News
6/2/2010
05:20 PM
George Crump
George Crump
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Guided Storage Analysis

Software tools that provide storage and data protection analysis are very useful. They can help inventory, monitor and bring to your attention problems in the environment. Typically there are two challenges that I see with these tools however. First, they don't provide recommendations on what to do about a problem and they don't help you prioritize and organized your addressing of the problem.

Software tools that provide storage and data protection analysis are very useful. They can help inventory, monitor and bring to your attention problems in the environment. Typically there are two challenges that I see with these tools however. First, they don't provide recommendations on what to do about a problem and they don't help you prioritize and organized your addressing of the problem.The best way to describe the first problem of not providing recommendations on how to address an issue is that these tools will tell you that the patient is bleeding but they won't tell you where or how to suture the wound. For example, they may tell you that certain backup jobs are taking longer to complete than normal but won't tell you potential reasons why. Some won't even report the anomaly, you have to manually figure that out by analyzing trending data.

Storage management and data protection management tools should automatically analyze trending information and alert you to changes in the environment or its processes. When something is wrong these tools should interact with a knowledge base of some sort to help give recommendations on what to do to fix the problems that are being identified. One of the best solutions for this is interaction with an online community that uses the tool. I've seen several where a user can post in a forum what their storage management tool is telling them and then users can provide advice on what they should do about it.

The second problem deals with the reality that most IT administrators don't have the luxury of scheduling time to deal with problems in their day and that most problems come in waves when you have the least time to fix them. I'd like to see storage management and data protection analysis tools move to address this, providing organizational help to the IT administrator. Imagine being able to log in to a console and have the system guide you through what you should do each day. It could have you address problems that are affecting SLAs first and address more minor problems second. When there is available time in the day the software could even provide you with tasks to focus on that are not causing failures but tasks that are impacting performance and could lead to future failures. Think about it, a tool that helps you to be proactive instead of reactive.

Progress is being made along these fronts. There are a few tools now that are comparing storage or data protection failures to their affect on SLAs which helps greatly with prioritizing failed tasks. The next step is helping guide the IT administrator through their day.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.