[Most Recent Entries] [Calendar View]
Friday, January 9th, 2015
| Time | Event |
| 1:00p | Report: Wholesale Data Center Leasing Up 37% in 2014 Companies leased 37 percent more wholesale data center space in North America in 2014 than they did during the previous year, according to a recently published report by North American Data Centers, a commercial real estate firm specializing in data center space. The year’s three biggest known leases were Twitter’s 21 megawatt deal with QTS Realty Trust in Richmond, Virginia; a 16 megawatt lease from CyrusOne in Phoenix by a bitcoin mining firm whose name has not been disclosed; and Microsoft’s sublease of 13.65 megawatts of capacity from Yahoo in a DuPont Fabros Technology facility in Ashburn, Virginia. Partly because leasing was up and partly because the big publicly traded developers did a lot less speculative construction, supply in North America’s wholesale data center market was very slightly tighter than it was in 2013 and a lot tighter than in 2012. Digital Realty Trust, the biggest of the real estate investment trusts, for example, did not do any speculative builds at all. The company spent the entire year identifying properties that did not match its core strategy and putting them up for sale. There was 183.5 megawatts of completed turn-key wholesale data center capacity available in 2014 – just about on par with the previous year’s supply and down from 215.6 megawatts that was on the market in 2012. The dynamic is going to be very different this year, however, since 100 megawatts of new capacity was under construction in 2014. Jim Kerrigan, principal at North America Data Centers, who wrote the report, said in an email that 2014 had 30 percent more turn-key space under construction on the North American data center market than in any of the last four years. Another thing Kerrigan expects to be different this year is an uptick in deals that are under 500 kW. This and cloud services will have an impact on retail colocation pricing. Read the full report here. |
| 4:30p | 2014: The Year of Infrastructure Vulnerability David Holmes has more than 20 years of experience in security and product engineering, and is an evangelist for F5 Networks’ security solutions, with an emphasis on distributed denial of service attacks, cryptography and firewall technology. Follow David Holmes on twitter @dholmesf5. I try to avoid doing new year industry predictions. In order to get any prediction mindshare, I have to wade pretty far out into the crazy water (“Paper currency is over!” or “This will be the year robots destroy all life!”), and the wetter I get, the less likely I am to be right. But there’s one trend from 2014 that is too important not to discuss: massive infrastructure security vulnerabilities. In 2014, three gigantic security holes ripped through the very fabric of the Internet. These holes were so big you could drive Elon Musk’s ego through them (in your choice of a Tesla D or a SpaceX shuttle). The first hole, Heartbleed, hit right in the first quarter of the year. Although CERT assigned Heartbleed only a severity 5.0, many security professionals felt that it was much worse than the rating implied. At the time, I thought it was the worst vulnerability ever: you could instruct an HTTPS server to disclose its public key? Really? The world responded to Heartbleed with an almost gleeful urgency. Security practitioners ran around like their hair was on fire. Heartbleed was easy to socialize: not only was there exploit code, test tools, and scanners, there was also the scary name, the logo, and the T-shirts. Ivan Ristic at Qualys put up a dashboard showing the progress that the world was making toward getting Heartbleed patches deployed. Yngve Petersen at Opera continued scanning for months afterward. The Internet as a whole was patched in an amazingly short amount of time. Afterward, it was fist bumps all around (and lots of password changing). The problem in 2014 was that we couldn’t keep up the momentum through the year. When Shellshock dropped in September, CERT gave it a severity of 10 (the highest possible). The scope of the vulnerability was breathtaking: here was a 25-year-old bug in the very heart of 60 percent of the servers on the Internet, and its reach could extend into any application that used Linux anywhere in its stack. Anything that ever piped to Bash was suspect. Yet, even though the exposure was graver than Heartbleed, there wasn’t a collective freak-out over Shellshock. Ivan Ristic didn’t write a scanner. Yeah, there was exploit code tweeting around, but only because it was so easy to retweet. Someone put together a demo of DHCP complete ownership via DHCP, but even then, where were the scanners? Where were the dashboards? It’s as if we had expended all of our “care” bullets and we had none left. Instead, we just blogged about it. To make matters worse, RedHat flubbed its initial Shellshock patches, so eager beavers who patched early had to patch all over again. The third security hole came at Thanksgiving, when a 19-year-old turkey called WinShock (MS14-066) allowed all Microsoft servers listening for HTTPS to be exploited remotely—and there was no workaround. If Microsoft had been feeling smug for not being vulnerable to either Heartbleed or Shellshock, they were humbled by WinShock, which CERT assigned another maximum severity. By the time WinShock dropped, even a pro security writer like yours truly was suffering from disclosure fatigue. I didn’t even have the spirit left to comment on a severity 10 vulnerability. One of our engineers wrote a mitigation script to block WinShock attempts at the load balancer. Good for him, that eager beaver. The rest of us were spent. 2014 Model of the New Normal?What is to be learned from 2014? As we move into 2015, can the security community extrapolate on what might have simply been an outlier year? I believe it can, but the bad news is that 2014 might be the model of the “new normal” for infrastructure vulnerabilities. Organizations are paying actual money for disclosures, which, of course, means there will be research into them. (Interestingly, the HackerOne program is building a cool new business model for this: HackerOne – it’s like Airbnb for vulnerabilities.) Also, the days of threatening security researchers with jail time for disclosure is clearly over. These two trends, however, might signal a short-term rush for more severity 10 vulnerabilities from 2015 to 2020, so get ready to be fatigued.
A Collective Sigh of ReliefThe good news is that there are two new trends that should help security professionals in 2015. First, more services are getting spun up in the cloud than ever before. It turns out that, in spite of all the early hand-wringing, the cloud is proving to have some security advantages. Lately, cloud systems are enforcing stricter and stricter security policy on the images that can be spun up. And customers are getting used to these requirements (no default passwords!). With a third party—the cloud provider—scanning and auditing systems, security should be better in 2015. Even if you’re not moving to the cloud, there’s still good news. All the work that went into patching systems and putting up dynamic defenses in 2014 will lead to fast remediation in 2015. That’s right, both for technology and for process. The industry is getting used to the idea of reducing threat surface–for example, SSL 3.0 is being wiped out due to the POODLE vulnerability. That’s a whole threat surface that has virtually disappeared. Expect to see faster and better knobs on all kinds of security devices to help you screen out the crazy stuff in 2015. Demand it from your security perimeter vendor! Neither the cloud nor dynamic security would have prevented Heartbleed, Shellshock, and WinShock; infrastructure vulnerabilities would have emerged anyway. But, thanks to 2014, the vulnerable software can be found and patched more quickly. It’s all well and good to look on the brighter side of life and have some optimism as the calendar turns over (gym membership, anyone?)…unless you are a security practitioner. For us, as we move into 2015, we need to be cognizant that the fabric of the Internet may be riddled with more gigantic holes just waiting for an ego to drive through them. We must stay vigilant, be ready when it happens, and not expend all our “care” bullets in the first quarter. Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library. |
| 5:00p | Friday Funny: Pick the Best Caption for New Year’s List They say a good laugh can warm the soul and we’ll do anything to heat up! Help us stay ahead of these freezing cold temps with our Data Center Knowledge Caption Contest! Here’s how it works: Diane Alber, the Arizona artist who created Kip and Gary, creates a cartoon and we challenge our readers to submit a humorous and clever caption that fits the comedic situation. Then we ask our readers to vote for the best submission and the winner receives a signed print of the cartoon. Several great submissions came in for last week’s cartoon – now all we need is a winner. Help us out by submitting your vote below! Take Our PollFor previous cartoons on DCK, see our Humor Channel. And for more of Diane’s work, visit Kip and Gary’s website! |
| 5:46p | Fire at Amazon Data Center Construction Site in Ashburn Contained A fire broke out at an Amazon Web Services data center construction site in Ashburn, Virginia, Friday morning. It started around 10 a.m. EST on the roof of the large structure, Mary Maguire, a Loudoun County Fire, Rescue and Emergency Management spokeswoman, said. “Fire was confined to the roof, roofing, and construction materials,” she said. “Several workers who were on the roof when the fire broke out were able to safely self-extricate from the roof without injury.” The fire at 21263 Smith Switch Road was contained before noon. No other injuries were reported. Maguire said the fire rescue did not have any information about the cause of the fire. An Amazon Web Services spokeswoman confirmed that the fire broke out at the construction site of a data center a third party contractor is building for the cloud services giant. “It was not a production facility and caused no impact or risk of impact to operations,” she said. A company called Corporate Office Properties Trust has reportedly been building a data center in the area with Amazon as the anchor tenant.  Fire raging on the roof of an Amazon data center construction site in Ashburn, Virginia. (Photo: Rob Johnston) DCK Editor at Large Rich Miller contributed to this report |
| 7:01p | Mirantis Out With Latest OpenStack Distribution Mirantis, which helps companies stand up OpenStack clouds of their own, has launched the latest release of its distribution of the popular open source cloud architecture. Mirantis OpenStack 6.0 is based on OpenStack Juno, the most recent release of the open source software package. Juno came out in October 2014. This is the first OpenStack distribution companies can write their own plug-ins for that can be installed and deployed automatically. Lots of vendors want to be part of the rapidly growing OpenStack ecosystem and want customers to use their products as part of their OpenStack clouds. That means they have to make their products, storage and networking hardware and management software, for example, compatible with OpenStack. The chief way of doing that has been to contribute plug-ins for different pieces of technology to the open source project. This is partly why a great number of vendors have been involved with the OpenStack project, and why there have been very frequent release of the software package. Juno was the tenth major release, four years after the first Austin release came out. Kilo, the next release, is due in April. Not everybody thinks the flurry of IT vendor plug-ins for OpenStack indicates something positive. Jim Morrisroe, CEO of Piston Cloud Computing, a Mirantis competitor, told us in November that he thought the rush to add OpenStack support for traditional IT hardware was pulling the project away from its ultimate goal. That goal, in Morrisroe’s opinion, is to enable OpenStack clouds on low-cost commodity hardware, and not on expensive proprietary boxes the so-called incumbent IT vendors sell. The vendors themselves, obviously, beg to differ. Bill Hilf, who leads cloud product strategy at HP, told us it was important to make OpenStack compatible with as many different types of technology from different generations as possible, since most IT environments are mixed bags of legacy and non-legacy gear. The latest Mirantis OpenStack distribution gives companies the ability to write plug-ins for the Fuel deployment manager, a component of OpenStack. Fuel is an open source framework for creating deployment plug-ins. Another major addition in the sixth release is extended support for VMware. It has a reference architecture for VMware vCenter Server and VMware NSX. It also supports vSphere DataStore. The Nova-Network VLAN Manager supports VMware’s vCenter. “Our investment in pluggable architecture makes it much easier for customers to take advantage of their preferred networking and storage solutions in building, deploying, and managing their OpenStack clouds,” Boris Renski, Mirantis chief marketing officer, said in a statement. |
| 8:22p | Cisco Cloud CTO Harris Leaves for BMC BMC Software, the Houston-based IT management software giant, has appointed Phil Harris as vice president and CTO. Harris served as vice president and CTO of Cisco’s cloud and virtualization group before taking the position at BMC. A BMC spokesperson confirmed Harris’ appointment to Data Center Knowledge. The company is planning to make the official announcement Monday. The appointment was first reported by Re/Code. Harris has worked in numerous roles at Cisco since 1993, starting as a consulting engineer. Between 2010 and 2012 he held top posts at VCE, the converged infrastructure company that started as a joint venture between Cisco and EMC but came fully under EMC’s control in October 2014. BMC has a number of IT management software products aimed at enterprise customers. The company reported $2.2 billion in revenue for fiscal 2013. In his new role, Harris will be responsible for defining the company’s long-term growth strategy in spaces like cloud, automation, and performance and IT service management, according to his LinkedIn profile. |
| 9:23p | Amazon Data Center Construction Fire Linked to Welding Mishap The cause of this morning’s roof fire at an Amazon Web Services data center construction site in Ashburn, Virginia, has been traced to a welding mishap, local fire officials said. The contractor that is building the facility at 21263 Smith Switch Road has estimated the damage from the fire to range from $75,000 to $100,000, according to a statement issued by the Loudoun County Fire, Rescue and Emergency Management. The workers on site were welding roof components from inside the structure, “which ignited nearby combustibles,” the official statement read. The combustibles were construction materials stored on the roof.  Roof fire at an Amazon data center construction site in Ashburn, Virginia, was contained, with no reported injuries. (Photo: Rob Johnston) An AWS spokesperson confirmed this morning that the fire happened at the site where a third party contractor was building a data center for the cloud services company. The data center was not in production, so the fire did not affect any AWS users, she said. The contractor’s name was not disclosed. As we have reported earlier, a developer called Corporate Office Properties Trust, has been building a data center for Amazon in the area. About 100 emergency personnel responded to the scene. They brought the bulk of the fire, which did not spread beyond the roof, under control around 11:20 a.m. Workers who were on the roof when the fire broke out were able to get out of danger’s way safely.  Firemen on the roof of the future Amazon Web Services data center in Ashburn, Virginia, after fire was contained (Photo: Rich Miller) A smartphone video of the fire was uploaded to YouTube this morning: |
| 10:16p | Rackspace Wins Domain Dispute, Australian Forced to Hand Over Rackspace.xyz
This article originally appeared at The WHIR An Australian man has been ordered to hand over his Rackspace.xyz domain to Rackspace Hosting this week. The domain was registered with GoDaddy by Russell Harrower in July, and used to launch an online directory of billiard halls in Australia. Harrower launched rackspace.xyz on Dec. 11, 2014. “While we had been working on the system for quite some time a company tried to steal our domain name and forced us to launch earlier than we wanted,” he said in a post on his website, russellharrower.com. Rackspace Hosting filed the complaint with the National Arbitration Forum in November, and claimed that the domain name was identical and confusingly similar to its name which has been trademarked since 2000. In the complaint, Rackspace said that the rackspace.xyz domain name “is identical and confusingly similar” to its trademark. It also said that Harrower did not have “any rights or legitimate interests in the domain name” since he failed to make active use of the domain name and offered the domain name for sale to Rackspace within a few hours of registering it. Harrower offered to sell the domain to Rackspace for $5,000 US, and sue the company and ICANN if the domain was turned over to Rackspace. “He also threatens to use his influence in the social media should Complainant launch transfer proceedings in relation to the disputed domain name,” the complaint said. The panel agreed with Rackspace that Harrower registered the domain in bad faith, and the domain was ordered to be transferred on Monday. Domain squatting or cybersquatting costs trademark holders a lot of money. In 2012, a report by NetNames estimated that cybersquatting costs trademark holders more than $1 million per brand. In a post on his website on Wednesday, Harrower said that Rackspace has “two options.” “Either go away or buy the domain for the on the table price of $5k, it is going to be better than the $50k I could be seeking from them due to mental and health reasons,” he said. .XYZ was delegated to the DNS Root Zone in February 2014 and is managed by CentralNic. This article originally appeared at: http://www.thewhir.com/web-hosting-news/r |
| << Previous Day |
2015/01/09 [Calendar] |
Next Day >> |