(David Heath, ITWire) You'd think that a virtualized environment would be a safe way to encapsulate a server, but that appears to be far from the truth. Earlier this year, Gartner released its own research  into the security of virtualized environments.  The results weren't pretty.  Gartner estimated that by 2012, 60% of virtual servers will be less secure that the physical servers they replace, although this is expected to drop to 30% by the end of 2015.

The Gartner report identified six major categories of risk:
- Information security isn't initially involved in the virtualization projects
- A compromise of the virtualization layer could result in the compromise of all hosted workloads
- The lack of visibility and controls on internal virtual networks created for VM-to-VM communications blinds existing security policy enforcement mechanisms
- Workloads of different trust levels are consolidated onto a single physical server without sufficient separation
- Adequate controls on administrative access to the hypervisor/VMM layer and to administrative tools are lacking
- There is a potential loss of separation of duties for network and security controls

"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."  However, according to a BeyondTrust spokesman, "that hasn't stopped 90% of virtualized data centers from putting their most sensitive data on virtualized servers."

(Maxwell Cooter, CIO) The battle for email cloud is set to heat up as enterprises start to rethink their email strategies, that's according to Forrester chief analyst, Ted Schadler.

In a new Forrester report, Four Giants Compete For Your Cloud Email Business, Schadler explains how the advent of cloud services is going to shake up enterprises' spending on email.

Email is going to the first large-scale cloud application wrote Schadler. "The reasons are simple: Email in the cloud is cheaper; it will evolve faster; and it is a commodity application that an email provider can run." Not only that, it's a great test bed to master the issues of cloud computing providers. And we're not talking about being a little cheaper either. Cloud-based email is going to be a lot cheaper "unless you're a 50,000-person company with a highly centralised email platform or you run hardware and software until it's old and crusty and a decade behind the times." Schadler wrote.

But when it comes to deciding which company is going to dominate the market, the issue is not so clear cut. With four major companies offering similarly priced services, the differentiators are going to be the level of integration that they offer.

(Vinaykumar Mummigatti, TechRepublic) Business process management offers many enticing benefits, including impressive ROI. The problem is, it often fails. See how BPM in a cloud environment can help you overcome barriers to a successful implementation.

Despite BPM’s long history and well-documented benefits, about half of all BPM initiatives fail, according to findings from leading analysts. But BPM in the cloud can overcome a number of the typical challenges of BPM, thanks to:
1. Minimal technology constraints
2. Time to market
3. Collaboration across and within enterprises
4. Enterprise rollout
5. Centralized control and governance

Read more by following the "full article" link.

(Don E. Sears, eWeek) Three out of five companies are adopting cloud computing technologies, including private clouds and lower-risk technologies, says a new report.

The main areas of adoption are in lower-risk technology categories. Low-risk services being considered by nearly half of respondents included hosted e-mail, messaging applications, desktop and server virtualization, and storage services. Larger, more complex and already heavily invested applications like ERP systems were only being considered by 10% of companies.

Security and other risk factors are still of the utmost importance to the enterprise, with 79% stating that cloud security is inadequate or unclear. 49% are concerned with integration to legacy systems, and another 49% are concerned about losing company data. Half of respondents worry about noncompliance with regulations, and disaster recovery and business continuity issues.

(Phil Wainewright, ZDNet) The emergence of a number of self-proclaimed ‘open’ cloud platforms presents any would-be cloud adopter with a confusing plethora of choice. Taking the bigger picture into account, who are the winners likely to be?

For cloud adopters all these offerings, in their various ways, hold out the promise of pursuing a hybrid strategy. They’re attractive because they provide the option of putting some assets in the cloud while keeping others on trusted terra firma — or at the very least, a user can reserve the option of pulling their IT back off the provider’s cloud if they ever need to, avoiding lock-in to a single provider.

There are a number of reasons why you want to adopt a cloud platform that, at the same time as having all that cloud goodness, allows you to move your applications somewhere else should you wish to:
- That all-important comfort feeling
- Architectural portability
- Operational portability
- Service level flexibility

(Paul Venezia, ITWorld) If there's one technology that can greatly improve computing environments of any size, it's virtualization. Virtualizing even a small infrastructure can ease administration and reduce costs.

The reasons to virtualize even a small infrastructure come down to ease of administration and cost reductions. Cost reductions come from cutting down the number of physical servers, thus reducing the power and cooling requirements, but they also come in the form of greatly reduced expansion. Rather than having to purchase new hardware to support a new business application, all you need to do is add a new virtual server. If your business has only a single server, virtualization isn't likely to buy you much, but if you have more than two servers or if you plan on expanding anytime soon, virtualization can likely make a difference.

Read more by following the "full article" link.

(Glenn O'Donnell and Rachel Dines, CIO) As virtualization management tools proliferate, consider carefully how these tools fit into your IT processes and management portfolio. Keep your eye on these key system management capabilties, says Forrester Research.

The explosive growth of today's virtualization management market is good news for organizations looking to manage and optimize their virtual environments. Like every technology that has come before it, the route to success with virtualization lies in solid, standardized processes and management software to automate and govern the execution of these processes.

As businesses begin to evaluate tools to help manage their virtual environment, Forrester recommends focusing on four key system management capabilities:

1. Improve configuration management
2. Maximize capacity planning and VM placement
3. Performance Monitoring
4. Real-time automation

Virtualization is the most potent technology catalyst toward cloud computing, so it is therefore the first step in the journey to industrialize IT. If you want to be in the driver's seat for the future of IT, plan a journey to industrialize your operation and begin that journey by getting your virtual server infrastructure under control.

(Scott Lowe, TechRepublic) Storage is perhaps the least optimized component of the virtualized organization, but all of that can change with storage virtualization. Although the concept of storage virtualization can be difficult to grasp, the benefits are clear.

These days, it’s very likely that you’re doing something with virtualization. The most common virtualization use case is what is commonly known as server virtualization. In a server virtualization project, IT administrators take steps to separate the running workloads from physical hardware in an effort to make better use of overall IT resources and provide an organization with additional infrastructure resiliency.

There are, however, others forms of virtualization that can have major benefits to an organization. One such type of virtualization is known as storage virtualization and, like its server-based cousin, aims to provide IT administrators with even more infrastructure flexibility and resiliency.[...]

(Chris Preimesberger, eWeek) Based on IDC's first cloud computing survey focused exclusively on servers, the research company predicts that server revenue in the private cloud category will grow from $7.3 billion in 2009 to $11.8 billion in 2014, or about 62%.

IT researcher IDC reported May 10 that the combination of an aging server installed base, IT managers' increasing need to rein in virtual machines, and a general upturn in the buying environment is boosting sales of commodity-type servers used in public and private cloud-computing systems.

Based on its first cloud computing survey focused exclusively on servers, IDC predicted that server revenue in the public cloud category will grow from $582 million in 2009 to $718 million in 2014. Server revenue for the much larger private cloud market will grow from $7.3 billion to $11.8 billion [about 62 %] in the same time period, IDC said.

(Susan J. Aluise, Washington Technology) Virtualization could be the least sexy, most essential component of cloud computing – and that means whether it’s a top-down, government-wide initiative or a grass-roots, bottom-up project in a small office of a federal agency, it is going to happen.

In consultation with industry analysts, here’s FCW’s checklist on how to do it right:

1. Take Stock Of What You’ve Already Got
2. Clean House
3. Add Virtualization To The Mix
4. Not All IT Needs Are Created Equal
5. Look At Bringing Legacy Systems Into The Future
6. Manage Expectations
7. Listen Closely To Business/Project Leaders
8. Focus on Processes
9. Seek Out Standards And Best Practices
10. Check Out Private Sector Ideas
11. Don’t Get Lost In Translation
12. Get The Right Manager For The Virtual Job
13. Train As You Fight

To learn more, please click on the "full article" link, or attend this free, live webinar on virtual messaging.

(Stuart Corner, ITWire) The need to integrate mainstream enterprise applications such as ERP and CRM with unified communications services and make them accessible from any device, anywhere will drive all these applications into the cloud over the next few years.

Verizon Business' UC practice manager, Ben Green, says that the 'unified communications as a service' (UCaaS) platform of the future will provide a full suite of communications services, such as hosted IP telephony, voicemail, email, instant messaging and presence, but more importantly will interface readily to other applications such as ERP and CRM, virtualised and running in the cloud.

He sees this integration as "the next revolution" in unified communications services but predicts that is will likely be around 2015 before the first large scale adoptions take place.

(Brien Posey, TechRepublic) Server virtualization is becoming increasingly popular, and it seems that everyone is in a mad dash to virtualize their datacenter.  While there’s no disputing the benefits of server virtualization, there are some questions you should address before you begin to virtualize your servers.

Virtualizing your servers offers significant advantages, but effective planning is crucial to your success. Make sure you have satisfactory answers to these key questions before you get underway:

1. Does the virtualization plan include a single point of failure?
2. Are all the applications supported in a virtual environment?
3. Are there any servers that are not good virtualization candidates?
4. How will domain controller placement work?
5. What is the most suitable virtualization platform?
6. What is the contingency plan if a host server dies?
7. How many guest machines can each host accommodate?
8. What software licenses will be required?
9. How will the old server hardware be used?
10. What is the plan for existing server clusters?

For more details follow the "full article" link.

(Andy Moon, TechRepublic) A new survey found that only 8% of businesses (small, medium, and enterprise) have any current plans to utilize cloud storage and only 3% are using it now. These results suggest that, while there is a lot of potential for cloud storage, concerns about privacy, security, and pricing are keeping most companies from moving data out of their data centers, at least as a primary storage option.

Forrester analyst Andrew Reichman writes in the report that “there is long-term potential for storage-as-a-service, but Forrester sees issues with guaranteed service levels, security, chain of custody, shared tenancy, and long-term pricing as significant barriers that still need to be addressed before it takes off in any meaningful way.”

One interesting finding of the survey is that companies are more interested in the cloud for back-up storage rather than general purpose storage, which requires a much smaller leap of faith and is far easier to implement than remote primary storage.

Lately, more and more companies that rely on IT services have begun to understand the true benefits of network subsystem interaction. Some of the well established examples are already accepted as being the de facto way of doing things. To a lot of people, the Apache integration with MySQL or PHP is no longer considered to be a bunch of independent software packages that cooperate. This cooperation is so productive that everything got merged into a single concept: the AMP (i.e. LAMP, WAMP etc.).

Along the same lines, the AXIGEN electronic messaging system can be expanded to provide external applications with the information required to perform advanced tasks in a very productive and cost effective way. You should bear in mind that some of the expansion methods described in this article are generic and can be applied to various situations while others are very specific.

(ZDNet Australia) Server virtualisation is a no-brainer -- it's quick to deploy and easy to justify in terms of cost-savings, but too many companies are deploying the technology without considering the security implications.

Server virtualisation has been the hottest trend in enterprise IT for some time and according to IBRS analyst Kevin McIsaac, it's likely to remain that way for the next two to three years.

IBRS estimates that one in three large Australian organisations has deployed server virtualisation within their datacentre, and nearly every medium to large enterprise has at least looked at a pilot for the technology.

In today’s business environments, we often hear the term ‘high-availability’. Whether a hardware or software solution, we aim for redundancy at all levels, so as to maximize the availability of mission-critical services and operations.


1. Introduction
This white paper discusses a high-availability solution for the AXIGEN Mail Server, using the Heartbeat package with DRBD.

AXIGEN is a proprietary messaging solution while both Heartbeat and DRBD are open source software released under the GNU Public License (GPL). These software packages can be used together to build scalable and highly available integrated cluster messaging applications on the Linux operating system.

Two in five small to medium businesses (SMBs) say virtualisation is the best way to bypass a potential recession.

Of 100 companies questioned by internet service provider Star, 43 per cent cited virtualisation tools as a key way to protect their organisation from the current economic climate. A further 21 per cent of respondents said that a converged approach to new technologies was the best strategy for dealing with the situation.

The availability of broadband was the most important factor for 17 per of respondents, while 10 per cent believed new Web 2.0 technologies would play an important role in battling economic instability.

"One of the biggest challenges facing small businesses today is access to finance, so as the economic slowdown continues, the number one priority is to do more with less, making the most of existing technology investments and using technology to respond quickly to changing business conditions,” said Ben White, chief executive of Star. “Virtualisation helps achieve those business needs."

The ability to 'work smarter' was the most powerful driver behind making new technology purchases, as cited by 43 per cent of those questioned.

Demilitarized zone, used to secure an internal network from external access. You can use Linux firewall to create DMZ easily. There are many different ways to design a network with a DMZ. The basic method is to use a single Linux firewall with 3 Ethernet cards. The following simple example discusses DMZ setup and forwarding public traffic to internal servers.

Consider the following DMZ host with 3 NIC:
[a] eth0 with 192.168.1.1 private IP address - Internal LAN ~ Desktop system
[b] eth1 with 202.54.1.1 public IP address - WAN connected to ISP router
[c] eth2 with 192.168.2.1 private IP address - DMZ connected to Mail / Web / DNS and other private servers

  

Here is a thorough article about emails, put together by Marshall Brain and Tim Crosby. Inside the article:
Introduction to How Email Works; A Simple Email Server; More Complex Servers; The SMTP Server; The POP3 and IMAP Servers; IMAP Problems and Attachments; Free and Paid Email Services; Email Etiquette, and others.

Introduction to How Email Works:
Every day, the citizens of the Internet send each other billions of email messages. If you're online a lot, you yourself may send a dozen or more emails each day without even thinking about it. Obviously, email has become an extremely popular communication tool. Have you ever wondered how email gets from your computer to a friend halfway around the world?

Running your own email server can grant the owner a significant amount of freedom and experience.  It allows you to set up and maintain multiple email accounts and domains with ease and allows for keeping unwanted mail out of your inboxes.

Also, you can create email distribution lists to allow for simple delivery of messages to a predefined list of addresses, or have an unlimited (up to your hard drive size) amount of space to store mail. You also have full control over what types of spam control, virus protection and relay black lists are protecting you email server. You can also determine what types of protocols users can access their email with.

In this article I will assume you are running an email server on a direct Internet broadband connection with a single WAN IP address. I will assume that you have a server set up and understand the basis behind port forwarding and basic networking skills.

DNS Considerations
In order for other email servers on the Internet to know where to deliver mail for your domain, you must make certain entries in your DNS servers. The most important of these is the MX record. The MX records tell the names or IP addresses of the servers that are allowed to handle email for you domain. You can have multiple records of this type as each one must be assigned a weight or authority that determines the order in which each is contacted to receive mail.

Ages ago (in Internet time), when mainframe dinosaurs roamed the Earth, a new approach to computer networking called "client/server" emerged. Client/server proved to be a more cost-effective way to build many types of networks, particularly PC-based LANs running end-user database applications.

Client/server is just one approach to distributed computing. The client/server model has been popular for a long time, but recently peer-to-peer networking has re-emerged as a viable alternative. Other approaches like clustering also have benefits in specific situations.

Client/server is a computational architecture that involves client processes requesting service from server processes. Some of the most popular applications on the Internet follow the client/server design:
    * Email clients
    * FTP (File transfer) clients
    * Web browsers ....

In this article, we will describe some of the most important things that need to be taken into account when designing a large scale messaging setup.

We are referring to large scale setups, not cluster setups; the main difference being that cluster setups involve a high-availability situation, which is not the case with large scale setups that achieve high availability or redundancy through other means than the mail server software or the way the setup is organized and performed.

In today’s fast paced world, the importance of having an e-mail service needs no further explanation. We all use it on a daily basis, relying on it to keep in touch with the surrounding world. However, when the throughput of information becomes so great that a simple system cannot keep up with it, new methods must be deployed to cope with the growing requirements of networks and their users. Clusters fill up the gap between the need for faster, more powerful systems, and the safety, reliability and easy management of the already existing networks.

Here is an article I found on SearchSecurity.com (TechTarget), about how to prevent spam bots from hijacking an enterprise network. I think you will find it interesting and useful:

"Despite Bill Gates' assertion in 2004 that the problem of spam would be solved by now, it's still with us. In fact, it's on the increase. According to recent figures from Symantec, 61% of emails are spam, and almost 90% of emails emanating from some countries are spam.

This article represents a small guide to understanding the DMZ (Demilitarized Zone) concept and the ways to implement it on a server. It also includes useful tips on how to increase the security of such setups, with a special focus on the Linux/*NIX-type systems:

Common setups used for small and medium networks include a firewall that processes all the requests from the internal network (LAN) to the Internet and from the Internet to the LAN. This firewall is the only protection the internal network has in these setups and it handles any NAT (Network Address Translation), forwarding and filtering requests as necessary. In most cases, the firewall also runs public services accessible from the Internet, such as web services and e-mail services. Within such setups, the DMZ is thus installed on and limited, we may say, to the server.