HP and SAP discussing Hana in-memory computing solution
Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
March 12, 2013
Hewlett-Packard and SAP are currently talking about the possibility of introducing an as-a-service edition of SAP's Hana in-memory
computing solution to the enterprise segment.
Anita Paul, senior director of HP's industry transformation consulting practice for Asia Pacific and Japan says she will
shortly meet part of SAP's development team to discuss creating the new service.
For its part, Amazon Web Services recently started offering Hana-as-a-service in its usual elastic mode of operation. SAP
can also boast several hardware partners for the platform, with IBM, Cisco, Fujitsu and HP, among others, all capable of cooking
up a server with the correct technical specifications.
And of course, HP entering the market with managed Hana-as-a-service will be a good endorsement of the platform, and also
a sign of a much tighter HP/SAP relationship.
Adding Hana-as-a-service will, Paul said, satisfy HP clients in two different ways. One will come from stating enterprise customers'
desire to run the system, as Paul said many want HP to provide the platform.
The second is a desire for XaaS from HP's consulting services, a trend Paul said she embraces wholeheartedly because the
nature of XaaS offers better value for customers.
That it can also mean better profit margins for HP, which hosts such systems in its own data centres and may also have the chance to provide hardware through an internal transaction (hardware sells to
consulting), is another welcome by-product of such deals in today's IT industry.
Paul said that this kind of engagement can also be good for sysadmins and architects, as in her experience customers who
walk the XaaS path are happy to outsource some operations, but not design.
And skilled personnel therefore stay on HP's payroll even as the servers they once tended to go to a better place.
Sysadmins' lives may be a little complicated when customers decide they prefer on-premises operations, although Paul said
the deals HP strikes under those circumstances often make it very clear that there is some equipment on-site that IT staff are
forbidden from touching at risk of violating service level agreements and driving up costs.
In other IT and security news
The GroundWork Group, an open-source IT monitoring software company has clashed with a security consultancy over the
seriousness of a security hole in its technology.
GroundWork's technology provides a platform for IT operations management, network monitoring, system control, application
authentication and cloud delivery services that is used by enterprise customers including Hitachi Data Systems, the Royal Bank
of Canada, NATO, National Australia Bank, Siemens and Tivo, among many others.
Security staff at SEC Consult last week published an advisory warning of "multiple critical security vulnerabilities" in
the GroundWork Monitor Enterprise platform.
The security consultancy said that many of the holes cover authentication problems and claimed that they are so serious
that customers ought to avoid using the technology completely until the multiple security bugs are patched.
The Austrian security firm also published a separate bulletin warning of other "high risk" security flaws. In response,
GroundWork said that its users were looking for "ease of use" rather than "maximum security". It didn't release a patch and
told its users that tightening up settings was optional.
GroundWork uses the JBoss Portal’s Single Sign-On technology to restrict access to GroundWork components and improve many
of their own security capabilities. Most GroundWork customers have expressed a preference for ease of use rather than maximum
security, and the default settings reflect those wishes.
Those are suggestions and not mandatory for a GroundWork Monitor installation. Johannes Greil, the security researcher at
SEC Consult who discovered the flaws in GroundWork's software, strongly disagreed with this assessment.
"The identified security vulnerabilities have nothing to do with 'maximum security' but rather conforming to web application
security standards and guidelines such as OWASP Top 10," he said.
"Furthermore, GroundWork isn't going to repair the security vulnerabilities within the source code, but will only add an
authentication layer and implement some changes in authorization roles through an optional technical bulletin," Greil added in
We put Greil's allegations to GroundWork last week but have yet to hear back. Greil added that he is also frustrated by
GroundWork's lack of urgency about issues first reported to it two months ago.
"The very slow response and insufficient measures by Groundwork are not a responsible way to react for a vendor who supplies
software for government agencies and large data centers," he said.
"An attacker who is easily able to take over this monitoring software is, for example, able to gain access to plaintext
passwords of the monitored systems and spread the attack within the internal network," Greil claimed.
"In order to mitigate this security risk, the vulnerabilities have to be fixed within the source code. In secure environments,
such as operating data centers where this software is for instance used, it is highly undesirable to use insecure applications.
Furthermore, we advise against using this software in the current state of security," he added.
"We have identified multiple different critical vulnerabilities with different impacts. The most severe security issues are
that an unauthenticated attacker is able to elevate his privileges (admin access), execute arbitrary operating system commands,
take over the whole monitoring system and gain access to sensitive configuration files with clear text passwords of the monitored
systems," he added.
"An attacker is therefore easily able to spread the attack within the internal network," Greil added. SEC Consult's previous
research includes the discovery of undocumented backdoors in data centre equipment from Barracuda Networks. We will keep you
posted on this important development as well as others as they happen.
Source: HP & SAP.
Get the most dependable SMTP server for your company. You will congratulate yourself!
Share on Twitter.
Need to know more about the cloud? Sign up for your free Cloud Hosting White Paper.