Saying Goodbye To Old Hardware Responsibly

Last year we renewed our SAN storage and our backup systems. They had been serving us for 5 years and where truly end of life as both technologies uses are functionally obsolete in the current era of virtualization and private clouds. The timing was fortunate as we would have been limited in our Windows 2012, Hyper-V & disaster recovery plans if we had to keep it going for another couple of years.

Now any time you dispose of old hardware it’s a good idea to wipe the data securely to a decent standard such as DoD 5220.22-M. This holds true whether it’s a laptop, a printer or a storage system.

We did the following:

  • Un-initialize the SAN/VLS
  • Reinitialize the SAN/VLS
  • Un-initialize the SAN/VLS
  • Swap a lot of disks around between SAN/VLS and disk bays in a random fashion
  • Un-initialize the SAN/VLS
  • Create new (Mirrored) LUNS, as large as possible.
  • Mounted them to a host or host
  • Run the DoD grade  disk wiping software against them.
  • That process is completely automatic and foes faster than we were led to believe, so it was not really such a pain to do in the end. Just let it run for a week 24/7 and you’ll wipe a whole lot of data. There is no need to sit and watch progress counters.
  • Un-initialize the SAN/VLS
  • Have it removed by a certified company that assures proper disposal

We would have loved to take it to a shooting range and blast the hell of of those things but alas, that’s not very practical Smile nor feasible Sad smile. It would have been very therapeutic for the IT Ops guys who’ve been baby sitting the ever faster failing VLS hardware over the last years.

Here’s some pictures of the decommissioned systems. Below are the two old VLS backup systems, broken down and removed from the data center waiting disposal. It’s cheap commodity hardware with a reliability problem when over 3 years old and way to expensive for what is. Especially for up and out scaling later in the life time cycle, it’s just madness. Not to mention that those thing gave us more issues the the physical tape library (those still have a valid a viable role to play when used for the correct purposes). Anyway I consider this to have been my biggest technology choice mistake ever. If you want to read more about that go to Why I’m No Fan Of Virtual Tape Librariesimageimage

To see what replaced this with great success go to Disk to Disk Backup Solution with Windows Server 2012 & Commodity DELL Hardware – Part II

The old EVA 8000 SANs are awaiting removal in the junk yard area of the data center. They served us well and we’ve been early customers & loyal ones. But the platform was as dead as a dodo long before HP wanted to even admit to that. It took them quite a while to get the 3Par ready for the same market segment and I expect that cost them some sales. They’re ready today, they were not 24-12 months ago. image

image

So they’ve been replaced with Compellent SANs. You can read some info on this on previous blogs Multi Site SAN Storage & Windows Server 2012 Hyper-V Efforts Under Way and Migration LUNs to your Compellent SAN

The next years the storage wares will rage and the landscape will change a lot. But We’re out of the storm for now. We’ll leverage what we got Smile. One tip for all storage vendors. Start listening to your SME customers a lot more than you do now and getting the features they need into their hands. There are only so many big enterprises so until we’re all 100% cloudified, don’t ignore us, as together we buy a lot of stuff to. Many SMEs are interested in more optimal & richer support for their windows environments if you can deliver that you’ll see your sales rise. Keep commodity components, keep building blocks and from factors but don’t use a cookie cutter to determine our needs or “sell” us needs we don’t have. Time to market & open communication is important here. We really do keep an eye on technologies so it’s bad to come late to the party.

Heads Up On Microsoft Security Bulletin MS11-047: Vulnerability in Hyper-V Could Allow Denial of Service (KB2525835)

Well, it’s patch Tuesday again, and here’s a quick heads up to all people using Hyper-V.  I would like to point your attention to http://www.microsoft.com/technet/security/bulletin/MS11-047.mspx.  This security bulletin deals with a vulnerability in Hyper-V that could allow a denial of service as mentioned in knowledge base article 2525835 which can be found here http://support.microsoft.com/kb/2525835. As you can read the severity rating is important, not critical. If you want to manually download the update you can get it here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c9c6c36d-a455-42f7-b7d4-9fb9824c07cb

This is, if I’m not mistaken, only the third security fix for Hyper-V since the Windows 2008 era. That is not a bad track record at all! Now look at the information available under mitigating factors:  An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. Now that isn’t too much to ask from your virtualization infrastructure I hope. If it is, we need to talk. As the time of writing, no known exploits are out in the wild.

So review this and plan to deploy this at your earliest available maintenance windows. When you’re running a cluster with Live Migration you can do this with no downtime for the guests what so ever as it requires a restart.

Malta or the Microsoft BitLocker Administration and Monitoring (MBAM) Beta.

You have to hand it to Microsoft. At the moment a customer is contemplating buying MDOP they announce  a sweet added benefit with that package, code named “Malta” or the Microsoft BitLocker Administration and Monitoring (MBAM) Beta. You can sign up for this via the connect page and the Béta is expected in March 2011, yes this month. Would be nice to see how it holds up in use.

According to the Connect site Malta is a BitLocker management solution that will enable IT to more easily deploy and manage BitLocker volume encryption technology across the enterprise. Using Malta:

  • IT can automate the process of encrypting volumes on client machines across the enterprise
  • Helpdesk can reduce the time required for BitLocker PIN and Recovery Key information
  • Security officers can quickly produce reliable evidence that indicates the compliance state of individual computers or even the enterprise itself.
  • Security Officers can easily audit access to Recover Key information.
  • Windows Enterprise users are empowered to continue working anywhere knowing their corporate data is protected.

Look people even if you just a low profile outfit, don’t become road kill because some bad guys got to your data and published or sold it. Protect your assets and reputation. The technology to do this is available and it’s getting better and better. You do have to use it to be protected, so to paraphrase Nike, just do it. When your CFO forgets his laptop on the commute train he’ll thank you for it. More info on the Microsoft TechNet page Microsoft BitLocker Administration and Monitoring (MBAM)