星期五, 10月 26, 2012

PCI card dimensions



PCI card dimensions (low profile and standard height) MD1 and MD2

星期四, 10月 18, 2012

storage concept

http://qing.weibo.com/tj/88ca09aa330005a4.html

網路文件共享系統(CIFS)

網路文件共享系統(CIFS)
2009/03/04-鐘聖雄  

http://www.digitimes.com.tw/tw/dt/n/shwnws.asp?rnrnCnlID=10&Cat=&Cat1=&id=124179

網路文件共享系統(Common Internet File System;CIFS)原先被稱為伺服器訊息區塊(Server Message Block;SMB),該技術使得網路上的機器得以共享文件、周邊機器(如印表機)、串接阜等資源,也提供通過授權的程序間溝通(Inter- Process Communication;IPC)功能。

有別於網路文件系統(Network File System;NFS),CIFS的訊息格式並沒有固定長度,且多數訊息都包含無固定長度的數據,也使得協議的複雜度增加。一般來說,CIFS會包括1個32位元組的訊息頭,以及1個或多個長度不固定的訊息體。

CIFS 最初是由IBM的Barry Feigenbaum所開發,目的是為了將DOS上的本地端文件介面,改造成為可供分享的網路文件系統。後來,微軟(Microsoft)接手了該計畫, 為了修正第1版的DES錯誤,而使用了NTLM(NT Lan Manager)第2版,並將CIFS與微軟和3com共同合作的另1個網路管理程序結合,修改為當前的版本,並建立其分散式文件系統。也因為這樣的緣 故,CIFS多半是用在安裝微軟作業系統的機器上,但後來CIFS在經過Unix伺服器廠商重新開發後,也可以被用在連接Unix伺服器和Windows 作業系統的客戶端機器上,並執行檔案分享,以及共用PC周邊的功能。

CIFS最早是被設計成運行於NetBIOS協議上;換言之,CIFS是建立在NetBEUI、IPX/SPX以及TCP/IP協議成立的前提之上。後來,微軟在Windows 2000作業系統中,將CIFS改造為可以直接運行在TCP/IP之上。

CIFS 的作業方式,基本上就是大家熟悉的客戶端-伺服器(Client - Server)模式,也就是先由客戶端發出請求,再由伺服器回應;在CIFS協定中,有一部分就是用來協調客戶端對伺服器發出的請求,也就是說,客戶端是 藉由文件系統的中介,得以拜訪文件伺服器。在IPC部分,CIFS也允許利用網際網路功能,讓不同的局部子網路或虛擬私人網路(Virtual Private Network;VPN)得以互相連結,如此一來,不同的子網路之間就得以進行遠端協同作業,例如文件分享或是共用印表機等PC周邊設備功能,都是利用 CIFS協議運作。

CIFS最為人詬病的缺點,就是它會佔用過多頻寬,因為每1台子網路內的客戶端電腦,都必須要廣播其存在,才能共享服 務,但是CIFS本身並不使用廣播功能,這樣的問題實際上是NetBIOS的服務定位協議所造成的。在使用微軟Windows伺服器時,都是透過 NetBIOS來協議與定位,而NetBIOS則會定時向特定伺服器廣播某個服務的存在,這樣的作業方式在伺服器較少時,並不會佔用過多的頻寬,但在伺服 器超過一定數目時,網路大塞車的情況則會愈來愈明顯。

網路塞車會對CIFS的使用者帶來重大的影響,特別是在伺服器間的網路延遲時間過長時,透過網際網路拜訪VPN,進行文件分享與協同作業時,延遲會更加明顯。

為 了改善頻寬問題,一般來說可以利用Windows Internet Name Service(WINS)定位協議緩和這樣的情況,也就是使用更高階的系統將服務集中化,但是這也相對地會造成訊息與網路保管問題。此外,使用動態網域 名稱伺服器(Dynamic Domain Name Server;Dynamic DNS)也可以解決CIFS的問題。

CIFS伺服 器可以向網路上的客戶端電腦提供文件系統與各種資源,但客戶端卻可以保留分享權限,這使得CIFS得到廣泛的採用。此外,CIFS採用NT網域協議與認 證,而NT網域協議幾乎只能透過CIFS進行IPS認證,確定客戶端能否拜訪特定資源,所以CIFS所以才會如此廣泛地被採用。

在昇陽電 腦(Sun)於1996年推出WebNFS時,微軟曾經提出將SMB改稱為現在的CIFS,並加入如軟連結、硬連結等功能,藉此提高文件大小。然而,微軟 後來又在推出Vista作業系統時,提出了SMB 2.0的概念,因此目前CIFS與SMB,都是非常普遍的說法。

DIGITIMES中文網 原文網址: 網路文件共享系統(CIFS) http://www.digitimes.com.tw/tw/dt/n/shwnws.asp?rnrnCnlID=10&Cat=&Cat1=&id=124179#ixzz29bnGeE00

Server Message Block

In computer networking, Server Message Block (SMB), also known as Common Internet File System (CIFS, /ˈsɪfs/) operates as an application-layer network protocol[1] mainly used for providing shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. Most usage of SMB involves computers running Microsoft Windows, where it was known as "Microsoft Windows Network" before the subsequent introduction of Active Directory. Corresponding Windows services are the "Server Service" (for the server component) and "Workstation Service" (for the client component).
The Server Message Block protocol can run atop the Session (and lower) network layers in several ways:

History

Barry Feigenbaum originally designed SMB at IBM with the aim of turning DOS "Interrupt 33" (21h) local file access into a networked file system.[4] Microsoft has made considerable modifications to the most commonly used version. Microsoft merged the SMB protocol with the LAN Manager product which it had started developing for OS/2 with 3Com c. 1990, and continued to add features to the protocol in Windows for Workgroups (c. 1992) and in later versions of Windows.
SMB was originally designed to run on top of the NetBIOS/NetBEUI API (typically implemented with NBF, NetBIOS over IPX/SPX, or NBT). Since Windows 2000, SMB runs, by default, with a thin layer, similar to the Session Message packet of NBT's Session Service, on top of TCP, using TCP port 445 rather than TCP port 139 — a feature known as "direct host SMB".[2]
At around the time when Sun Microsystems announced WebNFS,[5] Microsoft launched an initiative in 1996 to rename SMB to Common Internet File System (CIFS), and added more features, including support for symbolic links, hard links, larger file sizes, and an initial attempt at supporting direct connections over TCP port 445 without requiring NetBIOS as a transport (a largely experimental effort that required further refinement). Microsoft submitted some partial specifications as Internet-Drafts to the IETF,[6] though these submissions have expired.
The Samba project originated with the aim of reverse engineering the SMB protocol and implementing an SMB server to allow MS-DOS clients to use SMB to access files on Sun Microsystems machines.[7] Because of the importance of the SMB protocol in interacting with the widespread Microsoft Windows platform, Samba became a popular free implementation of a compatible SMB client and server for interoperating with non-Microsoft operating systems.
Microsoft introduced SMB2 with Windows Vista in 2006, and later improved on it in Windows 7.

Implementation

Client-server approach

SMB works through a client-server approach, where a client makes specific requests and the server responds accordingly. One section of the SMB protocol specifically deals with access to filesystems, such that clients may make requests to a file server; but some other sections of the SMB protocol specialize in inter-process communication (IPC). The Inter-Process Communication (IPC) share, or ipc$, is a network share on computers running Microsoft Windows. This virtual share is used to facilitate communication between processes and computers over SMB, often to exchange data between computers that have been authenticated.
Developers have optimized the SMB protocol for local subnet usage, but users have also put SMB to work to access different subnets across the Internet—exploits involving file-sharing or print-sharing in MS Windows environments usually focus on such usage.
SMB servers make their file systems and other resources available to clients on the network. Client computers may want access to the shared file systems and printers on the server, and in this primary functionality SMB has become best-known and most heavily used. However, the SMB file-server aspect would count for little without the NT domains suite of protocols, which provide NT-style domain-based authentication at the very least. Almost all implementations of SMB servers use NT Domain authentication to validate user-access to resources.

Samba

Samba is a free software re-implementation of the SMB/CIFS networking protocol, originally developed by Andrew Tridgell. As of version 3, Samba provides file and print services for Microsoft Windows clients and can integrate with a Windows NT 4.0 server domain, either as a Primary Domain Controller (PDC) or as a domain member. Samba4 installations can act as an Active Directory domain controller or member server, at Windows 2008 domain and forest functional levels.[8]

Performance issues

NetBIOS

The use of the SMB protocol has often correlated with a significant increase in broadcast traffic on a network. However the SMB itself does not use broadcasts—the broadcast problems commonly associated with SMB actually originate with the NetBIOS service location protocol. By default, a Microsoft Windows NT 4.0 server used NetBIOS to advertise and locate services. NetBIOS functions by broadcasting services available on a particular host at regular intervals. While this usually makes for an acceptable default in a network with a smaller number hosts, increased broadcast traffic can cause problems as the size of the network increases. The implementation of name resolution infrastructure in the form of Windows Internet Naming Service (WINS) or Domain Name System (DNS) resolves this problem. WINS was a proprietary implementation used with Windows NT 4.0 networks, but brought about its own issues and complexities in the design and maintenance of a Microsoft network.
Since the release of Windows 2000, the use of WINS for name resolution has been deprecated by Microsoft, with hierarchical Dynamic DNS now configured as the default name resolution protocol for all Windows operating systems. Resolution of (short) NETBIOS names by DNS requires that a DNS client expand short names, usually by appending a connection-specific DNS suffix to its DNS lookup queries. WINS can still be configured on clients as a secondary name resolution protocol for interoperability with legacy Windows environments and applications. Further, Microsoft DNS servers can forward name resolution requests to legacy WINS servers in order to support name resolution integration with legacy (pre-Windows 2000) environments that do not support DNS.

WAN performance issues

Network designers have found that latency has a significant impact on the performance of the SMB 1.0 protocol, that it performs more poorly than other protocols like FTP. Monitoring reveals a high degree of "chattiness" and a disregard of network latency between hosts.[9] For example, a VPN connection over the Internet will often introduce network latency. Microsoft has explained that performance issues come about primarily because SMB 1.0 is a block-level rather than a streaming protocol, that was originally designed for small LANs; it has a block size that is limited to 64K, SMB signing creates an additional overhead and the TCP window size is not optimized for WAN links.[10] Solutions to this problem include the updated SMB 2.0 protocol, Offline Files, TCP window scaling and WAN acceleration devices from various network vendors that cache and optimize SMB 1.0[11] and 2.0.[12]

Microsoft's modifications

Microsoft added several extensions to its own SMB implementation. For example, it added NTLM, then NTLMv2 authentication protocols in order to address security weakness in the original LanMan authentication. LanMan authentication derived from the original legacy SMB specification's requirement to use IBM "LanManager" passwords, but implemented DES in a flawed manner that allowed passwords to be cracked.[13] Later, Kerberos authentication was also added. The NT 4.0 Domain logon protocols initially used 40-bit encryption outside of the United States of America, because of export restrictions on stronger 128-bit encryption[14] (subsequently lifted in 1996 when President Bill Clinton signed Executive Order 13026[15]). Opportunistic locking support has changed with each server release.

Opportunistic locking

In the SMB protocol, opportunistic locking is a file locking mechanism designed to improve performance by controlling caching of network files by the client. Contrary to the traditional locks, OpLocks are not used in order to provide mutual exclusion. The main goal of OpLocks is to provide synchronization for caching. There are three types of opportunistic locks:

Batch Locks

Batch OpLocks were created originally to support a particular behavior of MS-DOS batch file execution operation in which the file is opened and closed many times in a short period, which is a performance problem. To solve this, a client may ask for an OpLock of type "batch". In this case, the client delays sending the close request and if a subsequent open request is given, the two requests cancel each other.

Exclusive Locks

When an application opens in "shared mode" a file hosted on an SMB server which is not opened by any other process (or other clients) the client receives an exclusive OpLock from the server. This means that the client may now assume that it is the only process with access to this particular file, and the client may now cache all changes to the file before committing it to the server. This is a performance improvement, since fewer round-trips are required in order to read and write to the file. If another client/process tries to open the same file, the server sends a message to the client (called a break or revocation) which invalidates the exclusive lock previously given to the client. The client then flushes all changes to the file.

Level 2 OpLocks

If an exclusive OpLock is held by a client and a locked file is opened by a third party, the client has to relinquish its exclusive OpLock to allow the other client's write/read access. A client may then receive a "Level 2 OpLock" from the server. A Level 2 OpLock allows the caching of read requests, but excludes write caching.

Breaks

In contrast with the SMB protocol's "standard" behavior, a break request may be sent from server to client. It informs the client that an OpLock is no longer valid. This happens, for example, when another client wishes to open a file in a way that invalidates the OpLock. The first client is then sent an OpLock break and required to send all its local changes (in case of batch or exclusive OpLocks), if any, and acknowledge the OpLock break. Upon this acknowledgment the server can reply to the second client in a consistent manner.

SMB2

Microsoft introduced a new version of the Server Message Block (SMB) protocol (SMB 2.0 or SMB2) with Windows Vista in 2006.[16] Although the protocol is proprietary, its specification has been published to allow other systems to interoperate with Microsoft operating systems that use the new protocol.[17]
SMB2 reduces the 'chattiness' of the SMB 1.0 protocol by reducing the number of commands and subcommands from over a hundred to just nineteen.[9] It has mechanisms for pipelining, that is, sending additional requests before the response to a previous request arrives, thereby improving performance over high latency links. It adds the ability to compound multiple actions into a single request, which significantly reduces the number of round-trips the client needs to make to the server, improving performance as a result.[9] SMB1 also has a compounding mechanism — known as AndX — to compound multiple actions, but Microsoft clients rarely use AndX.[citation needed] It also introduces the notion of "durable file handles": these allow a connection to an SMB server to survive brief network outages, as are typical in a wireless network, without having to incur the overhead of re-negotiating a new session.
SMB2 includes support for symbolic links. Other improvements include caching of file properties, improved message signing with HMAC SHA-256 hashing algorithm and better scalability by increasing the number of users, shares and open files per server among others.[9] The SMB1 protocol uses 16-bit data sizes, which amongst other things, limits the maximum block size to 64K. SMB2 uses 32 or 64-bit wide storage fields, and 128 bits in the case of file-handles, thereby removing previous constraints on block sizes, which improves performance with large file transfers over fast networks.[9]
Windows Vista/Server 2008 and later operating systems use SMB2 when communicating with other machines also capable of using SMB2. SMB1 continues in use for connections with older versions of Windows, as well as systems like Samba and various vendors' NAS solutions. Samba 3.5 also includes experimental support for SMB2.[18] Samba 3.6 fully supports SMB2, except the modification of user quotas using the Windows quota management tools.[19]
When SMB2 was introduced it brought a number of benefits over SMB1 for third party implementers of SMB protocols. SMB1, originally designed by IBM, was reverse engineered, and later became part of a wide variety of non-Windows operating systems such as Xenix, OS/2 and VMS (Pathworks). X/Open standardised it partially; it also had draft IETF standards which lapsed. (See http://ubiqx.org/cifs/Intro.html for historical detail.) SMB2 is also a relatively clean break with the past. Microsoft's SMB1 code has to work with a large variety of SMB clients and servers. SMB1 features many versions of information for commands (selecting what structure to return for a particular request) because features such as Unicode support were retro-fitted at a later date. SMB2 involves significantly reduced compatibility-testing for implementers of the protocol. SMB2 code has considerably less complexity since far less variability exists (for example, non-Unicode code paths become redundant as SMB2 requires Unicode support).

SMB 2.1

SMB 2.1, introduced with Windows 7 and Server 2008 R2, introduced minor performance enhancements with a new opportunistic locking mechanism.[20]

SMB 3.0

SMB 3.0 (previously named SMB 2.2)[21] was introduced with Windows 8[21] and Windows Server 2012.[21] It will bring several significant changes that are aimed to add functionality and improve SMB2 performance, notably in virtualized data centers like SMB2 RDMA Transport Protocol and multichannel.[22]

Features

The SMB "Inter-Process Communication" (IPC) system provides named pipes and was one of the first inter-process mechanisms commonly available to programmers that provides a means for services to inherit the authentication carried out when a client[clarification needed] first connected to an SMB server.[citation needed]
Some services that operate over named pipes, such as those which use Microsoft's own implementation of DCE/RPC over SMB, known as MSRPC over SMB, also allow MSRPC client programs to perform authentication, which over-rides the authorization provided by the SMB server, but only in the context of the MSRPC client program that successfully makes the additional authentication.
Since Windows domain controllers use SMB to transmit policies at login, they have packet-signing enabled by default to prevent man-in-the-middle attacks; the feature can also be turned on for any server running Windows NT 4.0 Service Pack 3 or later.[23] The design of Server Message Block version 2 (SMB2) aims[citation needed] to mitigate this performance-limitation by coalescing SMB signals into single packets.
SMB supports opportunistic locking — a special type of locking-mechanism — on files in order to improve performance.
SMB serves as the basis for Microsoft's Distributed File System implementation.

Security

Over the years, there have been many security vulnerabilities in Microsoft's implementation of the protocol or components that it directly relies on,[24][25][26] with the most recent vulnerability (at time of writing) involving the SMB2 implementation.[27] Other vendors' security vulnerabilities lie primary in a lack of support for newer authentication protocols like NTLMv2 and Kerberos in preference to broken protocols like NTLMv1, LanMan, or even plaintext passwords.

Specifications for SMB and SMB2 Protocols

The specifications for the SMB are proprietary and were originally closed, thereby forcing other vendors and projects to reverse-engineer the protocol in order to interoperate with it. The SMB 1.0 protocol was eventually published some time after it was reverse engineered, whereas the SMB 2.0 procotol was made available from Microsoft's MSDN Open Specifications Developer Center from the outset.[28] There are a number of specifications that are relevant to the SMB protocol:
  • MS-CIFS [1] MS-CIFS is a recent replacement (2007) for the draft-leach-cifs-v1-spec-02.txt a document widely used to implement SMB clients, but also known to have errors of omission and commission.
  • MS-SMB [2] Specification for Microsoft Extensions to MS-CIFS
  • MS-SMB2 [3] Specification for the SMB 2 protocol
  • MS-FSSO [4] Describes the intended functionality of the Windows File Access Services System, how it interacts with systems and applications that need file services, and how it interacts with administrative clients to configure and manage the system.

星期五, 5月 25, 2012

Why IBM Turned Off Siri and Dropbox


http://www.informationweek.com/byte/news/radio/personal-tech/240000962

Why IBM Turned Off Siri (and Dropbox and Lots Of Other Things)

Make a Comment | Serdar YegulalpBYTEMay 23, 2012 08:35 PM


If there's one company I didn't expect to have massive growing pains with BYOD, it's IBM. Then again, maybe they're more of a poster child for the promise and peril of BYOD than we might have expected.

MORE INSIGHTS

Webcasts

More >>

White Papers

More >>

Reports

More >>
Their problems with Consumerization of IT are, in the abstract, no different from the same issue any other company has faced when they start a BYOD policy: access to potentially disruptive services; a proliferation of unwanted and unauthorized software within the organization; unclear consequences for many actions.
But everything I've heard about IBM's corporate culture tells me it's a place where IBM comes first--their tools, their software, their processes, their systems, their everything. Small wonder they get antsy when people bring in third-party solutions like Dropbox, even if those products and services provide valuable benefits to the business.
This might have worked in decades past, but it's becoming increasingly untenable for companies of its size -- or, for that matter, any size. Heterogeneity's the way IT works now, with BYOD only being one part of that picture. IBM may never have gotten fired for buying IBM -- along with plenty of other people, once upon a time, but what about now?
So what's behind IBM's sudden reassessment of BYOD?
They're worried about leaks. And rightfully so. One of the major challenges of any BYOD arrangement is how to keep insiders from walking out with the company's intellectual property -- which is the single biggest way corporate espionage continues to be committed. (It isn't hackers, Anonymous notwithstanding.) Shutting off access to Siri was apparently part of this, as they didn't know what happened to the queries once they were made.
But the newest trend in COIT, and a rising one, is professional versions of the same services with management policies built in. Box.com, for instance, has all this and more. I suspect just about every "personal" service launched from now on will come with a "professional" tier--and if it does, it better have disclaimers about what's done with data gathered from both regular and corporate customers.
Their BYOD policy wasn't as well-thought-out as they hoped. Based on what the above-linked article says, it sounds like IBM's BYOD initiative was rolled out with the expectations that end users would know how to deal with their own devices; but they didn't, for the most part, have that knowledge. (Says the article: "'We found a tremendous lack of awareness as to what constitutes a risk,' says Horan. So now, she says, 'we're trying to make people aware.'")
Their expectations were wrong. What you expect to get from BYOD is as important as how you go about implementing it. One telling quote from the piece: "The trend toward employee-owned devices isn't saving IBM any money" (according to IBM's CIO, Jeanette Horan). The problem, as I've seen elsewhere, is how you define savings. Perhaps for them the projected costs of supporting BYOD -- and especially, the cost of setting up retroactive protection measures -- exceed any imagined gains in productivity.
But until they produce some hard numbers to back that up, I'm going to go out on a limb and say the gains provided through BYOD (and everything that goes with it) are more than worth the hassle, if only in terms of employee satisfaction and comfort. Some of those things cannot be quantified easily or conventionally, especially if you're only looking at the current quarter or a season or two ahead.
I'm sure even IBM recognizes it can't keep its finger in the dyke forever. COIT is something you either make happen, or which happens to you -- and there's only so far they can turn their own clock back before it breaks. But if IBM gets it right, they could serve as one of the better models for others to follow, instead of a classic example of what not to do.


報導:IBM內部禁用Siri、Dropbox
文/陳曉莉 (編譯) 2012-05-24
此外,BYOD並沒有替IBM省下任何金錢,打破BOYD可降低企業成本的說法,因為企業可能要耗費更多的成本來支援BYOD或維持其安全性,IBM的例子恰巧展示了現今擁抱BOYD的企業所面臨的挑戰。
MIT Technology Review引述 IBM資訊長Jeanette Horan表示,許多受歡迎的行動應用程式可能造成內部的安全風險,因此已列出禁用的行動程式,諸如Dropbox,以及蘋果的iCloud與Siri等。

IBM禁用網路硬碟空間Dropbox或iCloud可能很合理,Horan說,該公司擔心員工以行動裝置使用公開的檔案分享服務可能會導致機密資料外洩。至於禁用Siri,則是擔心使用者的查詢可能被存在某處而不自知。Horan坦承,IBM可能太過保守,但保守是IBM的本質。

雖然IBM也是自帶裝置上班(Bring Your Own Device,BYOD)政策的擁護者,但對於BYOD亦進行了一定的規範。例如在員工裝置連網之前,IT部門會先設定該裝置,啟動遠端移除功能,以在裝置遺失或失竊時能移除裝置上的機密資訊;而且對不同品牌的裝置或是不同職位的員工設有不同的規範,例如某些員工只能透過自己的裝置存取IBM的電子郵件、行事曆與聯絡人名單,而有些人則能存取內部的應用程式與檔案,但後者的裝置上必須加上安全軟體以防資訊外洩。

BYOD符合了消費化IT的趨勢, 思科最近的調查顯示,有95%的企業允許員工在職場上使用自己的裝置,以改善員工的生產力並提高工作滿意度。市場研究機構Gartner則預測該趨勢將使企業IT的預算脫離IT部門的掌控,而且IT部門必須具備更好的協調性。

有媒體評論指出,IBM除了擔心資訊外洩之外,也發現員工並不如原先所預期地知道如何進行裝置的安全管理,此外,Horan甚至還說,BYOD並沒有替IBM省下任何金錢,打破BOYD可降低企業成本的說法,因為企業可能要耗費更多的成本來支援BYOD或維持其安全性,IBM的例子恰巧展示了現今擁抱BOYD的企業所面臨的挑戰。(編譯/陳曉莉)

星期三, 5月 23, 2012

祖克柏



祖克柏規定自己一天的時間中,至少要有1小時健身、1小時學中文、6小時睡覺,其他時間都專注在產品技術上,年僅28歲的他能讀寫法語、希伯來語、拉丁語、古希臘語和中文,即便年紀輕輕就坐擁上億身價,但祖克柏物質慾望卻極低,不開名車、崇尚簡單生活哲學。
據《財星》雜誌報導,祖克柏只吃自己親手宰殺的動物,曾在臉書上分享自己殺雞及料理後的食物照,祖克柏說,自從他開始執行這項挑戰後,每次邀朋友到家裡聚餐,大夥兒都變得不太敢吃肉。
一名住在離祖克柏住處不遠的廚師說:「他用割喉的方式殺羊,是最仁慈的宰殺方法。」祖克柏說:「因為我只吃自己殺的動物,所以我基本上成了素食主義者。我覺得很多人都忘了,為了你要吃肉,就有動物必須犧牲。」希望自己常存感謝的心。

星期二, 5月 22, 2012

Intel® Advanced Encryption Standard (AES)


Intel® Advanced Encryption Standard (AES) Instructions Set - Rev 3

Submit New Article
January 24, 2010 10:00 PM PST

Introduction

Intel® AES instructions are a new set of instructions available beginning with the all new 2010 Intel® Core™ processor family based on the 32nm Intel® microarchitecture codename
Westmere. These instructions enable fast and secure data encryption and decryption, using the Advanced Encryption Standard (AES) which is defined by FIPS Publication number 197. Since AES is currently the dominant block cipher, and it is used in various protocols, the new instructions are valuable for a wide range of applications.

The architecture consists of six instructions that offer full hardware support for AES. Four instructions support the AES encryption and decryption, and other two instructions support the AES key expansion.

The AES instructions have the flexibility to support all usages of AES, including all standard key lengths, standard modes of operation, and even some nonstandard or future variants. They offer a significant increase in performance compared to the current pure-software implementations.

Beyond improving performance, the AES instructions provide important security benefits. By running in data-independent time and not using tables, they help in eliminating the major timing and cache-based attacks that threaten table-based software implementations of AES. In addition, they make AES simple to implement, with reduced code size, which helps reducing the risk of inadvertent introduction of security flaws, such as difficult-to-detect side channel leaks.

This paper gives an overview of the AES algorithm and Intel's new AES instructions. It provides guidelines and demonstrations for using these instructions to write secure and high performance AES implementations. This version of the paper also provides a high performance library for implementing AES in the ECB/CBC/CTR modes, and discloses for the first time, the measured performance numbers.

Unified Storage


unified storage (network unified storage or NUS)

Unified storage (sometimes termed network unified storage or NUS) is a storage system that makes it possible to run and manage files and applications from a single device. To this end, a unified storage system consolidates file-based and block-based access in a single storage platform and supports fibre channel SAN, IP-based SAN (iSCSI), and NAS (network attached storage).
A unified storage system simultaneously enables storage of file data and handles the block-based I/O (input/output) of enterprise applications. In actual practice, unified storage is often implemented in a NAS platform that is modified to add block-mode support. For example, Reldata Inc offers the SANnet universal IP storage system and Network Appliance Inc. offers a unified storage architecture. Numerous other products based on Microsoft's WUDSS (Windows Unified Data Storage Server) have been configured to support both block and file I/O.
One advantage of unified storage is reduced hardware requirements. Instead of separate storage platforms, like NAS for file-based storage and a RAID disk array for block-based storage, unified storage combines both modes in a single device. Alternatively, a single device could be deployed for either file or block storage as required.
In addition to lower capital expenditures for the enterprise, unified storage systems can also be simpler to manage than separate products. However, the actual management overhead depends on the full complement of features and functionality provided in the platform. Furthermore, unified storage often limits the level of control in file-based versus block-based I/O, potentially leading to reduced or variable storage performance. For these reasons, mission-critical applications should continue to be deployed on block-based storage systems.
Unified storage systems generally cost the same and enjoy the same level of reliability as dedicated file or block storage systems. Users can also benefit from advanced features such as storage snapshots and replication, although heterogeneous support between different storage platforms should be considered closely. While experts predict a bright outlook for unified storage products, it is likely that dedicated block-based storage systems will remain a popular choice when consistent high performance and fine control granularity are important considerations.
This was last updated in December 2006
Editorial Director: Margaret Rouse

星期一, 5月 21, 2012


Web 2.0: Article

Citrix Buys Virtual Computer

It means to combine the acquisition’s NxTop widgetry with its XenClient hypervisor

Citrix has acquired Virtual Computer, a little Massachusetts outfit with enterprise-scale management solutions for client-side virtualization.
It means to combine the acquisition's NxTop widgetry with its XenClient hypervisor to create a new Citrix XenClient Enterprise edition that can manage "large fleets" of corporate laptops across a distributed enterprise and give users a virtual desktop "to go."
It's due this quarter as a standalone product at a reported $175 a user.
Citrix said it's getting the management piece faster by buying it.
Virtual Computer has historically focused on solutions for Xen-based client hypervisors. Its technology includes backup, disaster recovery, provisioning, security and monitoring capabilities. The merger also promises greater integration between XenClient and XenDesktop.


Citrix Announces XenClient Enterprise and Acquisition of Virtual Computer

New Offering Combines Power of XenClient Hypervisor with Enterprise-Class Management of Virtual Computer

San Francisco, CA » 5/9/2012 » Today, at Citrix Synergy™, the conference where mobile workstyles and cloud services meet, Citrix announced the acquisition of Virtual Computer, provider of enterprise-scale management solutions for client-side virtualization. Citrix will combine the newly-acquired Virtual Computer technology with its market-leading XenClient® hypervisor to create the new Citrix XenClient Enterprise edition. The new XenClient Enterprise will combine all the power of the XenClient hypervisor with a rich set of management functionality designed to help enterprise customers manage large fleets of corporate laptops across a distributed enterprise. The combined solution will give corporate laptop users the power of virtual desktops “to go”, while making it far more secure and cost-effective for IT to manage thousands of corporate laptops across today’s increasingly mobile enterprise.
The number of highly mobile workers as a segment of total employees is growing dramatically. IDC expects that by 2015 they are expected to make up nearly 40 percent of the workforce*. As a result, the number of laptops used by professional workers is exploding. Industry analysts see the growth in mobile devices like tablets and smartphones as complementary to PCs, making it more important than ever to have a holistic, enterprise-wide desktop virtualization strategy that enables anywhere, anytime access to desktops, applications and data from any device. IT will continue to invest in laptops for mobile and office-based workers, and must address the deployment, management and security challenges that go with these devices, while faced with the added demands mobile devices introduce to the enterprise.