Watch this folks. I talk about this over and over. a/v isn’t enough..it is only a start. Please start with these basics. Please contact ECC on how to minimize your exposure.
Category: Linux
I got Hyper-v working finally here at my office. I now have one box hosting 3 virtual mahcines. VM 1 is my Astaro firewall. VM 2 is my main AD file/print/authentication server. VM 3 is my Astaro Command Center which aggregates status and updates from my astaro and my other client installs to me. This allows me to monitor all of my Astaro easily in one spot without having to constantly individually touch each machine. My power usage used to idle at nearly 130 watts. My idle power now hovers around 60 watts. I now average less than 90 watts which means nearly half of my power budget is now gone. The host machine is running server 2008 R2 enterprise with Hyper-v. It has three physical nics. It also mirrors all functions of the main server except for file serving.
As for resource allocation here is the breakdown:
VM1: 4 vcpus, 2 gigs of ram(static), 3 virtual nics, 80 gigs of dynamic storage on RAID 1, 25% total system cpu ghz reserved with the ability to burst to 50% usage with medium priority.
VM2: 2 vcpus, 2 gigs ram(static), 1 virtual nic, 500 gigs of dynamic storage assigned on it’s own raid 1 array, 0% cpu reservation with burst to 25% cpu with medium priority.
VM3: 4 vcpus, 1 gig ram(static), 1 virtual nic, 120 gigs of dynamic RAID 1 storage, 0% cpu reservation with burst to 25%.
Right now the host machine spends most of it’s time at idle. Considering how little power this draws it will pay for itself in under 1 year.
I currently have two virtualization projects going. One is to convert 3 physical server to hyper-v and one is to convert 3 physical servers to KVM. Unfortunately p2v on a domain controller is not only not recommended, it doesn’t work well. Also there is no supported upgrade path from server foundation to anything but standard. I have foundation and enterprise. So I am firing up a new enterprise vm and then will manually mount the vhd from foundation backup to grab the files. It’ll be a permissions nightmare for a bit but i’m used to that..:) Once i get my AD domain migrated then it is time for Astaro. Then i decom two boxes saving myself 200 watts of continuous draw. The draw goes down to about 60 watts. Keep watching for the KVM conversion. That one is going to be easier.
There’s one thing he is leaving out. Andriod is not a closed, one vendor only operating system. IOS is apple and pp-le only.
I’d like to start by stating I am not a rabid Android “fanboy.” In fact, I heavily considered the iPhone 3GS back in the day (er, last year), before deciding to pick up my Nexus One instead. Admittedly, I was a bit bedazzled by the concept of a “Google phone” and, as a confessed mega-geek, I found the bleeding-edge experience Android offered to be more exciting for some reason.
So I chose an Android device. When the iPhone 4 was released, I’ll be the first to admit that I was jealous. Like it or not, Apple’s Retina display and buttery-smooth iOS UI remain rivaled only by Samsung’s Galaxy S II, and I still staunchly believe Apple builds superior products to anyone in the smartphone industry in terms of build quality and hardware design. iOS 4 still lagged behind Android in several key respects, but to say the iPhone 4 wasn’t a juggernaut in the marketplace (antenna-gate aside) would be willful ignorance.
When it started becoming consensus that Apple would be jumping straight to the iPhone 5, my imagination ran wild with the possible changes the company could be making to the iconic device. So, when the rumors then began piling up that Apple would not be releasing an iPhone 5 today, but an iPhone 4S, my hopes for it immediately and arbitrarily decreased. When it was officially announced, my confidence in Apple’s ability to continue to innovate and break new ground not only with the iPhone itself, but the iOS platform, waned substantially. Apple broke its release schedule and waited until Fall for this very incremental upgrade? I can scarcely understand what took Apple so long.
If this phone had been released in June, my reception may have been a bit warmer. But given the pace at which smartphones are evolving, Apple will already be feeling the pressure from new Android handsets not a few months from now, but a few weeks. This isn’t good. It isn’t good for Apple, and it isn’t good for their carrier partners. We knew there was a strong possibility that Apple would release an incremental upgrade to the iPhone 4, but we expected a much larger increment, if you will.
The release of the iPhone 4S will pit it squarely against the various carrier-branded versions of Samsung’s Galaxy S II, Google’s upcoming Nexus Prime handset on Verizon, and a litany of devices in the pipes from the likes of Motorola and HTC. Phones with high definition 720p displays. Phones with even more powerful dual core processors. Phones with Google’s much-awaited Ice Cream Sandwich release of the Android OS – the single biggest visual revamp of the Android OS for phones to date. Some of these phones will be, in terms of a number of on-paper specifications, bigger and better than the iPhone 4S.
While Apple’s device remains the king of the hill in terms of battery life, camera, display pixel density, and internal storage offerings for now, there’s no doubt that this is the least competitive iPhone to be released to date. Here’s why.
via Editorial: 5 Reasons Why I Think The iPhone 4S Is The Least Competitive iPhone Yet.
HTC screwed up big time here. If you are using the stock HTC Sense UI(and most folks are) they have enabled a backdoor into the phones base operating system that essentially allows any app with simple permissions to sniff everything on or about the phone and send it back. Android itself is not at fault HTC made modifications w of Android that caused this.
In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users’ devices, easier remote analysis, corporate evilness – it doesn’t matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in.
That is not the case. What Trevor found is only the tip of the iceberg – we are all still digging deeper – but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:
the list of user accounts, including email addresses and sync status for each
last known network and GPS locations and a limited previous history of locations
phone numbers from the phone log
SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)
system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don’t expect it to read your phone log or list of emails.
But that’s not all. After looking at the huge amount of data (the log file was 3.5MB on my EVO 3D) that is vulnerable to apps exploiting this vulnerability all day, I found the following is also exposed (granted, some of which may be already available to any app via the Android APIs):
active notifications in the notification bar, including notification text
build number, bootloader version, radio version, kernel version
network info, including IP addresses
full memory info
CPU info
file system info and free space on each partition
running processes
current snapshot/stacktrace of not only every running process but every running thread
list of installed apps, including permissions used, user ids, versions, and more
system properties/variables
currently active broadcast listeners and history of past broadcasts received
currently active content providers
battery info and status, including charging/wake lock history
and more
Ecc’s site(among others hosted here) has been spontaneously rebooting randomly over the past couple of days. The server is hosted by Swift Systems in Frederick and finally ECC and Swift personnel had to swap the drives into another identically configured server to try to stabilize things. It turns out there is some kind of hardware failure with the other machine because it’s been three hours of intensive testing and this replacement machine has not fallen over. I would like to apologize to anyone who tried to get here and could not during on of the outages. Swift Systems personnel went above and beyond in trying to figure out what was going on and I am grateful for their help in fixing this issue.
Vmware is really easy but it doesn’t work with machines that do not have hardware assisted RAID. Most of my clients(including myself) don’t have enough I/O demands tht a hardware accelerated card is required. This is when the beauties of Linux MD(NOT DM) RAID come into play. VMware doesn’t support MD raid…but the Linux kernel does. After ordering up a new server and much initial testing I have decided to standardize on Ubuntu LTS and KVM for my MD RAID Clients. The control panel is the great cloudmin product made by the folks who bring you webmin and virtualmin. The final leg of testing this solution is to use the vmware convertor and then pulling that image into kvm. If that goes well then the ECC platform has two interations:
For clients with larger budgets that include hardware assisted RAID: VMware ESXI along with a third party backup script
For clients with smaller budgets that use MD RAID: Ubuntu LTS w/KVM and Cloudmin.
I’m hoping to wrap up testing in the next month or two then ECC will release the official product announcement.
While “clouds” on the internet are a terrible idea they do have their place INSIDE the building. I am currently building and researching exactly this type of internal cloud. In my shop I have two servers. At idle(which is where most of them spend their time) they draw nearly 135 watts from my electrical system. That’s nuts. I have ordered a new server that i am going to put both of my servers onto as virtualized machines. My idle power shold be cut at least in half. Here are the specs of the baseline host I am going to be building from:
Dell Poweredge T110
Ram: Upgraded to 8 gigabytes
Network: at least two network interfaces
Hard disk: 2 x 2 Tterabyte SATA drives
RAID: Linux softwar RAID 1 or H200 hardware raid card depending on client needs(i am going to use Linux software raid)
processor: Intel XEON x3430
Applications:
Windows server standard
Zimbra
Astaro
Untangle
others as determined by client needs.
Hypervisors Undergoing Evaluation:
1. Microsoft Hyper-V
2. KVM
3. Citrix XEN
Cost of hypervisor software: Zero
This is just the bare minimum that ECC will specify for business clients going forward. ECC is currently building the baseline for operational testing in house. Once testing is completed an announcement of release will follow. ECC will be migration all clients to this internal baseline cloud over time.
The author forgets another huge market that Linux is behind. HDTV. I would say well north of 80% of all HDTV come with some form of Linux. The next time you purchase a HDTV check the packet for something about GNU license. If you see that..your tv is running Linux….:)
I just passed the Astaro Certified Administrator course. The next one is the Astaro Certified Engineer. These will help further my status and abilities as an Astaro partner. These courses I ahve found to be a good use of time and actually add to my knowledge of the Astaro product even though I have been using the Astaro Security Gateway for nearly 10 years…:)