Aertight Server Platform https://aertight.com/category/aertight-server-platform en Server Islanding: The Solution for Practical Air Gapped Networking https://aertight.com/blog/server-islanding-solution-practical-air-gapped-networking <span>Server Islanding: The Solution for Practical Air Gapped Networking</span> <span><span lang="" about="/user/aertight" typeof="schema:Person" property="schema:name" datatype="">Aertight</span></span> <span>Wed, 10/09/2019 - 14:36</span> <div class="field field-field-image field-label-hidden field-item"><img src="/sites/default/files/blog/server-islanding.jpg" width="1432" height="805" alt="Practical Air Gapped Networking" typeof="foaf:Image" /> </div> <div class="field field-field-category field-label-hidden field-item"><a href="/category/aertight-server-platform" hreflang="en">Aertight Server Platform</a></div> <div class="field field-body field-label-hidden field-item"><p><span><span><span><span>             Network Admins need to take a step back and reconsider physical barriers to “isolate and island” server systems. Although cloud computing has been heralded as the solution for all our server woes, it still has many of the same issues that plagued us when we had racks of pancaked pizza boxes in our utility closets. Our blind trust in large cloud service providers has seen many businesses hacked back to the stone age, enterprise-wide, because cloud services have such a massive attack surface. Hospitals are brought to a standstill, banks are robbed, utilities are broken into, and thousands upon thousands of dollars are spent on cybersecurity. Many systems see enormous advantages from cloud computing, no doubt, but there are still countless others which we’ve shoehorned into the cloud that would have been better left on-site.  These include systems that are critical to local operations, like building management control systems, automation and SCADA, critical power and many others.</span></span></span></span></p> <p><span><span><span><span>              Until the next revolution in digital identity (hint: BLOCKCHAIN) brings confidence and assurance to “who” and “what” we’re connected to, we’re going to need to consider using air gaps in order to protect our servers. “The Server” is the core of the network, and we need to protect it with physical barriers in much the same way physical-world islands are protected. What I’m suggesting is that we need to take our critical server systems and re-think having them online to the wider world at all. To clarify though, I’m not suggesting these server systems have “no” connection to other systems, (they’d have only limited use if they couldn’t communicate with other devices), but what I am suggesting is that we focus on making the standalone server as self-reliant and secure as possible, so that we are not <em>dependent </em>on remote resources. In the same way that natural islands provide protection, we should look to the same model, using barriers that cannot currently be defeated without local physical access, in order to protect ourselves. </span></span></span></span></p> <p><span><span><span><span>              I’m sure I’ll be flooded with hate mail over this from angry Network Admins. From day one, we’ve been taught how to make systems communicate, how to troubleshoot them, and protect them with software supplied by hardware manufacturers. Servers are designed to be massive repositories for data, places to collaborate on projects, and therefore by their very nature are the most interconnected devices we use. You can isolate with firewalls, intrusion detection systems, virus and malware protection, virtual LANS and a cadre of other software methods but they all have one thing in common… <em>they require vastly more resources to maintain than a physical barrier.</em> </span></span></span></span></p> <p><span><span><span><span><span><span>What’s the alternative?</span></span></span></span></span></span></p> <p><span><span><span><span>              Now is the time to consider local servers again. Server Islanding is the concept of separating a self-sufficient server system and deliberately creating a physical barrier between it and the outside world. Physical isolation of servers and networks, also called “Air-Gapping” isn’t a new concept. Governments, militaries, and even paranoid weirdos out in the woods have seen the benefits of isolation and used it to their advantage, but commercially, its rarely implemented, because, quite frankly, it’s been a pain in the ass to make work with gear that’s not independent enough to handle it. So, if the major manufactures of the world won’t give us what we need (hint: they don’t like server islanding because the money is in services), then you need to either find a niche provider that will or build it yourself. Its only the future of human civilization that depends on it, so no biggie.</span></span></span></span></p> <p><span><span><span><span><span><span>Here are the three major elements of Server Islanding…</span></span></span></span></span></span></p> <p><span><span><span><span><strong><span><span>Robust</span></span></strong><span><span>-</span></span> Islanded Servers need to be robust. Our servers have evolved to become pancaked pizza boxes of computational power that can crunch data constantly, yet faceplant when the AC fails. How often does that happen? Ask the UPS business, they make billions on keeping the AC running for datacenters. There are many paths toward robustness, including going fanless, using wide temperature components, and encasing the systems in containers which both prevent physical access to inputs of the system. Creating islands isn’t as hard as it was in the past, since we now have low TDP processors and much more resilient flash storage that can be combined with industrial grade power supplies to create systems that are exponentially more reliable than the small business grade junk we’re used to. These systems don’t need to cost an arm and a leg and absolutely don’t need to be able to take a 50-caliber shot to the head, but they DO need to be able to survive a damned sprinkler going off.</span></span></span></span></p> <p><span><span><span><span><strong><span><span>Self-Reliant</span></span></strong><span><span>-</span></span> Islanded Servers need to be Self-Reliant. What does this mean? It means that they really need to be systems that are independent enough themselves, as a full “Compute-Display-Storage” node. There are currently many deployments with compute and storage separations, but many of the perceived advantages completely fail in spaces without a full time IT presence. These systems have many exposed points for failure (cabling, switching, etc.) and they are exponentially more difficult to make redundant when compute and storage are separated. We need servers that would make Henry David Thoreau proud.</span></span></span></span></p> <p><span><span><span><span><strong><span><span>Practical</span></span></strong><span><span>-</span></span> Let me put this simply. We need practical systems that allow a technician to be able to walk a completely non-technical person through troubleshooting the islanding system over the phone. When you’re Islanded, tech support could be far away. An Islanded System needs to be easy enough to use, and control, by operations personnel. This is one of the most limiting factors of Server Islanding. It’s really tough. A slick control interface just isn’t good enough. Operators need to be able to seriously get under the hood of the system, with ease, in times of need. Ideally, every component should be modular and obvious to someone untrained in IT. This also includes the ability to interact with the system visually. Long ago, the evolution of server systems into racks meant we did away with the display of the system. The display is expensive from a real-estate standpoint, and we did away with it many years ago, not realizing we’d ever need a non-remote window back into our servers. KVM’s are a good stop gap, but no where near as easy to troubleshoot as a built-in display.</span></span></span></span></p> <p><span><span><span><span>What are the practical uses for Islanded Servers?</span></span></span></span></p> <p><span><span><span><span>              Industrial Control Systems- Keeping these systems isolated is critical. Not only should these systems that control our electrical utilities, water and wastewater, and critical services be placed in air-gapped networks, they also need to be separated from one another. Although the entire network (all vendors) may be air gapped, the reality is, each vendor can be at the mercy of another if they’re consolidated in the same rack. One switch issue, one misplaced cable, and now 10 vendors are all being screamed at by OT that the entire control system is messed up. If these systems could be practically isolated from one another, hosted locally on their own islanded servers, then set to store and forward data to connected historians, data aggregators, etc., we could have a much more reliable network for our utilities. It’s a big paradigm shift to think of things this way, you do give up some real estate, but the advantages could be enormous.</span></span></span></span></p> <p><span><span><span><span>              Remote Locations- Remote locations are always nightmares for IT, but they really don’t need to be. With more robust equipment, say cutting the average component failure in ½, and providing the ability for remote IT to coach local resources through troubleshooting issues, local servers could return. We can remove our dependence on cloud servers in remote locations, and instead use local systems that can store and forward information like financial reports, batched payment information, etc., yet still provide systems that will run the business or facility when the connection to the cloud is down.</span></span></span></span></p> <p><span><span><span><span>              Franchises- As the IoT world embraces sensors, we realize we need this data to be aggregated, recorded, and consolidated into actionable and reportable systems. In food and beverage, aggregating the temperatures of refrigeration units, alarm systems, inventory systems, and financial systems locally can be an enormous task. Franchises typically depend on point of sale systems that require cloud based connections, but internet access can be flaky. Having a truly independent local server that could allow a business to function locally without internet access could mean thousands of dollars in savings.</span></span></span></span></p> <p><span><span><span><span>              So here’s the big reveal… or…not so much…</span></span></span></span></p> <p><span><span><span>              Shockingly, the business I work for, Aertight Systems, Inc. builds a server system called the “Aertight Server Platform” that works great for server islanding. Now hold on, I’m not baiting you into buying our product even though it is exceedingly awesome. I’m not suggesting you abandon rack and tower deployments in favor of something that’s an exponentially better product with a much better ROI. What I am saying, is, listen to what I’m saying, think about the frustration you have with unreliable IT sprawl, add up the dollars you’ve spent on IT, then save a few of these $, and join me on the server island for a Mai-Tai.</span></span></span></p></div> <div class="field field-field-blog-format field-label-hidden field-item">Standard</div>Wed, 09 Oct 2019 18:36:56 +0000Aertight261 at https://aertight.comhttps://aertight.com/blog/server-islanding-solution-practical-air-gapped-networking#comments Why you need a modular server! https://aertight.com/blog/why-you-need-modular-server <span>Why you need a modular server!</span> <span><span lang="" about="/user/aertight" typeof="schema:Person" property="schema:name" datatype="">Aertight</span></span> <span>Tue, 05/28/2019 - 14:18</span> <div class="field field-field-image field-label-hidden field-item"><img src="/sites/default/files/blog/Aertight-Server-Platform-750-OPEN.png" width="3751" height="2778" alt="Aertight Failover Server Platform Open" typeof="foaf:Image" /> </div> <div class="field field-field-category field-label-hidden field-item"><a href="/category/aertight-server-platform" hreflang="en">Aertight Server Platform</a></div> <div class="field field-body field-label-hidden field-item"><p>Server hardware is a nightmare to maintain in remote and isolated environments. You need modular server hardware for these situations.</p> <p>If you're deploying with rackmount servers.... you need to space for the rack, adequate cooling, physical security, and you need to make sure that your gear is adequately isolated from OTHER vendors if you're in a mixed hosting environment. If this is a secure environment, you're really stuck if you don't have remote access. I'd also advise keeping a Louisville Slugger onhand to fend off techs who don't know the difference between your isolated environment and the upstream network.</p> <p>If you're deploying with tower servers.... please stop reading this article and go look for another job somewhere you can cause less damage professionally. No, really, no es bueno. </p> <h3>What you REALLY need, is a rugged windows server that bolts right into the wall, is super low maintenance, and MODULAR.</h3> <h5>Wait, what? Why do I need that?</h5> <p>Glad you asked. </p> <p>You need a rugged, yet modular server because no matter how low the failure rate of your components, or how well you've planned for redundancy, you're still going to be troubleshooting issues for the customer.</p> <h5>Wait? Why doesn't the customer call the server hardware manufacturer, or Microsoft, or, like, my 1-800 #?</h5> <p>Another good question, and here's the answer. The reason is, you're good at your job, and you respond faster than the other guys do. So, no matter what your job role technically is, if the customer gets better service from you, they're going to be trying you 1st to see if you're the person who can answer the question 1st. </p> <h5>So now what? I guess the customer is going to be calling me, even though I'm just the application developer.</h5> <p>You got it champ. You're at the top of the food chain with your application riding high like an egg sitting on top of a delicious bowl of ramen noodles. If the motherboard fails on the system you put in, and your application is affected, you're getting the call. What did you expect? For the customer to call some Taiwanese PCB manufacturer 1st? No, they're calling you because you're the guy who has the vested interest in getting the server back online.</p> <p>Believe me, we've been there, and that is why we've built a new server platform which does it's best to.....</p> <p>a) Keep people from messing with your gear on-site.</p> <p>b) Create a simple, easy environment which you can coach operators though WHEN things inevitably go wrong.</p> <p>The server system we created is the Aertight Server Platform, and it's really pretty amazing. Its not only a full Microsoft Windows Server that can be paired together and clustered for redundancy, it's built like a tank for security and has field removable components.</p> <h5>Field Removable Components? </h5> <p>Yes. We designed the system so that you can install the enclosure, mount it without worrying about getting metal shavings on the equipment, and then install the display, subpanel, and motherboard. Even the motherboard can come out and be swapped out. If you need to ship something directly to the customer to have them test and then install, you can coach them right through all this, from a beach in Barbados.</p> <p>Want to learn more? Give us a call today!</p></div> <div class="field field-field-blog-format field-label-hidden field-item">Standard</div>Tue, 28 May 2019 18:18:22 +0000Aertight255 at https://aertight.comhttps://aertight.com/blog/why-you-need-modular-server#comments Why Server Islanding is Needed https://aertight.com/blog/why-server-islanding-needed <span>Why Server Islanding is Needed</span> <span><span lang="" about="/user/aertight" typeof="schema:Person" property="schema:name" datatype="">Aertight</span></span> <span>Tue, 11/28/2017 - 05:35</span> <div class="field field-field-image field-label-hidden field-item"><img src="/sites/default/files/blog/Aertight-Server-Islanding.jpg" width="1398" height="876" alt="Why Server Islanding is Needed" typeof="foaf:Image" /> </div> <div class="field field-field-category field-label-hidden field-item"><a href="/category/aertight-server-platform" hreflang="en">Aertight Server Platform</a></div> <div class="field field-field-tags field-label-hidden field-items"> <div class="field-item"><a href="/tags/aertight-server-platform" hreflang="en">Aertight Server Platform</a></div> </div> <div class="field field-body field-label-hidden field-item"><p>In the age of cloud computing and the internet of things, application developers are increasingly pressured to host their applications on systems that are on, "anywhere available" cloud platforms. Additionally, IT resources are pushed to ensure the reliability of remote connections, security of connected systems, and redundancy of applications ensure these systems are "as available" as local server resources. With limited budgets, and limited personnel availability, something has to give....</p> <p>Lots of fancy solutions exist, but they really all boil down to two things. Is the application hosted in the cloud (ie: remotely to operators) or locally? (ie: local to operators). Both have their advantages and disadvantages, but unfortunately its usually one or the other.</p> <p>Cloud systems are rarely employed as the "only" system in critical infrastructure environments, due to the obvious pitfalls of complete loss of local control in case of remote connection failure. Similarly, its rare to see a facility use an "on prem" only server environment, especially in a remote area, since there can typically be much less IT resources available. </p> <p>Yet, many facilities need the ability to "island" themselves locally in case of problems with the greater network. If a critical infrastructure server system has an always on network connection to the internet, then the potential for a security breach isn't an "if" question, more than a "when".</p> <p> </p></div> <div class="field field-field-blog-format field-label-hidden field-item">Standard</div>Tue, 28 Nov 2017 10:35:25 +0000Aertight106 at https://aertight.com