#8 MAART 2017
COLOFON CHIEF EDITOR Jeroen Bremer AUTHORS Kristof Haeck Hermes De Backere Geert Plessers Lieven Van de Walle Rita Verreydt Peter Vandenplas PUBLISHER Uptime Group nv Prins boudewijnlaan 41, 2650 Edegem PARTNERS Akamai Cisco Citrix Dynatrace Evolane NetApp OP5 Red Hat Shiftz Tintri Veeam LAY-OUT Silke De Bontridder Karlo Stirmer hallo@noticed.be
4
7
10
Introduction: Rita Verreydt
What’s been up?
Your IT infrastructure is nothing like the one you had 20 years ago.
13
14
17
Build a business around open source software?
Dynatrace ensures over 99% availability of applications for Mazda Motor Logistics Europe
GDPR Session: Get your Data Protection Right
20
23
24
Uptime Group guarantees HH Leuven’s back-ups with Veeam
Visit from the biggest Monitoring Solution in Northern Europe
Cisco 2017: Annual Cybersecurity Report
26
28
30
Digital Workspace as a Service: a new look on corporate IT
Belgian infrastructure provider uses Storage Spaces Direct to create blazingly fast storage solution
Top three benefits of all-Flash Arrays - NetApp
32
34
Architecture Matters: How to Attain Public Cloud Agility in your Data Center
Our sponsors
CEO’S CORNER RITA VERREYDT
4
Dear, This is a fascinating time to be part of the IT world. Numerous changes and challenges are now part of everyday life. Every IT manager wonders what solutions tomorrow will bring, every business manager is wondering how to better support his processes and consequently how his business could be run more efficiently. We at the Uptime Group are also constantly asking ourselves how we can respond to these developments. Our role as a trusted advisor is becoming increasingly more important. We continue to do our best to keep track of new trends, new products, and new players in the market. In addition, our partners, with whom we have had many years of good collaboration, constantly offer us new opportunities that challenge us to examine the new solutions that they offer. Today, the world of IT has become highly complex. On the one hand, we see an increased demand for total solutions, but on the other, we are also expected to have a very high level of expertise in the various sub-domains. Training our consultants is therefore also a must. In the last year, our group obtained 200 different certifications, proof of the fact that we have the necessary competences in-house to be your trusted advisor. One of the main priorities for our customers is ensuring better protection of their data. Their aim is to ensure that they can work in a safe, more secure environment. The laws also require that personal data should be handled in a more responsible manner. In this day and age, every enterprise should carefully study the consequences of the GDPR regulations. In view of this, we have also had our consultants pursue the required training courses to better place us in a position to helping our clients meet this new challenge. If you have any questions in this context, please do not hesitate to contact us. I hope we can look forward to an excellent collaboration this year as well. There are still a lot of questions in the traditional segment of the industry. Servers, storage, networks, printers, etc. are still required, and we have the necessary knowledge and in-house expertise to provide you with the necessary expert assistance in these domains. For some, the transition to cloud computing is already an everyday reality, while for others this remains an avenue that is still open. No matter what the preference of our customers is, we are always prepared to provide all possible assistance in this regard. I hope you enjoy reading the articles in this issue of the UP. If you have any questions, please do not hesitate to contact us. Greetings, Rita
5
“We’re not like the other guy. Never have been. Never will be.”
Tel. 03/451 23 82 - info@uptime-elastix.be - www.uptime-elastix.be Uptime Group - Prins Boudewijnlaan 41 - 2650 Edegem
6
15 15 15 15 15 15 15 15 15 15
15 15 15 15 15 15 15 15 15 15
15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 Happy 15 15 Uptime years 15 15 15
15 7
15 15 15 15 15 15 15 15 15 15
15 15 15 15 15 15 15 15 15 15
Gelato time
8
It’s never too early for ice cream
9
“There are many who give advice, but few who offer guidance�
For more information about evolane, head over to www.evolane.be or mail to info@evolane.be 10
Your IT infrastructure is nothing like the one you had 20 years ago. Nowadays IT support, protection and optimization goes far beyond your data center and some end users. In our connected world innumerous devices are potential users of your applications: computers, smartphones, TV’s or cars. Moreover, your washing machine and thermostat are connected as well. And that’s just the whole new wave. What about the path your data has to cover before it interacts with all those devices and people? In short, ensuring that your applications are performant, accessible and secure is a completely different assignment than before. Evolane creates the optimum experience of applications – both for businesses and for private users. Using bleeding edge (of stateof-the-art) technologies and out of the box IT solutions we keep these apps at the top of their game, as well as accessible and secure. We always take a customised and practical approach. So that our customers can rely on their applications and services, round the clock.
ARMED WITH THE TECHNOLOGICAL POSSIBILITIES OF TODAY. We’ve developed our 4P-model, a comprehensive and sustainable concept that allows us to optimize each application. Using logical interventions based upon four cornerstones of production and with advanced software and cloud solutions we provide you with a personal IT evolution.
4P A 306° APPROACH. Our 4P-model is compliant to any application. Using today’s possibilities, it’s a durable 360° approach which provides logical technological adaptations for major optimizations. Evolane analyzes and uses the right technology at the right time, always focusing on the specificity and requirements of a project or goal. We do not make things more difficult than they are, consider our customers as partners and always choose the logical solution.
11
1. Performance High-quality performance, 100% of the time
2. Protection The security of your application and IT infrastructure has to be waterproof
3. Platform Any user with any infastructure or software always enjoys a seamless experience
4. Process Sustainable development for better applications.
BUILD A BUSINESS AROUND OPEN SOURCE SOFTWARE? CERTAINLY! SUBSCRIPTIONS AND SERVICES
Openness is a current trend. Businesses are increasingly being set up as ‘open’ organisations - and collaboration increasingly takes place on open innovation platforms. As a result, open source software is on the way up. And ‘openness’ can, indeed, become the basis of a business - as became clear during my interview with Hermes de Backere from Piros, a Red Hat partner since day one.
Open source has definitely gained ground since then. Open source is no longer just for technology-based businesses or smaller start-ups. Just look at the growth reflected in the annual Open Source Survey. According to the most recent study 78% of businesses use open source software in some way or other, 93% of those surveyed could only see the use of open source growing further and two out of three businesses first look for an open source solution and move on to other software sources only when this solution is not available. This growth is also reflected in Red Hat’s turnover, which passed the 2 billion dollar mark at the end of the last financial year. Imagine, two billion dollars turnover - on open software!
Piros, part of Uptime Group, has been the leading, premium Red Hat partner in Belgium for nearly ten years and has seen a lot change in this time. “Red Hat was initially quite unknown, so in the early years the (then still very small) Red Hat sales team and I were mainly involved in spreading the word”, says Hermes. “Jboss.org (community edition) was a product that was quite known among the more technically inclined. However, open source was still seen as unreliable by larger businesses. Unknown and unloved. Open source was for universities and software developers, but not for use in a production environment.”
Open source is also proving its worth to our partners. “When we started working with Red Hat our income came mainly from supplying implementation and migration services. Subscription sales were just a small part of our business”, relates Hermes. “This has steadily increased, with turnover from subscription sales increasing by more than 100% in recent years. This is very welcome, seeing that the resulting income is almost fully
12
invested in providing our staff with training and time for research.” Red Hat’s clear pricing strategy is also advantageous for its partners.“Red Hat has a straightforward list price. Competing software suppliers sometimes start by quoting very high prices, then endup giving a massive discount. These tactics don’t help anyone.” While our attitude is reflected in one of our slogans: “We’re easy to do business with”.
BROAD PORTFOLIO In comparison with ten years ago, the Red Hat portfolio has expanded considerably. “Few other vendors have such a broad product stack”, adds Hermes. “In addition to the Linux operating system and Jboss Middleware, there are also solutions for DevOps, Cloud (PaaS & IaaS), the Red Hat Mobile platform, Red Hat Storage and so on. It’s also relevant that we are in ‘The Era of Open Source’, in which end clients can enjoy real advantages from a product stack developed by an entire community. With parties like Red Hat ensuring that fully-supported, enterprise-ready products flow from such development.Through the years this has, of course, resulted in significantly increased awareness for Red
Hat - which has at the same time become a synonym for Open Source for many of our clients. So it is no longer just developers who appreciate open source. It’s now also completely accepted further up the chain. Which means there’s still a lot of growth potential in various new areas for Red Hat partners. At Red Hat we’re convinced that our partners will play a major role in the digital transformation awaiting many businesses. New platforms are required in order to enable this digital transformation - for Cloud infrastructure, data management (big data), enterprise mobility and so on. There’s growth here - and it’s the future, because quite a lot of businesses are a long way from being ready for what analysts have called ‘the third platform’. This is why Red Hat has been focusing on further expanding its partner channel with strong partners. Partners with the right kind of Open Source vision and drive, who can continue to expand the Red Hat presence in Belgium and Luxembourg. Particularly in the new areas served by our products.
Luc Van Overmeire, Red Hat
13
Dynatrace ensures over 99% availability of applications for Mazda Motor Logistics Europe Mazda Motor Logistics Europe (MLE) in Willebroek, Belgium, uses software from Dynatrace together with expertise from their IT partner Evolane to gain a full overview of its business critical applications’ speed and availability. These mission critical apps are key for over 3,000 dealers across Europe, in day to day activities such as ordering vehicles and spare parts. If an application isn’t available or fast enough, the IT team at MLE can use the Dynatrace software to identify the problem straight away and then resolve it. For 7 years prior to 2015, Mazda Motor Logistics Europe had been using an alternative monitoring software solution. The decision was made to source a replacement, as it no longer provided a full overview of the applications' speed and availability, partly as a result of the changes and evolution of application development, such as the use of the Scrum method.
COMPARATIVE STUDY – DYNATRACE LEADS THE WAY! In September 2015, Timur Van Raemdonck, IT Operations Manager, and Eddy Sterckx from the Operations Department at MLE, produced a report which formed the basis for the project with Dynatrace and Evolane. In it, Timur Van Raemdonck, a specialist in application monitoring for over 15 years already, and his colleague compared Dynatrace with software from four other suppliers to measure applications speed and availability using 27 assessment criteria. ‘Dynatrace stood out head and shoulders above the rest,’ says Timur Van Raemdonck, ‘and has been assessed as excellent by market analyst Gartner for seven years running.’ ‘Dynatrace helped us select Evolane from a list of four possible partners. We chose them because we'd been collaborating with Contribute and the Cronos Group for over 15 years which Evolane is a part of.’ ‘The Dynatrace implementation ran very smoothly,’ says Timur Van Raemdonck. MLE uses three Dynatrace software products for around 50 applications: Application Monitoring (AppMon), Data Center Real User Monitoring (DC RUM) and User Experience Management (UEM). ‘This software shows us how available and fast our applications are performing for users in real time. If there's an incident, we can use Dynatrace to see if it's being caused by the application, database, network or a server, so we can refer it to the right resolver group straight away, and there's no longer any discussion about who's responsible for resolving it.’
14
50 APPLICATIONS HUNDREDS OF USERS
and dealers across Europe can do what they want with Mazda applications, and the app gives them a handy overview of the levels of performance and application usage they’re responsible for.’
One of the 50 applications that MLE monitors with Dynatrace is eMotive, which is used by hundreds of Mazda dealers simultaneously to order vehicles. Other apps include partsordering eParts, and Lemans, for organising the logistics for purchased vehicles. Lemans and eParts both of which have hundreds of users every day.
‘The next step we’re planning for 2017 is to use Dynatrace to monitor the speed and availability of our Siebel CRM system. After that, in 2017 or 2018, we want to use the software to monitor our other Oracle applications, such as Oracle Business Intelligence, Transportation Management, E-Business Suite, Service-Oriented Architecture and Access Manager. We’re also considering using Dynatrace to monitor the speed and availability of our 130 websites. The fact that we’re already stipulating these possibilities is a result of our successful project with Dynatrace. It’s software that doesn’t require much maintenance, and even adapts automatically, e.g. when we replace one of the minitored applications’ databades.’
There are over half a million spare parts for dealers across Europe in MLE's 50,000m2 warehouse in Willebroek, with more then 400 logistics employees from 20 different nationalities working shifts between 6am and 10pm. If Lemans or one of the other main MLE applications doesn’t work properly, Mazda's operations in Willebroek and across Europe can come to a standstill.
AUTOMATIC ALERTS
Other applications that MLE monitors with Dynatrace include DSR (digital service record), eClaims and eWarranty.
‘In the meantime we’ll keep receiving notifications whenever there’s an issue with an application’s availability or speed,’ explains Timur Van Raemdonck. ‘We’re SLA-driven at MLE, which means our applications mustn’t score less than 95% for availability, and preferably stay above 98%. With Dynatrace, we’ve been able to increase availability to 99.8%. The SLA for availability will therefore be set higher next time, and the directors are also going to set a new SLA for the application speeds together with the IT team, but we’re not worried. If there’s any risk of us not achieving the SLA, we can use Dynatrace to see where the problem is, and resolve it straight away.’
FIFTY IT USERS The entire IT team comprising of 9 service desk employees, 15 people on the IT Operations team and around 25 developers all use Dynatrace.‘The people on the service desk can check an application’s availability and speed in real time simply by glancing at the Dynatrace dashboards,’ says Timur Van Raemdonck. ‘When a dealer signals a problem, they’re usually aware of it already and can report back straight away that they’re busy resolving it. Sometimes they even solve problems before anyone’s noticed. Developers use Dynatrace to test applications and correct faults. In September 2016, for example, IT Operations discovered what was causing problems with eMotive’s availability and speed when national sales representatives entered their 6-monthly sales figures and tried to create reports. There were twice as many users as normal, and the application wasn’t built for this. But we resolved the issue quickly and easily simply by adding more memory.
‘Also, in terms of IT at Mazda, we want to continue improving – from our challenger’s approach – by constantly re-evaluating,’ says Timur Van Raemdonck. ‘The IT departments in Willebroek and Leverkusen are an essential component of Mazda’s successful operations in Europe. We’ve developed a Mazda Blueprint for setting up all IT and other processes from an optimal userfocused experience, so now we want to also gain the best possible insights into how users experience our applications at all times. We know we can rely on Dynatrace for this. We’re better equipped than some other car manufacturers, who need to put in a lot more manual labour to come up with monthly figures that are nowhere near as valuable or realistic as what we have available to us at any moment. It’s part of MLE’s mission in Willebroek to get vehicles and parts to dealers and customers in Europe as efficiently as possible, and Dynatrace helps us achieve this.’
HANDY APP ‘As well as the IT team, the directors and business owners can also consult Dynatrace through an app on their smartphone. This is a feature that the business owners are particularly pleased with, as they have to help make sure Mazda’s national sales reps
15
16
GDPR: GET YOUR DATA PROTECTION RIGHT Each fully booked seminar from Cronos Security proves the growing awareness of the urgency surrounding the new European GDPR regulations (General Data Protection Regulation). The implications of GDPR go far beyond IT security. GDPR determines the way the company manages and protects business data and personal data, and relates to the implicit obligations in relation to the personal data available to the company. New is also the Accountability Principle, that if your company can’t demonstrate a clear effort for compliance to these regulations, the GDPR may impose severe fines. The question companies should ask is, how they are going to centralize, organize, manage and protect their data and adjust their internal procedures accordingly.
be traced and identified, we speak of personal data. Personal data may be processed as long as it is done in a lawful manner, ie with a legitimate basis - a permission or another base - and with a specific goal in mind. Data may not be kept longer than necessary, must be accurate, must be protected and not to be handled differently than necessary for the intended purpose. Special categories of data that are more sensitive (such as health data) are therefore additionally protected by law. There is also the accountability principle? Following the GDPR, companies must identify and document their dataprocessing operations and categories of personal data, including what agreements have been made with subcontractors in relation to the datatransfers and exchange of data with third countries and what guarantees were provided for this purpose ... The GDPR keeps a risk-based approach. In certain cases, DPIAs (Data Protection Impact Assessments) need to be performed. DPIA’s are effect and risk analyses that focus on the risks and liabilities and the rights and freedoms of the persons concerned and include the planned measures to reduce those risks. The Data Protection Authority can request to control the DPIA programs in place.
Cronos Security has an ecosystem of more than 200 security experts, a SOC - Security Operations Center a partnership with +30 vendors that can assist with the organization and implementation of the regulations. But let's first have a look at the different angles.
JURIDICAL For lawyer and data protection expert Florence de Villenfagne of ICTLex the European Regulation 2016/679 or GDPR (General Data Protection Regulation) starting on May 25, 2018 is not a revolution, merely an evolution. The privacy principles for the protection of personal data are updated and extended, but not changed. The revolution on the other hand happens regarding the new accountability principle - which imposes on businesses that they can demonstrate that they comply with the GDPR rules - and the administrative fines that can go up to 4% of the annual turnover to 20 million euros.
Companies will also have to report data breaches within 72 hours of discovery to the Data Protection Authority or privacy commission (www.privacycommission.be). And if the concerned data could involve a high risk towards the rights and freedoms of the listed individuals, the people involved will need to be informed personally. Theft of a computer or loss of a memory stick containing personal information is to be considered a data breach and should therefore be reported accordingly to the Privacy Commission.
What does personal data exactly mean? Personal data means all information about identified or identifiable individuals, who are called a stakeholder, an individual, a natural person, not a business. A full name and date of birth may suffice. To anonymous data GDPR does not apply. As long as the person behind the information can
17
The GDPR assessment brings the program to life within the company and translates the right message to the right people involved. The GDPR also requires the creation of a new role? Enterprises will
requires the implementation of a central data register allowing the rights of the data subjects to be guaranteed by sufficient provable security of personal data. Internal processes must be adequately documented and to be followed exactly by the various departments. Being compliant, the risk management process will prove to be easier and faster to implement and to demonstrate.
have to appoint a DPO or Data Protection Officer. This may be an employee or an outside consultant, but that role must have a guaranteed independence. The role of the DPO is to inform and advise on the obligations of the GDPR, ensure compliance with the regulation, advise on the DPIAs as well as have a contact function for the supervisory authorities (the Privacy Commission) and for the concerned individuals.
How can the workers own the new procedures? New hire GDPR training and regular GDPR rehearsal courses are designed to train and brief staff adequately and continuously on the internal usage, issues and risks. Clear agreements on who does what with what authority and with what permissions have to be stated in each department.
GDPR PRACTICAL With David Callebaut, of Delitad, part of Cronos Security, we have a closer look at the practical translation of the GDPR-regulatory processes towards the organization in terms of risks, governance and compliance. GDPR clearly involves more than IT.
How to start with GDPR? For the practical implementation it is preferable to start, not from a clean sheet, but from the existing infrastructure and departments in place. Organize per department and division Privacy Awareness Sessions and spread the message top-down from the CEO towards the different working groups and individuals the GDPR needs to be strictly observed and implemented. Awareness, Ownership and Accountability are the key words of these sessions. The GDPR regulation
18
Can you give an example? In medium-sized companies a 5 to 7 day assessment is enough. Once completed, the assessment report can be used to socialize the governance rules towards the management. Define clear responsibilities (ownership) and through regular and thorough reporting to management ensure that the necessary priority and focus is maintained, and ensure the necessary support is being delivered by the management. The GDPR assessment brings the program to life within the company and translates the right message to the right people involved.
Is there anyone who can take the lead in this? The GDPR legislation requires organizations to appoint a Data Protection Officer (DPO). As mentioned the DPO isn’t required to be an internal person. He/she needs to have the necessary knowledge of both IT engineering, IT Security, Risk Management and legal experience with privacy laws, including GDPR. It is estimated that 40,000 DPOs should be appointed to meet the GDPR. An outsourced person may be provided by Delitad in the form of DPO as a Service. In consultation with the client it is determined how many days the DPO as a Service will be present. On average, this may be 2 to 3 days per month. The DPO as a Service ensures compliance with the required GDPR, but can be combined and engaged as a security consultant.
GDPR OPERATIONAL Luc Delanglez from Data Lumen, part of Cronos Security, focuses on the operational side of the GDPR story and focusses on Data Governance, Data Discovery, Data Security, Data Stakeholders and the required capabilities, the Data Subject Rights and Duties of data processor.
How do you start? It is important to capture business processes and rules, to document this allowing to put the GDPR into practice and this starting from the communities of the different business departments. From the GDPR the regulatory policies are put in
place to achieve the operational implementation, eg. Sensitive information like email addresses and bank details must be masked. It is crucial to know where privacy sensitive data resides. How do you keep monitoring it? Data Discovery with tools and processes demonstrate where person sensitive information resides, what can be used to do risk classification of data. Risk analyses monitor the data flows, with use of a dashboard generating alerts the DPO is aware where action must be taken to saveguard and secure person sensitive data. For the production environment and towards certain roles person sensitive data can be masked dynamically. For every role within the company apply specific roles and accessrights in accordance to the nature, necessity and function of the data. If all data is stored and used centrally in one ERP, the GDPR application becomes more simple. Today at most corporations and on most users desktop, the data is spread over the different applications and departments, in lots of dispersed files and many folders. Being aware of this reality can help you grow the awareness of the urgency throughout your organization. If you would like to know more about GDPR, or if you would like to organise a discovery meeting with a representative of DelItad, Data Lumen or LexIT, or any of our Cronos Security affiliates, please do not hesitate to contact us at: info@cronossecurity.be
19
UPTIME GROUP GUARANTEES HH LEUVEN’S BACK-UPS WITH VEEAM ICT is crucial to hospital operations more than ever before. That’s why the regional hospital Heilig Hart Leuven keeps three back-ups of their servers and data, on disc and tape, distributed across three different locations. The backup software, called Veeam, has been implemented by Uptime Group, as part of a framework agreement with the hospital. The Heilig Hart hospital (HH Leuven) is based in the centre of Leuven and describes itself as a high-quality hospital with a heart for humans. The hospital is accessible in the broadest sense of the word: not only thanks to its location in the city, but also –with 287 beds– because of its size. One hundred doctors and eight hundred staff are involved at the hospital. Each year, they take care of 10,000 hospital admissions, 130,000 consultations, 20,000 emergency admissions, 13,000 operations and 1,300 births, and a turnover of approximately 75 million euros. Eleven staff are active in the ICT department. “We look after the daily, operational side ourselves,” says ICT manager Johan Konings. “We also keep our partners close. In fact, we have awarded Uptime Group a framework agreement for the entire infrastructure, with the exception of the network. Uptime Group takes charge of things such as back-up, domain management, Citrix and storage.” Over the last year, the ICT team has brought the hospital’s infrastructure entirely up-to-date. Back-up was one very important aspect. “Over the years we have virtualised lots of data on VMware,” says ICT employee Kris Ceulemans. “The existing back-up software did allow us to take snapshots, but it was clear that the total back-up support was no longer sufficient.” With the growth in applications and data, the software was no longer able to take a backup in the window allowed. “In the end, it took no less
20
than three days to manage a complete back-up,” says Johan Konings. “At the time, we were operating with two tape libraries and two drives.” However, these were unable to provide a comprehensive solution. The drives were constantly in use. “We sometimes had to interrupt the back-up process – before then restarting it – in order to be able to carry out a recovery. That often took considerable time and effort.”
FROM THREE DAYS DOWN TO THREE HOURS Keen to resolve such an uncertain situation, the ICT team approached Uptime Group, asking for a new back-up solution for the hospital administration applications and data, representing a total volume of around 10 TB. This excludes medical dossiers, medical images and labs. A delegation from the team paid a visit to the Regional Heilig Hart Hospital in Tienen. “Veeam has been installed there by Uptime Group,” explains Kris Ceulemans. “So we were able to see how the software was working very smoothly and efficiently in a similar environment with VMware.” There were various practical advantages that convinced HH Leuven that Veeam would be the most appropriate solution for them. “Veeam does far more than simply take snapshots. One of the biggest benefits is that you can recall separate files from the snapshot. You can browse, as it were, in each Virtual Machine (VM) to track down the very file that the user requires. This functionality is one that has often been of great help in practice.” Veeam’s application support is also apparently better than before. “With the previous software, for example, we were always obliged to restore an entire mailbox,” explains Kris Ceulemans. “Veeam, however, offers much more flexibility. If required we can even replace a single lost e-mail.” Does this make Veeam the standard for all back-ups in the hospital environment?
Veeam recognises the new challenges faced by organisations across the world in facilitating Always-On Business™. They need to be operational around the clock. That’s why Veeam has been the very first to develop Availability for the Always-On Enterprise™. Veeam helps organisations to achieve a recovery time and point objectives (RTPO™) of under fifteen minutes for all applications and data. In doing so, Veeam uses a fundamentally new type of holistic solution, which offers very rapid recovery, protection from data loss, verified recoverability, optimised data, plus a comprehensive understanding. The Veeam Availability Suite™, of which Veeam Backup & Replication™ is a part, uses virtualisation, storage and cloud technologies. This makes it possible for organisations to save time, decrease risks and reduce investment and operational costs, allowing them to achieve their objectives. More information is available on www.veeam.com.
“We depend on Uptime Group, not only to answer our queries and carry out our projects, but also to offer advice, guidelines and proposals. This is how Uptime Group has become an essential ICT partner to the hospital.” JOHAN KONINGS, ICT MANAGER AT THE REGIONAL HOSPITAL HEILIG HART LEUVEN
Kris Ceulemans: “Pretty much. Raw disc mapping is not feasible with Veeam. And you can’t take a snapshot of a clustered server, not even with Veeam.” The hospital needs to use HP Data Protector in such cases. “Veeam has allowed us to optimise the entire back-up process very thoroughly,” continues Johan Konings. “The nightly back-up window available is now more than enough to get everything properly backed up. We no longer need three days for a full back-up, and can complete it in just three hours thanks to Veeam.” Data servers are now specifically backed up on disc on a daily basis. Meanwhile, application servers are backed up on disc on a weekly basis. Long-term storage is done on tape. The project tackling back-up conditions is part of a wider renovation of the ICT infrastructure at HH Leuven. “In 2015, we began using a second data centre,” explains Johan Konings. “Before then, everything was carried out at a single location. Now that there is a second data centre, things are better distributed.” In fact, when it comes to back-ups, HH Leuven even uses three locations. This provides a greater level of security. The hospital retains three copies of the back-ups, in two forms (disc and tape), distributed over three locations (in the two data centres). The current set-up also given the option –should this ever be required– to store a copy at an external location quite easily.
SINGLE POINT OF CONTACT Following this project, HH Leuven can now enjoy comprehensive levels of security. “We always managed to restore lost data in the past,” confirms Johan Konings, “but it was often a very challenging and time-consuming process. Furthermore, we were never quite sure how far back in time we could go.” Now that Veeam is in place, this uncertainty is a thing of the past. Kris Ceulemans: “It is a very intuitive and user-friendly solution, with which things can be quickly recovered. When we start using a new VM, we won’t even need to set up a new back-up agent.” This all makes back-up management so much easier for the ICT team. Uptime Group acted as a single point of contact for HH Leuven for the entire project. Johan Konings: “A while ago we sent out a tender for the complete ICT infrastructure, with the exception of the network. We awarded the framework agreement to Uptime Group, which gives us access –via a single point of contact– to all the expertise available in the group’s companies.” This association has grown to become a very close partnership. “ICT is absolutely essential in the operations of a modern hospital. That’s why we depend on Uptime Group, not only to answer our queries and carry out our projects, but also to offer advice, guidelines and proposal. This is how Uptime Group has become an essential ICT partner to the hospital.”
21
22
VISIT FROM
THE BIGGEST
MONITORING SOLUTION IN NORTHERN EUROPE Fredrik Åkerström is the Co-Founder of OP5 and currently serves as Head of Sales. Before the founding of OP5, Åkerström worked for several organizations in the Nordic region including Marconi Systems, Fore Systems, Madge Networks, and QD Stockholm. Along with Jan Josephson, OP5 CTO and Co-founder, Åkerström started a consultancy company in 2001 and began to develop a powerful monitoring solution, making it faster to install, easier to use and possible to scale to handle large IT-environments. Josephson and Åkerström quickly grew this hi-tech start-up company into an internationally established business with customers and partners in over 40 markets. OP5 is staffed with quality professionals - forward thinkers, developers, creative visionaries, and experienced, knowledgeable technologists. Our people are the cornerstone of our organization and our primary fuel to how we serve our clients. Our vision is to be a key driver in a world where IT can be in control, delivering IT monitoring as a strategic resource for better business, says Fredrik. OP5 offers server monitoring solutions that help IT staff gain control over their operations and deliver more effective IT services for better business. Whether operating in a small but business critical IT environment or fulfilling the needs of a large organization with distributed hardware, applications and services, the OP5 products monitor anything and everything. OP5 customers around the world benefit from fully-supported solutions that are open and easily implemented, yet scalable for future needs. We are contacted by customers who are either systems administrators with problems that can easily be solved with a better monitoring solution or a CIO that has a systems administrator who are in need of a powerful monitoring tool. They have a large datacenter and are thinking about hybrid IT and maybe even OpenStack. OP5 provides a wide range of services related to IT management and monitoring – varying from training to custom development and installation projects – depending on the user’s need, says Fredrik.
23
CISCO 2017 ANNUAL CYBERSECURITY REPORT Executive Summary Adversaries have more tools at their disposal than ever before. They also have a keen sense of when to use each one for maximum effect. The explosive growth of mobile endpoints and online traffic works in their favor. They have more space in which to operate and more choices of targets and approaches. Defenders can use an array of strategies to meet the challenges of an expanding threat landscape. They can purchase best-of-breed solutions that work separately to provide information and protection. And they can compete for personnel in a market where talent is in short supply and budgets are tight. Stopping all attacks may not be possible. But you can minimize both the risk and the impact of threats by constraining your adversaries’ operational space and, thus, their ability to compromise assets. One measure you can take is simplifying your collection of security tools into an interconnected and integrated security architecture.
Integrated security tools working together in an automated architecture can streamline the process of detecting and mitigating threats. You will then have time to address more complex and persistent issues. Many organizations use at least a half dozen solutions from just as many vendors. In many cases, their security teams can investigate only half the security alerts they receive on a given day. The Cisco 2017 Annual Cybersecurity Report presents research, insights, and perspectives from Cisco Security Research. We highlight the relentless push-and-pull dynamic between adversaries trying to gain more time to operate and defenders working to close the windows of opportunity that attackers try to exploit. We examine data compiled by Cisco threat researchers and other experts. Our research and insights are intended to help organizations respond effectively to today’s rapidly evolving and sophisticated threats.
24
This report is divided into the following sections:
ATTACKER BEHAVIOR In this section, we examine how attackers reconnoiter vulnerable networks and deliver malware. We explain how tools such as email, third-party cloud applications, and adware are weaponized. And we describe the methods that cybercriminals employ during the installation phase of an attack. This section also introduces our “time to evolve” (TTE) research, which shows how adversaries keep their tactics fresh and evade detection. We also give an update on our efforts to reduce our average median time to detection (TTD). In addition, we present the latest research from Cisco on malware risk for various industries and geographic regions.
DEFENDER BEHAVIOR We offer updates on vulnerabilities in this section. One focus is on the emerging weaknesses in middleware libraries that present opportunities for adversaries to use the same tools across many applications, reducing the time and cost needed to compromise users. We also share Cisco’s research on patching trends. We note the benefit of presenting users with a regular cadence of updates to encourage the adoption of safer versions of common web browsers and productivity solutions.
CISCO 2017 SECURITY CAPABILITIES BENCHMARK STUDY
their organizations. This year, security professionals seem confident in the tools they have on hand, but they are uncertain about whether these resources can help them reduce the operational space of adversaries. The study also shows that public security breaches are having a measurable impact on opportunities, revenue, and customers. At the same time, breaches are driving technology and process improvements in organizations.
INDUSTRY In this section, we explain the importance of ensuring value chain security. We examine the potential harm of governments stockpiling information about zero-day exploits and vulnerabilities in vendors’ products. In addition, we discuss the use of rapid encryption as a solution for protecting data in high-speed environments. Finally, we outline the challenges of organizational security as global Internet traffic, and the potential attack surface, grow.
CONCLUSION In the conclusion, we suggest that defenders adapt their security practices so they can better meet typical security challenges along the attack chain and reduce adversaries’ operational space. This section also offers specific guidance on establishing an integrated and simplified approach to security: one that will connect executive leadership, policy, protocols, and tools to prevent,detect, and mitigate threats.
This section covers the results of our third Security Capabilities Benchmark study, which focuses on security professionals’ perceptions of the state of security in
DOWNLOAD THE CISCO 2017 ANNUAL CYBERSECURITY REPORT www.cisco.com/go/acr2017 25
Digital Workspace as a Service: a new look on corporate IT While new generations of digital natives thrive on technological innovation, corporate end-user experience needs to evolve from 1990’s based technology. The digital age requires a new take on business processes, on collaboration, on leadership – and on the IT solutions that make everything work. Consumers embrace the ongoing digital transformation. Innovative brands – such as Netflix, Uber or Zalando – disrupted existing business models, winning over customers with the help of digital technology. “But it’s not technology alone that causes disruption”, said Lieven Van de Walle, Team Lead at shiftz, member of the Cronos Group. “The key success factor of disruptive companies is not the use of technology, but the focus on solving the customer’s problems – by using technology.” In the 1990s, the traditional video library survived the shift from VHS to DVD. A decade later, however, it didn’t stand a chance against the combination of broadband Internet and digital TV, offering video on demand. “Once the customer knows how technology is solving a problem, the adoption rate goes through the roof.” That puts the customer in the driver’s seat. In 1975, Kodak employee Steve Sasson invented the digital camera. The company’s management didn’t believe in the idea. By the time Kodak realized it needed to embrace digital transformation, the company filed for bankruptcy.
THE CONNECTED WORKSPACE The consumerization of IT is a fact. The use of technology is no longer limited to the professional working environment. In the long run, consumer technology will exceed corporate IT. “We all know where that evolution is taking us”, Lieven Van de Walle explained. “At work, employees want to have access to the same technology they use at home. It makes the IT department struggle to deliver the same end-user experience.” In the consumer world, digital disrupters offer fast and innovative solutions for all sorts of problems, resulting in technology finding its way into the consumer’s life. As a consequence, organizations expect the same immediate delivery of IT solutions from their IT departments and IT partners. The same thing is happening in the employee’s daily workspace, based on three trends: mobility, personalization and digital transformation. These
26
“At work, employees want to have access to the same technology they use at home. It makes the IT department struggle to deliver the same end-user experience.” trends require a change in how technology is delivered in an enterprise environment. Employees expect IT to solve their end-user problems, just like disrupters are doing in their personal lives. The amount of applications and data solutions is exploding. By 2020, there will be about 50 billion connected devices, including 6 billion smartphones, but also wearables, home electronics, connected cars and sensors enabling Internet of Things solutions. In this mobile and connected environment, customers expect immediate access to all kinds of applications and data. In the old days, an employee would visit a customer, write down an order, drive back to the office and process the information the next day. In the connected world, everything happens in real time. The order data is transferred and processed while the employee is still talking to the customer, offering immediate information about stock availability and estimated delivery times.
CLOUD IS THE NEW STANDARD The impact on the traditional enterprise IT department is enormous. While applications used to run on premise, the cloud is becoming the standard for new software. SaaS, PaaS and IaaS are on the rise. In fact, SaaS and managed services will become the new norm. At the same time, the essence of work is going through a major transformation as well. More than ever, employees depend on each other to get their jobs done. Independent, siloed workforces evolve into one connected workforce. “As a result, a company needs a new culture of communication and collaboration”, Van de Walle continued. “In the digital workspace, collaboration tools are becoming the most crucial components. These applications should be easy to
roll out, to use and to maintain.” Generation X and Y employees are using the unique powers of social media and collaboration tools to get things done, as opposed to the baby boomer generation that is used to working in a pyramid or food chain organization. Enterprises, however, are rapidly evolving towards a flat structure – or a number of flat pyramids – where everybody communicates with everybody. Jobs are becoming less and less attached to physical offices and rigid office times. Employees also work from home or on the road. Once again, that’s exactly why collaboration tools are key in the modern digital workspace. As all employees have an online identity – on Facebook, LinkedIn or Azure AD – why can’t they reuse that identity for single signon purposes on their professional cloud applications as well? That’s just one example that shows the need for a new take on IT, with the innovative ideas often coming from the business side of the organization. Fifteen years ago, business IT was at the cutting edge of innovation, today the consumer sector leads the way as the early adopter of new technology, leaving corporate IT in the laggard position. “It does mean, however”, Van de Walle explained, “that technology is enabling innovation to happen anywhere and anytime. New technology can be rapidly adopted, the level of user experience is increasing, as well as business agility and flexibility.”
New technology promises to increase employee and customer satisfaction, productivity and efficiency, while reducing costs and delivering a predictable total cost of ownership at the same time.
SHIFTZ “The idea behind Shift It is that a lot of the required pieces for the puzzle are already present in the organization”, Van de Walle continued. “shiftz enables IT to transform from company-centric IT to user-centric IT. But in the end, there’s no solution that fits all.” First off, shiftz defines the drivers for change, followed by an assessment of the ‘as is’ situation and the definition of possible ‘to be’ scenarios. These scenarios are the starting point for a roadmap. The same approach is used for the three layers of the organization: technology, people and processes. “Success can only be achieved by combining the three layers. Technology alone is never the answer.” From an infrastructure point of view, shiftz advises companies to consider enabling virtual desktops, web-based applications, better networking solutions to improve user experience, mobile solutions, collaboration tools, single sign-on solutions, self service tools, and more. www.shiftz.be
27
BELGIAN INFRASTRUCTURE PROVIDER USES STORAGE SPACES DIRECT TO CREATE BLAZINGLY FAST STORAGE SOLUTION The Software-defined datacenter revolution began with virtualized servers multiplying and simplifying provisioning of compute resources. Software-defined efficiencies are now also making a big impact on the storage and networking systems in datacenters. Barton Systems - a subsidiary of Uptime Group, a leading Belgian provider of datacenter infrastructure services - has just released Barton, a turnkey Software-defined storage solution that is built on industry- standard hardware and the Storage Spaces Direct feature in Windows Server 2016. Barton is blazingly fast, economical to scale, and incredibly easy to manage, with rich disaster recovery options. As its customer data stores continued to expand and IT budgets shrank, Barton Systems sought an alternative to the traditional storage area networks (SANs) it usually recommended to customers. “The main challenges with classic storage solutions are cost and scalability,” says Johan Vermeulen, Infrastructure Solution Architect at Barton Systems. “When you need more capacity or performance, you have to buy a new storage shelf, involving proprietary hardware and management software, which is quite expensive.”
Using servers with local storage decreases complexity, increases scalability, and enables the use of storage devices that were not previously possible, such as SATA solid-state disks for lower-cost ash storage, or NVMe solid-state disks for better performance. “Storage Spaces Direct has two very appealing features,” Vermeulen says. “It removes the management burden of traditional storage, which requires an expensive, specialized engineer, and it makes capacity management so easy that a two-year-old can do it.” Simpler management comes in large part from the Health Service in Windows Server 2016, a set of automation features that significantly improve the day-to-day monitoring, operations, and maintenance experience of Storage Spaces Direct. Barton Systems used Storage Spaces Direct and other features in Windows Server 2016 to create Barton, a turnkey storage solution whose tagline is “Worry-free storage; just add power.” Barton combines industrystandard Tier 1 server hardware, Windows Server 2016, and Barton Glass, the Windows storage management console created by Barton Systems. It delivers flash-like performance at the cost of traditional disk-based SANs.
A recent trend in SANs is to move to all-flash systems. Their high performance and exibility to deal with all types of workloads are important benefits, but they come with a hefty price tag. “The market needs higher-performance, lower-cost, more easily managed storage solutions,” says Tom Verté, Managing Partner at Barton Systems.
GOODBYE RAID, SO LONG SAN: ENTERPRISEGRADE STORAGE, RUNNING ON WINDOWS Because of these customer needs, Barton Systems was excited to learn about Storage Spaces Direct, the centerpiece of the Software-defined storage capability in Windows Server 2016. Software-defined storage creates a virtualized network of storage resources by separating the control and management software from the underlying hardware. This can be used to create storage networks that may tie together large pools of storage resources that can appear as one virtual entity. Storage Spaces Direct enables organizations to use industry-standard servers with local storage to build highly available and scalable software-defined storage.
28
Barton Systems gained technical assistance from Acuutech, a UK service provider with deep experience working with Storage Spaces Direct. “Acuutech was an early adopter of Storage Spaces technology in the Windows Server 2012 R2 operating system and is a pioneer in putting cutting-edge Windows Server technologies to work in its own and customer datacenters,” Vermeulen says. “Its operational experience with Storage Spaces Direct was a great help, and it also facilitated Microsoft relationships for us.” In addition to Storage Spaces Direct, Barton uses Nano Server as the operating system for its solution’s underlying nodes, to benefit from that installation’s lightweight code base and attack surface. It uses Windows Server 2016 Failover Clustering to facilitate Barton scale-out and scaleup expansion. And it runs the Barton Glass management interface in Windows Server Containers, which provide easy portability should the host node fail or require maintenance.
SAN-FAST, AT A FRACTION OF THE COST
Spaces Direct,” Vermeulen says. “It has enough intelligence to do whatever needs to be done to keep the solution running. For example, if a hard disk breaks, Health Service first makes sure that the data on the disk is distributed to other healthy disks, and then it noties the administrator to replace the disk. Health Service provides the automation, and our management solution layers a graphical interface on top to make management of the solution extremely simple. Organizations don’t need expensive storage engineers to manage Barton.”
Barton Systems is pitching Barton as an enterprise-grade storage solution with all the features of traditional storage at a similar cost, but with the speed of a flash-storage system. “By using Storage Spaces Direct, we have been able to boost storage speeds by more than 10 times the IOPS and 8 times the throughput,” Vermeulen says. “Faster storage means you need less hardware, which drives down storage costs. If you do need more hardware, industry- standard servers are far less expensive than proprietary SAN hardware.” Verté says, “Barton offers unsurpassed simplicity for the system admin. Our storage services take care of every aspect of storage; not just the simple request for ‘some space to store data.’ It also keeps a close eye on its own health and any intervention needed to minimize the need for IT attention.”
Microsoft Operations Management Suite also plays a role in making Barton easy to manage. Barton uses the monitoring software to provide a “call home” function to notify Barton Systems administrators when it detects a problem in a customer’s installation so that they can fix it even before the customer is aware of it. Barton will also use Operations Management Suite to gather usage statistics across its installations so that it can improve the product and customer environments. “Using Operations Management Suite, we will be able to see how customers are using Barton, how hard they are pushing it, and its overall health in their environment,” Vermeulen says. “We will be able to tell the customer how much duplicate data they have, which times of the day have the heaviest and lightest storage traffic, and other metrics. We will use Microsoft BI tools and Microsoft Azure analytics to formulate trends at individual customer sites and across our customer base.”
Barton offers unsurpassed simplicity for the system admin. Our storage services take care of every aspect of storage; not just the simple request for ‘some space to store data.’ It also keeps a close eye on its own health and any intervention needed to minimize the need for IT attention.” INCREASED STORAGE SCALABILITY
FLEXIBLE MULTISITE DATA PROTECTION
Barton is also very easy to scale, especially compared to SANs, because Storage Spaces Direct makes it simple to increase capacity by adding more nodes. “Barton has infinite scale,” Vermeulen says. “Scale-out expansion is very simple; you just add another node to the cluster, and if you run out of nodes, you build another cluster. Barton supports converged storage, which is important for customers with existing SANs that cannot switch to an all-Microsoft solution at once. With a converged solution, these customers can gradually migrate to a Windows Server– based, Software-defined storage system.`
Barton uses the Storage Replica feature in Windows Server 2016 to provide asynchronous data replication at a second location, which allows customers to create affordable business continuity and disaster recovery between datacenters or clusters. “With Storage Replica, we can offer customers great exibility in creating data protection solutions with Barton,” says Vermeulen. “They can copy data offsite to another datacenter, to another cluster, to another part of the same cluster, or to a public cloud such as Microsoft Azure. Customers can also use Microsoft Azure Site Recovery to manage disaster protection in the Azure cloud or another location.”
PUSH-BUTTON-EASY STORAGE MANAGEMENT The Barton Glass interface makes liberal use of the Health Service in Windows Server 2016. “The Windows Server 2016 Health Service is just as important to us as Storage
29
30
31
ARCHITECTURE MATTERS HOW TO ATTAIN PUBLIC CLOUD AGILITY IN YOUR DATA CENTER Over the past few years an increasing number of technology leaders have proclaimed that their organizations are “all-in” on cloud. At one point, this was more a statement of interest in public cloud, but with more experience these leaders have learned that not all workloads belong in public cloud. Some workloads need to reside in their data center for compliance or to ensure predictable costs and performance. And those workloads need to be spun up, torn down and scaled with total agility.
Cloud native applications are typically built from scratch to run in a cloud environment such as AWS or Azure. Examples might include mobile applications and customerfacing web applications. These applications are designed to be highly scalable and written in a way that doesn’t assume much about the underlying infrastructure. To make this clear, an enterprise cloud must provide the infrastructure and services needed by traditional enterprise applications while also providing the ability to run new cloud native applications.
So, how does an organization attain public cloud agility in its data center? It comes down to the architecture of your enterprise cloud.
WEB SERVICES ARCHITECTURE
CLOUD PILLARS Enterprise cloud is defined by the National Institute of Standards (NIST) as having five pillars: self-service, elasticity, resource pooling, measurement and automation. Enterprise cloud must provide all of these - they are requirements for the modern data center.
Web services are the building blocks that underlay cloud. With a web services approach, infrastructure can be managed in a programmatic way, resulting in services that are both extensible and automatable. There are two success factors for web services:
ENTERPRISE AND CLOUD NATIVE APPLICATIONS
- Well-defined APIs to facilitate integration and automation - The right level of abstraction - working in the units of cloud (virtual machines, vDisks, containers, etc.) not the units of legacy infrastructure
An enterprise cloud must be able to run both traditional enterprise applications and cloud native applications efficiently.
Done correctly, individual services “snap together” like Lego blocks. And as with Legos, everything fits together easily to become part of a larger design.
Enterprise applications are largely pre-existing applications written in a style that makes assumptions about the underlying infrastructure that the application runs on. For instance, enterprise applications often run in a virtual environment such as VMware or Hyper-V. They also frequently expect that data protection, disaster recovery, and other services will be provided external to the application. Examples of enterprise applications include both in-house-developed applications as well as common applications such as Exchange, SQL Server, Oracle, and so on.
For example, Amazon Web Services (AWS) provides services for compute, storage, and many other functions in the public cloud that all work together seamlessly. Amazon CEO Jeff Bezos first mandated that every Amazon service have an API back in 2002. The success of both Amazon. com and AWS can in large part be traced back to this commitment to web services.
32
STORAGE SERVICES: THE MISSING LINK If you look at infrastructure in on-premises and service provider data centers, both compute and networking already work like web services. Compute has functioned like a Lego block for a long time - with hypervisors such as VMware (2001), Hyper-V (2008), and others - not to mention the potential of containers. Networking is also becoming a Lego block with products such as NSX from VMware and ACI from Cisco. Storage, however, has not followed suit. Storage industry players, old and new, may have some APIs, but their storage doesn’t fit easily with existing compute and networking building blocks. This is because they haven’t delivered on the second element necessary for successful web services; they don’t operate at the right level of abstraction. If you think about any of the popular hypervisors, all operations are at the level of the VM. Storage based on LUN-level abstractions will never fit seamlessly into an environment built around VMs, and the same holds true for containers.
THE TINTRI APPROACH Tintri has always taken a web services approach. By operating at the right level of abstraction - VMs and containers - Tintri storage will “snap in” to your cloud environment. A comprehensive set of REST APIs turn our storage services into Lego blocks. That allows Tintri to talk to other elements of your existing infrastructure, offering greater visibility and the potential to apply automation to significantly reduce management effort. Using this web services approach, Tintri delivers on all five pillars of enterprise cloud - offering the agility of public cloud in your data center. It’s an architecture that allows organizations to go “all-in” on cloud with total control of cost and performance.
33
This magazine was proudly sponsored by
34
35
www.uptimegroup.be