Feeds

SEC taps Scalent for disaster recovery

Economic recovery another matter

3 Big data security analytics techniques

The U.S. Securities and Exchange Commission - in charge of regulating the stock and options exchanges and enforcing the securities laws of the land - is worried about recovering from more than one kind of disaster. While the economic disaster looms large in our minds these days, the SEC's techies have also been worried about getting better system utilization, having more fluid disaster recovery for its systems, and lowering management costs for the systems that support its applications.

That is why the SEC today has become one of the high-profile customers for Scalent Systems.

VMware has been trying to make noise and position itself as the keystone in a so-called Virtual Data Center Operating System. But Scalent Systems started shipping a product that manages physical and virtual servers - meaning the provisioning of new bare-metal servers as well as the four possible conversions in a server stack: physical-to-physical, physical-to-virtual, virtual-to-virtual, and virtual-to-physical - with its Virtual Operating Environment, or V/OE, back in November 2005.

Initially, the 1.0 release of V/OE supported ESX Server and Xen hypervisors as well as Linux and Windows instances on them or bare metal, and with V/OE 2.0. Scalent added support for Solaris 10 on x64 or Sparc iron, including Solaris containers and LDom partitions. In May 2007, at the behest of a few big customers, Scalent added support for IBM's Power-based servers running AIX on bare metal or in PowerVM logical partitions.

With V/OE 2.5, the latest release, Scalent has worked with VMware and the Xen project and actually gave away some code to make Xen and ESX Server play better with V/OE, but thus far, according to Kevin Epstein, vice president of marketing and products, HP-UX support is not yet required by its customers - and neither is Linux on Power, which is a bit of a bone of contention with IBM, a reseller of V/OE.

While Epstein is not at liberty to say exactly what the SEC has in terms of iron and applications, here's the basic scenario - and it's one that most IT organizations struggle with. Developing and testing applications takes a lot of iron, and virtualization has been a boon because it allows programmers to test their code in a large number of virtual environments without having to physically provision servers. Provisioning test machines can take days to weeks, depending on the complexity of the software stack, so this is a tremendous time lag.

That is why a lot of application development organizations have lots of iron sitting around, doing nothing a lot of the time. Similarly, companies that need disaster recovery on their key workloads - and the SEC certainly does, since receiving and distributing financial reports for public companies is a central aspect of the economy - have lots of redundant iron sitting around, waiting for a disaster that (hopefully) never comes. That iron could be configured to run a massive number of test suites instead of creating heat, thereby getting applications qualified for production use all the more quickly.

With V/OE, companies can create a unified (but very likely physically distributed) server pool that lets production applications and development and testing environments grab the server capacity they need, while at the same time enhancing the overall disaster tolerance of the organization. This is, in fact, what the SEC is doing with its V/OE licenses.

V/OE is interesting not just because it allows for physical servers to be converted to virtual instances running atop Xen or ESX Server, or that it allows for the reverse to be done on-the-fly and redeploy a virtualize OS and application stack on a bare-metal server. It also allows for a stack of software deployed on Xen to be redeployed on ESX Server - and vice versa - or for a stack of software running on an IBM server to be reployed (with the right drivers and everything) on a Sun or Dell or HP box.

(Pity it can't convert Solaris on Sparc to Solaris on x64 applications. That takes real programmers and recompilation - unless you want to cheat with Transitive's QuickTransit emulator.)

This fluidity is one of the reasons why Scalent is, according to Epstein, will break through 50 customers and double-digit millions in sales in 2008. (The company still has under 100 employees, but is still growing despite the arduous economic environment). Wachovia and Electronic Data Systems were early customers (and have just been acquired by Wells Fargo and HP, respectively). So was Credit Suisse, which then turned around and kicked in some venture funding for Scalent because it liked the product so much. Blackboard, a company that does application hosting for educational institutions, also uses V/OE to manage its iron and applications.

Now that Microsoft has Windows Server 2008 and its Hyper-V hypervisor in the field, it won't be long before Scalent has to deliver support. Hyper-V is running in the labs now, but as a startup, Scalent has to limit its production products to the ones customers will pay for. "Hyper-V support is inevitable," says Epstein. The Xen hypervisors inside Novell's SUSE Linux and Red Hat's Enterprise Linux, which are compatible with V/OE as is the free-standing XenServer hypervisor from Citrix Systems. Thanks to a partnership between XenSource, the original creator of Xen and now part of Citrix, and Microsoft, Hyper-V is Xen-compatible, which means Hyper-V support should not be that big of a deal to deliver.

V/OE 2.5 costs $1,000 per physical server socket, which seems like a pretty reasonable price. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.