Thursday Aug 07, 2008

So what's new?

Previously, I promised to do an update since it had been such a long time between postings. Well, wait no longer. Honestly, the last six months or so were fairly light on security work for me. I have continued to work with customers around the world helping them to apply Sun and partner technologies to their business challenges, but my team has continued to deliver on the Sun Systemic Security vision and we have recently started exploring adaptive security architectures. In fact, Joel was published and featured on the cover of the ISSA Journal for his article titled Adaptive Security and Security Architecture (an abridged version was also posted here). You can follow us on this journey at

So if not security, what have I been up to?

Before answering, when you hear the words "High Performance Computing" or HPC, what is the first picture that pops into your head? Does your mind drift immediately towards the hallowed halls of government and research laboratories? Do you think of Top 500 lists or of supercomputers named Ranger? Do you think about exploring the mysteries of weather patterns, "seeing" back into space and time or even keeping tabs on the behaviors of sub-atomic particles? If so, you are not alone, but that is certainly not all there is to HPC.

Today, there is no shortage of computing problems that today are being tackled using high performance computers, interconnects, storage and data visualization, but we need to widen our views, remove our blinders, and begin to see HPC as it exists everywhere.

  • structural analysis, computational fluid dynamics, crash and safety simulations
  • fraud analysis and detection, anti-money laundering, credit derivatives pricing and hedging
  • reservoir simulation and visualization, seismic processing
  • media rendering and transcoding
  • DNA sequencing, molecular modeling and bio-simulation

Customers employing these processes share common traits. They are all trying to drive better business results, more quickly and efficiently. They have huge data volumes and often short windows in which to derive actionable results. They are trying to reduce their time to market, speed up their ability to make key business decisions and thereby maximize their value to their customers and shareholders. Customers such as these are using IT as a strategic weapon.

Sound cool, right? I thought so! For the last six months or so, I have taken on an additional role of leading a global, virtual team across our Global Systems Engineering organization to focus on these "non-traditional" or "commercial" HPC environments. What is truly fascinating is that this is all just the tip of the iceburg. Wired Magazine noted recently that "The quest for knowledge used to begin with grand theories. Now it begins with massive amounts of data." While perhaps an oversimplification, the idea is dead on. We have collected massive amounts of data and more is collected every day. Just as often new ways are being developed to analyze this data. This is where HPC meets main street. Problems with HPC-like characteristics are all around us and only recently have we been given the (commodity) processing power, storage capacity and network bandwidth to employ HPC-like solutions more broadly from government to industry, from large corporations to small startups, from the data center to the home.

It has been a very cool ride and collectively the GSE HPC Tiger Team (as it is known) delivered remarkable results including millions of dollars in wins, training and education for thousands of people, and the capture of key requirements, use cases and design patterns. With this group solidly running on all cylinders, it is time for me to turn my focus back to security (although HPC will never be rid of me!). In the coming months, you will hear more about our work on adaptive security including some really interesting practical applications you can start trying today. Is that enough of a teaser?

Until next time, take care!


Wednesday Aug 06, 2008

2008 SIA Award: Sun Systemic Security

I was a little hesitant to write about this as I did not want it to come across as self-promotion, but in the end I felt that it was important for me to say something on behalf of my team. In July 2008, my team and I were awarded with one of the highest honors that Sun can bestow on its technical professionals - the Sun Innovation Award (formerly known as the Chairman's Award for Innovation) for our contributions to the Sun Systemic Security framework. Collectively, these achievements enabled Sun to improve its products to better comply with our customers' security policies and requirements, develop new architectures and best practices that solve key customer security challenges, and position Sun as an architectural and security thought leader across industry and government.

For those unfamiliar with this award, here is a brief summary:

Sun's Innovation Award recognizes those individuals and teams who have made a significant contribution to Sun through innovation. Innovation is a starting point for the Sun Strategy and is key to helping differentiate Sun and attract communities to Sun. Product, process, and project innovations have increased Sun's ability to grow, make money, build our communities, enlist champions, and accelerate our business. The purpose is to reinforce and recognize exceptional performance related to a key pillar of Sun's strategy and one of our key values: Innovation.
The award ceremony was on July 16, 2008 at the Sun Leadership Conferece held in San Jose, CA. The award was presented to the team by both Greg Papadopolous and Jonathan Schwartz.

Pictured (left to right): Greg Papadopoulos, Rafat Alvi, Bart Blanquart, Glenn Brunette, Joel Weise, and Jonathan Schwartz

I would like to publicly congratulate my team on winning this award and thank them for all of their hard work, focus, and dedication. Through all of the ups and downs, you never failed to deliver innovative and highly impactful work that has helped customers and partners around the world and teams across this fine company. I could not be more proud of you all. This is a team award and it belongs to each and every one of you, and while we have been able to accomplish quite a lot, I have no doubt there are greater things yet to come. Thank you! Now get back to work! :-)

On behalf of the team, I think that it is important to thank both Jim Baty and Hal Stern for their coaching, leadership, and unwavering support over the years. They have helped to build and sustain an environment where we all can be challenged, where innovation can flourish, and where we can make a difference for Sun and our customers. You have both been invaluable to our success - thank you!

Tuesday Oct 09, 2007

Sun SPARC Enterprise T5x20s: A Security Geeks Point of View

What an exciting day! Today, Sun has officially launches the Sun SPARC Enterprise T5120 and T5220 rack-mount systems along with the Sun Blade T6320 blade server, the first to be designed for the UltraSPARC T2 processor. From the point of view of a security geek, there is a lot to be happy about. The UltraSPARC T2 has support for eight (8) cryptographic processing units, each of which supports ten (10) different cryptographic algorithms and a hardware-based random number generator. Lawrence has done a fantastic job of talking about these capabilities and performance if you are interested. It is simply mind blowing.

So, what else is new? Well, we now have actual servers that can leverage the computing power of these chips. This means that companies can now begin to rethink about how they have deployed cryptography in their environments. In particular, it is now much more practical to deploy cryptographic services more widely across an enterprise environment due to the performance gains achieved by offloading the work to the cryptographic processing units. For example, why not ensure that all of your internal web, directory and mail services are fitted for encryption? (Hint: you should be doing this already, but now you can do it while not sacrificing the performance of your CPUs!) Net-net: strong security + excellent performance + eco-friendly is a win-win for everyone.

In addition to enabling the wider use of cryptographic services, I would also encourage any organization to consider how the performance and power benefits of these systems can be applied to their existing environments and workloads. In particular, when used in concert with Sun's Logical Domains (LDoms) technology, organizations can get the benefits of performance, virtualization and security together in one system. Did I mention that today we are also announcing version 1.0.1 of our LDoms technology? Honglin has all the details. Of particular interest to us security geeks is the support for minimized and hardened logical domains! Combine that with the security isolation capabilities of the LDoms hypervisor, a boat-load of crypto performance, and a rock-solid, security, and scalable operating system - you just can't go wrong.

Talk about "zero cost security"! Taken as a whole, you get all of the performance (did I mention the 64 threads?), power and virtualization benefits with security just baked into the design! What's not to like? At least from where this security geek is standing, the view is simply unbeatable. See it all for yourself!


Technorati Tag:

Saturday Nov 04, 2006

New Presentations: Sun Systemic Security

Way back in February, I made a posting about Sun Systemic Security. Since it has been a while since that posting, and since I had developed some fresh material for our Customer Engineering Conference, I wanted to do a follow up so that I could share this new material with you.

I have posted two new presentations on the topic of Sun Systemic Security. The first is a general overview that is intended for use in executive settings or to provide a very high level introduction to the material. The second presentation is a deeper dive into architectural security patterns. This second talk was the basis for my presentation at CEC and provides a more in-depth treatment of various security patterns and how they can be instantiated with Sun products and solutions.

What I like about the second presentation is that it demonstrates, in I believe a very compelling way, the security value proposition for Sun by illustrating how Sun can help support customer security and assurance goals at every level of the stack and how using a pattern-based approach, a reinforcing architecture can be constructed (or an existing one adapted) to better embody a variety of security principles such as self-preservation, compartmentalization, least privilege, defense in depth and others.

The Sun Systemic Security program is always growing and evolving and so we are always looking for feedback from our customers and partners. Be sure to let us know what you think!

Take care,


Technorati Tag:

Tuesday Sep 26, 2006

Treo 700p on Nevada

Will wonders never cease? Today, I decided to plug my Treo 700p smart phone into my newly upgraded Solaris laptop. Honestly, I was not sure what would happen as this was the first time that I had tried to connect up a Palm device.

My goal for doing this was simple. I wanted to synchronize my calendar to my phone so that I would have a list of my appointments while I was on the road. I had wanted to use something more direct like SyncML, but that option was not available to me. Oh, well... I have been using Evolution lately to manage my appointments. What is interesting about my configuration is that my calendar is hosted on Sun's EdgeCal service which allows me to easily access and share my calendar from the Internet or within Sun. EdgeCal is basically a Sun Java System Calendar Server environment and I use the JESCS Evolution Connector to access EdgeCal. By the way, this all worked out of the box too!

So, back to today's experiment... Since Evolution already has an ability to synchronize with devices such as Palm Pilots, I decided to give that a try. The process was completely painless. I simply connected up the 700p via a USB port (actually on a USB hub since I am also using a USB keyboard and mouse), provided some basic settings information to Evolution (Pilot Synchronization Dialog) and hit the HotSync button. Evolution was able to not only find my device but also push the calendar information from EdgeCal to my phone in a matter of seconds. Way cool.

What is really nice is that I can also use the pilot-xfer command to also back up your device (to a ZFS partition in my case). You really have to love it when things just work.

Take care,


Technorati Tag:


This area of cyberspace is dedicated the goal of raising cybersecurity awareness. This blog will discuss cybersecurity risks, trends, news and best practices with a focus on improving mission assurance.


« March 2015