Archive for November 10, 2023

Guest Post: Like the VMs Before Them – SQL Server Containers Are Exploding in Use

Posted in Commentary with tags on November 10, 2023 by itnerd

By Don Boxley Jr

In the tech industry, we often see game-changing trends that redefine how we handle computing. Sometimes, these trends escalate to full-blown explosions of technology usage. It happened with virtual machines (VMs) and now it’s happening with SQL server containers.

A Look Back at the Rise of Virtual Machines 

Think back to around 15 years ago when VMs emerged on the scene. Organizations embraced VMs virtually overnight due to the numerous advantages they offered. For instance, VMs allowed for the consolidation of multiple physical servers onto a single, high-capacity host. This consolidation translated into substantial cost savings by reducing hardware requirements, enhancing resource utilization, and minimizing the physical footprint of data centers.

In addition to cost efficiency, VMs provided greater flexibility and scalability. IT could now easily create and manage VMs, enabling rapid deployment of apps and services. This increased agility and enabled organizations to respond swiftly to changing market dynamics and gain a competitive edge. 

Last but not least, VMs improved disaster recovery (DR) and business continuity efforts. Capabilities such as snapshots and virtualization-based backup simplified recovery from failures and data loss, helping to ensure uninterrupted operations. 

Shifting the Conversation to SQL Server Containers

Today, there is a similar excitement brewing, but this time, it is focused on containers – especially in terms of their significant impact on Microsoft SQL Server environments!

Rob Horrocks, Microsoft’s Senior Cloud Solution Architect, recently shed light on the SQL Server container phenomenon: “The trajectory of SQL Server containers is reminiscent of the VM explosion we witnessed over a decade ago. As with VMs then, containers now offer a compelling value proposition for modern enterprises – agility, efficiency, and scalability.”

During a recent presentation, Horrocks walked us through a live demo of migrating a SQL Server 2022 instance from Windows to Kubernetes (K8s). He artfully employed Contained Availability Groups (AGs) and 

DH2i’s DxEnterprise Smart High Availability Clustering software to achieve this Windows Server to K8s migration. The demonstration showcased how quick and easy SQL Server container modernization can actually be.

Why Are SQL Server Containers the New Buzz?

  • Unlock Optimized SQL Server: Containers for a SQL Server instance offer a multitude of benefits, which include improved performance, reduced operating costs, and the ability for one-click deployments.
  • Unify SQL Server Environments: With tools like DxEnterprise, you can achieve unified management for SQL Server on Linux, Windows, and Kubernetes. This multi-platform software can manage Windows, Linux, and multiple SQL Server containers cohesively, ensuring an uninterrupted workflow.
  • Absolute Minimum Downtime: With DxEnterprise’s unique failover capabilities, you get industry-leading failover performance with fully automatic failover for SQL Server AGs in Kubernetes. These are all the ingredients needed to take production SQL Server workloads to containers and reap the full list of benefits.
  • Simplified Modernization: Migration has often been a daunting task. But with DxEnterprise software, even the most intricate infrastructure and configurations can smoothly transition to Kubernetes in mere minutes.

Given these powerful advantages, it’s clear why the SQL Server containers vs. virtual machines debate is all but settled. SQL Server containerization is on the rise for good reason, and, as Rob Horrocks theorized, this might just be the tip of the iceberg.

The Future is Contained

The road to digital transformation can be paved with challenges. However, with the rise of SQL Server containers, we are better equipped than ever to overcome them. 

For years, DH2i has stood at the forefront of SQL Server container technology, anticipating this future trend and earning the rightful position as an innovator in the field of SQL Server software. By investing in technologies like DxEnterprise, enterprises can not only harness our extensive experience but also future-proof their SQL Server deployments and enjoy the immense benefits of modernization.  

Bottom line, it’s crucial to recognize that the SQL Server container revolution isn’t merely a passing fad. It represents the inevitable future of SQL Server. As we move forward, the tools and technologies supporting this transformation will continue to advance, offering unprecedented ease, efficiency, and optimization. 

Embrace this evolution now, or risk falling behind in the competitive landscape because thousands of organizations are already evaluating SQL Server containers and even deploying them in production. The time to act is now!

US Treasury trades disrupted by ransomware attack on China’s biggest bank

Posted in Commentary with tags on November 10, 2023 by itnerd

Yesterday, reports confirm that the US arm of banking giant The Industrial and Commercial Bank of China (ICBC) was hit by ransomware that disrupted trades in the US treasury markets.
ICBC Financial Services, the US unit of China’s largest commercial lender by assets, said some of its systems were disrupted and they are making progress towards recovering from it. The incident has yet to appear on a leak site, and it’s unclear if data was stolen.

“ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication,” China’s foreign ministry Wang Wenbin said today.

While some market participants said trades going through ICBC were not settled, the bank said it had successfully cleared Treasury trades executed on Wednesday and repurchase agreements financing trades done on Thursday.

There’s a lot of commentary about this. Let’s start with Steve Hahn, Executive VP, BullWall:

“China is the most prolific hacker of the US but it’s completely nation-state motivated. Meaning it’s the Chinese government behind it, so getting a ransom paid is not appealing to them. Stealing IP and trade secrets is, as is finding ways to hack our infrastructure and defense systems. They don’t care about the money, so you just don’t hear about it. They steal secrets or plant back doors and then move on silently, never making the news. However, I’ve seen some mind-blowing hacks from the Chinese that if the public knew would shock them to their core. Think- disabling our defense systems with a kill switch. That’s more their speed.

   “LockBit is a Russian speaking group. They do not attack Russian assets and it’s often speculated they are run at the top level by ex-KGB, which Putin infamously led before the Soviet Union disbanded. What is very clear is that Putin gives them diplomatic and prosecutory cover. If he doesn’t pull the strings on this organization, then at least they are bed fellows in the “enemy of my enemy is my friend” sort of way.

   “LockBit has ransomed close to 2,000 companies in recent years, making them the most prolific operators, and they are one of the main drivers on why successful Ransomware attacks have doubled over the last two years. On top of this, they are taking down GIANTS in Aerospace, Infrastructure, Banking and Government – companies who spend tens of millions of dollars on prevention technologies. LockBit slowly and methodically circumvents these prevention technologies, and even uses the good-guys tools against themselves to extract admin level credentials. Once they have admin credentials, they have the keys to the kingdom. They can disable security tools, create white lists for their applications and exfiltrate data till their hearts content. These large companies may spend $10’s, even $100s of millions on security but they are no match for a threat actor who rakes in billions. For even the largest companies, it’s not a matter of “if” but “when” they’ll be hit, and companies big and small have to be thinking about how to contain these events quickly, how to recover quickly and how they respond. Prevention can never be 100% effective, 100% of the time.

   “LockBit has clearly tried to impact supply chains as well, which at times has exacerbated our already record-breaking inflation. Their targets are primarily for financial gain but when they can hurt the US economy, they do as retaliation for our support of Ukraine. This is one of those instances where the impact to the US treasury market is substantial so you can see the motivation. However, Russia has fewer allies these days and China is far and away the most important. They may have crossed the line in attacking the World’s largest bank as Xi Jinping will not be pleased with this attack – to say the least. This could have billions of dollars’ worth of impact on global financial markets, but this impact includes China and I would not be surprised if we see another mysterious Russian airplane crash-type event with the threat actors behind this attack (like we saw with Yevgeny Prigozhin when he embarrassed Putin).

Jason Keirstead, VP Collective Threat Defense, Cyware follows with this:
   “Despite a wide volume of available knowledge about the techniques used in the malware, LockBit Black continues to wreak havoc globally. We recommend leveraging CISA’s resources and advice to guard against LockBit (available at The widespread prevalence of this particular strain of ransomware further emphasizes the need for rapid industry adoption of a collective defense posture, so that enterprises do not need to re-invent defenses that have already been developed and deployed by their industry peers.

   “LockBit is a Ransomware-as-a-service (RaaS) group that uses independent affiliates to deploy their ransomware in exchange for various forms of commission. Affiliates may use classic techniques like spear-phishing or remote vulnerability exploitation, but they also increasingly are simply recruited as employees of the victim companies, paid to purposefully deploy the software either on their personal device or on an internal asset that they have access to.

   “Ransomware is a financially motivated criminal activity that does not know or respect borders. While ransomware groups can sometimes be attributed to geographical regions, it is not always true that a group can operate with impunity from regional law enforcement. One such example is REvil which was a Russian ransomware gang eventually dismantled by the Russian FSS. LockBit in particular claims to be based in the Netherlands. This further emphasizes why industry needs to improve all forms of collaboration in cybersecurity – we are all trying to defend against similar – and in many cases, identical – adversaries. Enterprises should not be going it alone. They should be collaborating with their peers in ISACs and ISAOs, and working toward true collective defense.”

Stephen Gates, Principal Security SME, adds this:

   “The latest string of ransom-based attacks impacting every type and size of organization worldwide are not the opportunistic type of endpoint-targeting, malware-based attacks from the previous decade. These attacks are much different in nature because they have an enterprise-wide focus in mind.

   “In these attacks, extortionists have figured out a way to monetize the persistent footholds they maintain within the bowels of a network. These are 100% human-operated attacks that most often begin with low-level credential theft. Once they’re in a network, attackers land and expand, pivot then move laterally, and eventually find the data, exfiltrate the data, prove they have the data, break into critical systems, and most often take over the entire environment (e.g., full domain compromise).That is why there are new movements beginning to surface whereby commercial and public sector entities are being called upon to continuously assess themselves.

   “This is not being recommended so they can tick a checkbox or find an overabundance of low level non-exploitable vulnerabilities in their networks. This is being done so organizations can find their weaknesses that are completely exploitable. Organizations are now looking to autonomous systems to safely peruse their networks just like any attacker would. These systems use the same tactics, techniques, and procedures attackers use and their sole purpose is to help organizations see their networks through the eyes of an attacker. Autonomous systems tirelessly attack every single endpoint, reach out to cloud instances looking for weaknesses there, and in nearly every case, are able to find a previously unknown, yet completely exploitable weakness that would lead to domain compromise.”

Craig Harber, Security Evangelist: Open Systems has this to say:

   “Every week, there is another report of a ransomware attack targeting the industrial sector. It raises many questions about these companies’ resiliency and readiness to operate in today’s hostile environment where ransomware gangs seem to have the upper hand. Companies must make the necessary cybersecurity investments to protect their critical systems and sensitive data.

   “The latest victim is ICBC Financial Services. Reports indicate the ransomware attack disrupted trades in the U.S. Treasury market this week. To date, there are no details on the attack, or a data leak site published on the dark web. Often, this lack of attack details or ransomware gang taking credit for the attack strongly indicates that the victim, ICBC Financial Services, made a risk decision to pay the ransom.

   “The decision to pay ransomware gangs is always complex. There are many factors to consider, not the least of which is you are negotiating with a cybercriminal. There is no guarantee that even if you pay the ransom, these cybercriminals will restore systems and return stolen company data. It is best to heed law enforcement advice and not pay because doing so only encourages continued criminal activity.”

This example illustrates how devastating a ransomware attack can be. This also illustrates why prevention, not to mention swift detection and remediation is very important. That way you are not in the position to have to potentially pay the ransom. Which for the record, you should never do as crime should never pay.

UPDATE: I got additional commentary from Anurag Gurtu, CPO, StrikeReady on this:

The ransomware attack on the Industrial & Commercial Bank of China (ICBC) stands as a significant event in the landscape of cyber threats, particularly given the scale and impact of the incident. 

Ransomware attacks on large financial institutions like major banks have been relatively rare compared to other sectors, such as healthcare or education. This rarity is partly due to the robust cybersecurity measures typically employed by these institutions. However, the ICBC incident marks a concerning escalation, indicating that even the most fortified entities are not immune. While the focus in recent times has been on sectors like hospitality and entertainment, with incidents like the MGM Casino attack, the breach at ICBC underscores a potential shift in target preference by cybercriminals.

The disruption in U.S. Treasury trading due to the ICBC ransomware attack is particularly alarming. The U.S. Treasury market is crucial for global finance, influencing everything from mortgage rates to the cost of government borrowing. An attack that impedes this market’s operations can have far-reaching consequences, including potential fluctuations in bond prices and yields. It also raises serious concerns about the security of critical financial infrastructure and the potential for ripple effects across global financial systems.

This attack serves as a stark reminder of the evolving nature of cyber threats and the need for continuous vigilance and investment in cybersecurity measures, especially for institutions integral to global financial stability. It highlights the need for enhanced cross-border cooperation in cyber defense and more robust contingency planning for such critical sectors.

Guest Post: Cisco further delivers on Full-Stack Observability ecosystem vision

Posted in Commentary with tags on November 10, 2023 by itnerd

Innovative new partner modules built on the Cisco Observability Platform across five critical themes: Business Insights, SAP Visibility, Networking, MLOps & SLO, and Sustainability

We are pleased to announce seven new partner modules have been built on the Cisco Observability Platform, further bringing the vision of a Cisco Full-Stack Observability ecosystem to life. These new modules are focused on five critical areas — Business Insights, SAP Visibility, Networking, Machine learning operations (MLOps) & Service Level Objectives (SLO) and Sustainability — and are designed to help organizations get value from observable telemetry data.

These five areas are important to our customers as they look to correlate business metrics with infrastructure and application performance, gain more visibility into the performance of mission-critical applications, and understand the relationship between network performance and applications. The new partner modules will also help customers surface insights in areas of competitive differentiation, including generative AI in modern applications and sustainability.

It’s exciting to see our strong partner community bring their expertise in these areas to the Cisco Observability Platform. They are rallying around and extending the Cisco Full-Stack Observability ecosystem with new and custom use cases, delivering added value for our customers.

Building a Full-Stack Observability ecosystem

Today, virtually all businesses are digitally led: they deliver experiences with applications and through applications. However, the environments in which these applications are built are increasingly complex. IT and security teams as well as business leaders must be able to observe all aspects of performance and to tie that performance to clear business outcomes.

There are numerous barriers to observability. For example, a recent IDC report indicates that 60% of IT professionals are concerned that most observability tools are too narrowly focused and fail to give them a complete view into current and trending operating conditions. Additionally, 65% say they want a programmable and extensible observability solution that can be leveraged for use cases specific to their environment.

This calls for a platform that scales as businesses scale and easily extends across the infrastructure and lifecycle of their applications. Leaders need complete visibility, context, and control so they can ensure their employees, business partners, and customers are empowered with the best digital experiences possible.

Cisco Observability Platform is the only vendor-agnostic, entity-based observability platform in the market. It has been built from day-one to leverage open standards, anchored on telemetry coming from any endpoint across any domain.

The open, extensible, API-driven architecture of Cisco Observability Platform enables the creation of an observability ecosystem. It also allows development partners to build novel observability solutions and realize new revenue streams from those solutions.

New partner modules now available

The modules — plugin-like extensions — our development partners create on the Cisco Observability Platform enable additional capabilities within Cisco Full-Stack Observability solutions. Today’s newly released modules, which are available now on the Cisco Observability Platform exchange, showcase how we’re empowering a community that creates more insightful, useful observability applications.

  • Evolutio has made it easier to correlate and monitor orders, shipping, and payments to identify and resolve issues with applications and infrastructure with eCommerce module.
  • DataRobot and Evolutio extends observability with monitoring and production diagnostics to track and improve performance of both predictive and generative AI models.
  • Evolutio’s Claims module helps insurance carriers correlate and view the health of claims processes by product types, underwriters, regions, and business units.
  • CloudFabrix SAP Observability module can ingest data from Cisco AppDynamics SAP Monitoring, correlating it to asset types to isolate root cause and determine the effect of impacted services on the business.
  • CloudFabrix Campus Analytics module makes it possible to aggregate Cisco DNA Controller analytics to deliver campus return-to-work insights.
  • Nobl9 SLO module helps define and create Service Level Objectives (SLOs) around reliability and remaining error budget for given services and workload visualizations.
  • Climatiq has introduced carbon emissions tracking to existing cloud metrics, with Cloud Carbon Insights, including analysis, comparison, and benchmarking for data.

In addition, we’re announcing two more modules that will be available soon:

  • Aporia MLOps module offers a holistic view of ML model performance and empowers teams to swiftly identify, dive deeper into, and resolve issues faster.
  • Cisco CX’s Sustainability Insights provides real-time interactive visualizations, measurement, estimation, and reporting of key infrastructure sustainability indicators, trended over time.

Review: LG gram 16” Laptop & LG 16″+ View Portable Monitor

Posted in Products with tags on November 10, 2023 by itnerd

I am doing something that I normally don’t do. Which is to test a product, or in this case two products in a Starbucks. But given the target audience of the two products in question, I decided to do something a bit different. So let’s start with the first of the two products in question which is the LG gram 16″ Laptop:

The specific variant that I have here comes with the following out of the box:

  • 13th Gen Intel® Core™ Processor i7-1360P (12 Cores: 4P + 8E, P: 2.2 up to 5.0 GHz / E: 1.6 up to 3.7 GHz), Intel Smart Cache 18 MB
  • 16GB of RAM
  • 512 GB SSD
  • 16″ screen with WQXGA resolution (2560 x 1600) at 60 Hz
  • 802.11ax WiFi
  • Bluetooth 5.1
  • FHD Webcam that supports Windows Hello facial recognition for login purposes
  • Intel Iris Xe Graphics
  • Windows 11

Now this laptop is light. As in 2.5 pounds. And it’s super thin as well. And despite having a plastic feel to it, LG says that this laptop has passed MIL-STD-810H military durability testing. Though I did note some flex in the keyboard area. Speaking of the keyboard, one thing that I really liked was the fact that the keyboard had a number pad on it which makes it great for data entry nerds. Screen real estate is great given that the display is WQXGA high resolution 16:10 aspect ratio display that supports wide colour gamut, DCI-P3 99%. That’s perfect for not only data entry nerds, or those who want to do some photo editing. And reflections on the screen were not a thing in the Starbucks that I was in. One other thing that I will note that much like every black laptop, it is a fingerprint magnet. So having a cloth on your person would be advisable.

In terms of ports, you have a lot of flexibility:

From right to left, there’s a Kensington lock slot, a pair of USB 3.2 Gen2x1 ports, and a MicroSD slot.

On the other side, you get a headphone/microphone jack, a pair of USB-C ports that support Thunderbolt 4, and a HDMI port. In short, there’s more than enough connectivity to fit whatever use case that you have. Sound from the laptop was pretty good as the audio has support for Dolby Atmos.

Now just because this laptop is thin, that doesn’t mean it’s not powerful. Running a Geekbench 6 test on the LG gram, I got these results:

  • Single-Core Score: 2309
  • Multi-Core Score: 10349
  • OpenCL Score: 16197

By Intel laptop standards, this is pretty good. While you will not be playing Call Of Duty: Modern Warfare III on it, it’s got plenty of power most other things that might be on your task list. Be it office type stuff or even photo editing.

Battery life is rated at 14.5 hours. I managed to get 10 hours out of it which is more or less a full business day. Not bad for such a thin and light laptop.

Now at this point, you might be thinking that the review is done. But it’s not. LG has one more trick up it’s sleeve:

This is the 16-inch +view Portable Monitor from LG. It comes in this iPad folio like case that as you can see is a bit of a fingerprint magnet. It stays shut using magnets and it’s also rigid to protect the screen. It has two USB-C ports, one on each side.

Much like the iPad folio case, you can fold it to place it at the exact angle that you need with no fuss.

And the cool part is that a single USB cable connects and powers everything. When you plug it in, you get an on screen display to select the position of the monitor. That way whether you extend the monitor or mirror the two displays, it’s simple to set up. Here’s the cool thing, the monitor has the same specs as the LG gram’s display. So if you’re doing anything colour critical where both monitors need to match each other, you’re covered. At just under a pound, this really won’t be a weight on your back when you carry it with the LG gram as the whole package is sub 4 pounds. And if you ask me, that’s what makes this whole setup compelling as there are notebooks that weigh 4 or more pounds and do not offer this level of productivity.

So, how much does this setup cost? It’s less than I expected it to cost to be honest. the LG gram is $2149 CAD in this configuration. But LG offers other configurations that encompass smaller or bigger screens, or more RAM for example. So it would be worth your while to have a look at the options that are available. The LG gram + View is $450 CAD on top of that. So basically for under $2600 CAD you have a portable multiple monitor setup that allows anyone from students to remote working types to be productive wherever they are. If you need to be really productive wherever you are, this a setup that you should invest some time to look into.