ISN welcomes new CTO, Paul Downe
Written by David Ellison on September 23rd, 2013
“I am really excited to be able to bring my experience to ISN, supporting their journey to develop new and exciting solutions for the upstream oil & gas industry.”
During more than 25 years in the IT industry, Paul has directed some cutting edge ‘enterprise class’ solutions and projects. Most recently he has played the role of principal consultant specialising in leading large IT transformation designs for enterprise level organisations; helping them to do more with less and developing their cloud strategy.
Before starting ISN, Paul was Global Solutions Architect at Dell Services & Solutions, where he initially ran pre-sales engagements for large ($100M+) transformational opportunities; including with large telco, logistics and legal companies. He then moved into a practice development role, which involved harvesting and creating new intellectual property (IP) for the group. Paul spearheaded the use of standardised reusable processes and artefacts to be used for both large and medium sized transformational projects.
Prior to Dell, Paul spent five years at Comdisco building data centres and workarea facilities for disaster recovery purposes and was responsible for helping customers develop, test and improve their business continuity and disaster recovery plans. On multiple occasions those plans were tested by real invocations of the service because of incidents such as power failures, equipment failures, denied access and acts of terrorism.
Paul is looking forward to bringing enterprise experience gained at these companies – as well as the BBC, BT, Intel, Fujitsu and Siemens -to bear on IT challenges within the energy sector and helping ISN’s clients develop scalable enterprise-class infrastructure to support exploration and production globally.
How do ISN provide better VSAT for oil and gas?
Written by David Ellison on September 17th, 2013
Gain more value from VSAT services
Download ISN VSAT Services datasheet here.
We know how to overcome the technical barriers that typically prevent
a shared infrastructure approach. ISN has detailed knowledge of how to
get the best from both VSAT service providers and the VSAT connection
itself, through its extensive experience of working and managing VSAT
supplier providers, coupled with its advanced optimisation knowledge that
improves bandwidth utilisation.
We evolve field site VSAT communications from restrictive, asset-based
infrastructure to multi-asset, shared infrastructure in order to simplify
management; improve service quality; and create dramatic cost savings
in excess of 30 percent.
Our VSAT capabilities include a range of services that ensure expert
help with everything from provider selection to on-going monitoring,
management and support of your VSAT connections.
The service is perfect for operators with limited in-house expertise
or limited time.
To find out more about our VSAT services, download datasheet or
call us on +44 20 7313 9900.
ISN registered to bid for work in Kurdistan
Written by David Ellison on July 29th, 2013
We are pleased to announce that ISN is now formally registered at the Ministry of Natural Resources, Kurdistan Regional Government, Iraq. Our registration number is 001046.
ISN has been advising oil companies on establishing IT and comms infrastructure in Kurdistan for some time. Being registered with the ministry means that we are now able to bid for work in our own right rather than acting on behalf of an oil producer.
ISN capability for providing IT infrastructure services to the upstream oil & gas industry in any part of the world, makes it unique amongst UK IT companies.
To find out more about our work in Kurdistan, please contact us on +44 20 7313 8300 or firstname.lastname@example.org.
6th SMi Communications in Oil & Gas Conference 2013
Written by David Ellison on April 8th, 2013
Paul Warwick is an Account Director at ISN and was one of ISN’s representatives at this annual conference organised by SMi for technical and commercial professionals interested in the IT and comms challenges experienced by the oil industry wordwide.
DE: So, Paul, as a first time delegate, what were your thoughts about the SMi Data Communications for Oil & Gas you attended on 21st March?
Paul Warwick: I thought it was really useful, because it was a really interesting mix of operators and suppliers, including IT people, management, geologists and so forth. A great mix of people and, although the theme was telecommunications, there was a very broad range of different presenters about different topics.
DE: Did any particular presentations stand out for you?
PW: Yes, the Tullow one was really good. Ian Theophilus from Tullow, simply said, “Well these are the problems that we have with our vendors at the moment, and this is where we want to get to. Can you help us get there?” It was very honest, and that was extremely useful for all of us at ISN to hear so directly what we need to do in order to work better with oil and gas companies.
DE: So what sort of things is Ian looking for from suppliers?
PW: He just wants suppliers to work together more closely. He wants a better level of communication. Now that Tullow has a strategy, he wants better online supplier Internet strategy, and he was asked some very pertinent questions from the floor, including from my ISN colleagues to find out how suppliers to the oil & gas industry can add value to what they are doing. So it was very, very good.
DE: Which other speakers did you find interesting?
PW: The Statoil guys basically went through how telecommunications works for the Norwegian continental shelf. I didn’t realise that there was that much fibre optic available in the Norwegian continental shelf. What is more is that all of the Norwegian oil & gas companies share the same resources. They just section off a part for themselves. So they collaborate really closely together with all the other Norwegian companies.
DE: Are there any particular comms issues that Statoil mentioned?
PW: No, they have bandwidth to die for, they have fibre optic everywhere, so gigabit type speed is common. ISN can’t offer much to help Statoil in Norway, we’re more interested in the other 35 countries that they work in, where our expertise at delivering data and voice links in remote areas comes to the fore.
DE: What was your highlight over the two days from a technical point of view and from a business point of view?
PW: From the business point of view was definitely the chance to make new contacts within the industry as well as a chance to spend time with people from our existing clients and other suppliers. African Petroleum, Tullow, Statoil, Afren, Enquest, Arqiva and Hermes were all represented.
DE: There are usually some innovative ideas presented at the conference. Did you have any take aways from the technology side?
PW: To be honest with you there weren’t many deeply technical presentations; although there were plenty of experts there (not least from ISN!) with years of experience who were able to discuss theory and practice of any comms technology used in the oil industry. One presenter talked about VSAT to the polar regions; the Russians are about to launch a satellite that is going to go round the world, orbiting via the two poles, rather than via the equator, so that was really interesting. Obviously with the Arctic being a big focus for Norwegians for example, that struck a chord with many people.
Citrix Partner Accelerator 2013 – Highlights
Written by Akmal Shah on March 8th, 2013
Citrix 16 years later is still exciting
Citrix held their annual briefing for partners in London yesterday. Quite a few of ISN’s staff attended in order to pick up the latest on their roadmap for mobile working and cloud strategies.
The thing that struck me immediately was, that having adopted Citrix in the late nineties with Winframe, that Citrix continue to be exciting and focused on their goals. Application delivery to users anywhere has evolved from modem connections to 4G, home broadband, wireless hot spots, mobile broadband to even offline working.
The range of devices has grown exponentially and Citrix are still positioned to allow any user any app any where any time any device. Pretty awesome in my opinion.
It is fair when Citrix say we have been doing this a long time. They have! Work from any device, with the multitude oF client software has been possible ever since Winframe. The striking thing is how quickly Citrix are able to present solutions that allow them to move to mobile and cloud computing. But in reality it shouldn’t be striking, they have done this better than anyone for the last 15 years.
XenMobile will allow even more seamless access for the user but with security and controls wrapped round it. BYOD can be accommodated safely by corporates, and securely too, with differentiation between life and work established on these devices. IT no longer need to fear user controlled technology, but can secure, manage and integrate any device into the enterprise.
I spoke with Lakeside Software, who had a stand at the show; they are providing some good discovery tools and sizing for free. This should help us in green field sites where we have little prior knowledge of the company apps and usage. Monitoring can be added at a cost to keep tabs on the ICA channel and maybe replace the cumbersome EdgeSight. (Edgesight is being redeveloped for Project Excalibur).
SMSPasscode multiform authentication looks good and is also cheaper than RSA SecurID. It also doesn’t allow user to input all credentials in one go. The multiform happens on second page. What I like about it is that no one has to carry an extra gizmo; it all works off the phone which people carry everywhere anyway. They also have a solution for locations were an SMS signal is not possible.
Atlantis showed how a memory-based solution was 25 percent of the cost of filer and networking, simplifying everything with more performance because everything runs from RAM.
Our old friends Trend Micro had a stand at the event too. Their anti malware suite is second to none for physical as well as Hyper-V, Xen and VMware virtual deployments.
Best of all was being able to talk to the Citrix guys and get the inside track on what is happening with EdgeSight and the forthcoming projects Avalon and Excalibur, which should build upon XenDesktop, Provisioning Server and take mobile working to a new level.
Lastly, I thought I won a prize at the final keynote! Numbers were right, but the colour of ticket didn’t match. Still, a great day. If anyone wants to chat about current or future Citrix technology, please give us a call or comment below.
IPS reduces network security risk for oil and gas
Written by Neil Meadows on January 15th, 2013
Intrusion protection brings peace of mind to network managers
Oil industry targeted by hackers
Oil and gas firms are being specifically targeted by electronic hackers and industrial documents and commercially sensitive information are being stolen. A growing number of attacks on the oil and gas industry has resulted in the theft of secrets and intellectual property by cyber thieves and so called ‘hacktivists’.
Attacks included targeted emails, carefully designed to look as if they had come from trusted individuals. When opened, damaging code was activated, causing business disruption and resulting in significant financial loss. Another attack featured a virus called ‘Shamoon’ which wiped the hard disks on 30,000 machines in one Middle Eastern oil business.
Commentators expressed dismay that these attacks featured tools, software and code that are easily downloaded. In fact the techniques used are found in ‘ethical hacking’ books and online tutorials. The attacks were very unsophisticated and weren’t performed by technically talented ‘Black Hat’ hacker groups.
What can be done to mitigate targeted attacks?
Although there is no single device or method which solves all network security concerns, industry best practice is to implement ‘defence-in-depth’, adding layers of defence to networks. Facing layer upon layer of security, attackers may eventually decide to focus their attention elsewhere. Worryingly though, evidence also revealed that many breached security cases involved hackers working methodically over a long period of time to penetrate the computer networks of the companies involved
McAfee, the IT security firm, recently announced that it had evidence that hackers had “run rampant through the networks of at least five oil and gas firms for years”. The hackers had breached their victims’ defenses using a combination of con tricks, operating system vulnerabilities and generally poor security controls. Having gained access, the hackers stole confidential secrets containing damaging commercial information. McAfee also said that the companies targeted didn’t know that they had been compromised or that their documents were in the public domain.
A well known entry point is an external server running as a web server. Tools are loaded onto the machine when compromised, allowing hackers to escalate privileges and gain access to internal machines. Cracking tools are then used to gather usernames and passwords, which increases the depth and range of access, until the critical areas of the network are discovered and prised open. Reverse engineering is then used to provide remote access from any attacker machine. This position can either be sold on or exploited to steal contractual documentation, production data and other files worth an enormous amount of money to competitors or organisations looking to disrupt oil and gas exploration.
Firewall or IPS? Or both?
One method proven to increase protection is an Intrusion Prevention System (IPS). These operate at a higher level than a firewall and look inside network traffic for the electronic signature of viruses, trojans or other malicious activity that has been loaded into its database. Performed in real time, using solid state memory silicon that is devastatingly fast, this provides protection against ‘zero-day’ attacks. It is possible to examine all traffic entering from the Internet, while also checking traffic that is already internal or is being generated internally. Firewalls provide protection on technically limited factors and in any case many reported attacks are initiated on the inside of the network or planted by emails.
Installing an IPS module inside a firewall is like building a second perimeter fence, providing protection beyond that provided by a firewall. It also alerts you to infected traffic on the inside of your network , so if traffic is already infected, you can considerably lower your risk rating at your network perimeter as well as reducing your internal exposure.
How a modern IPS meets the increased needs of the oil and gas industry
ISN was commissioned to recommend an improved security solution for an oil & gas client. Cisco IPS was chosen mainly because of the elegant, non disruptive hardware installation, with modules integrated into existing Cisco ASA firewalls. Existing support skills were also a good match, and the centralised management system (Cisco IPS Manager Express or IME) fitted comfortably inside the network support function.
Minimal business disruption in the implementation
The work took place over several weeks, consisting of only a two hour, out-of-business-hours outage per site across four international sites. The management system was installed inside the customer’s data centre, and sits on a secure ring-fenced VLAN. External management is only possible via a machine to machine VPN. Cisco IME delivers excellent performance and fast response times. Investigation tickets are raised based on the issues discovered, with the ability to raise or lower the security rating of each signature, providing a fine balance between false positives and robust protection.
After the installation, the system is first operated in ‘promiscuous mode’ where traffic is inspected, but not blocked. After a period of stabilisation, where the fine-tuning occurs, the IPS system is switched ‘in line’. At this point, the network and the business are protected to the international PCI DSS standard, required by the credit card industry.
Does your network need an IPS?
Assuming that best practice is followed, network managers can have the peace of mind that comes from compliance with a security standard, while also utilising security intelligence gathered from a vast network of businesses. Given that Cisco’s global market penetration is more than 60 percent, the protection provided by Cisco’s IT security intelligence is a significant advance in your network’s protection.
The very nature of the oil and gas business could result in you being a target. Sensitive data stored in your network infrastructure is demonstrably safer behind an IPS system.
The Cisco IPS solution with ISN project management and installation is non-disruptive and extremely effective.
Time to evaluate what ISN and Cisco IPS can do for your network
ISN has a lot of experience in deploying and managing networks in the oil and gas sector. If you would like to hear more, and would like us to demonstrate how easily and quickly a far higher level of security for your network can be gained, please call me on +44 20 7313 8300.
England 38 New Zealand 21
Written by David Ellison on December 3rd, 2012
Our annual hospitality event on Saturday was even more successful than anyone expected, with England’s stunning victory over the All Blacks.
We were joined by guests from Afren, African Petroleum, Aminex, Summit, Hansteen and Leni for a gourmet lunch followed by the QBE International between England and New Zealand.
After the disappointments of the previous two matches in the series and after seeing headlines in the press along the lines of “England Roadkill” most of us were hoping for an entertaining game and not too great a points difference. However we were treated to a game that Clive Woodward described later as the perfect game of rugby and England’s first win over the ABs since 2003!
ISN’s own two Kiwis, Dave Greenwood and Paul Warwick, were the most sporting of losers, although it may take them a while to get over the shock of the All Blacks’ first defeat by England in 9 years.
Immediately after the men’s match the England women followed suit and won convincingly by 32-23, maintaining their unbeaten run at Twickenham. Paul is shown here celebrating with England wing Fran Matthews.
New NetScaler 10 boosts user Citrix experience
Written by Martin Kucharcik on November 12th, 2012
Citrix claim their new NetScaler 10 speeds up delivery of user applications and data by five times under XenApp and XenDesktop. It will replace the old Citrix Access Gateway (CAG), which will not be supported by Citrix from next year. NetScaler 10 can be deployed either as a physical or as a virtual appliance and, in effect, combines many technologies: high-speed load balancing and content switching; application acceleration; data compression; content caching; multi-layer web cache redirection; SSL acceleration; network optimisation; application flow visibility at the transaction level; and application performance monitoring.
NetScaler 10 can be deployed in a pair which ensures very high application and database uptime and no single point of failure. Its new layer 4-7 load balancing intelligence, together with Global Server Load Balancing (GSLB) technology, efficiently and intelligently distributes user traffic across multiple data centres, even worldwide. To accelerate users’ Citrix experience, NetScaler is using proprietary compression and web caching technologies which significantly decrease response times for all kinds of applications and also reduces network bandwidth requirements. What is more, it provides application and database server health checks that monitor the ability of the server infrastructure so that requests are only directed to healthy application and database resources capable of completing the user’s request.
NetScaler 10 has got many optional advanced features; two which are worth mentioning are Application Firewall and AppFlow. The NetScaler’s Application Firewall protects end users from application-layer attacks and is compliant with information security regulations, such as PCI-DSS. AppFlow allows real-time, end-to-end visibility of application flows so performance data can be made available to IT groups responsible for application SLAs, security, network availability and server performance.
NetScaler not only provides a unified web interface for Xenapp and Xendeskop but dramatically improves the end user ICA experience; provides traffic load balancing and SSL VPN connectivity.As an integral part of Citrix Cloud Gateway solution it provides connectivity to 3rd party SaaS/PaaS clouds. As a part of Citrix MDX it provides connectivity for mobile devices to private/public enterprise clouds and many more advanced features.
DBTuna for NetApp monitoring solution
Written by Martin Kucharcik on October 29th, 2012
Monitoring challenges with Netapp FAS systems
Monitoring and reporting are two areas which might become challenging once you reach a certain point in your IT deployments. Using complex IT infrastructure requires precise performance numbers and their implementation at the right time as this is key for a prompt response if a problem should arise. Not just that, we should be warned well in advance if any problems might occur so we can target them before they start to affect users. Effective monitoring is often a tough task.
Netapp FAS systems are no exception to this as their built-in monitoring features do not always tell us clearly what causes the issue or whether we actually have one. The in-built tools are rather basic and if things go wrong it is hard to spot what caused it, where the root of our problem really is and why it happened. We need something which would give us real-time performance presentation, inform us about any current and possible future problems and provide comprehensive reporting to see how things relaly are.
As there is no one-fits-all solution, I did some research and found an excellent product called DBTuna for Netapp from Application Performance Ltd, a Netapp partner specialising in optimising Netapp FAS, Oracle, SQL and servers. Their DBTuna product stood out from all the other monitoring tools I looked at as it monitors Netapp FAS in real time, so we can easily spot bottlenecks such as high CPU utilisation, high latency on CIFS or iSCSI volumes. With DBTuna we can monitor CPU and memory on controllers, we can gather performance statistics about aggregates, volumes IOPS, latency, network traffic and storage space utilisation.
What is more, DBTuna also supports Netapp SnapMirror monitoring and provides time and size information about each SnapMirror snapshot. We have configured thresholds for latency and IOPS so that we receive alerts when they are reached. Apart from real-time monitoring it provides simple daily performance reports, but we can also generate more advanced reports, where we compare current performance statistics with the same period last week, last month or several months back.
Figure 1: The administrator sees in one single panel all volumes on a FAS system with current performance and space size
Figure 2:After selecting a particular volume we can see all relevant real-time metrics
Figure 3: After login to DBTuna we can see all our FAS system in one panel with current performance metrics
Figure 4: With DBTuna we can also monitor network traffic coming in and leaving FAS system
ExpressPod – FlexPod in a smaller package
Written by Martin Kucharcik on October 17th, 2012
Photo: ExpressPod at VMworld in Barcelona
Converged solution for remote and offshore offices
If you are already running VMware/Cisco/NetApp FlexPod in your datacentre you may be wondering if there is something similar, but smaller for your remote or offshore offices. The answer is ExpressPod, which has just been announced at VMworld by Cisco and NetApp. It is pre-packed and smaller FlexPod unit which provides computing, storage, storage networking and management tools for small to medium virtualisation customers with up to 500 users.
Choice of hypervisors
ExpressPod includes Cisco UCS C-series servers, NetApp FAS2220 or FAS2240 storage and datacentre Cisco Nexus 3048 switches, of course all comes with a choice of infrastructure management and hypervisor products including not only VMware but also Microsoft Hyper-V and Citrix XenServer technology. Support for application solutions comes as a welcome bonus: vendors as Oracle and SAP for instance, which increasingly rely on virtualisation.
ExpressPod can be configured with either two Cisco UCS C220 M3 servers and a NetApp FAS 2220 or four Cisco UCS C220 M3 servers and a NetApp FAS2240, both solutions are provided with a Cisco Nexus 3048 switch.
NetApp FAS2220/2240 systems run the latest ONTAP 8 operating system in cluster mode, which enables enterprises to migrate data and virtual machines without any downtime. According to NetApp, storage clustering also facilitates load-balancing and adding more nodes to the storage cluster creating large storage pools spanning storage devices and which can scale almost infinitely. The FAS2220 supports 12 internal drives and up to 144 external SAS expansion slots and has a maximum capacity of 180TB. The FAS2240 supports a maximum of 24 internal hard drives and up to 144 external expansion slots for a maximum capacity of 432TB. The FAS 2220 supports iSCSI, NFS and CIFS, and the FAS 2240 adds fibre channel to that mix.
Cisco UCS C220 M3 servers are versatile, general purpose machines, well suited for enterprise infrastructure and applications. The C220 M3 takes up 1U of rack space and supports 11 of the 16 varieties of Xeon E5-2600 processor. This includes the newest E52690, which has eight cores spinning at 2.9GHz as well as the two low-volt, low-watt options – the E5-2650L and E5-2630L – which respectively have eight cores at 1.8GHz and six cores at 2GHz. The server has 16 memory slots and so tops out at a maximum of 256GB of main memory using 16GB modules. The server has eight hot-plug, 2.5-inch drive bays that can be filled with 7.2K RPM SATA, 10K RPM SAS, and 15K RPM SAS drives. It has the optional pair of 16GB SD flash drives as well as support for 100GB SATA SSD drives. Cisco has a variety of mezzanine and PCI-Express RAID disk controllers that plug into the C220 M3.
Cisco Nexus 3048 is compact, 1U form-factor switch which provides exceptional performance, visibility, and control. It offers wire-rate Layer 2 and Layer 3 switching of up to 176 Gigabit per second (Gbps) and more than 132 million packets per second. This switch supports both forward and reversed airflow schemes with AC and DC power inputs.
Cisco sum up the benefits of ExpressPod under three key concepts:
- Start right, with a low-cost, easy-to-deploy solution.
- Keep it simple, with the built-in system efficiencies of Cisco UCS servers, Nexus switching, and NetApp FAS storage.
- Grow smart, with easy infrastructure scaling to keep up with business demands
Personally, I think that ExpressPod is an excellent product and I would recommend it as a combined server-storage-network solution for any oil and gas company with remote sites and little local IT support.