Teldata.Wordpress.com | ParagonHost.com » Internet

How does FreeSWITCH compare to Asterisk? The Back Story of Free Switch IP-PBX

paragonhost — Wed, 28 Oct 2009 23:33:55 +0000

Source: http://www.freeswitch.org/node/117

Author / Founder: Free Switch

Note: CudaTel a IP-PBX from Barracuda ( http://www.BarraGuard.com )

Visit: Virtual Graffiti for your Technology and Network Security Needs! http://www.VirtualGraffiti.com

How does FreeSWITCH compare to Asterisk? Why did you start over with a new application? These are questions I’ve been hearing a lot lately so I decided to explain it for all of the telephony professionals and enthusiasts alike who are interested to know how the two applications compare and contrast to each other. I have a vast amount of experience with both applications with about 3 years of doing asterisk development under my belt and well, being the author of FreeSWITCH. First I will provide a little history and my experience with Asterisk, then I will try to explain the motivations and the different approach I took with FreeSWITCH.

I first tried Asterisk in 2003. It was still pre 1.0 and VoIP was still very new to me. I downloaded and installed it and in a few minutes I was tickled pink over the dial tone emitting from my phone plugged into the back of my computer. I spent the next few days playing with my dial plan and racking my brain to think of cool stuff I could do with a phone that was hooked up to a Linux PC. Since I had done an extensive amount of web development in my past life I had all sorts of nifty ideas like matching the caller id to the customer’s account number and trying to guess why they were calling etc. I also wanted to move on in my dial plan based on pattern matching and started hacking my first module. Before I knew it I had made the first cut of app_perl, now res_perl where I had embedded a Perl5 interpreter in Asterisk.

Now that I had that out of my system, I started developing an Asterisk-driven infrastructure to use for our inbound call Queues. I prototyped it using app_queue and the Manager Interface now proudly dubbed “AMI” (initials always make things sound cooler). It was indeed magnificent! You could call in from a PSTN number over a T1 and join a call queue where our agents who also called in could service the calls. “This rocks!” I thought to myself as I watched from my fancy web page showing all the queues and who was logged in. It even refreshed periodically by itself which was why I was surprised when the little icon in the corner of my browser was still spinning for quite some time. That’s when I first heard it. That word. The one I can never forget, deadlock.

That was the first time, but it wasn’t the last. I learned all about the GNU debugger that day and it was just the first of many incidents. Deadlock in the queue app. Deadlock in the manager, Avoiding Deadlock on my console. It was starting to get to me a little but I kept going. By this time I was also quite familiar with the term Segmentation Fault another foe to the computer developer. After about a year’s time wrestling with bugs I found myself a lot more well-versed in the C programming language than I even imagined and near Jedi caliber debugging skills. I had a working platform running several services on a DS3 worth of TDM channels spread over 7 asterisk boxes and I had given tons of code to the project including some entire files on which I hold the copyright. http://www.cluecon.com/anthm.html

By 2005, I had quite a reputation as an asterisk developer. They even thanked me in both the CREDITS file and in the book, Asterisk, The Future of Telephony. I not only had tons of applications for asterisk in tree, I had my own collection of code they did not need or want on my own site. (Still available today at http://www.freeswitch.org/node/50)
Despite all of this I could not completely escape the deadlocks and crashes. I hid the problem well with restart scripts and 7 machine clusters but I could not see a way to scale my platform much more. I had to abandon some features because they just would not work right based on the way Asterisk was designed.

Asterisk uses a modular design where a central core loads shared objects to extend the functionality with bits of code known as “modules”. Modules are used to implement specific protocols such as SIP, add applications such as custom IVRs and tie in other external interfaces such as the Manager Interface. The core of Asterisk is a threading model but a very conservative one. Only origination channels and channels executing an application have threads. The B leg of any call operate only within the same thread as the A leg and when something happens like a call transfer the channel must first be transferred to a threaded mode which often times includes a practice called channel masquerade, a process where all the internals of a channel are torn from one dynamic memory object and placed into another. A practice that was once described in the code comments as being “nasty”. The same went for the opposite operation the thread was discarded by cloning the channel and letting the original hang-up which also required hacking the cdr structure to avoid seeing it as a new call. One will often see 3 or 4 channels up for a single call during a call transfer because of this.

/* XXX This is a seriously wacked out operation. We’re essentially putting the guts of
the clone channel into the original channel. Start by killing off the original
channel’s backend. I’m not sure we’re going to keep this function, because
while the features are nice, the cost is very high in terms of pure nastiness. XXX */

This became the de facto way to pull a channel out of the grips of another thread and the source of many headaches for application developers. This uncertain threading scheme was one of the motivating factors for a rewrite.

Asterisk uses linked-lists to manage its open channels. A linked-list is a series of dynamic memory chained together by using a structure that has a pointer to its own type as one of the members allowing you to endlessly chain objects and keep track of them.
They are indeed a useful programming practice but when used in a threaded application become very difficult to manage. One must use mutexes, a kind of traffic light for threads to make sure only 1 thread ever has write access to the list or you risk one thread tearing a link out of a list while another is traversing it. This also leads to horrible situations where one thread may be destroying or masquerading a channel while another is accessing it which will result in a Segmentation Fault which is a fatal error in the program and causes it to instantly halt which, of course means in most cases all your calls will be lost. We’ve all seen the infamous “Avoiding initial deadlock” message which essentially is an attempt to lock a channel 10 times and if still won’t lock, just go ahead and forget about the lock.

The manager interface or AMI has a concept where the socket used to connect the client is passed down into the applications letting your module have direct access to it and essentially write any data you want to that socket in the form of Manager Events which are not very structured and thus the protocol is very difficult to parse.

Asterisk’s core has linking dependencies on some of it’s modules which means that the application will not start if a certain module is not present because the core is actually using some of the binary code from the module shared object directly. To make a call in asterisk in at least version 1.2 you have no choice but to use app_dial and res_features because the code actually lives in those modules. The logic to establish a call and to do things like a forked dial actually reside in app_dial not the core, and res_features actually contains the top level function that bridges the audio.

Asterisk has no protection of its API. The majority of the functions and data structures are public and can easily be misused or bypassed. The core is anarchy with assumptions about channels having a file descriptor, which is not always necessary in reality but is mandatory for any asterisk channel. Many algorithms are repeated throughout the code in completely different ways with every application doing something different on seemingly identical operations.

This is only a brief summary of the leading issues I had with Asterisk. I donated my time as a coder, my servers to host the CVS repository and served as a bug marshal and maintainer. I organized a weekly conference call to plan for the future and address some of the issues I have described above. The problem was, when one looks at this long list of fundamental changes then thinks about how much work it would take and how much code may have to be erased or rewritten, the motivation to address the issues begins to fade. I could tell not many people would be on board with my proposal to start a 2.0 branch and rewrite the code. That is why in the summer of 2005 I decided I would do it myself.

My primary focus on FreeSWITCH was to start from the core and trap all the common functionality under the hood and expose it in a pyramid to the higher levels of the application. Like Asterisk, the Apache Web Server heavily inspired me and I chose to use a modular design. From the first day the basic fundamentals I chose to adhere to were that every channel has it’s own thread no matter what it was doing and that thread would use a state machine function to navigate its way through the core. This would ensure that every channel would follow the same predictable path and state hooks and overrides could be placed into the machine to add important functionality very similar to how methods and class inheritance works in an object oriented programming language.

It hasn’t been easy. Let me tell you. I’ve had my fair share of Segmentation Faults and Deadlocks while coding FreeSWITCH , (a lot more of the former than the latter I must say). But I built the code from the core and went from there. Since all of the channels operate in their own thread and there are occasions where you need to interact with them, I use read/write locking so the channels can be located from a hashing algorithm rather than a linked list and there is an absolute guarantee that the channel cannot be accessed or go away while an outside thread has reference to it. This alone makes it much easier to sleep at night and obsoletes the need for “Channel Masquerades” and other such voodoo.

The majority of functions and objects supplied by the FreeSWITCH core are protected from the caller by forcing them to be used the way they were designed. Any concept that is extensible or provided by a module has a specific interface which is used to front end that functionality therefore the core has no linking dependency on any of its modules.
There is a clear cut layered API with the core functions being on the bottom and the amount of functions on each subsequent layer decreasing as the functionality increases.
For instance it’s possible to write a large function that uses an arbitrary file format module to open and play audio to a channel. But in the next layer of API there is simply a single function that will play a file to a channel that is then extended to the dial plan tools module as a tiny application interface function. So you can execute the playback from your dial plan, from your custom C application using the same function or you can write your own module that manually opens the file and plays it all using the services of the file format class of modules without ever divulging it’s code.

FreeSWITCH is broken into several module interfaces. Here is a list of them:

Dialplan:
Implement the ring state of a call, take the call data and make a routing decision.

Endpoint:
Protocol specific interface SIP, TDM etc.

ASR/TTS:
Speech recognition and synthesis.

Directory:
LDAP type database lookups.

Events:
Modules can fire existing core events as well as register their own custom events
Which can be parsed from an event consumer at a later time.

Event Handlers:
Remote access to events and CDR.

Formats:
File formats such as wav.

Loggers:
Console or file logging.

Languages:
Embedded languages such as Python and JavaScript.

Say:
Language specific modules to construct utterances from sound files.

Timers:
Reliable timers for packet interval timing.

Applications:
Applications you can execute on the call such as Voicemail.

FSAPI (FreeSWITCH API interface [see I use initials too!] )
Command line functions, XMLRPC functions, CGI type functions, Dialplan function variables exposed with a string in, string out prototype.

XML
There are hooks to the core XML registry that make it possible to do realtime
lookups and create XML based CDRs

All of the FreeSWITCH modules work together and communicate with each other only via the core API and the internal event system. Great care was taken to ensure this and avoid any unwanted behavior from outside modules.

The event system in FreeSWITCH was designed to keep track of as much as possible. I designed it under the assumption that most users of the software would be connecting to FreeSWITCH remotely or using a custom module to gather call data. Thus, every important thing that happens in FreeSWITCH results in an event firing. The events are very similar to an email format having headers and a body. Events can be serialized into either a standard text format or an XML representation. Any number of modules may be written to connect to the event subsystem and receive events about presence, call state and failures. The in-tree mod_event_socket provides a TCP connection on which events can be consumed as well as log data. In addition call control commands may be sent over this interface as well as bi-directional audio flow. The socket can be established by either an in-progress call as an outbound connection or from a remote machine as an inbound connection.

Another important concept in FreeSWITCH is the centralized XML registry. When FreeSWITCH loads it opens a top-level XML file which is fed into a pre-processor that parses special directives to include other smaller xml files and to set global variables which can be referenced from that point forward to template the configuration.
For instance you can set the preprocessor directive to set a global variable like this:

now even on the next line in the file you can use $${moh_uri} and it will be replaced by local_stream://moh in the post processed output. The final post processed registry is loaded into memory and accessed by the modules and the core to provide several vital sections to the application:

Configuration
Configuration data to control the behaviour of the application.

Dialplan
An XML representation of a dialplan that can be used by mod_dialplan_xml to
route calls and execute applications.

Phrases
A markup of IVR phrase macros to use from IVRs and to speak multiple languages.

Directory
A collection of domains and users for registration and account management.

Using XML hook modules, you can bind your module to lookups in the XML registry and, in real time, gather the required information and return it to the caller in place of the static data in the file. This makes it possible to do purely dynamic SIP registrations and dynamic voice mailboxes and dynamic configuration of a cluster using the same model as a web browser and a CGI application.

With embedded languages such as JavaScript, Java, Python and Perl, it’s possible to write scripted application that can control the underlying power with a simple high-level interface.

The first phase of the FreeSWITCH project was to create a stable core on which to build scalable applications. I am happy to report that it will be completed on May 26th 2008 with the release of FreeSWITCH 1.0 “phoenix”. We have been able to out perform Asterisk by a factor of 10 in similar situations according to the accounts of two separate early adopters brave enough to go into production pre-1.0.

I hope this explanation is sufficient to outline the difference between FreeSWITCH and Asterisk and will shed some light on my decision to start the FreeSWITCH project. I will forever remain an Asterisk developer due to my vast involvement in the project and I wish them all the luck in the world with the future design of the application. I may even dig up some more of my long lost Asterisk code in my personal archives and release it to the public as a gesture of good will towards the project that gave me my start in telephony.

Asterisk is an open source PBX and FreeSWITCH is an open source soft switch. There is plenty of room for both applications among the other great open source Telephony applications such as Call Weaver, Bayonne, sipX, OpenSER and many many more. I look forward every year to presenting with and talking to all the developers of these projects at ClueCon in Chicago this summer. http://www.cluecon.com

We can all inspire each other to push the envelope on Telephony even farther. The most important question you can ask is. “Is it the right tool for the job?”

10 things you should know about moving from Windows XP to Windows 7

paragonhost — Tue, 20 Oct 2009 16:31:43 +0000

10 things you should know about moving from:

Windows XP to Windows 7

Greg Shultz

September 4, 2009

If you skipped Windows Vista and stuck with Windows XP, chances are good that you are now seriously considering moving to Windows 7 after it’s released on October 22. If so, there is much for you to do. Not only should you begin planning for your operating system migration, but you should begin learning as much as you can about Windows 7. Here are 10 things you can do to get ready for the switch.

1: Check your hardware

Windows 7 was designed to be lean in terms of hardware, so that it will be able to function satisfactorily on sub-powered netbooks. If you’re running Windows XP on a computer manufactured within the last three or four years, chances are good that Windows 7 will run fine on your system. However, you can make sure that your hardware is compatible by running Microsoft’s Windows 7 Upgrade Advisor.

The Windows 7 Upgrade Advisor will perform a detailed scan of your entire system, checking hardware, programs, and peripheral devices. Once the scan is complete, the Upgrade Advisor will display a report telling you whether your system meets the hardware requirements and idenfying are any known compatibility issues with your programs and devices. If it finds problems, the Upgrade Advisor will provide suggestions you can use to better analyze your upgrade options to Windows 7.

You can download the Windows 7 Upgrade Advisor from the Microsoft Download Center. At the time of this writing, this tool is listed as being a Beta version. However, running it now will give you a good idea of what you will be facing as you prepare for your upgrade.

If you’re planning a much bigger Windows XP to Windows 7 migration, you’ll want to investigate the Microsoft Assessment and Planning Toolkit. This free toolkit, which runs across the network without having to install software on client systems, will allow you to investigate systems and compile reports on hardware and device compatibility.

2: Understand the Custom Install

If you’re running Windows XP on your computer and you want to use Windows 7 on that same computer, you’ll purchase an Upgrade license package of Windows 7. However, you won’t be able to perform an in-place upgrade. In other words, you won’t be able to upgrade to Windows 7 on top of XP and keep all your applications and settings “in place.” Instead, you’ll have to perform a Custom Install, which Microsoft describes as follows:

A custom (clean) installation gives you the option to either completely replace your current operating system or install Windows on a specific drive or partition that you select. You can also perform a custom installation if your computer does not have an operating system, or if you want to set up a multiboot system on your computer.

When you completely replace Windows XP, the installation procedure will not totally obliterate it. In fact, the installation procedure will create a folder on the hard disk called Windows.old and will place the Windows, Documents And Settings, and Program Files folders from your Windows XP installation in it. Your data files will be safe and accessible, but your applications will not be viable. (Even though the Custom Install saves your data in the Windows.old folder, you will want to have a separate backup on hand just in case!)

Regardless of whether you choose to completely replace Windows XP or set up a multiboot system, you are going to have to back up and transfer all of your data, reinstall all of your applications, and reconfigure all of your settings.

3: Consider a setting up a multiboot configuration

When pondering a Custom Install, you should consider setting up a multiboot configuration. That will place both Windows XP and Windows 7 at your disposal, which will be a big advantage as you begin migrating your settings, documents, and applications. More specifically, you can boot into Windows XP to check out how something is set up and then boot into Windows 7 to re-create the same configuration. Once you have everything in Windows 7 exactly the way you had it in Windows XP, you can remove the multiboot configuration set Windows 7 as the primary OS and then remove Windows XP.

To be able to perform this type of switch, both XP and 7 must be installed on the same hard disk but on separate partitions. (If you install Windows 7 on a second hard disk, the boot partition will exist on the first hard disk, so you won’t be able to remove that drive once you’re ready to get rid of XP.) As a result, you’ll need to repartition your hard disk to make room for Windows 7. To repartition your hard disk without destroying data, you can take advantage of partition management software, such as Norton PartitionMagic 8.0, which retails for about $70, or Easeus Partition Manager Home Edition 4.0.1, which is available for free and earned a 4.5 star rating in a recent CNET editors’ review.

4: Plan your backup and restore strategy

Before you move from one operating system to another, you’ll want to back up all your data – at least once and maybe twice, just in case. While it may sound like overkill, having an extra backup will give you peace of mind.

If you’re using a third-party backup program, you will need to check the manufacturer’s Web site to see whether the program will be upgraded to work in Windows 7. If you aren’t using a third-party backup program, you’re probably using Windows XP’s native Backup Utility. As you may have heard, the file format used for this tool isn’t compatible with Windows Vista’s Backup And Restore Center. To provide for that, Microsoft released a special version of the XP Backup Utility, called the Windows NT Backup – Restore Utility. It’s designed specifically for restoring backups made on Windows XP to computers running Windows Vista. While I was unable to get official confirmation, it is a safe bet that this special version will work in Windows 7 or will be adapted to do so.

If you aren’t willing to take that bet or you are not sure whether your third-party backup program will be upgraded to work in Windows 7, you can simply make copies of all your data files on CD/DVD or on an external hard disk.

5: Plan your data transfer strategy

To move from one operating system to another, you’ll probably want to use a transfer program that will scan your XP system, pull out all your data and settings, and then transfer them to Windows 7. Fortunately, the Windows 7 Easy Transfer utility can provide this service for you. However, before you perform this transfer operation, it will be in your best interest to have a separate back up copy of your data (see #4).

The new operating system will come with two copies of the Windows 7 Easy Transfer. One copy will be on the DVD and the other will be installed with the operating system. Before you install Windows 7, you will run Windows 7 Easy Transfer from the DVD and back up all your files and settings. Then, once you have Windows 7 installed, you’ll use it to move all your files and settings to the new operating system. You can learn more about the Windows 7 Easy Transfer by reading the article Step-by-Step: Windows 7 Upgrade and Migration on the Microsoft TechNet site.

6: Inventory your applications and gather your CDs

Since you won’t be able to perform an in-place upgrade when you move from Windows XP to Windows 7, you’ll have to reinstall all your applications that passed the Windows 7 Upgrade Advisor compatibility tests (see #1). It will be helpful to have an inventory of all the installed applications so that you can track down all your CDs or compile a list of Web sites for those applications you downloaded.

While the report generated by the Upgrade Advisor will be helpful as you create an inventory, it won’t be comprehensive. To create a detailed inventory, you can use something like the Belarc Advisor. For more details, see the article Gather detailed system information with Belarc Advisor.

7: Become familiar with the new UI

The UI in Windows 7 is quite different from the UI in Windows XP, and it offers a lot of new features. As a result, you may encounter what I call “UI Shock.” You’ll know what you want to do, but you’ll experience a momentary lapse of composure as you strive to adapt what you know about XP’s UI to what you’re seeing and experiencing in Windows 7.

To ease the level of UI shock, you’ll want to become as familiar as possible with the features of the new Windows 7 UI. One starting point is Microsoft’s Windows 7 page. While a lot of the content here is essentially marketing related, it will give you a good idea of what to look for when you actually move into the Windows 7 operating system.

To help you get right to the good stuff, check out:

The Windows 7 features section, where you’ll find a host of short videos and descriptions.
The Windows 7 Help & How-to section, where you’ll find a whole slew of step-by-step articles that show you how get around in Windows 7. Be sure to check out the section on installing Windows.

You’ll also find useful information on the Windows Training Portal on the Microsoft Learning site. Be sure to check out:

The Windows 7 Learning Snacks, which are short, interactive presentations. Each Snack is delivered via animations and recorded demos using Microsoft Silverlight.
The Microsoft Press sample chapters from upcoming Windows 7 books. Viewing the free chapters requires registration, but it is a short procedure. Once you’re registered, you can access sample chapters from Windows 7 Inside Out, Windows 7 Resource Kit, Windows 7 Step by Step, and Windows 7 for Developers.

8: Check for XP Mode support

If you discover that some of the applications you’re currently running in Windows XP are not compatible with Windows 7 (see #1) or you just want to keep Windows XP accessible, don’t forget about Windows XP Mode. This virtual environment includes a free, fully licensed, ready-to-run copy of Windows XP with SP3 that runs under Windows Virtual PC in Windows 7.

As you consider the Windows XP Mode, keep these things in mind:

Windows XP Mode is available only in Windows 7 Professional, Enterprise, and Ultimate editions.
Your computer must support processor-based virtualization.

You can learn more about Windows XP Mode from the following TechRepublic resoruces:

9: Ask questions

You aren’t the only one making the move from Windows XP to Windows 7, so ask questions and share information you pick up along the way. Of course, you can use the TechRepublic discussion forums. But you should cast a wider net.

One good place to connect with Microsoft experts is the Getting Ready for Windows 7 section of the Microsoft Answers site. Another good place is in the Windows 7 forums in the Windows Client TechCenter on the Microsoft TechNet site.

10: Subscribe to the Windows Vista and Windows 7 Report

TechRepublic’s free Windows Vista and Windows 7 Report newsletter, which is delivered every Friday, offers tips, news, and scuttlebutt on Windows 7. As we count down to October 22, the day that Windows 7 is to be released to the general public, we will be covering topics of interest to Windows XP users in more detail. You can sign up on the TechRepublic newsletters page.

Comment on this article: TechRepublic blog.

Free Resolving Name Servers

paragonhost — Sat, 03 Oct 2009 21:46:00 +0000

http://www.resolvingnameserver.com/freerns.html

Need a resolving name server fast?
Use our free public resolving name servers!

Who can use these servers:
These servers can be used by users that need a resolving name server for normal “end user” functionality. “End User” fucntionality includes web surfing and normail email sending (via an email client). These can also be used by ISPs to give to their clients as the resolving name servers (that do not need to run enterprise services).

Who should not use these free servers:
Any system that serves an enterprise functionality. This includes email servers, web servers, etc. For services for enterprise functionality please contact our sales team. If a mail server uses these servers you may get incorrect results.

Our current set of name servers that you can use are:

205.234.170.215
205.234.170.217

Notifications of all changes of IPs will be received by subscribers to our mailing list. You can subscribe to our list by sending an email to freepublicdns-subscribe@resolvingnameserver.com and following the instructions in the reply.

Two New Zero Day Adobe Reader Exploits

paragonhost — Wed, 13 May 2009 22:51:10 +0000

Update: Two New Zero Day Adobe Reader Exploits

Adobe Releases Updates for Reader and Acrobat

Severity: High

12 May, 2009

Update:

On 28 April, 2009, we alerted LiveSecurity subscribers about two zero day vulnerabilities in Adobe Reader which attackers could exploit to execute code on your machine, potentially gaining complete control of it. When we first reported this issue, a greyhat security researcher had already released Proof-of-Concept (PoC) exploits that leveraged these flaws to the public. We promised to update our alert when Adobe released a patch for this issue. Today they did.

Adobe’s security bulletin announces the release of Reader 9.1.1, which fixes both security vulnerabilities (one of them only affects Reader on UNIX systems). They also announce updates for Acrobat, which also suffers from these vulnerabilities. Adobe’s bulletin does not describe the flaws in any technical detail. However, they do describe their impact. If an attacker can entice one of your users into downloading and opening a maliciously crafted PDF document (.pdf), he can exploit these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

If you use Adobe Reader or Acrobat on any platform, we recommend you download and install Adobe’s updates as soon as you can. See below for details.

Solution Path:

Adobe has released Reader 9.1.1, Acrobat 8.1.5 and Acrobat, 7.1.2 to fix these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network as soon as you can:

Adobe Reader 9.1.1
Adobe Acrobat

Note: If you use Adobe Updater, it may automatically install the corresponding updates for you.

For All WatchGuard Users:

If you previously customized your Firebox’s proxy policies to temporarily block PDF documents (.pdf), you may want to remove those customizations after applying Adobe’s patch. This will allow your users to download legitimate PDF documents again.

For additional details about the vulnerability, and as a convenient reference, we reproduce our original 28 April alert below. You can also find it in the LiveSecurity Latest Broadcasts archive.

Summary:

This vulnerability affects: Adobe Reader and Acrobat 9.1 and earlier, on Windows, Mac, *nix computers
How an attacker exploits it: By enticing your users into viewing a maliciously crafted PDF document
Impact: An attacker can execute code on your computer, potentially gaining control of it
What to do: Implement the workarounds described in the Solutions section of this alert

Exposure:

Yesterday, SecurityFocus released an advisory describing a new zero day Adobe Reader exploit they found in the wild. The Proof of Concept (PoC) exploit – written by some calling himself “Arr1val” — seems to leverage a flaw in the Adobe Reader function called “getAnnots()”. As it turns out, Arr1val released two new zero day exploits. The second exploit leverages another Adobe Reader function called “spell.customDictionaryOpen().” Arr1val’s code suggests he confirmed these flaws using Adobe Reader 9.1 and 8.1.4 for Linux. However, we suspect the flaws may affect all current versions of Reader running on any platform.

By enticing one of your users into downloading and opening a malicious PDF document, an attacker could exploit either of these unpatched Reader vulnerabilities to execute code on your user’s computer, with that user’s privileges. If the user had root or local administrator privileges, the attacker would gain complete control of that user’s machine.

Adobe has responded to this incident in a short blog post, saying they are investigating the issue. Since exploit code is widely available and Adobe hasn’t had time to patch yet, these flaws pose a serious risk to Adobe Reader users. We recommend you implement the workarounds described below to mitigate the risk of these dangerous zero day exploits.

Solution Path

Adobe has not had time to release a patch for these zero day vulnerabilities. However, the workarounds described below should mitigate the risk posed by the exploits currently circulating in the wild.

Inform your users of this vulnerability. Advise them to remain wary of unsolicited PDF documents arriving via email. If they don’t absolutely need the document, and don’t trust the entity it came from, they should avoid opening it until you patch Adobe Reader.
Use antivirus (AV) software and make sure it’s up to date. AV vendors will release signatures for these new exploits, so make sure to keep your AV software up to date.
Disable JavaScript in Adobe Reader. Disabling JavaScript in Adobe Reader could prevent these exploits from succeeding. To disable JavaScript in Adobe Reader, click Edit => Preferences => JavaScript and then uncheck Enable Acrobat JavaScript. Keep in mind, this prevents JavaScript from running in legitimate PDF documents as well.
Use a gateway device, like your Firebox, to block PDF files. If your users can’t download PDF files, these exploits won’t affect them. Unfortunately, doing this blocks legitimate PDF files as well. Nonetheless, depending on your business needs, you may still want to block PDF files until Adobe releases a patch.
Use an alternative PDF reader. You can mitigate the risk of these Adobe Reader vulnerabilities by using an alternative PDF reader. Keep in mind, other PDF readers may also suffer security vulnerabilities. However, attackers seem to primarily target the popular Adobe Reader. If it meets your business needs, you may try to adopt one of the alternative PDF readers listed on this site.

We will update this alert when Adobe releases a patch.

For All WatchGuard Users:

Many of WatchGuard’s Firebox models can block incoming PDF files. However, most administrators prefer to allow these file types for business purposes. Nonetheless, if PDF files are not absolutely necessary to your business, you may consider blocking them using the Firebox’s HTTP and SMTP proxy until Adobe patches.

If you decide you want to block PDF documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .pdf files by their file extension:

Firebox X Edge running 10.x
Firebox X Core and X Peak running Fireware 10.x

Status:

We will update you when Adobe releases a patch. Until then, implement the workarounds described above.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

More alerts and articles: log into the LiveSecurity Archive.

NOTE:
This e-mail was sent from an unattended mailbox. Please do not reply.

ABOUT Questiva/TailoredMail:
WatchGuard has contracted with Questiva/TailoredMail, an industry leading vendor of trusted email services, to send these emails and maintain a record of your preferences confidentially. Personal information about you is not sold or rented to Questiva/TailoredMail or to other companies. Both WatchGuard and Questiva/TailoredMail are fully committed to your privacy, as detailed in WatchGuard’s privacy policy.

TO UNSUBSCRIBE: You received this e-mail because you subscribed to the WatchGuard LiveSecurity Service, which advises about virus alerts, security best practices, new hacking exploits, and more. If you no longer wish to be advised of these things, please let us know.
On the Web: Unsubscribe (credentials required)
By E-mail: Unsubscribe

This email was sent to: sales@guardsite.com

No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features or functionality will be provided on an if and when available basis.

Copyright 2009 WatchGuard Technologies, Incorporated. All Rights Reserved. WatchGuard, LiveSecurity and Firebox, and any other word listed as a trademark in the “Terms of Use” portion of the WatchGuard Web site that is used herein, are registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners. You may not modify, reproduce, republish, post, transmit, or distribute this content except as expressly permitted in writing by WatchGuard Technologies, Inc.

Virtual Graffiti
http://www.VirtualGraffiti.com
“Your Technology and Network Solution Provider”

ParagonHost
http://www.ParagonHost.com
“World Class Internet Servies”

Technology Updates: 04/27/09

paragonhost — Mon, 27 Apr 2009 22:39:02 +0000

Safend, today announced a new release of Safend Encryptor, a hard-disk encryption solution that is a component of the Safend Data Protection Suite.

http://safend-security.blogspot.com/2009/04/safend-announces-safend-data-protection.html

VMware, Inc. today announced VMware vSphere™ 4

http://vmware-software.blogspot.com/2009/04/vmware-unveils-industrys-first.html

Check Point Software Technologies Ltd. today announced a new high-end Power-1 series of Power-1 11000

http://checkpoint-security.blogspot.com/2009/04/check-point-introduces-new-high-end.html

WatchGuard Technologies today unveiled its new operating system for WatchGuard security appliances – WatchGuard Fireware XTM

http://watchguard-guardsite.blogspot.com/2009/04/watchguard-sets-new-standard-for.html

eEye Digital Security today announced the general availability of Blink Server 4

http://eeye-security.blogspot.com/2009/04/new-eeye-blink-server-4-edition-to.html

ZyXEL Communications Inc , today announced a high-end addition to its already powerful line of Unified Threat Management (UTM) products, the ZyWALL USG2000.

http://zyxelguard.blogspot.com/2009/04/zyxel-introduces-high-end-unified.html

FaceTime Communications today introduced FaceTime Insight™,

http://facetime-security.blogspot.com/2009/04/facetime-introduces-powerful.html

Marshal8e6 has today announced the acquisition of Avinti

http://8e6-security.blogspot.com/2009/04/rss-feed-of-news-from-marshal8e6.html

Virtual Graffiti, Inc

http://www.VirtualGraffiti.com

ParagonHost

http://www.ParagonHost.com

All the week’s news and views about Security, 04/16/09

paragonhost — Sat, 18 Apr 2009 00:11:26 +0000

All the week’s news and views about Security, 04/16/09

Botnets: Reasons It’s Getting Harder to Find and Fight Them
http://www.networkworld.com/nlsecuritynewsal192072

The perpetual proliferation of botnets is hardly surprising when
one considers just how easy it is for the bad guys to hijack
computers without tipping off the users.Read full story
http://www.networkworld.com/nlsecuritynewsal192072

Senior Editor Ellen Messmer covers security for Network World.
E-mail Ellen mailto:emessmer@nww.com .

_______________________________________________________________
This newsletter is sponsored by Oracle
The Cost of Securing your Database

Make the most of IT security and compliance dollars by ensuring
your databases are secure. Get concrete tips and recommendations
in this Live Webcast sponsored by Oracle, scheduled for
Thursday, April 16, 2009 at 2:00 p.m. ET/11:00 a.m. PT. Learn
how to cost-effectively safeguard sensitive and regulated
information. Register for this Live Webcast now.
http://adserver.fattail.com/redir/redirect.asp?CID=296041
_______________________________________________________________
Responsible for building a resilient data center Then don’t miss
Network World’s one-day conference and expo devoted to best
practices and new solutions. Hear top analysts. Meet key vendors.
Coming to 10 cities in ‘09 including Boston in May and Atlanta in
June. Register now to attend free: Visit
http://www.nww.com/rpgx.jsp?c=XU1PTA1012Z4303.

_______________________________________________________________

Twitter Worm Attack Continues: Here’s How to Keep Safe

paragonhost — Wed, 15 Apr 2009 21:21:49 +0000

All the week’s news and views about Security, 04/14/09

Twitter Worm Attack Continues: Here’s How to Keep Safe
http://www.networkworld.com/nlsecuritynewsal191582

The malicious worm affecting Twitter over the weekend has now
mutated and continues to invade the popular micro-blogging
network. Although Twitter is taking action against the problem,
security analysts fear that further mutations of the worm will
continue to wreak havoc on the network over the week.Read full
story http://www.networkworld.com/nlsecuritynewsal191582

Senior Editor Ellen Messmer covers security for Network World.
E-mail Ellen mailto:emessmer@nww.com .

_______________________________________________________________
This newsletter is sponsored by HP
Storage Virtualization Guide

Check out Network World’s IT Roadmap on Storage virtualization.
Learn how to reduce the complexity of managing, backing up and
archiving data. Learn the differences between the three main
storage virtualization technologies which are in the data path,
out-of band and split path. Find out which technology is best
suited for your environment.
http://adserver.fattail.com/redir/redirect.asp?CID=296189
_______________________________________________________________

Network Management Solutions in your backyard. Answers are as close
as the IT Roadmap event in your area. You can ask questions,
compare quotes, and gain a year’s worth of direction in less than a
day. Coming to 10 cities in ‘09 including Boston in May and Atlanta
in June. Qualify to attend free at
http://www.nww.com/rpgx.jsp?c=XU1PTB1012Z4303.

_______________________________________________________________

Technology Update: 03-30-09

paragonhost — Mon, 30 Mar 2009 17:39:15 +0000

Kaspersky Lab announces the launch of Kaspersky Internet Security 2009 for Ultra-Portables.

http://kasperskyav.blogspot.com/2009/03/kaspersky-lab-launches-comprehensive.html

Cymphonix announced Network Revealer

http://cymphonix.blogspot.com/2009/03/cymphonix-provides-free-tool-to-help-it.html

Cisco Announces Intent to Acquire Pure Digital Technologies, Makers of Flip Video

http://linksys-works.blogspot.com/2009/03/cisco-announces-intent-to-acquire-pure.html

SonicWALL, Inc. , today announced the immediate availability of its new E-Class Email Security Appliance (ESA) ES8300

http://sonic-wall.blogspot.com/2009/03/innovative-email-security-protection.html

IT security and control firm Sophos is warning computer users to be on their guard following the discovery of a new large scale malicious spam campaign posing as an email from courier firm DHL.

http://sophos-enterprise.blogspot.com/2009/03/spammers-exploit-dhl-in-another.html

Astaro today announced availability of version 2.0 of its Astaro Command Center.

http://astaro-security.blogspot.com/2009/03/astaro-command-center-20-improves-vpn.html

Virtual Graffiti, Inc
“Your source for Technology and Network Solutions”
http://www.virtualgraffiti.com

ParagonHost, LLC
“Home of VIP Hosting”
World Class Internet Solutions
http://www.ParagonHost.com

NaviSite Reports Second Quarter Fiscal Year 2009 Financial Results

paragonhost — Thu, 12 Mar 2009 14:51:25 +0000

BULLETIN

DOW INDUSTRIALS RECLAIM 7,000 MARK AS U.S. STOCKS REVERSE DAY’S DECLINES

PRESS RELEASE

NaviSite Reports Second Quarter Fiscal Year 2009 Financial Results

Total Revenue of $37.7 million and EBITDA $8.8 million

Last update: 4:05 p.m. EST March 5, 2009

ANDOVER, Mass., Mar 05, 2009 (BUSINESS WIRE) — NaviSite, Inc. (NAVI:

– Total revenue for the quarter ended on January 31, 2009 was $37.7 million, representing a year-over-year decrease of 3% and sequential decrease of 6% due to the continued and anticipated decrease in our professional services revenue in the quarter

– Enterprise Hosting revenue which includes the recurring portion of Application Services revenue was $35.3 million for the second quarter representing a year-over-year increase of 6% and flat sequentially due to the negative effects of foreign exchange on revenues from our UK subsidiary of approximately $0.7 million for the second quarter compared to the first quarter of fiscal 2009

– Income from operations for the second quarter was $1.6 million representing a 16% year-over-year increase and a sequential increase of 185%

– EBITDA, excluding stock-based compensation, severance, costs related to discontinued operations, and other non-operational charges (“EBITDA”), for the second quarter was $8.8 million representing a year-over-year increase of 3% and a sequential increase of 2%

– Net loss attributable to common stockholders for the second quarter was $3.3 million, or $0.09 per share as compared to a net loss attributable to common stockholders of $2.9 million and a loss per share of $0.08 in the previous year

– Cash provided from operating activities for the second quarter of fiscal year 2009 was $2.5 million

“Although total revenue was down sequentially from the first quarter, our core Enterprise Hosting revenue showed positive growth after taking into consideration the negative impact of the strengthening dollar against the British Pound and EBITDA increased from the prior quarter.” said Arthur Becker, Chief Executive Officer of NaviSite.

Quarterly Business Highlights

– Booked approximately $0.7 million of new monthly recurring hosting revenue (MRR) in the second quarter of fiscal year 2009, an increase from the $0.6 million booked in the first quarter of fiscal year 2009

– Signed $18.9 million of total hosting contract value with an average contract term of 27 months during the second quarter for recurring applications services and enterprise hosting business compared to $12.6 million of hosting contract value bookings in the previous quarter

– Signed professional services contracts with a total value of $0.8 million during the second quarter of fiscal year 2009 compared to $5.9 million in the second quarter of fiscal year 2008 and $3.0 million in the prior quarter

– Customer churn, defined as the loss of a customer or a reduction in a customer’s monthly revenue run rate from our overall active customer pool, was 1.0% per month during the quarter compared to 1.4% in the prior quarter and 1.5% a year ago.

Guidance:

NaviSite will provide guidance for the third quarter of fiscal year 2009 on its earnings call.

Conference Call Scheduled for March 5, 2009

NaviSite, Inc. Chief Executive Officer, Arthur Becker, and Chief Financial Officer, Jim Pluntze will host a conference call on Thursday March 5, 2009 at 5:00 p.m. Eastern Time to discuss the Company’s results for its second quarter of fiscal year 2009.

NaviSite’s conference call can be accessed by dialing 866.804.6928 (International: 857.350.1674) and entering passcode 62521877. Alternatively, participants can listen to a live webcast of the call available through NaviSite’s website at http://navisite.com/investors/events. A replay of the call will be accessible following the conference call by dialing 888-286-8010 (International: 617-801-6888) and using passcode 56246027.

EBITDA:

EBITDA is not a recognized measure for financial statement presentation under United States generally accepted accounting principles (U.S. GAAP). The Company believes that the non-GAAP measure of EBITDA provides investors with a useful supplemental measure of the Company’s actual and expected operating and financial performance by excluding the impact of interest, taxes, depreciation and amortization. The Company also excludes impairment costs, stock-based compensation, severance, discontinued operations, and other non-operational charges from its non-GAAP measure, as such items may be considered to be of a non-operational nature. EBITDA does not have any standardized definition and therefore may not be comparable to similar measures presented by other reporting companies. Management uses EBITDA to assist in evaluating the Company’s actual and expected operating and financial performance. These non-GAAP results should not be evaluated in isolation of, or as a substitute for, the Company’s financial results prepared in accordance with U.S. GAAP. A table reconciling the Company’s net loss, as reported, to EBITDA is included in the condensed consolidated financial statements in this release. The Company believes that using EBITDA as a performance measure, together with net loss, will help investors better understand the Company’s underlying financial performance.

About NaviSite

NaviSite is a leading provider of enterprise hosting and application solutions. Customers depend on NaviSite for managed application services, application development, implementation and management on its web infrastructure platforms in 16 state-of-the-art data centers supported by more than 650 professionals. NaviSite provides customized and scalable solutions leveraging its broad range of application development capabilities, packaged software implementation expertise, deep portfolio of best in class technologies and a full suite of web-hosting and internet infrastructure options. For more information, please visit www.navisite.com.

This release contains forward looking statements, which address a variety of subjects including the expected future operating and financial results, including profitability, revenue growth and EBITDA, success and performance of NaviSite’s product and service offerings, and NaviSite’s strategic business plans for growing its customer base and increasing sales. All statements other than statements of historical fact, including without limitation those with respect to NaviSite’s goals, plans and strategies set forth herein, are forward-looking statements. The following important factors and uncertainties, among others, could cause actual results to differ materially from those described in these forward looking statements: general economic conditions and changes in economic conditions; NaviSite’s success, including its ability to improve its gross profit, improve its cash flows, expand its operations and revenue, and reach and sustain profitability, depends on its ability to execute on its business strategy and the continued and increased demand for and market acceptance of its products and services; the possibility that financial forecasts of the Company may not be achieved, including those as to expected EBITDA and revenue, or an inability to realize expected synergies or make expected future investments in NaviSite’s businesses or NaviSite may be unable to raise the necessary funds to meet its payment obligations to its lending group under its senior secured credit facility and other creditors; NaviSite’s management may face strain on managerial and operational resources as they try to oversee the expanded operations; NaviSite may not be able to expand its operations in accordance with its business strategy; NaviSite may experience difficulties integrating technologies, operations and personnel in accordance with its business strategy; NaviSite’s acquisition of companies and businesses may not produce expected cost savings, operational efficiencies or revenue; NaviSite’s products, technologies, and resources may not successfully operate with the technology, resources and/or applications of third parties; NaviSite derives a significant portion of its revenue from a small number of customers and the loss of any of those customers could significantly damage NaviSite’s financial condition and results of operations; and increased competition and technological changes in the markets in which NaviSite’s competes. For a detailed discussion of cautionary statements that may affect NaviSite’s future results of operations and financial results, please refer to NaviSite’s filings with the Securities and Exchange Commission, including NaviSite’s most recent Annual Report on Form 10-K and its Quarterly Reports on Form 10-Q. Forward-looking statements represent management’s current expectations and are inherently uncertain. We do not undertake any obligation to update forward-looking statements made by us. All logos, company and product names may be trademarks or registered trademarks of their respective owners.

NaviSite Financial Tables
Net Loss to EBITDA Reconciliation
                                                                     For the Three Months Ended
                                                                     January 31, 2009   January 31, 2008
                                                                     ---------------------Unaudited---------------------
                                                                     ------------------(In thousands)------------------
Net loss, as reported                                                $       (2,491  )  $       (2,139  )
Depreciation                                                                 4,010              3,186
Interest income/expense, net                                                 3,738              2,947
Income taxes                                                                 499                500
Amortization                                                                 1,832              2,208
EBITDA                                                                       7,588              6,702
Stock based compensation                                                     768                1,271
Severance                                                                    114                113
Discontinued operations                                                      50                 237
Transaction fees, integration costs, settlements                             257                228
EBITDA (excludes impairment costs, stock based compensation,         $       8,777      $       8,551
severance, discontinued operations, loss on debt extinguishment and
transaction fees, integration costs and settlements)
                                                                     For the Six Months Ended
                                                                     January 31, 2009   January 31, 2008
                                                                     ---------------------Unaudited---------------------
                                                                     ------------------(In thousands)------------------
Net loss, as reported                                                $       (5,038  )  $       (6,509  )
Depreciation                                                                 8,047              5,855
Interest income/expense, net                                                 6,778              5,490
Income taxes                                                                 998                913
Amortization                                                                 3,670              3,926
EBITDA                                                                       14,455             9,675
Stock based compensation                                                     1,737              2,508
Severance                                                                    645                275
Discontinued operations                                                      67                 551
Loss on debt extinguishment                                                  -                  1,651
Transaction fees, integration costs, settlements                             485                790
EBITDA (excludes impairment costs, stock based compensation,         $       17,389     $       15,450
severance, discontinued operations, loss on debt extinguishment and
transaction fees, integration costs and settlements)

NaviSite Financial Tables
Condensed Consolidated Statements of Operations
                                                                       For the Three Months Ended                            For the Six Months Ended
                                                                       January 31, 2009   January 31, 2008                   January 31, 2009   January 31, 2008
                                                                       ---------------------Unaudited---------------------   ---------------------Unaudited---------------------
                                                                       (In thousands, except per share amounts)              (In thousands, except per share amounts)
Revenue                                                                $       37,548     $       38,831                     $       77,326     $       74,863
Revenue, related parties                                                       111                72                                 194                147
Total revenue                                                                  37,659             38,903                             77,520             75,010
Cost of revenue, excluding stock compensation, restructuring,                  19,650             21,098                             41,002             41,401
depreciation and amortization
Depreciation and amortization                                                  5,669              5,216                              11,372             9,403
Stock compensation                                                             312                636                                691                1,191
Restructuring charge                                                           (5      )          -                                  209                -
Cost of revenue                                                                25,626             26,950                             53,274             51,995
Gross profit                                                                   12,033             11,953                             24,246             23,015
Operating expenses:
Selling and marketing, excluding stock compensation and restructuring          4,687              4,936                              9,945              9,848
General and administrative, excluding stock compensation,                      5,262              4,983                              10,593             10,092
restructuring and transaction fees
Stock compensation                                                             456                635                                1,046              1,316
Restructuring charge                                                           (82     )          -                                  180
Transaction fees                                                               146                56                                 370                140
Total operating expenses                                                       10,469             10,610                             22,134             21,396
Income from operations                                                         1,564              1,343                              2,112              1,619
Other income (expense):
Interest income                                                                21                 63                                 25                 177
Interest expense                                                               (3,759  )          (3,010  )                          (6,803  )          (5,667  )
Loss on debt extinguishment                                                    -                  -                                  -                  (1,651  )
Other income (expense), net                                                    232                202                                693                477
Loss from continuing operations before income taxes and discontinued           (1,942  )          (1,402  )                          (3,973  )          (5,045  )
operations
Income taxes                                                                   (499    )          (500    )                          (998    )          (913    )
Loss from continuing operations before discontinued operations                 (2,441  )          (1,902  )                          (4,971  )          (5,958  )
Discontinued operations, net of income taxes                                   (50     )          (237    )                          (67     )          (551    )
Net loss                                                                       (2,491  )          (2,139  )                          (5,038  )          (6,509  )
Accretion of preferred stock dividends                                         (825    )          (736    )                          (1,627  )          (1,120  )
Net loss attributable to common stockholders                           $       (3,316  )  $       (2,875  )                  $       (6,665  )  $       (7,629  )
Basic and diluted net loss per common share:
Loss from continuing operations before discontinued operations         $       (0.09   )  $       (0.07   )                  $       (0.19   )  $       (0.20   )
available to common shareholders
Loss from discontinued operations, net of income taxes                         (0.00   )          (0.01   )                          (0.00   )          (0.02   )
Net loss attributable to common stockholders                           $       (0.09   )  $       (0.08   )                  $       (0.19   )  $       (0.22   )
Basic and diluted weighted average number of common shares                     35,457             34,927                             35,401             34,422
outstanding

NaviSite Financial Tables
Condensed Consolidated Balance Sheets
                                                                   January 31, 2009   July 31, 2008
ASSETS                                                             --------------------Unaudited--------------------
                                                                   -----------------(In thousands)-----------------
Current assets:
Cash and cash equivalents                                          $       2,958      $       3,261
Accounts receivable, less allowance for doubtful accounts of $918
and $897 at January 31, 2009 and July 31, 2008, respectively
                                                                           19,719             18,927
Unbilled accounts receivable                                               1,644              1,711
Prepaid expenses and other current assets                                  7,216              11,557
Total current assets                                                       31,537             35,456
Non-current assets                                                         132,733            140,257
Total assets                                                       $       164,270    $       175,713
LIABILITIES AND STOCKHOLDERS'
EQUITY (DEFICIT)
Current liabilities:
Notes payable, current portion                                     $       5,987      $       6,100
Capital lease obligations, current portion                                 3,348              3,166
Accounts payable                                                           5,173              7,033
Accrued expenses, deferred revenue, deferred other income and
customer deposits
                                                                           18,081             17,499
Total current liabilities                                                  32,589             33,798
Total non-current liabilities                                              127,676            133,158
Total liabilities                                                          160,265            166,956
Preferred stock                                                            29,156             27,529
Total stockholders' equity (deficit)                                       (25,151 )          (18,772 )
Total liabilities and stockholders' equity (deficit)               $       164,270    $       175,713

NaviSite Financial Tables
Condensed Consolidated Statements of Cash Flows
                                                     For the Three Months Ended
                                                     January 31, 2009   January 31, 2008
                                                     ---------------------Unaudited---------------------
                                                     ------------------(In thousands)------------------
Net cash provided by (used for) operating activities $       2,517      $       (1,191  )
Net cash used for investing activities                       (2,543  )          (2,930  )
Net cash provided by (used for) financing activities         (1,873  )          3,755
Net cash used for discontinued operations                    (21     )          (208    )
Effect of exchange rate changes on cash                      (142    )          -
Net increase (decrease) in cash                              (2,062  )          (574    )
Cash and cash equivalents, beginning of period               5,020              5,479
Cash and cash equivalents, end of period             $       2,958      $       4,905
                                                     For the Six Months Ended
                                                     January 31, 2009   January 31, 2008
                                                     ---------------------Unaudited---------------------
                                                     ------------------(In thousands)------------------
Net cash provided by (used for) operating activities $       12,054     $       (1,106  )
Net cash used for investing activities                       (6,280  )          (28,352 )
Net cash provided by (used for) financing activities         (5,727  )          23,156
Net cash used for discontinued operations                    (9      )          (494    )
Effect of exchange rate changes on cash                      (341    )          -
Net increase (decrease) in cash                              (303    )          (6,796  )
Cash and cash equivalents, beginning of period               3,261              11,701
Cash and cash equivalents, end of period             $       2,958      $       4,905

SOURCE: NaviSite, Inc.

NaviSite, Inc.
Jim Pluntze, 978-946-8615
sbyers@navisite.com

navisite inc com new

News , chart , profile , more

Last: 0.34+0.03+9.68%
10:06am 03/12/2009
Delayed quote data

Add to portfolio
Analyst
Create alert

Insider
Discuss
Financials

What is GRID Hosting Technology?

paragonhost — Mon, 09 Mar 2009 12:55:56 +0000

http://www.ParagonHost.com

Part of our infrastruture that powers ParagonHost and TheSpamBusters use’s Grid Technology from Media Temple. Here is a bit of “Tech” info on the Methodology of this Technology.

Anatomy of Storage on the GRID

March 6th, 2009 at 6:06 pm

A road to better transparency

Customers may remember that early generations of the GRID required significant changes to the way MySQL operated. The initial uptime on this service segment was not very good. Ultimately we solved the database problems and our discoveries led to the development of some highly unique auto-scaling technology. The series of events led us to become more transparent and write the article “Anatomy of MySQL,” which helped our customers understand our systems much better. We also made a full commitment to our Incident Status System, which has now tracked over 200 public-facing incidents.

We have been successful at improving transparency, but our customers are asking for more information. We intend to provide it. While our incidents have delivered a better level of accountability, they have fallen short in satisfying the deeper concerns our customers have regarding the ongoing storage problems.

Our oldest customers (the ones who tend to be early adopters and our most loyal) have been the group most seriously affected by the storage issues of our 1st-generation architecture. This doesn’t make us happy. Our original transition agenda has not worked out as planned and there have been many factors delaying us from migrating these customers to technology that is reliable.

We’d like to help you understand what’s going on now.

1st Generation vs. 2nd Generation

(mt) caters to intense customers so our storage systems need as much performance as possible. For the original GRID storage architecture we selected BlueArc’s Titan hardware, which continues to power our 1st-generation Clusters 1 and 2. Beginning with Clusters 3, 4, and 5 (mt) chose Sun Thumper and Thor equipment.

1st-Generation Architecture

(where last weekend’s incident occurred)

At the time, BlueArc Titan was the fastest storage technology available. Our research indicated that the system was extremely redundant internally — every cable, controller, disk, and front-end head was cloned. However, even with all of the failover protection we still had numerous issues with instability and crashes in firmware. Because every component is redundant, we assumed the system was protected from failures — however, there are 3 major reasons why, in our opinion, downtime still occurs.

Unreliable Failover
In the case of a crash, our experience was that failover took an exceptionally long time (5-10 minutes.) Some of the crashes, such as the one last weekend, exhibited extra issues. Our assessment is that the bug that caused the first HEAD to crash (in this case, a corrupted filesystem) would cause the second HEAD to crash as well, essentially bringing the redundant system fully offline. This is not cheap equipment — we expected it to work.
Lack of OS Independence
Originally we created a massive storage pool to serve both the cluster node operating system as well as User Data. Our design trusted this safe coupling because of the internal redundancies inherent in the BlueArc Titan. This also served an efficiency goal by reducing each cluster’s power footprint. In the end, when there were storage problems, every public-facing server had a high crash probability. Engineers would have to address both storage issues along with cluster node recovery. This design was a mistake on (mt)’s part and the practice has been replaced with a much better method.
Complicated Upgrades & Maintenance
The firmware version in our BlueArc Titan makes upgrades take an extremely long time and require full-cluster downtime. This has led to maintenance windows far longer than we (or you) want for your services.

BlueArc Titan is an extremely robust system and it is fantastic at many things. The company’s engineering and support infrastructure is top-notch. However, we have had too many core issues and have consequently been forced to rethink our storage architecture completely. BlueArc is a tremendous company with a top-tier product, but, in our opinion, it is not the proper solution for our needs.

2nd Generation Architecture

Our new generation Clusters 3, 4 and 5 use a combination of a new storage design, along with more extensible storage technology powered by Sun Microsystems. Still fully hardware redundant on all levels, the combination of new design and the more flexible Sun equipment allows our new architecture to be more reliable. This architecture is currently in the process of being rolled out transparently to Cluster 1 and Cluster 2.

Decoupled OS & Storage Segment Isolation
If one part of the storage network has a problem, such as a runaway user process causing high disk I/O, it is isolated from being able to affect customers on other segments. Also, the root OS remains totally isolated so there is no degradation to cluster node performance. This, combined with a smaller number of customers per storage segment, leads to a far more reliable system. The possibility of a problem with one segment (such as we had this weekend) has much less of a chance to cause global problems.
Better Caching
People look at your site a lot more often than you change it, so we can actually cache quite a bit of your content for you in in the Storage Segments. Spinning mechanical disks are slow. We have increased our levels of cache more than 20x across the storage network. Our customers have already seen notable performance and stability gains because of this.
Granular Diagnostics
Using DTrace, a very powerful diagnostic tool in Solaris 10, we are able to conduct highly sophisticated real-time monitoring to catch incorrectly coded scripts or other unintentional issues that put excessive load on a given storage segment. This level of insight is not available in closed platforms, where real-time diagnostic tools tend to be limited to the vendor’s engineers.
Quicker Backup Recovery
In the event of a serious filesystem failure, under the old architecture recovery from backup was possible but took a significant amount of time (even with fast disks and 10 gigabit networking, copying 15 terabytes of data from one disk system to another takes hours). In the new architecture, backup servers have the same performance capabilities as their data source and they are larger in size. Even in the unlikely case that we need to revert to a backup, engineers can perform the task in minutes.

Moving OLD customers to NEW technology

With all that being said, why are some of our customers still on the original architecture? It seems like they should have access to improved systems first right?

We needed to prove that our new designs were significantly better than the original designs. Even after receiving great results from our labs simulation, we elected to honor the lessons of the past. We have learned time and time again that real-world results always teach us things that are impossible to find in simulation. To this end we launched Cluster 3 and began rigorous observation. Second, the original Sun hardware platform also displayed some hardware-related glitches once it reached production. This delayed implementation until we were sure that its successor, to which we have upgraded, had eliminated these issues.

So how are we proceeding with getting the remainder of Cluster 1 and Cluster 2 to this new, proven design?

Two major ways.

Upgrading Cluster 1 and Cluster 2

First, we are well underway with the in-place upgrade. The most time consuming part of this process is migrating the vast amounts of data from one system to another, while keeping the transfer rates and load gentle enough not to cause any performance issues to everyday operation. At time of writing, 37% of Cluster 1 customers, and 44% of Cluster 2 customers have already been migrated.

About a month ago, we dramatically accelerated this process and have purchased 100% of the hardware needed to complete the project. We anticipate that the entire process should be completed by 06/2009. Most customers will be on the new architecture much sooner than that.

Next 30 days, Cluster-to-Cluster migration tools.

We have committed significant developer and administrator manpower to the development of Cluster-to-Cluster migration tools. Currently, it is possible to migrate yourself to a new cluster, utilizing the technique described in our Knowledge Base . This method is complex and not highly recommended. The first version of the migrator tool will eliminate a lot of the manual steps.

We have good technology today. But, there is more to come.

Our 2009 storage road map is exciting. As our new architecture continues to prove itself, we are not stopping development of new technologies.

Storage segment fencing In our 2nd-generation system, storage segments are more individually isolated and overall less likely to cause system-wide disruptions. Additionally we are in the late development phase of special “fencing ” software which adds an additional layer of protection when storage malfunctions. This software keeps the cluster healthy and functional even during extreme cases of disk turbulence.
Storage-Eye View Using the powerful insight given to us by DTrace, we are developing automators that actually solve storage issues without human intervention. These self-healing tools are also being leveraged to provide customers with new reports and details concerning the behavior of their applications. Awesome.
SSD Sun is pioneering the integration of SSD (Solid State Disk ) technology in a very interesting way with their Hybrid Storage Pool products. We are currently experimenting with this technology in our labs. The results are looking fantastic.

A final note about redundancy

We would like to communicate the exact current high-availability (HA) status of clusters with in our GRID:

Currently HA:

Every drive. We have 100% RAID through the system.
Every server.
For storage segments and all other critical servers we have full internal redundancy (power supplies, fans, etc.)
Load balancer, networking, and hardware.

Currently Not HA:

Intra-cluster networking equipment, including cables. We have hot spares that can be activated within 5-20 minutes, but it’s not HA. We are considering changing this in our (cs) product but we are still debating the uptime advantages.
Storage segments. We can fail over to the backup if needed, and we can typically recover from any other non-catastrophic issue within 3-5 minutes.
Individual MySQL servers and Containers.

Summary

We understand downtime may represent a once in a lifetime, non-retrievable instance, so we are committed to producing more stable, flexible and powerful hosting.

(mt) Media Temple has committed to communicating with our customers more effectively as well. Given our recent stumble we clearly need to improve our communication systems. Soon we will further integrate our information flows with rapid-broadcast systems like Twitter and VoIP. We’re going to keep looking for ways to get you information quickly.

(mt) Media Temple aims to be a proactive and agile company working to address the varied needs of our clients. This is a serious promise.