don's diatribe xviiicmgcanada.altervista.org/presentations/2016 apr... · cmg canada - april...

CMG Canada - April 20, 2016 Copyright © 2016 Vatic Technologies Limited, All Rights Reserved 1

Vatic TechnologiesArchitecture Planning for Technology

Don’s Diatribe XVIII

Don MeltonVatic Technologies Limited

[email protected]


DisclaimersAll opinions expressed in this presentation are those of the presenter and are not necessarily those of Vatic Technologies.All of the issues, discussions, and opinions in this presentation have been drawn from publicly available information.All trademarks are the respective property of the trademark owners.


IntroductionThis presentation tries to identify some of the most significant recent technology changes and elicit comments and discussion on them.As part of my job as a consultant I try to know a little bit about many things and a lot about a few things. This presentation represents an accumulation of the former.You may find some of these issues provocative, that’s intentional. ☺


General Slide FormatCategory

ComponentIssue

comments, and backup materialMy “take” on the issue. (☺=omg! or =wtf? or =meh)Your $0.02


Topics1) Architecture: Virtualization2) Architecture: Internet of Things3) Architecture: “API Economy”4) Security: Encryption5) Security: Attack Vectors6) Operating Systems: Mobile7) Operating Systems: Windows (Windows 10)8) Platforms: Internet (IPV6) 9) Networks: Wireless10) Architecture: “Big Data”11) Architecture: HTML 512) Architecture: “Personal Datacentre”13) Architecture: “Cloud Computing”14) Security: Privacy15) Operating Systems: Windows (Windows 7/8)16) Operating Systems: Windows (Windows XP)17) Platforms: zSeries18) Platforms: Mobile vs. PC19) Platforms: BYOD/CYOD20) Further Discussion


Architecture: VirtualizationNetwork

Move control-plane functions to softwareNFV for carriers, router/switch for the rest of us

ComputeMigrated from servers all the way to end-point (e.g. Win7+ Hyper-V)

StorageEthernet connect HD?

Hyper-ConvergedPut all the virtualized controls in a single server?Mainframe/mini-computer?

☺ Easier to upgrade and remediate problems☺ Automate datacentre configuration based on customer request or SLA

Easier to attack/compromise (attack the “control plane” software)


Architecture: Internet of ThingsNetwork

Massive number of devices require IPv6 or equivalent

Bandwidth limitationsOne of the goals of 5GUse customers existing network (i.e. WiFi)

ComputeLow-power processors for sensors (energy harvesting)High-end processors for analysis (Big Data)

StorageBig Data scale storage

Business driver is data collection not end-user functionality1st to market results in little/no emphasis on reliability/availability/security/etc. (e.g. access to home WiFi via LED light bulbs, no “manual override” in some designs, how to distribute updates, etc.)Privacy erosion (e.g. Internet connected Barbie™)Product obsolescence due to reliance on internet/”cloud” serversCurrently no interoperability standards


Architecture: “API Economy”We used to call this “Services Oriented Architecture”

API is SOA without the “A”The “A” is for Architecture

Hot new thing – very difficult to implement – vendors have product but you need an architecture (the “A” in SOA).

InfrastructureThinking of infrastructure as a set of services shouldn’t be new

Need to develop patterns (like the SOA for applications) to help people understand the value.

The complexity of computing solutions today requires an abstraction layer. Architecture, (Application, Data, and Infrastructure) should provide that abstraction.

☺ Virtualization technology is slowly making this possible – Architecture is a conceptual virtualization of the IT systems.

☺ Cloud requires SOA infrastructure.Unfortunately current API’s seem to be ad-hoc and proprietary (Perhaps to drive vendor lock-in?)


Architecture: “Big Data”Big Data is the “New Black”

Should be familiar to Capacity Planning peopleMassive amounts of information (logs, SMF, performance monitors)Search for correlations and then determine Cause & Effect

Data Analytics toolsTools being provided to business may be re-purposed to do capacity planning?

Planning for “Big Data”Experience with managing CP data stores can be leveraged againstbusiness dataNeed to include security & privacy issues in plans

Capacity planners always seem to be “The Shoemakers’ Children”


Architecture: HTML 5HTML 5

Latest version from W3Chttps://w3c.github.io/html/ (HTML 5.1)Includes DRM supportStill in draft status

Supported in most current browsers

Some web-sites are HTML5-only (problem if your browser doesn’t support it)DRM support will make it possible to “hide” source from the browser user. A compliant browser won’t show you everything that is going to be run on your computer in View-Source.Media support (video, audio) has been reported to be very resource intensive (i.e. works only on current generation technology)


Architecture: “Personal Datacentre”Personal Datacentre-in-a-box

Starts out as a NAS, becomes full-blown home serverFile server (even iSCSI), Media server, LDAP, SMTP, FTP, DropBox, Torrent, Syslog, Diaspora, …Multiple LAN segments (segregate Home/Guest access)

E.g. (Synology, QNAP, …)“FreedomBox” (http://www.freedomboxfoundation.org)

Configuration is still a bit of a chore (Linux under the covers)

Unlikely to integrate with “Walled Garden” services (Twitter, Facebook, etc.) because it undermines their business model.Needs a support model for typical consumer (maybe ISP?) (e.g., recent TOR-in-a-box gateway had default WiFi ID admin/admin.)

☺ Could be the beginning of personal “Hybrid Cloud”☺ Could provide balance for privacy (My Data – My Server)


Architecture: “Cloud Computing”“Cloud Computing” just Keeps On Truckin’

SaaS/PaaS/IaaS/AaaS by another nameUltimate outsourcingConcerns regarding security, integrity, availability

I’ve seen an Amazon “Elastic Computing” Cloud server “probing” my web server for vulnerabilities

Can provide consumer mobilityConsistent applications across devices

Interoperability is an issue

All the issues with outsourcing with a much smaller “stick” on the consumer side.Single point of “access” for all data raises security/privacy concerns.

☺ In-sourced “cloud” may be the driver of infrastructure architecture.


Security: PrivacyPrivacy

Social Networking SitesSecurity settings are obscure and non-intuitiveNeed to remember that these sites are trying to make a profitWorm distribution via social networkingAPI’s allow access to user profileIncreased aggregation of data (i.e. Facebook Mail, Facebook “Home”)

Social Networking services use private information to generate revenue. “TANSTAAFL”.Big Data

Hard to anonymize public data setsMultiple data sets from different sources are joined

☺ Some progress on formalizing the “privacy” of anonymized data (recent Communications of ACM)Traffic Snooping (MITM)

Hi-jacking of AS’s (Autonomous Systems) to re-route trafficvarious TLA organizations

CA compromisesE.g. Google, MS

The internet backbone has little/no security controlsMonetization of internet management provides incentive for less-than-reliable Certificate Authorities


Security: Attack VectorsAttack Vectors

What’s Out:E-mail Viruses

What’s In:Ransomware

Hospitals, critical infrastructure, small businessScanning for infrastructure flaws

Some home/ISP-provided routers have flaws/back-doors that enable accessSocial Site Hacking

Twitter, Facebook “Applications”Malicious mobile “Apps”

Phone is the new “PC” (except no “AV”)Drive-by

No clicking required, Code “injection”Social Engineering

Telephone calls to “fix” your infected computerPoint Of Sale exploits

Poorly implemented POS systems (ineffective PCI certification)The bad guys will continue to win until the end-points [e.g. home computers] are secured [or “un-hackable”].“Safe” computing tends to be less “exciting” [i.e., no scripts, no Flash, no HTML e-mail, …]Proliferation of end-points: “Wetware”, SmartPhone, SCADA, …


Security: EncryptionEncrypt Everywhere?

“Lets Encrypt”free certificates (web site authentication only)seems to only be supported on *nix boxes right now (i.e. no code to auto-update Windows server certs)

Encryption considered harmful?Law enforcement “going dark”

Apple vs FBIGovernment regulation

Recent U.S. bill to require encryption-bypassSimilar regulation occurring in the U.K./E.U.

System managementMore difficult to detect malware

☺ Cheap/free encryption can set a baseline for PII protection☺ Vendors/manufacturers are siding with consumer with privacy protection

Vendors maybe just trying to avoid litigation “What I don’t know can’t hurt me.”Sad that privacy protection appears to have been delegated to the private sectorSome browsers (Chrome?) starting to mark non-HTTPS sites as “evil”, but not all sites needencryption (i.e. brochure-ware site)


Operating Systems: MobileAndroid vs. Cyanogen

Android (Open Source from Google)Apps locked to Google storesProprietary device drivers

Cyanogen (Open Source from Cyanogen)No lock-inNo proprietary driversModify & use in products

Windows 10Includes a version for IOT devices

MS wants a piece of the IOT market?

☺ Cyanogen provides opportunity to use local applications without “rooting” device

☺ Could provide base O/S for Internet of ThingsNot sure that I want/need my refrigerator running Windows


Operating Systems: Windows (Windows 10)Windows

Windows 10“Free” upgrade?“Auto-upgrade” marketing patch to Windows 7/8?End of chargeable O/S?Is this Microsoft’s “Cloud Client” O/S?

No personal experience“Free” will probably come with caveats to lock-in users (the “App Store” model effectively does this)Apparently some PI data is collected and sent back to MS and is very difficult to disable entirelyWin7 machines being auto-upgraded without user consent?


Operating Systems: Windows (Windows 7/8)Windows

Windows 7Virtual XP modeCannot join a non-AD domainXP now out of support

My clients have mostly moved to Windows 7Some have been “upgraded” to Windows 10 unintentionallyDon’t know if it’ll work with a Samba “domain controller”“Quirky” UI (e.g. Windows Explorer)

Windows 8Not for business?Un-enthusiastic response from many users

No personal experience


Operating Systems: Windows (Windows XP)Windows

Windows XP is now end of supportSome users still migrating to Windows 7

Large government sitesSpecialized driver requirements (e.g. CNC machines)

WorkaroundsRun XP in VM disconnected from internet

Expensive migration if not synched with H/W lifecycle Vatic Technologies’ upgrade still in work (critical XP-only applications, and a non-AD domain controller)Lack of backward compatibility (I’m spoiled by IBM S/360 ☺)


Platforms: zSeries“z” systems on the Internet

Growing interest in finding/analyzing on-line systemsSoldier of Fortran (Philip Young) http://mainframed767.tumblr.com/See recent SHARE Seattle keynoteA lot of universities, but also government, business

Some “It’s a mainframe, therefore, it’s secure.”

☺ Good to see someone recognizes “mainframe” as a current platformIt’s not clear whether the system owners have considered securityShouldn’t these things (at least some of them) be behind a VPN Don’t know what Audit or a “Pen test” would find.Some people have been critical of Young’s work


Platforms: Internet (IPV6)Internet

IPV6IANA IPV4 addresses have all been assigned, ARIN ran out in September 2015, although AFRINIC seems to have a few left.(see: http://www.potaroo.net/tools/ipv4/index.html)Is being rolled out within carriersEvery device gets a “static” IP? Every device is routable at the internet level?No NAT standard (a few IEEE drafts)

No simple, low-cost, sub-netting☺ Static IP which makes running local services easier? (home web server)

Static IP makes privacy harder? (everyone knows who you are)☺ Static IP make authentication possible? (similar to caller-ID)

Changing ISP may require re-numbering your network (no NAT)Consumer-grade Gateway/Routers not widely available


Platforms: Mobile vs. PCMobile (Phone/Tablet)

Apple, BlackBerry, Google, all have productsInternet “consumption” devicePriced FTW ($0.00 with a plan)Walled Garden (end of “generative internet” – Communications of the ACM)Security (no Firewall, optional encrypted local storage, …)

☺ Synergy of VOIP, embedded 802.11, and WiFi hotspots may ease bandwidth issues.

☺ “Locked down” nature of mobile may help overall security (but bad code still seems to make it in)

PC (Mac/Windows/Linux)PC sales declining

Expected? since majority of users are consumersWindows 8/10 doesn’t help but it’s not the root cause

PC prices will rise due to loss of scale


Platforms: BYOD/CYODBring/Choose Your Own Device

Employees use consumer-grade devices for the businessImproved employee contentment/productivityJustify 7x24 employee availability

ChallengesHow to split business/personal usage charges?Separation of personal/business applications & dataProliferation of device types to be managedProliferation of vendor purchasing agreements

☺ BYOD eliminates cost of providing employee deviceBYOD employees may become disenchanted with 7x24 availability expectations when they are paying the bill.Conflicts around personal/business use are likely to drive separation of devices again.IT and purchasing will have to “staff-up” to support additional devices and this may offset cost savings.


Networks: WirelessWireless

IEEE 802.11nNow an official IEEE standardMust use 5GHz band and MIMO to achieve advertised data rates

IEEE 802.11ac (1+Gbps) 802.11ad (7+Gbps)Uses 60GHz spectrum802.11ac/ad being delivered now

Driven by media consumptionWatch streaming video on phone/tablet

“Cognitive” radioDevices communicate and collaborate to achieve goalWho sets the goal? (Customer:increase usability, Provider:increase profit)

Increase in 802.11 deployments will result in increased interference and lower data rates.802.11a deployments will be susceptible to interference and 60GHz range issues.“Wait and see” on cognitive radio issues.


Wrap-up


Notes

don's diatribe xviiicmgcanada.altervista.org/presentations/2016 apr... · cmg canada - april...

Documents