories: Jackassery Tags:

Mark Masterson’s Brilliant Cloud Security Presentation

June 10th, 2009 3 comments

Have you ever seen a presentation or listened to a talk and thought “Wow. That person just clearly and brilliantly summarized all the things I wanted to say in a way I never could?”

I just had that experience.

I am working with Mark on a project and was sent a link to check out some of his musings.  One of them was titled “Risk and Security in the Enterprise Cloud.

It is, quite possibly, one of the best security presentations on Cloud I’ve seen.  It’s a fantastic merge of theoretical myth busting, information systems survivability, security models and Cloud.

Basically, it’s my entire blog of three years wrapped up into 120 slides presented in my favorite minimalist style.  Wow.  Humbling.

It’s freaking brilliant.

Please read it.

/Hoff

Apparently In The Government You Can Have Your Cloud & Eat It, Too…

June 9th, 2009 2 comments

I’m sure more details will emerge, but as written in Information Week, this story is just bizarre:

Less than a month and a half after coming out as federal cloud CTO, Patrick Stingley has returned to his role as CTO of the Bureau of Land Management*, with the General Services Administration saying the creation of the new role came too early. “It just wasn’t the right time to have any formalized roles and responsibilities because this is still kind of in the analysis stage,” GSA CIO Casey Coleman said in an interview today. “Once it becomes an ongoing initiative, it might be a suitable time to look at roles such as a federal cloud CTO, but it’s just a little premature.”

Cloud computing is a major initiative of federal CIO Vivek Kundra, and its importance was even outlined in an addendum to the president’s 2010 budget last month. Kundra introduced Google Apps to city employees in his former role as CTO of Washington, D.C., and has said that he believes cloud computing could be one way to cut the federal IT budget.

So Cloud Computing, despite all we hear about the Government’s demands for such services as a critical national initiative is “…still kind of in the analysis stage” and isn’t at the “…right time to have any formalized roles and responsibilities”?

Wow.

While Stingley is no longer the formal federal cloud CTO, he has by no means turned his attention away from cloud computing. As of last Thursday, he was still scheduled to give a presentation titled “Development Of A Federal Cloud Computing Infrastructure” at the Geospatial Service-Oriented Architecture Best Practices Workshop on Tuesday morning, though as CTO of the BLM, not as a representative of the GSA.

The GSA isn’t by any means taking its foot off the accelerator with cloud computing. However, Coleman wants to make sure it’s done in the right way. “As we formalize the cloud computing initiative, we will have a program office, we will have a governance model,” she said.

Despite the elimination — for now — of the federal cloud CTO role, Coleman said that it’s “fair to say” that the GSA will be taking a central role in pushing the Obama administration’s cloud computing initiative, noting that the GSA should be a “center of gravity” for federal government IT.

Perhaps this was simply lost in GovSpeak translation, but something does not compute here.  I’m very much for correcting missteps early, but what an absolutely confusing message to send: Cloud is uber-important, we’re moving full-steam ahead, but nobody — or at least not the GSA — is steering the ship?

What could go wrong?

Whether it was decided that the GSA was not the appropriate office to lead/govern the Federal Cloud efforts, they are amongst the most innovative:

The GSA is experimenting with cloud computing for its own internal use. For example, federal information Web site USA.gov is hosted via Terremark’s Enterprise Cloud infrastructure as a service product, which charges by capacity used. When it was time for renegotiation of its old hosting contract, the GSA opened the contract to bidders and ended up saving between 80% and 90% with Terremark on a multiyear contract worth up to $135 million.

It’s also possible that under the Obama administration, the GSA might begin playing more of a shared-services role in IT, as it does in building management. However, Coleman is coy about whether that’s likely to happen, saying only that it would depend on the goals of the administration and the incoming GSA administrator. Stingley is reported to have been thinking about how the GSA might build out a federal cloud that agencies could easily tap into.

There’s a back-story here…

Hoff

* Aha!  I figured it out. See the problem is that you can’t appoint the CTO from something called the Bureau of LAND Management and expect them to be able to manage CLOUDS!  Silly me!

Virtual Networking Battle Heating Up: Citrix Leads $10 Million Investment In Vyatta

June 9th, 2009 No comments

Those crafty Citrix chaps are at it again.

Last month I reported from Citrix Synergy about discussions I had with Simon Crosby and Ian Pratt about the Citrix/Xen Openswitch which is Citrix’s answer to the Cisco Nexus 1000v married to VMware’s vSphere.

Virtualization.com this morning reported that Vyatta — who describe themselves as the “open source alternative to Cisco” — just raised another round of funding, but check out who’s leading it:

Vyatta today announced it has completed its $10 million Series C round of financing led by Citrix Systems. The new funding round also includes existing investors, Comcast Interactive Capital, Panorama Capital, and ArrowPath Venture Partners. As part of the investment, Gordon Payne, senior vice president and general manager of the Delivery Systems Division at Citrix, has joined the Vyatta Board of Directors where he will assist the company in its next phase of development.

Today, Vyatta also announced that it has joined the Citrix Ready product verification program to create solutions for customers deploying cloud computing infrastructures.

Vyatta will use the funds for operating capital as the company scales its sales efforts and accelerates growth across multiple markets.

Vyatta runs on standard x86 hardware and can be virtualized with modern hypervisors, including the Citrix XenServer™ virtualization platform. Vyatta delivers a full set of networking features that allow customers to connect, protect, virtualize, and optimize their networks, improving performance, reducing costs, and increasing manageability and flexibility over proprietary networking solutions. Vyatta has been deployed by hundreds of customers world-wide in both virtual and non-virtual environments.

This is very, very interesting stuff indeed and it’s clear where Citrix has its sights aimed.  This will be good for customers, regardless of platform because it’s going to drive innovation even further.

The virtual networking stacks — and what they enable — are really going to start to drive significant competitive advantage across virtualization and Cloud vendors.  It’s ought to give customers significant pause when it comes to thinking about their choice of platform and integration.

Nicely executed move, Mr. Crosby.

/Hoff

SQUIRREL! I’m joining Cisco.

June 9th, 2009 10 comments

squirrel-xsmallFrom the Cisco Data Center Networks Blog:

So, for me, one of the best parts of working here at Cisco is the opportunity to work with some incredibly smart folks.  Today, I can add one more person to that group of folks—Christofer Hoff is joining the Cisco Data Center Solutions team.  Chris has built a solid reputation in the industry for domain expertise, forward thinking and incisive commentary blended with a healthy dose of wit.  I know Chris has the tenacity of a squirrel chasing an acorn, and I am personally quite pleased to welcome Chris to the team as I see he will add both depth and breadth to our efforts.  So, if you are not familiar with Chris, definitely check out his blog, Rational Survivability and you can also follow him on Twitter as @Beaker.

Thanks for the warm welcome, Omar.  I’m beyond psyched. Besides getting to work with some awesome friends, I finally get to hug a Nexus 7000.  Getting my fingers back in the pie with cutting-edge technology, partners and customers should translate into even more interesting things to discuss when appropriate.  I can’t wait.

To answer your question before you ask it: “Yes, Same blog time. Same blog channel. Now with extra datacenter fu.”

/Hoff

Categories: Career, Cisco Tags:

The Nines Have It…

June 8th, 2009 4 comments

fiveninesThere are numerous cliches and buzzwords we hear daily that creep into our lexicon without warrant of origin or meaning.

One of them that you’re undoubtedly used to hearing relates to the measurement of availability expressed as a percentage: the dreaded “nines.”

I read a story this morning on the launch of the “Stratus Trusted Cloud” that promises the following:

Since it is built on the industry’s most robust, scalable, fully redundant architecture, Stratus delivers unmatched performance, availability and security with 99.99% SLAs.

It’s interesting to note what 99.99% availability means within the context of an SLA — “four nines” means you have the equivalent of 52.6 minutes of resource unavailability per year.  That may sound perfectly wonderful and may even lead some to consider that this exceeds what many enterprises can deliver today (I’m interested in the veracity of these claims.)  However, I would ask you to consider this point:

I don’t have access to the contract/SLA to know whether this metric refers to total availability that includes both planned and unplanned downtime or only planned downtime.

This is pretty important, especially in light of what we’ve seen with other large and well-established Cloud service providers who offer similar or better  SLA’s (with or without real fiscal repercussion) and have experienced unplanned outages for hours on end.

Is four nines good enough for your most critical applications?  Do you measure this today?  Does it even matter?

/Hoff


Here’s a handy Wikipedia reference on availability table you can print out:

Availability % Downtime per year Downtime per month* Downtime per week
90% 36.5 days 72 hours 16.8 hours
95% 18.25 days 36 hours 8.4 hours
98% 7.30 days 14.4 hours 3.36 hours
99% 3.65 days 7.20 hours 1.68 hours
99.5% 1.83 days 3.60 hours 50.4 minutes
99.8% 17.52 hours 86.23 minutes 20.16 minutes
99.9% (“three nines”) 8.76 hours 43.2 minutes 10.1 minutes
99.95% 4.38 hours 21.56 minutes 5.04 minutes
99.99% (“four nines”) 52.6 minutes 4.32 minutes 1.01 minutes
99.999% (“five nines”) 5.26 minutes 25.9 seconds 6.05 seconds
99.9999% (“six nines”) 31.5 seconds 2.59 seconds 0.605 seconds

* For monthly calculations, a 30-day month is used.