Information Technology News.

Microsoft is giving away its StorSimple arrays, but there's a catch

Share on Twitter.

Click here to order our special clearance dedicated servers.

Get the most reliable SMTP service for your business. You wished you got it sooner!

September 24, 2013

Microsoft is now giving away its StorSimple arrays, but there's a catch: customers will need to spend big time on its Azure Cloud services.

Microsoft acquired StorSimple in October of last year. The company offers iSCSI SAN services, but could also dump data into the cloud and present that data to servers as if it were a local resource, and that's the main reason why Microsoft acquired StorSimple in the first place.

StorSimple arrays can still do that, and target any cloud storage service, but Microsoft has made sure it plays nicely with Azure and Windows Server 2012, ie-- customers are locked in with Microsoft and not another provider.

About five minutes of effort is required to create a volume on Azure and then use StorSimple to present it as just another drive available under Windows Server 2012.

To be sure, Microsoft isn't going after the transactional storage market. It's preferring instead to offer an alternative to those system admins seeking cold storage for infrequently-accessed files.

That the StorSimple arrays offer an iSCSI interface means that Microsoft feels its hybrid cloud plans will be attractive as applications and infrastructure won't need to be rewired to talk to cloud storage services' RESTful APIs.

Microsoft people are now suggesting that adding a disk drawer to a conventional array can cost upwards of $200,000, while a whole StorSimple unit ready to go with a few terabytes and using the cloud costs less.

Throw in the cloud for some extra capacity and Microsoft is confident it comes out ahead. Microsoft concluded a demo event yesterday in Australia with an offer whereby organizations that spend $55,000 (AU) on Azure will be given a 6.5 TB disk array.

Those willing to stump up $110,000 (AU) get a 20 TB box to play with. Microsoft representatives at the event said the offer is global and is based on a US dollar spend of $50,000 and $100,000. The offer expires at the end of this year.

Microsoft's initial ability to make that offer comes from a hiring spree that has seen it set up StorSimple sales and support teams around the world. In Australia, the company has hired people with experience at tier one storage companies.

We understand from this that similar team-building efforts have also taken place elsewhere around the world.

Microsoft has had a "few toes" in storage for a couple of years, largely through its NAS platform Windows Storage Server. Windows Server 2012 saw the company attempt to match VMware's SAN integration services.

StorSimple is an attempt to take Microsoft to a new level altogether, making it a credible hybrid cloud storage player in a thinly-populated market.

VMware's vCloud hybrid service integrates deeply with vSphere. NetApp's Direct Connect deal with Amazon Web Services is another alternative.

Microsoft's vast customer base, extensive channel and ownership of Azure's ten data centres mean it deserves to be considered a hybrid storage cloud contender of sorts.

Without wanting to be sycophantic, the audience Vulture South was part of today agreed-- asked if Microsoft is a storage company at the start of the session, almost no hands were raised. By the end of the session many more headed to the ceiling.

The notion that Microsoft is a devices and services company also looked rather less like a surface-level presentation.

In other IT news

Internet security firm RSA is warning system admins and IT managers to stop using the default random-number generator in its encryption products, amid concerns that potential hackers can easily crack data secured by the algorithm.

Today, all encryption systems worth their salt require a source of virtually unpredictable random values to create strong cryptographic keys. One such source is the NSA random number generator Dual_EC_DRBG, or the Dual Elliptic Curve Deterministic Random Bit Generator, which is well known for being cryptographically weak.

In 2007, it was claimed that someone had crippled the design, effectively creating a backdoor so that encryption systems that relied on it could be easily cracked and they were.

To be sure, RSA's B-Safe toolkit and Data Protection Manager software utilizes Dual_EC_DRBG by default. Now RSA strongly recommends customers choose another pseudo random number generator (PRNG) in their systems.

This comes after documents leaked by whistleblower Edward Snowden allegedly reveal that the NSA nobbled Dual_EC_DRBG during its inception which could allow the spook nerve-centre to crack HTTPS connections secured by RSA's BSafe software, for example.

The suspect algorithm, championed by the NSA according to security expert Bruce Schneier, was given the seal of approval and published by the U.S. government's National Institute of Standards and Technology (NIST) in 2006.

But a year later, researchers at Microsoft highlighted fundamental security holes in its design-- cryptographic professor Matthew Green lays out the history and faults of the PRNG in a research brief.

Since Snowden's leaks came to light in June, NIST has denied weakening this particular PRNG, one of four approved for wider use in 2006. But earlier this month, Schneier said NIST needs to go much further to restore confidence in its practices and procedures, especially when doubts linger about the robustness of Dual_EC_DRBG.

For many years now, cryptographers have known that Dual_EC_DRBG was slow and not especially effective, leading to criticism that RSA was wrong to select it as a default option for BSafe and the more paranoid to question its motives in the first place.

"Despite many valid concerns about this default random number generator, RSA went ahead and made it its default generator used for all cryptography in its flagship cryptography library," noted Green late last week.

"The overall implications for RSA and RSA-based security products are mind blowing. In a modestly bad but by no means worst case scenario, the NSA may be able to intercept SSL/TLS connections made by products implemented with BSafe," Green added.

"So why would RSA choose Dual_EC as the default? You got me,” shrugged Green, who is a research professor at John Hopkins University in Baltimore.

“Not only is Dual_EC hilariously slow - which has real performance implications - over time, it was shown us to be a just bad random number generator all the way back to 2006. By 2007, when cryptographers Dan Shumow and Niels Ferguson raised the possibility of a backdoor in the security specification, no sensible cryptographer would go near the product," added Green.

Source: Microsoft.

Get the most dependable SMTP server for your company. You will congratulate yourself!

Share on Twitter.

Need to know more about the cloud? Sign up for your free Cloud Hosting White Paper.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.