Information protection war in year 2010 and beyond

Year 2010 is almost ending within few days and we’re embracing 2011. The question remain what would future hold for us as usual. As for business we can look back one year to see the changes and do some predictions.

Year 2010 has been shift for most of the business about how they do business using information technology. Virtualization has been one of the key factor in the IT industry to change the phase how IT can align for the business with the ever changing, demanding requirements.

Never the less information has been the critical assets for every business. Protecting the business data has been and will be the key requirements in 2011 as well. As we all know the data availability and accessibility has been demanded by most business workers and information workers with much freedom. Be it with their mobile device, Apple iPad, from home computer workers need freedom. CIO’s need to face with never ending  challenge of allowing data accessibility out of their corporate firewall but still maintain the confidentiality and integrity of the data without getting caught with information leakage.

According to survey’s carried out by various vendors information/ data loss is a primary concern for every business. Year 2010 has been a eye opener for SMB as well about the awareness about this and the risk they carry on protecting the company vital data. As a result, all SMBs saw tangible losses last year, chiefly downtime,theft of corporate data or theft of customer or employee personally
identifiable information. The leading direct costs experienced as a result
were the loss of productivity, revenue and direct financial costs

Data loss can be due to various reasons and some of them are,

1. Employee Mobile device lost (Laptop, Mobile phone, PDA..etc)
2. Cyber Attacks
3. Employee illegally taking data
4. Business Partner illegally taking data

So the key questions remains as always, how to protect the company critical assets and have total control over it. So let have a look at some of the basic steps companies can take into minimize the data loss,

1. Educate the employees – No matter how strong your security as long as your users are weak on using it or aware about it. At least they should be given training and aware about the company policies and also how to safe guard the company assets.

2. Categorize the data and carry out information protection plan – This is a job need to be overlook by IT Manager / CIO about the company assets with the help of the top management. Identifying and categorizing the data will allow them to apply the proper protection plans. (Eg: Encryption technologies, access control, auditing..etc)

3. Data Backup Plan and disaster Recovery – This topic need no introduction and need to reevaluated by each and every company about the effectiveness of their current procedures. SMB can consider about online data backup as their DR solution to safeguard their company critical information.

As per my understanding the tools you need to protect you data is within your reach but questions remains how far you’re using it effectively. As an example mobile devices can be encrypted by using Windows Vista, Windows 7 BitLocker technology. Microsoft carry out different guidelines how can you protect your laptop devices by using the mobile encryption technologies. More information can be found over here.  Companies can meet their governance, risk, and compliance  (GRC) by following the guidelines and tools provided by Microsoft IT Compliance Toolkit.

These are small portion of free tools you have within your grasp to secure your existing environment. With the never ending battle of security and user flexibility you need to arm with these tools and more. In future articles I’ll cover about some of these tools in detail manner.

References:

http://www.symantec.com/about/news/release/article.jsp?prid=20100621_01

http://www.microsoft.com/Presspass/press/2010/apr10/04-05MSRSAPR.mspx

http://msdn.microsoft.com/en-us/library/bb934049.aspx

Dynamic Memory allocation with HYPER-V R2 SP1

It’s been some time Microsoft has released the Windows 2008 R2 SP1 RC (Release Candidate) in that on of the a killer feature is “Dynamic Memory” allocation. So what exactly is Dynamic memory? is it similar to VMware memory overcommit? Dynamic Memory is a way for the hypervisor to over-subscribe the memory resources to virtual machines, not overcommit them.   You can find more information about the term overcommit in here.

It is not a way for virtual machines to use more memory than is in the box.  It is essentially a way for the virtual machines to share the memory resources of the hardware in a more effective way.   It is essentially allowing the Hyper-V platform to dole out resources as virtual machines require, vs. being constrained to fixed resources.

So how does it work? Before jumping in to that question let’s have a quick understanding how it works. First of all there will be certain amount of memory will be allocated to the host PC and this will be not released for the guest PC’s usage. Second using the Microsoft latest HYPER-V drivers (aka enlighten drivers) guest PC’s and host PC’s constantly communicate about the memory requirements. This addition or removal of memory is implemented using the driver enlightened architecture (VSP/VSC/VMBus) of Hyper-V. On the host side, the Virtual Service Provider (VSP) arbitrates the allocation of physical memory resources between the virtual machines running on the host. On the virtual machine side, the Virtual Service Consumer (VSC) collects the information to determine virtual machine’s memory needs and executes necessary operations to add or remove memory.

Dynamic memory

Dynamic memory architecture

In order to be able to dynamically add memory to a virtual machine, Dynamic Memory requires that the virtual machine’s guest operating system include a kernel enlightenment that supports Dynamic Memory.

So what Operating systems will support Dynamic Memory feature?
· Windows Server 2008 R2 Standard Edition SP1*

· Windows Server 2008 R2 Enterprise Edition SP1

· Windows Server 2008 R2 Datacenter Edition SP1

· Windows Server 2008 R2 Web Edition SP1*

· Windows Server 2008 Standard Edition SP2*

· Windows Server 2008 Enterprise Edition SP2

· Windows Server 2008 Datacenter Edition SP2

· Windows Server 2008 Web Edition SP2*

· Windows Server 2003 R2 Standard Edition SP2 or higher*

· Windows Server 2003 R2 Enterprise Edition SP2 or higher

· Windows Server 2003 R2 Datacenter Edition SP2 or higher

· Windows Server 2003 R2 Web Edition SP2 or higher*

· Windows Server 2003 Standard Edition SP2 or higher*

· Windows Server 2003 Enterprise Edition SP2 or higher

· Windows Server 2003 Datacenter Edition SP2 or higher

· Windows Server 2003 Web Edition SP2 or higher*

· Windows® 7 Enterprise Edition

· Windows 7 Ultimate Edition

· Windows Vista® Enterprise Edition SP2

Note: According to Microsoft documentation the Beta release of Service Pack 1 does not support Dynamic Memory for the operating systems marked with an asterisk (*) above. However, support for Dynamic Memory for these operating systems will be added in a future release of SP1

Once you’ve applied the SP1 on a Windows 2008 R2 host and look into the guest machine’s settings page it would be as follows,

image

As you can see in there are few changes in the memory allocation area.  To enable the dynamic memory feature you need to select the relevant tab and select the minimum and maximum memory for the guest PC.
The Memory Buffer setting specifies the percentage of memory, based on the workload of the virtual machine, that Hyper-V should try to reserve as a buffer.

Where as memory priority will consider about the which VM can get the additional memory in which priority order. If you have several VM’s you can select which VM should get additional memory initially with highest priority and which one should be least priority considered.

Once these features are enabled you can view the memory usage by each VM’s by following methods,

· Using the two new columns available in the Virtual Machines pane of Hyper-V Manager.
image

· Using the new performance counters included in Service Pack 1 for Windows Server 2008 R2.

Performance Counter

Description

Added Memory

The cumulative amount of memory added to VMs.

Available Memory

The amount of memory left on the node.

Average Pressure

The average pressure on the balancer node.

Memory Add Operations

The total number of add operations.

Memory Remove Operations

The total number of remove operations.

Removed Memory

The cumulative amount of memory removed from VMs.

Performance Counter

Description

Added Memory

The cumulative amount of memory added to VMs.

Available Memory

The amount of memory left on the node.

Average Pressure

The average pressure on the balancer node.

Memory Add Operations

The total number of add operations.

Memory Remove Operations

The total number of remove operations.

Removed Memory

The cumulative amount of memory removed from VMs.

Dynamic memory feature is not something you should keep on enabling for all the VM’s. Certain application may perform poorly under this feature enabled. If you know the exact usage amount of memory by an application or OS then don’t change it to Dynamic which may not give any advantage. As for now top of my mind I can see Exchange and SQL as such applications.

VDI solutions can greatly benefit from this option. So if you’re planning to implement VDI solution this is a killer feature.

As of now Microsoft keep on improving the features offered in the HYPER-V  hyper visor. This is a good news for the customers who are in the stage moving to virtualization and also customers who are in mixed mode.