More Storage Please!!!
by Edward Popoola on February 23, 2012
(Part 1)
The business Development arm of the company just won a huge contract. The CEO announced it last week and there was a small-chops party to celebrate the win. It is going to be a good year after all. This week the Applications Development and Integration teams are hovering around your department, they need new servers with heavy specifications. This is not a problem, what bothers you however is the large amounts of disk space they have required, totaling into terabytes. And no, you cannot use your magic wand to reduce their specifications like you have done in the past.
The last inventory you did showed just a few gigabytes of space left all over your data center. Trouble is brewing.
This is an all too familiar scenario for Infrastructure teams of IT departments. There is this constant need for more storage. Terabytes used to be very very large a couple of years ago, but today, they never seem to be enough anymore, for anyone. This is not one of those realizations you shove off as being peculiar to only large organizations, enter the data center of any medium company today and you see the rate at which storage is being consumed. Even personally, I have 1.5 terabyte worth of external storage at home and it does not seem to be enough anymore. Phew!
What is to be done? The most logical solution is to get more storage, or better still, a data management solution. However, before you call your supplier to bring in another batch of SAN storage you should carefully plan for expansion since data will continue to grow. IT departments need to have a carefully planned strategy for data management. The last thing you want to do is to be reactive. Below are some of the things to consider before buying a data management solution.
Scalability
Scalability is the ability of a system, network, or process be enlarged to accommodate growth. With respect to storage systems, there is a need to acquire storage solutions that can scale over time. A storage that is not scalable will require users to copy out old data into a new bigger storage before they use it. On the other hand, a scalable system is expandable in a plug-and-play manner such that, old data will expand into the new storage, transparently, without hassles. A scalable system enables users to acquire storage as needed, rather than buying a mass of it and leaving it redundant till there is a need for it. A simple example. Your 1GB flash drive is not scalable. If you need to copy 1.1GB of data, you will need another flash drive bigger than 1GB. On the other hand, a scalable flash drive (if one exists) will provide an interface to extend the 1GB flash drive with any additional space to be able to accommodate your 1.1GB file.
tbc…
Starting a startup? The essence of building a complete team
by Edward Popoola on January 30, 2012
I was late in getting the details of Google’s sales stunt in Kenya where they essentially were feeding fat on another company’s data.
Though Google have since apologized for the behavior and have had some heads roll, it occured to me that there is a lesson for Nigerian Startups or any Internet startup for that matter, especially those dealing in potentially useful data.
Reading Mocality’s CEO’s description of how they got wind of Google’s activities on their data, I began to imagine how long this would have gone unnoticed (if ever noticed) had the team at Mocality not have as much technical knowledge of their business.
It is one thing to have a great idea for an Internet business, it is another to have the required technical skills to manage the nitty gritty of it. It is important for startups to build teams that can look after the nitty-gritty of the business. I imagined if the team at Mocality were just a bunch of Web designers with little knowledge of any form of data analytics, they would have lost out on potential sources of revenues.
This is from the Mocality’s blog post
“Our database IS our business, and we protect and tend it very carefully. We spot and block automated attacks, amongst other measures. We regularly contact our business owners, to help them keep their records up-to-date, and they are welcome to contact our call centre team for help whenever they need it”
It is not enough for a start up to want to solve a problem. It is also very important for startups to know what their valuable assets are and to have knowledge teams to protect such. This oversight is one of the many reasons why some startups die after failing to realize potential source of wealth leakages .
Beyond IT policy, why we need a Government CTO
by Edward Popoola on January 24, 2012
A new draft IT policy has just been released by the Nigerian Ministry of Communication Technology. Brilliant document if followed up by the appropiate will. The document has done a good job at harmonising the different IT policies that exist in different sectors of the Industry, what needs to follow now is a holistic approach to ensure that these policies translates to an increase in initiatives, connectivity and adoption.
I believe an action plan should follow this document stating what will be achieved, how it will be achieved and when, at least before the end of the Minister’s tenure in office. Such document will detail the different initiatives of the Ministry of Communications in line with achieving the objectives of the policy. Collaboration with the private sector will breed the ideas of what needs to be done for Industry growth. Within Government however, I believe time is now for the Nigerian government to have a Chief Technology Officer (CTO) or Chief Information Officer (CIO).
The role of the CTO will be to drive technology adoption initiatives within Nigerian Government agencies, its Ministries and its parastetals. These agencies already have IT heads or like technical directors who work in silos and adopt technology as they see fit for their agencies. This should change. To push the country towards a common goal of e-Governance, there is a need to have a CTO that will define the the country’s IT direction.
The CTO will work with these ministries IT heads to oversee technology, control and ensure due process in technology adoption across government. The individual will ensure that government IT follows a well planned path in a way to enable the e-Government initiatives of the Federal Government. This will ensure there is a common goal for buying and using technology in these agencies at any point in time.
For instance, one of the shortcomings identifed in the NNPC KPMG Audit report was that the NNPC does not have a working document management system and that key documents are scattered all over staff laptop and desktops. This probably is the scenario across other Government ministries too. A Government CTO will ensure this does not happen by making sure IT heads of these agencies are aware of what IT process to have in place.
A CTO with wide industry experience and deep private sector background is preferable for this role. Someone who is experienced enough to handle such scale of new and emerging technology across government, disciplined enough to ensure due process and young enough to push for change. I would think someone of the caliber of the CTO’s managing technology in Nigeria’s top banks or in telecommunications. The CTO will probably report to the Minister of Communications Technology.
While the minister will focus more on administration, policy and regulation, the CTO will handle the more technical issues like using locally developed software in government agencies, adopting Open standard technologies (so Government data is not vendor-locked in) and ensuring government data is kept secure.
Caught the Cloud computing bug yet?
by Edward Popoola on January 24, 2012
Hopefully not, at least until you have taken time out to understand what it means.
Every few years, the IT industry comes out with a big buzz word. More often than not, it is the re-invention or re-packaging of an existing technology. Remember when Ajax was making the headlines? Off course at that time, Javascript pros came out to tell us it is nothing more than Asynchronous JavaScript they have been using. Then came Service Oriented Architecture (SOA), Enterprise Architects explained how it was never really new. Then came the Cloud, hyped to be the solution to a lot of IT infrastructure headaches. Cloud is not much different from your traditional web hosting on the internet, with additional steriods though.
Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a metered service over a network cloud (typically the Internet). – Wikipedia
The main keywords in this wikipedia defination are ‘service’ ‘shared’ ‘metered’.
Traditionally, for an IT department to implement a new business application, they would need to acquire compontents such as hardware, operating system, web/application server and database software. This is the product view of computing. The idea of cloud is to free organisations from the need to make all these purchases and rather purchase an Infrastructure service.
As such, the cloud is a massive computing facility (remotely, on the internet or on site), that already has all the Hardware & software components needed to deploy enterprise applications.
A typcial cloud facility is made up of very huge computing resources,thousands of servers, network and storage systems, different types of application servers, web servers and database servers. All that needs to be done is for users to upload their business software into the cloud, and click away the deployment. Selecting their preferred operating system, disk resources, RAM, application server, web server etc. That way, the time to deploy an application is drastically reduced.
The beauty of the cloud however is the fact that you only pay for the computing resources you use and you can pay as you grow. A traditional on site deployment requires you to buy massive hardware upfront in anticipation for future growth, this ties up a lot of IT cash. To move an application into the cloud, all an organisation needs to do is to purchase a cloud service, where they can buy slices of hardware and software resources as needed.
For example, to deploy a heavy financial system software. A business will traditionally buy servers, SAN storage, Application server, (JBOSS, Websphere…), database software & license (Oracle, Mysql), Operating system licence(RHEL, Windows, Unix). Add that to the cost of network devices, monitoring servers etc.
To deploy this same application in the cloud, all they need do is to find a cloud provider (Red Hat, Amazon, Azure) and create an account , through a private WAN or the Internet. They upload their software, then through a GUI, they select all the components they would have bought normally as products. They select their required disk space, desired application and database servers..and then click ‘deploy’…and life is good! Maybe I’ve made it overly simplistic, but that is the cloud.
One of the distinguishing factors of a robust cloud is self-service. With self-service, you logon to the cloud and click away what you need, all by yourself. You don’t need to depend on an Infrastructure expert to add additional resources to your computing infrastructure or to enable additional capabilities. Most clouds today are very elastic, they expand and contrast as the need for computing resources changes. Remember those anonymous attacks on the companies that denied Wikilieaks access? It was said that Anonymous could not take down Amazon cloud with their DDOS attacks because it was elastic.
Cloud has simply commoditized computing. Adding more RAM or Storage to cloud applications is a matter of ”click here to increase your RAM or disk space by 10GB”, and then its done on the fly. That way, users deploy their application with as minimal resources as possible, then increase the resources seamlessly demand increase.
This saves a lot of money as cloud use is metered and users pay only for what they use. Businesses can invest cash wisely and grow their cloud infrastructure proportionately with their business growth instead of having to invest heavily in hardware only for the business to under utilize it. And because cloud resources are from a large pool of computing resources, it is way cheaper for cloud providers to maintain, hence making cloud services to be relatively affordable.
In future posts, I hope to talk about what you should consider before moving your application into the cloud.
Bitter SELinux
by Edward Popoola on January 22, 2012
Security Enhanced Linux is a Mandatory Access Control (MAC) built to complement the traditional Discretionary Access control(DAC) in *nix based systems( Think of read, write, execute rwx). SELinux is fast gaining ground as the hack-proof security to mitigate the impact of system compromise by a rougue process or a rogue user. NSA recently launched SELinux prove Android and the demand for SELinux experts might grow.
Lately I have begun to play with the Red Hat implementation of the SELinux in Red Hat Enteprise Linux 5 & 6. I would begin an how-to on SELinux and will try to present it here in as simple way as possible. While SELinux is difficult compared to a lot of other technologies on Linux, I will try to present it in a less bitter way.
Domains & file types
The simple idea of SELinux is to isolate processes into separate domains. i.e running system processes in a confined space such that even if those processes are compromised, the damage done will be limited to the confines the process and files its has permission on. This same theory is why administrators are adviced to run their applications as non-root user, so that should their application be taken over by a rougue hacker, the hacker does not own the system as root. The same idea is applicable to ‘chroot jail’ of web, dns and ftp servers amoung others.
Reasoning for SELinux is that in the lifetime of certain processes, there is a known number of files they modify. However, with the DAC in linux, it is often easy for administrators to give more than necessary permission to these processes. This is where MAC like SELinux comes in. So that despite an administrator’s lax DAC(rwx) permission, a process will never be able to modify other files.
For instance, a default apache process (httpd) does not have a business modifying any other file apart from those in the web server /var/www/html directory. So even if the system owner allows rwx permision (DAC) for the apache user on the /etc directory (using discretion), SELinux knows this is a strange behaviour (through an SELinux policy) and prevents the apache user from modifying files in the etc directory (mandatory).
The restiction placed on the apache process mentioned above is gotten from domains. In SELinux, only entities in certain domains are allowed to modify certain files/object type.
Imagine for a minute that only people in America are allowed to touch the statue of liberty. If anyone wants to touch that statue what do they need to do? They need to first move or be moved to America. Here, America is the domain, people are the processes and the statue of liberty are the files to edit. SELinux is built around domains & file types.
Now, in relation to SELinux, the /etc/shadow file is the file that stores enrypted user password for users on the system. The following is an SELinux security context for the /etc/shadow file:
[acl@rhel6 ~]$ ls -lZ /etc/shadow
----------. root root system_u:object_r:shadow_t:s0 /etc/shadow
I will explain the breakdown of this a little later. But the format for the above is. user:role:type/domain:level. (Files have types, while processes have domains).
In the above, the /etc/shadow file is of type shadow_t. To edit this file, a process must be in the password domain called passwd_t (according to an SELinux policy)
Hence, when a user (acl) runs the password application to change his password:
[acl@rhel6 ~]$ /usr/bin/passwd
Changing password for user acl.
Changing password for acl.
(current) UNIX password:
The passwd application will transition into the passwd_t domain to be able to edit the /etc/shadow file. This can be seen in the output below:
Context of the /usr/bin/passwd executable
[acl@rhel6 ~]$ ls -lZ /usr/bin/passwd
-rwsr-xr-x. root root system_u:object_r:passwd_exec_t:s0 /usr/bin/passwd
Context of the /usr/bin/passwd process
[acl@rhel6 ~]$ ps -efZ | grep passwd
unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 root 8155 8068 0 13:24 pts/6 00:00:00 /usr/bin/passwd
The implication of this is that, even if a process goes rogue, the process must first explicitly transition into the passwd domain. Any process outside of the passwd_t domain cannot modify the password file.
Also an apache (httpd) process within its httpd_t domain cannot modify files that only processes in the shadow_t domain are allowed to modify.
So essentially, processes are confined into domains so they do not do things they are not supposed to do.
Google takes out Nigeria from its 2 factor Authentication?
by Edward Popoola on January 21, 2012
At around the launch of Google+, a friend, Tim Akinbo had written a blog post on why every gmail account owner should be using Google’s 2 factor authentication to further reduce the chances of someone’s email being hacked. As a Gmail user, I went on to activate 2 factor authentication on my account without any hassles.
I have been impressed with the service after using it for a couple of months, and I felt the need to refer a friend to do same. To my surprise however, my friend could not find Nigeria on the list of countries, preventing him from proceeding with enabling the security feature. Before crying foul, I logged into my account to verify what country is attached to my profile; it was back to the default, Afghanistan (starting letter A).
The 2 factor works by asking you to provide a phone number (and a corresponding country) with which to recieve a ‘code’ to login to your email account, in addition to your password. The country you select determines what phone number pattern you should have. However, with Nigeria removed from the list of countries, Google has effectively denied new Nigerians users from using the service. My 2 factor authentication service still works though.
As I write this post, I’m appalled and at the same time worried on why Google would remove Nigeria from the list of countries that could use two factor Authentication. Was it a system mistake, an engineer’s oversight, a deliberate attempt to alienate? Could this have been as a result of the conclusion in the “Mugged in Madrid” hacking story, where the author mentions that his gmail account hacker could have been from Lagos, Nigeria?
Google had better not be evil on this one! Google Nigeria note this!
Noting all other Google’s strange behaviors
Update: Could Google just be human after all? They were definitely evil on this one. Update: Focus on the User
occupyNigeria Protests
by Edward Popoola on January 15, 2012
When a people, being governed by a wasteful, corrupt and inept government, decide to take their country back, there is little you can do to stop them.
Throughout last week, Nigeria was on a nation wide strike. The Government suddenly kicked off its deregulation of the oil sector , by removing fuel subsidies, causing over a 100% increase in the price of gasoline (Petrol). Not that deregulation in itself is bad, what followed was a series of rhetoric on what the government plans to use the cash accruing from subsidy removal to do. Building roads, hospitals, etc… Nigerians are all to familiar with this promises and as such took to the streets to protest the unjust fuel price hike.
In the spirit of solidarity, I took side with the Nigerian people by joining the protest which is tagged #occupyNigeria. These are just a few of the numerous shots I took.
I also reconnected with the publisher of Technology Times , Mr. Shina Badaru
Gbenga Sesan and Shina Badaru
A short Rant about noise in the Data Center
by Edward Popoola on January 15, 2012
Its the end of the month. Deadline is a day away for report submission. All departmental heads are getting ready for the month end meeting with the CEO. As everyone logs into the ERP application to generate report, the application drags as
massive data is being pulled left, right and center. The application performs heavy queries, the databases read the hefty data files on your disk storage, and all of a sudden the noise in your DC increases…
PS: Hopefully one day, I’d be able to finish this rant…sorry!
