George Ayotte

Three years ago, Carnegie Mellon University opened the Data Center Observatory – an answer to the ever-rising operational costs in IT. Administrative expenses were spiraling out of control because individual research groups within the university were running their own IT infrastructure, characterized by short periods of heavy use followed by many hours sitting idle and wasting energy.

The solution was to build an administered utility that provides computational and storage resources to the university community. Besides improving administrative efficiency, the DCO helped control power and cooling costs while letting researchers focus on what they do best rather than worry about maintaining their own mini data centers.

"We didn't have the name cloud computing [at the time] but as it turns out that's exactly what I was pitching to the university," says Greg Ganger, a professor of electric and computer engineering and director of Carnegie Mellon's Parallel Data Lab, a storage systems research center.

So far, the DCO houses 325 computers connected to 12 network switches, 38 power distributors and 12 remote console servers. More than 1,000 cables and 530TB of storage are in use, while environmental conditions are monitored by 13 sensor nodes. Most equipment is donated by vendors or bought with grants.

Two thousand square feet in size, the DCO is being built in zones, with two out of four zones online at this time.

The DCO gets the "observatory" part of its name because it was designed not only to provide real data center resources but also to serve as a test bed for systems researchers looking to "understand the sources of operational costs and to evaluate novel solutions," according to Carnegie Mellon. A windowed wall, and LCD display showing electrical usage and other statistics gives people walking by a sense of what's happening inside the Data Center Observatory.

Building the DCO was not without its challenges, however. Besides "playing Tetris with the room" to figure out how best to place equipment, Ganger found that convincing researchers to share was not always easy.

"We learned how hard it is to get people in the same space," says Ganger, who described the project at a recent event hosted by Schneider Electric and in an interview with Network World. "Each group had its own operating system that they had to have, and their own set of libraries and unique setups. Early on it was clear we had to use virtual machines."

Rather than use the expensive VMware virtualization tools, Ganger opted for the open source Xen and KVM platforms. About a third of DCO machines have been virtualized, making it easier to increase and decrease resources provisioned to each research group. Overall, virtualization has been very useful but raised some interesting concerns, he says.

Virtual machines need lots of memory, Ganger notes. If VMs can be suspended when they are not in use, it's easier to provide memory to the VMs that need it. But suspending a VM can harm the application running inside it, if the application wasn't written specifically for a VM, Gagner says.

"If they have open network connections that are active, those connections will break [when the VM is suspended]," Ganger says. "We're trying to figure out how to have the capability to get stuff out of the way so it's not taking up memory."Ganger and his team designed the Data Center Observatory in partnership with the Schneider Electric-owned APC, which supplied In-Row Cooling and Hot Aisle Containment technologies, allowing potential capacity of 40 racks and 774 kilowatts of power.

Figuring out how to efficiently cool such large densities of equipment took lots of planning.

"As a person who comes from a software systems background, it never occurred to me how much was involved in constructing a room like this, the power and cooling issues, the scale of the power and scale of computing involved," Ganger says.

Although the phrase "cloud computing" was not in vogue when Ganger started building the Data Center Observatory, he now considers the DCO to be essentially a private cloud for Carnegie Mellon researchers.

"I think of [a cloud] as an infrastructure that's managed by some other group … that you can count on for providing the hardware resources you need to do your work," he says.

Though originally designed for internal usage, the DCO has become part of public clouds such as Open Cirrus, a cloud computing research test bed created by HP, Intel and Yahoo; and a university collaboration project known as the Open Cloud Testbed. Carnegie Mellon is also part of the Internet2 consortium and the National LambdaRail network.

These cloud experiments are in the early stages, but Ganger expects them to become more important as time goes on. "Eventually, [becoming part of the larger, public cloud] is going to be the right answer," he says. "Eventually cloud computing is going to be something that is understood well enough that the interfaces are standardized, and people agree it's the right way to do it, and it handles all the different modes of computation you want to handle."

As the public cloud matures, researchers across the country may have access to machines in the DCO, and Carnegie Mellon researchers will increase utilization of external data center resources. But Ganger says the software layer that assigns resources will have to become more sophisticated, with the ability to dynamically provision compute and storage capacity to each user without overburdening any specific data center that's attached to the cloud.

"Two years from now, I would like to be at the point where that kind of resource flexibility is there," he says, "but right now it's not, right now we're just spinning the thing up."

With the first flu pandemic in 41 years officially declared today by The World Health Organization (WHO), companies are again being urged to make sure that business continuity plans are in place and they're prepared for the outbreak.

As the number of H1N1 influenza cases neared 30,000 worldwide, the WHO raised the pandemic warning level from phase five to six - its highest alert.

That prompted Gartner Inc. ot tell its clients to review their procedures for dealing with a pandemic, such as identifying critical-skill employees and their replacements - and emphasizing good hygiene. Otherwise, it said, companies should stay the course.

"It's hard to advise clients to take huge additional actions at this time," said Roberta Witty, a vice president of research at Gartner Inc. "Continue to do what you're already doing until we start seeing many more infections, sick people and deaths."

On June 3, all 50 states, the District of Columbia and Puerto Rico were reporting cases of H1N1 infection, according to the U.S. Centers for Disease Control (CDC). While nationwide, flu surveillance systems indicate that the overall number of cases is decreasing, H1N1 outbreaks are ongoing in parts of the country, some of them intense, the CDC said in a aemstnt.

Dr Margaret Chan, director-general of the WHO, said in a statement that the pandemic, at least in its early days, will be moderate. "As we know from experience, severity can vary, depending on many factors, from one country to another," she said. "On present evidence, the overwhelming majority of patients experience mild symptoms and make a rapid and full recovery, often in the absence of any form of medical treatment."

The WHO urged countries not to close borders or restrict travel and trade. The WHO also said it is in close talks with flu vaccine makers "to ensure the largest possible supply of pandemic vaccine in the months to come."

Gartner's Witty said corporations do not need to take any added measures to combat the flu pandemic. "I think what the [WHO and CDC] are saying is two things: one, this is the flue season in the southern hemisphere, so we need to watch that region. Two, this virus mutates, and ... the avian flu can attach to it, which could mean during the next fall flu season, we may see more avian flu cases through swine flu transmission."

Gartner is urging corporations to:

* Visit the CDC's pandemic flu Web site to find out what the U.S. government recommends to ensure workforce safety and continuous business operations.

* Download the ">FFIEC's Pandemic Flu Exercise of 2007 After Action Report and disseminate their findings across your organization.

* Emphasize the need for personal hygiene to inhibit the spread of the virus.

* Identify existing and potential critical skills shortages and start staff cross-training, testing and certification. Make sure that cross-trained personnel can access needed applications. This requires the longest lead-time and can be disruptive.

* Determine which business operations are sustainable, at what level, and likely durations of downtime for normal business operations with staff absentee rates of 40%. Test for various combinations of leaders and skilled staff.

* Testing should begin now to isolate and correct any possible problem areas to make sure work continues smoothly.

To date, there have been 27,737 cases of swine flue confirmed/a> in 74 countries, accounting for 141 deaths, according to the WHO. Unlike past flu outbreaks, the most severe cases of H1N1 have been recorded in people under 25 years of age.

A 267-page document listing all U.S. civilian nuclear sites along with descriptions of their assets and activities became available on whistleblower Web site Wikileaks.org days after a government Web site publicly posted the data by accident.

The sensitive, but unclassified, data had been compiled as part of a report being prepared by the federal government for the International Atomic Energy Agency (IAEA). It was scheduled to be transmitted to the agency later this year and was sent for congressional review by President Obama on May 5, according to a report in the New York Times.

The document, which had been marked by the president as "Highly Confidential Safeguards Sensitive," subsequently appears to have, for some unexplained reason, been publicly posted by the U.S. Government Printing Office (GPO) on its Web site, the Times said. The document has since been taken down but is now available from several locations via Wikileaks.org.

The document was discovered on the GPO Web site on May 22 by Steven Aftergood, director of the Federation of American Scientists' (FAS) Project on Government Secrecy. Aftergood on Monday posted the document on Secrecy News, a publication of the FAS that he maintains.

The breached document is titled The List of Sites, Locations, Facilities, and Activities Declared to the International Atomic Energy Agency, and contains detailed information on hundreds of civilian nuclear sites in the country, including those storing enriched uranium. The report lists details on programs at nuclear weapons research labs at Los Alamos, Livermore and Sandia.

A message to Congress from Obama at the beginning of the document states that "appropriate measures" have been taken to ensure that no information of "direct national security significance" has been included in the document. While the IAEA classification for such declarations is "Highly Confidential Safeguards Sensitive," the U.S. considers the data "sensitive but unclassified," the president said in his letter.

Aftergood, in an interview, said he spotted the document during a "routine review" of new GPO publications. While scanning through the latest releases on May 22, Aftergood said he saw the one on the nuclear sites.

"I thought, 'wow, that's interesting' and grabbed it," he said. After scanning through the contents, Aftergood said he was puzzled that the GPO had publicly posted the document despite the cover letter from the president indicating that the information was sensitive and not to be disclosed.

"I don't understand how it could be that the GPO had nevertheless proceeded to publish it," he said. He added that it was apparently only after reporters started asking the GPO about the document on its Web site that it was taken down at around 5 p.m. Tuesday.

"I should say I didn't regard the document as a security concern having reviewed it," he said. "I did find it interesting, but I didn't see anything there that constitutes a breach of security."

Breach went undetected by government

Gartner Inc. analyst John Pescatore, who advises several government agencies on cybersecurity issues, said one of the most troubling aspects about the incident is that the government didn't notice the breach till it was alerted to it by reporters. The incident speaks to a lack of process within the GPO for dealing with sensitive data at a time when the current administration is pushing government agencies to be more transparent, he said.

"The federal government is trying to push out more data, but they need to make sure they have the processes in place first," to prevent such accidents, Pescatore said.

In a statement sent via e-mail, a GPO spokesman provided no explanation for why a document marked as sensitive and not for publication by the president was publicly posted.

But the statement suggested that the accident may have stemmed from the sheer volume of such reports that the GPO processes. On average, the GPO produces "approximately 160 House documents each Congress," the statement said. During the 109th Congress, the GPO produced 157 reports, while in the 110th Congress, 161 reports were published, the statement said. The one listing nuclear sites "was received by GPO in the normal process and produced under routine operating procedures," the statement said.

"Upon being informed about potential sensitive nature of the attachment in this document, the Public Printer of the United States removed it from GPO's website pending further review," the statement said. "After consulting with the White House and Congress, it was determined that the document including the sensitive attachment [should] be removed from the website," it added.