Open Source And Security Services

Open Source And Security Services

Why iSER is the right high speed Ethernet all-flash interconnect today

The following is a guest blog post from Subjojit Roy, a Senior Technical Staff Member working out of IBM India Labs. 

All-flash storage is bringing change throughout the data center to meet the demands of modern workloads. Fiber Channel has traditionally been the preferred interconnect for all-flash storage. However, 21st century data center paradigms like cloud, analytics, software defined storage, etc. are driving a definitive shift towards Ethernet infrastructure that includes Ethernet connectivity for both server and storage. As Ethernet speeds rapidly increase to 25/40/50/100Gb, it becomes more and more lucrative as an interconnect to all-flash storage. While traditional iSCSI has gained significant ground as Ethernet interconnect to storage, inefficiencies in the TCP/IP stack don’t allow it to be the preferred interconnect to all flash storage.

In comes iSER (iSCSI Extensions over RDMA) that maps the iSCSI protocol to RDMA (Remote Direct Memory Access). iSER provides an interconnect that is very capable of rivaling Fiber Channel as the all-flash interconnect of choice. It leaves the administrative framework of iSCSI untouched while mapping the data path over RDMA. As a result, management applications like VMWare vCenter, OpenStack, etc. continue to work as is, while the iSCSI data path gets a speed boost from Remote Direct Memory Access. A move from traditional iSCSI to iSER would thus be a painless affair that doesn’t require any new administrative skills.

iSER retains all the enterprise class capabilities that are expected off Tier 1 shared storage. It also matches or beats Fiber Channel in terms of access latency, bandwidth and IOPS. Capabilities like multipath IO, SCSI Reservations, Compare and Write, vVols support, and offloaded data copy operations like XCOPY/ODX will work from day one on iSER. In addition, iSER benefits from all the SCSI error recovery techniques that have evolved over the years – things like LUN Reset, Target Reset, Abort Task, etc. In essence, all enterprise class applications will continue to work as reliably and seamlessly over iSER as they used to work over iSCSI.

The diagram below shows how iSCSI is involved in the iSER IO path only for the Command and Statusphases while the Data Transfer phase is totally taken care of by RDMA transfers directly into application buffers without involving a copy operation. This compares well with NVMeF in terms of latency reduction.


NVMe over Fabrics or NVMeF is a new protocol that promises to take all-flash interconnect technology to the promised land of extreme performance and parallelism and there are a lot of expectations from it. It is a protocol that is still evolving, and therefore not mature enough to meet the requirements of clustered applications running over shared Tier 1 all-flash storage. And it is a quantum jump that not only expects the user to move to high speed Ethernet technology from Fiber Channel but a totally new protocol with a new, unfamiliar administrative model. It is likely that NVMeF will take some time to mature as a protocol before it can be accepted in data centers requiring Tier 1 shared all-flash storage. In addition to that applications must adapt to a new queuing model to exploit the parallelism offered by flash storage.

That leaves iSER as the right technology to bridge the gap and step in as the preferred interconnect for shared all-flash storage today. iSER is ready from day one for latency, IOPS and bandwidth hungry applications that want to exploit high speed Ethernet technology, both as a north-south and east-west interconnect. IO parallelism may not be as high as promised by NVMeF, but it’s sufficient for all practical purposes without requiring applications to be rewritten to fit into a new paradigm.

By implementing iSER today, the move from Fiber Channel to high speed Ethernet can be tried out without ripping out the entire administrative framework or the need to rewrite applications. A gradual move from Fiber Channel to RDMA over Ethernet replaces the layer 2 transport protocol and helps assess the newer protocol in terms of its stability, resiliency and error recovery capabilities that are essential for a SAN storage interconnect. Once proven, the same RDMA technology can then be leveraged to bring in NVMeF which promises more in the future. Since iSER and NVMeF will work equally well on the same hardware, the infrastructure investment made in iSER is protected for the long term.

At IBM we are working toward enabling our customers to move to data center infrastructure that consists purely of Ethernet interconnects with speeds scaling rapidly from 10 – 100Gbps. Built over iSER, this capability is all-flash storage ready from day one. Agnostic of the underlying RDMA capable networking, it is likely to be very attractive to software defined storage infrastructure that is expected to be built from commodity hardware. It enables IBM Spectrum Virtualize products (IBM Storwize and IBM SVC) to be deployed on cloud infrastructure where Ethernet is the only available infrastructure. And in order to get there, we have partnered with multiple hardware and software vendors that are at the forefront of the high speed Ethernet revolution.

So get ready to experience all-flash storage connected over high speed Ethernet from IBM sometime in the near future!

Subhojit is Senior Technical Staff Member working out of IBM India Labs, Pune. He works as development architect for the IBM Spectrum Virtualize product. He has worked for 23 years in Data Storage, Storage Virtualization, Storage Networking etc. across organizations like IBM, Veritas, Brocade & Symantec etc. At IBM he has been driving Ethernet & IP Storage architecture and roadmap for the IBM Spectrum Virtualize products. Currently he is working on high speed Ethernet interconnect for all flash storage including iSER and NVMeF. Prior to IBM he has been responsible for key features for Enterprise Storage products in his earlier organizations. He is Master Inventor and Member Academy of Technology at IBM. He owns significant Intellectual Property in the form of patents and has more than 50 granted and filed patent applications. He can be found on Twitter @sroy_sroy and on LinkedIn at

Nutanix se une a Google para fusionar entornos cloud para aplicaciones empresariales

Nutanix se une a Google para fusionar entornos cloud para aplicaciones empresariales


 Nutanix® (NASDAQ: NTNX), Líder en cloud computing empresarial, ha anunciado una alianza estratégica con Google® Cloud en la Conferencia Nutanix .NEXT 2017. Como resultado de la alianza, los clientes conjuntos podrán implementar y administrar aplicaciones empresariales basadas en la nube y tradicionales como un servicio de cloud público unificado, combinando el entorno de Nutanix con Google Cloud Platform ™ (GCP). Google y Nutanix trabajarán juntos para abordar las oportunidades tecnológicas para construir y operar nubes híbridas que combinan lo mejor de las arquitecturas de nube privadas y entornos de nube pública escalable.

leer más…

Meeting SOC 2 Type II Compliance with Incapsula

We are pleased to announce that Imperva has released an audited SOC 2 Type II report for the Incapsula service. A SOC 2 Type II report establishes trust, and not all companies in the space are endorsed by AICPA, the governing standards body.

SOC 2 Type II Compliance and What It Means for You

The AICPA (American Institute of CPAs) is the world’s largest member association representing the accounting profession. One of its key functions is to set global auditing standards for companies, organizations and governments. Auditors are able to offer audit opinion based on these rigorous professional standards of compliance

The SOC 2 standard is a set of non-financial principles that measure how well a service organization, like Imperva Incapsula, controls its information.  This certification helps build customer trust in organizations, without having to perform their own compliance investigation. The Trust Services Principles (TSP) includes five criteria for controls including

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

An example would be that our service is available when needed and that personal information passing through it is maintained confidential at all times. leer más…

Splunk Insights for Ransomware

Splunk Insights for Ransomware

Today, we have seen yet another wave of ransomware attacks, similar in nature to the wannacry attacks from May 2017, sweep across organizations around the globe. Splunk Blog on Petya Ransomware Attacks

Splunk can help you:

  • To quickly detect & investigate ransomware attacks
  • Rapidly find & visualize systems that are not patched and are vulnerable to these attacks
  • Provide holistic security analytics & monitoring across the business

Splunk Insights for Ransomware is a new offering for organizations enabling them to rapidly take an analytics-driven approach to managing ransomware threats

leer más…

Proofpoint and Open3s strongly encourages customers to verify the following on their systems.

Several organizations have been impacted today by the ransomware known as Petya,  or Petrwrap.   At this time, the distribution vector is still unconfirmed but it appears to be spreading via network similar to WannaCry, although the capacity for an email vector exists.  Like WannaCry, this Petya outbreak appears to potentially be leveraging SMB network protocols to spread itself.


Proofpoint strongly encourages customers to verify the following on their systems. 

    (A)  Ensure that the .exestrip rule is enabled in PPS; this will stop any .zip/.js or inbound raw executables in email.

    (B)  Enabling blocking of password-protected compressed files is also suggested, at least during this outbreak period

    (C)  Proofpoint TAP customers have an additional layer of protection against other potential email vectors, as URL-based or office-document-based encapsulation will be subject to behavioral analysis by TAP. 

    (D)  Ensure systems are patched against the vulnerability described in bulletin MS17-010 (allows the execution of remote commands through Samba / SMB). It is unconfirmed that this stop the new Petya outbreak, but patching will mitigate risk of infections from residual WannaCry activity.

    (E)  Deploying Proofpoint ET signatures for IDS, which we have verified will enable identification and blocking of network command & control / phone-home and worm activity by this ransomware

As always, please report any confirmed “false negatives” (eg, threats that appear to have used a Proofpoint-protected vector to gain entry) immediately — but note that at this time, we have no reports of such events at Proofpoint customers.


(A)  What is the Payload?

While there has been some debate in the research community over whether the payload is “Petya”, or “Petya-like”, there seems to be common agreement that the payload is ransomware that most likely encrypts the Master Boot Record (like Petya). 


(B)  What is the distribution mechanism?

The ransomware package appears to attempt both the EternalBlue SMB exploit as well as Windows utilities PsExec (“a Telnet alternative”) and Windows Management Instrumentation Command-line (WMIC) (“a command-line and scripting interface”) for distribution and initiation.


While there are no confirmed reports of transmission via email, there are currently large email campaigns distributing “KaroCrypt”; Proofpoint is actively blocking these as well.   Like the confusion between WannaCry and Jaff, we anticipate some confusion between KaroCrypt and this Petya-like malware.


(C)  Where did it start?

There are widely reported but unconfirmed attribution (including the me-doc website) suggesting that the Ukranian accounting software system “MeDoc” was compromised to distribute the malware via standard update mechanisms last night.  Once introduced into an intranet, the mechanisms in (B) would rapidly spread the malware to other connected systems that were ether unpatched for EternalBlue or left open for PsExec and WMIC.


(D)  How do I detect and block this?

The guidance issued in the original bulletin still holds; specifically, for network detection, ensure you have updated IDS signatures

2012063:  ET NETBIOS Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference  and



Please note that this is still an active investigation; details are still being verified and are subject to change.