Category Archives: Stiri IT Externe

Five Steps to Address Cloud Security Challenges | IT Infrastructure Advice, Discussion, Community

Today’s interconnected world relies on data accessibility from anywhere, at any time, on any device. The speed and agility that comes with hosting services and applications in the cloud are central to modern interconnected success. As such, these inherent benefits have compelled organizations to migrate some or all of their applications or infrastructures to the cloud. In fact, some industry experts estimate that up to 83 percent of enterprise workloads will migrate to the cloud by 2020.

While the cloud may offer significant benefits, organizations need to be aware of the security challenges when planning a cloud-first strategy. Some of those challenges involve not only protection and compliance but also operational considerations, such as the ability to integrate security solutions for on-premise and cloud workloads; to enforce consistent security policies across the hybrid cloud and to automate virtual machine (VM) discovery to ensure visibility and control over dynamic infrastructure.

1: Balance protection and compliance

Striking a balance between protection and compliance is a huge challenge. Sometimes, it’s all about discouraging threat actors by making them invest more time, energy, and resources than they first estimated into breaching the organization. Making attackers go through several layers of defenses means they could slip up at some point and trigger an alert before reaching the organization’s crown jewels.

Recent data breaches should push leaders into thinking beyond compliance. Besides risking more fines, they risk their reputation as well. Compliance regulations tend to be addressed as base-minimum security options. However, thorough protection involves deploying multiple security layers designed to both help IT and security teams streamline operations, as well as increase visibility and accelerate detection of threats before a full-blown breach occurs.

2: Integrate security solutions for on-premise and cloud workloads

Finding the right security solution to seamlessly integrate with both on-premise and cloud workloads without impacting consolidation ratios, affecting performance or creating manageability issues is also a challenge. Traditional security solutions can, at best, offer separate solutions for on-premise and cloud workloads; however, still run the risk of creating visibility and management issues. At worst, the same traditional security solution is deployed on all workloads – cloud and local – creating serious performance issues for the latter. It’s important for organizations to integrate a security solution that’s built for automatically molding its security agent to the job at hand, based on whether the workload is on-premises or in the cloud, without impacting performance or compromising on security capabilities.

3: Deploy consistent security policies across the hybrid cloud

To address this challenge, organizations need to find security solutions that can adapt security agents to the type of environment they are deployed in. Cloud environments solutions must be agile enough to leverage all the benefits of cloud without sacrificing security, while for traditional on-premise environments, versatile enough to enable productivity and mobility. Organizations must understand that deploying security policies across hybrid infrastructures can be troublesome, especially without a centralized security console that can seamlessly relay those policies across all endpoints and workloads. It’s important to automatically apply group security policies to newly spawned virtual machines, based on their role within the infrastructure. For instance, newly spawned virtual servers should immediately adhere to group-specific policies, as well as newly spawned VDIs the same, and so on. Otherwise, the consequences could be disastrous, in the sense that they would be left unprotected against threats and attackers for as long as they’re operational.

4: Automate VM discovery

Automated VM discovery is the whole point of an integrated security platform, as security policies can automatically be applied based on the type of machine.

Organizations should consider adopting security solutions that can automate VM discovery and apply security policies accordingly, without forcing IT and security teams to push policies to newly instanced workloads manually.

Considering the hybrid cloud’s flexibility in terms of endpoints (physical and virtual) and infrastructure (on-premise and in the cloud), it’s important that the security solution embraces the same elasticity and enable organizations to fully embrace the benefits of these infrastructures without sacrificing performance, usability or security.

5: Maintain visibility and control over dynamic infrastructure

In the context of adopting a mobility- and cloud-first approach, it has become increasingly difficult for IT and security teams to view an organization’s security posture, especially since traditional security solutions don’t offer single-pane-of-glass visibility across all endpoints.

Integrating a complete security platform can help IT and security teams save time while offering security automation features that help speed up the ability to identify signs of a data breach accurately.

Addressing cloud security challenges is constant, ongoing work that requires IT and security teams to be vigilant while at the same time adopting the right security and automation tools to help take some of the operational burden off their shoulders. Working together to find the right solutions ensures both teams get what they need. The collaboration of these two focused teams ensures the entire infrastructure is protected, regardless of on-premise or cloud workloads.

Source link

Intel Iris Driver Gets ~5% Performance Boost With Direct3D 9 Support On Gallium Nine


The Gallium Nine state tracker providing Direct3D 9 API support for Windows games/applications running on Linux under Wine will now be a little bit faster when using Intel’s new Iris Gallium3D driver.

Simply having access to Gallium Nine is already a big advantage to the new Intel Iris driver where as Intel’s current i965 “classic” Mesa driver isn’t Gallium3D based and thus doesn’t work with the state tracker. While Gallium Nine has been working out well with Iris ever since the state tracker landed NIR support to complement the TGSI IR support but now it’s going to be even faster.

With Intel’s Iris driver being thread-safe, Gallium Nine’s black-listing no longer blocks Iris/Intel from enabling Command-Stream Multi-Threading (CSMT).

According to Andre Heider with the patch, enabling CSMT helps boost the performance by about 5%. This isn’t to be confused with Wine’s CSMT feature but is internal multi-threading for Gallium Nine to help the performance and is already used by the RadeonSI and R600 Gallium3D drivers with this D3D9 state tracker.

Who’s Responsible When IT Goes Awry? | IT Infrastructure Advice, Discussion, Community

Every time a major IT gaffe happens, someone pays. Perhaps someone misconfigured an AWS S3 bucket or failed to apply a critical software patch. If the outcome is bad enough, the company’s reputation and valuation could take a hit. If they do, who will be held responsible? It depends on the company’s culture and policies. Who should be held responsible? Perhaps someone else.

For example, the Equifax breach cost three executives their jobs including the CIO, CSO and CEO. The CEO blamed a single IT staff member. While not all IT failures make headline news, they happen every day as the result of negligence, ignorance and sabotage.

Blame the IT staffer

When an IT professional is publicly blamed and shamed for an IT failure, the public relations machine’s job is to convince customers, shareholders, and the public that the problem has been resolved. While the IT staff member who caused the issue should be reprimanded, blaming everything on a single employee discounts the potential mismanagement factors that contributed to the issue. Still, the outcome of multimillion-dollar lawsuits may hinge on the actions of one individual.

 “When I served as an expert on high-profile cases, it came down to the AWS guy, the woman who was programming or a guy enabling the server,” said Nick Kamboj, CEO of MBA admissions consulting firm Aston & James. “Fifteen to $20 million cases would hinge on what this individual did, what they were supposed to do. Did they follow somebody else’s advice or were they using common sense and best practices? It’s not the individual, it’s more the ecosystem that has to change.”

Read the rest of this article on InformationWeek.

Source link

Intel’s Iris Gallium3D Driver Working On Better GPU Recovery Handling


While Intel’s Iris Gallium3D driver is not enabled by default and considered still experimental in its support of Broadwell graphics and newer, in all of our tests thus far it’s been working out very well and haven’t encountered any hangs so far in our tested OpenGL workloads. But with no OpenGL driver being immune from potential GPU hangs, a patch series is pending to improve the GPU recovery heuristics.

Longtime open-source Intel Linux graphics developer Chris Wilson sent out a set of three patches this morning for handling of GPU recovery within the Iris driver. In particular, to opt-out of the Linux kernel’s automatic GPU recovery and replay. That approach doesn’t work out well for Iris where its batches are constructed incrementally and thus the replay following a reset would likely cause issues due to missing state. With this patch series, the Iris driver will instead re-construct a fresh context for the next batch when the kernel indicates a GPU hang.

The set of patches improving the GPU recovery behavior for the Iris driver in Mesa can be found here. The Iris driver is set to makes its initial debut in Mesa 19.1 due out around the end of May, still giving plenty of time for Intel graphics driver developers to make more improvements to this next-gen OpenGL driver ahead of its formal debut.

Some Additional Chrome vs. Firefox Benchmarks With WebRender, 67 Beta / 68 Alpha


A few days ago I posted some Chrome vs. Firefox benchmarks using the latest Linux builds. Some readers suggested Firefox could be more competitive if forcing WebRender usage and/or moving to the latest nightly builds, so here are some complementary data sets looking at such combinations.

In addition to Firefox 66 stable and Chrome 73 stable, here are results when using Firefox 67 Beta 4 and Firefox 68 Alpha 1 as the latest at the time of testing. In addition to testing those two development channels, additional runs were done on each of them after forcing WebRender with the “MOZ_ACCELERATED=1 MOZ_WEBRENDER=1” environment variables.

Here are the benchmark results via the Phoronix Test Suite:

In the case of ARES-6, Firefox 67 Beta 4 is faster than Firefox 66 stable while Firefox 68 was slightly slower. But Firefox still wasn’t competing with Chrome in this benchmark.

In the old Octane browser benchmark, the newer releases came in a little bit slower than Firefox 66 stable.

WebXPRT is the lone test where Firefox beats out Google Chrome 73 and there wasn’t any benefit to the newer releases.

With Basemark, Firefox is still a great deal behind Chrome.

The MotionMark benchmark with it being focused on the graphics performance is a benchmark where WebRender is stressed and does pay off albeit still doesn’t make it as fast as Google Chrome.

There wasn’t much difference out of the Speedometer web browser benchmark.

Lastly is a look at the geometric mean of the benchmarks carried out. Personally, as a devout Firefox user going back to the Firebird/Phoenix days, this is sad to see albeit are seeing similar results on other Linux desktop systems too between Chrome and Firefox. If any premium supporters have any other web browser benchmark requests, be sure to let me know.