Microsoft is giving away its StorSimple arrays, but there's a catch
Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
September 24, 2013
Microsoft is now giving away its StorSimple arrays, but there's a catch: customers will need to spend big time on its Azure
Microsoft acquired StorSimple in October of last year. The company offers iSCSI SAN services, but could also dump data into the
cloud and present that data to servers as if it were a local resource, and that's the main reason why Microsoft acquired StorSimple
in the first place.
StorSimple arrays can still do that, and target any cloud storage service, but Microsoft has made sure it plays nicely with Azure and
Windows Server 2012, ie-- customers are locked in with Microsoft and not another provider.
About five minutes of effort is required to create a volume on Azure and then use StorSimple to present it as just another drive
available under Windows Server 2012.
To be sure, Microsoft isn't going after the transactional storage market. It's preferring instead to offer an alternative to those
system admins seeking cold storage for infrequently-accessed files.
That the StorSimple arrays offer an iSCSI interface means that Microsoft feels its hybrid cloud plans will be attractive as applications
and infrastructure won't need to be rewired to talk to cloud storage services' RESTful APIs.
Microsoft people are now suggesting that adding a disk drawer to a conventional array can cost upwards of $200,000, while a whole
StorSimple unit ready to go with a few terabytes and using the cloud costs less.
Throw in the cloud for some extra capacity and Microsoft is confident
it comes out ahead. Microsoft concluded a demo event yesterday in Australia with an offer whereby organizations that spend $55,000 (AU) on Azure will
be given a 6.5 TB disk array.
Those willing to stump up $110,000 (AU) get a 20 TB box to play with. Microsoft representatives at the event said the offer is
global and is based on a US dollar spend of $50,000 and $100,000. The offer expires at the end of this year.
Microsoft's initial ability to make that offer comes from a hiring spree that has seen it set up StorSimple sales and support teams
around the world. In Australia, the company has hired people with experience at tier one storage companies.
We understand from this that similar team-building efforts have also taken place elsewhere around the world.
Microsoft has had a "few toes" in storage for a couple of years, largely through its NAS platform Windows Storage Server.
Windows Server 2012 saw the company attempt to match VMware's SAN integration services.
StorSimple is an attempt to take Microsoft to a new level altogether, making it a credible hybrid cloud storage player in a
VMware's vCloud hybrid service integrates deeply with vSphere. NetApp's Direct Connect deal with Amazon Web Services is another
Microsoft's vast customer base, extensive channel and ownership of Azure's ten data centres mean it deserves to be considered
a hybrid storage cloud contender of sorts.
Without wanting to be sycophantic, the audience Vulture South was part of today agreed-- asked if Microsoft is a storage company at
the start of the session, almost no hands were raised. By the end of the session many more headed to the ceiling.
The notion that Microsoft is a devices and services company also looked rather less like a surface-level presentation.
In other IT news
Internet security firm RSA is warning system admins and IT managers to stop using the default random-number generator in its encryption
products, amid concerns that potential hackers can easily crack data secured by the algorithm.
Today, all encryption systems worth their salt require a source of virtually unpredictable random values to create strong cryptographic
keys. One such source is the NSA random number generator Dual_EC_DRBG, or the Dual Elliptic Curve Deterministic Random Bit Generator, which
is well known for being cryptographically weak.
In 2007, it was claimed that someone had crippled the design, effectively creating a backdoor so that encryption systems that relied on
it could be easily cracked and they were.
To be sure, RSA's B-Safe toolkit and Data Protection Manager software utilizes Dual_EC_DRBG by default. Now RSA strongly recommends customers
choose another pseudo random number generator (PRNG) in their systems.
This comes after documents leaked by whistleblower Edward Snowden allegedly reveal that the NSA nobbled Dual_EC_DRBG during its inception
which could allow the spook nerve-centre to crack HTTPS connections secured by RSA's BSafe software, for example.
The suspect algorithm, championed by the NSA according to security expert Bruce Schneier, was given the seal of approval and published
by the U.S. government's National Institute of Standards and Technology (NIST) in 2006.
But a year later, researchers at Microsoft highlighted fundamental security holes in its design-- cryptographic professor Matthew
Green lays out the history and faults of the PRNG in a research brief.
Since Snowden's leaks came to light in June, NIST has denied weakening this particular PRNG, one of four approved for wider use
in 2006. But earlier this month, Schneier said NIST needs to go much further to restore confidence in its practices and procedures, especially
when doubts linger about the robustness of Dual_EC_DRBG.
For many years now, cryptographers have known that Dual_EC_DRBG was slow and not especially effective, leading to criticism that RSA
was wrong to select it as a default option for BSafe and the more paranoid to question its motives in the first place.
"Despite many valid concerns about this default random number generator, RSA went ahead and made it its default generator used
for all cryptography in its flagship cryptography library," noted Green late last week.
"The overall implications for RSA and RSA-based security products are mind blowing. In a modestly bad but by no means worst case scenario, the
NSA may be able to intercept SSL/TLS connections made by products implemented with BSafe," Green added.
"So why would RSA choose Dual_EC as the default? You got me,” shrugged Green, who is a research professor at John Hopkins University in
“Not only is Dual_EC hilariously slow - which has real performance implications - over time, it was shown us to be a just bad random
number generator all the way back to 2006. By 2007, when cryptographers Dan Shumow and Niels Ferguson raised the possibility of a backdoor
in the security specification, no sensible cryptographer would go near the product," added Green.
Get the most dependable SMTP server for your company. You will congratulate yourself!
Share on Twitter.
Need to know more about the cloud? Sign up for your free Cloud Hosting White Paper.