March 22, 2021Timothy Prickett Morgan

More than any other piece of equipment that does into the datacenter, the server is an indicator of health and wealth. Over the more than three decades that The Four Hundred has been published, we have spent a lot of effort and time to understand how the world is investing in what kinds of servers, including Big Blues midrange systems running OS/400 and IBM i, and how the trends change over time. And we are committed to doing that going forward, even though it has just gotten a little bit more difficult.

For the past several decades I honestly cant remember how long the box counters at both Gartner and IDC have been in competition with each other delivering market data, and this competition compelled them to provide a good bit of data about server, storage, and networking spending as a kind of loss leader for the very detailed market models they have. I have been personally grateful for the insight that this publicly available data has provided, and in recent years have concentrated more on the information that IDC put out in these core datacenter markets because of its richness and thoroughness.

So it came as something of a shock when the usual detailed shipment and revenue data, by the top original equipment manufacturers (OEMs) and the collective of original design manufacturers (or ODMs), was not made available when IDC put out its figures for the fourth quarter of 2020. Rather than the detailed tables we have come to expect, IDC has put out some commentary and two graphics showing market shares of vendors by revenues and shipments. Not to be deterred, we have worked from these graphics to do some estimating you can count pixels in the images to get relatively precise percentages and apply these to the revenue and shipment figures. But the level of precision from estimates is by necessity a lot lower than the actual figures that IDC used to put out, which we presume are derived from market checks and data from vendors themselves before they are published. (This is why there is nearly a three-month lag between the end of a financial quarter and when the IDC and Gartner sales and shipment figures are divulged.)

While this is disappointing, we get it. IDCs founder, Pat McGovern, died in 2014 and the company, which included the IDG publishing giant as well as the IDC consulting business, was sold to China Oceanwide Holdings Group in 2017, which itself is part of a wide web of investment vehicles centered in Beijing that, oddly enough, is cross coupled with the Chinese Academy of Sciences and its Legend Holdings, which of course is the owner of Sino-American server maker Lenovo. It would take a week to sort out all of the links between the owners and controllers of IDG and IDC, and that is not the point. What is the point is that the writing was on the wall once McGovern died and the company inevitably was sold by his heirs. Both Gartner and IDC have been tightening up their release of information to the public, and no doubt because building and maintaining these market models is difficult and expensive and, thanks to fewer suppliers and fewer buyers of systems due to the dominance of the hyperscalers and cloud builders, that cost is necessarily spread across fewer potential paying customers who need much richer datasets than this publicly available data to make their decisions.

Going forward, we will do our best with the information that IDC does provide to give you what insight that we can. We will clearly delineate data that is actually provided by IDC and that which we estimate based on data such as the relatively rough but still useful data embodied in charts.

According to the statement that IDC put out this month, sales of servers rose by 1.5 percent to $25.8 billion, but shipments declined by 3 percent to just under 3.3 million units. (We reckon it is around 3.293 million machines shipped in Q4 2020, against 3.395 million units shipped in Q4 2019, but IDC is not giving that kind of precision anymore.)

Here is the revenue share chart IDC put out:

As you can see, Inspur (which includes sales of Power-based gear in China as part of the Inspur Power Systems joint venture that this Chinese server maker has with Big Blue) grew by a little less than IBM itself shrunk, and Hewlett Packard Enterprise and Dell both shrank a tiny but as Lenovo stayed flat and Huawei Technology rose and the ODM collective was flat. The rest of the market, which we calculate was worth 16.1 percent of the market based on pixel counts from this chart, rose by a bit, accounting for around $4.15 billion of the $25.8 billion. HPE came in at $4.09 billion by our math, and Dell was $3.97 billion. Inspur, we think, rose by 24.8 percent to $2.17 billion, and IBM fell by 20.5 percent to $1.88 billion. Huawei was up 17 percent to $1.54 billion and Lenovo grew along with the market at 1.5 percent to $1.45 billion, as did the ODMs, who hit $6.55 billion. We think, based on our estimates from what IDC said in its companion server shipment char, that the ODMs shipped 29 percent of servers to drive those revenues, or around 955,000 machines. Thats actually a 9.5 percent decline in machines, which tells us the hyperscalers and cloud builders are buying beefier boxes, which the math shows they are. But they buy so many basic infrastructure servers that they have to buy a lot of pretty expensive, GPU and flash laden machines to move that needle.

Here is a chart that lays out the OEM and ODM landscape since the Great Recession:

Our precision in our estimates of IDCs data us only as good as a pixel size, of course. We make do.

IBM, as you can see, has pretty much leveled off at somewhere around an average of $1.3 billion a quarter in the past two years. Because Cisco Systems was knocked out of the top five vendors five quarters ago by Inspur and Huawei Oracle/Sun Microsystems has long since been banished to the Others category we have been estimating its revenues based on its own financial reports and prior IDC data. Again, we make do.

IDC said in its statement that revenues from non-X86 servers, such as IBMs Power Systems and System z mainframes but also including a growing Arm server category (driven now mostly by Fujitsus supercomputing business. Amazon Web Services and its Graviton2 processor for its own cloud, and Ampere Computings emerging Altra line), and a few legacy Itanium and RISC platforms, hit around $2.8 billion, a decline of around 9 percent and X86 servers hit around $23.1 billion, an increase of 2.9 percent. (Based on what we think happened a year ago in the IDC data, we think the numbers are closer to $2.75 billion in non-X86 sales and $23.05 billion in X86 sales, for whatever that is worth.) Here is the trend of X86 versus non-X86 since they separately from each other (that is not an accident) during the Great Recession:

There is a kind of dtente there, and as Microsoft and Amazon embrace more and more Arm computing, it will fill in the gap in declining RISC/Unix and mainframe sales, we think, and quite possibly bend that curve up.

Here is another interesting chart we pulled out of the historical IDC data we have kept track of for a long time, plotting sales of all types of IBM servers against sales of all types of non-X86 servers:

IBM, as you can see, has been the signal driver outside of the X86 market for a long, long time. (This data only goes back to the middle of 2002, when IDC first started talking about the market this way.) But, as we point out above, as Arm servers rise in the datacenter and we think they will this could change. As we have pointed out before, anything that weakens the case for X86 strengthens the case for Power, but if Arm servers get beefier and cheaper, it can also weaken the case for Power. We shall see how this all plays out, and count on us to try to figure that out for you.

Taking The Full Measure Of Power Servers

Chipping Away At X86 Hegemony In the Datacenter

Just How Big Is The Whole Power Systems Business?

Power Systems Slump Is Not As Bad As It Looks

The Ups And Downs Of The Server Cycle

IT Starts To Feel The Impact Of The Great Infection

The IT Sector Could Weather The Pandemic Storm

The Midrange Gets Pinched A Little More

Power9 Enters The Long Tail

Servers Cool A Bit In Q3, But The Market Is Still Hot

IBM And Inspur Power Systems Buck The Server Decline Trends

Server Buying Cools, But Its Cool Dont Panic

Power Systems Bucks The IBM Trend And Grows

Inspur Joins OpenPower To Build Power Machines

IBM Licenses Power8 Chips To Chinese Startup

View post:
It's Harder To Hear The Pulse In The Server Market - IT Jungle

Heres an overview of some of last weeks most interesting news and articles:

Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departmentsA sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants and financial departments across numerous industries.

The benefits and challenges of passwordless authenticationMore and more organizations are adopting passwordless authentication. Gartner predicts that, by 2022, 60% of large and global enterprises as well as 90% of midsize enterprises will implement passwordless methods in more than half of use cases.

If you are not finding vulnerabilities, then you are not looking hard enoughBuilding security and privacy into products from concept to retirement is not only a strong development practice but also important to enable customers to understand their security posture and truly unleash the power of data.

With data volumes and velocity multiplying, how do you choose the right data security solution?There is no doubt that the COVID-19 pandemic has caused radical changes in our personal and working lives. The sudden and massive surge of employees working from home and the anticipated long-term popularity of the option is also forcing CIOs and CISOs to gauge to the best of their abilities how the balance of remote and in-person operations will look in the coming months and years.

Security threats increasing with 70% using personal devices for workSamsung has revealed the results of a multi-industry research study, which identifies the main technology challenges UK businesses have faced over the last year and the key solution theyre turning to as the nation prepares for a future of hybrid working.

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leakMicrosoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early March. To help administrators, the company has released Exchange On-Premises Mitigation Tool (EOMT), which quickly performs the initial steps for mitigating ProxyLogon on any Exchange server and attempts to remediate found compromises.

Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers activitiesMicrosoft has updated its Defender Antivirus to mitigate the ProxyLogon flaw on vulnerable Exchange Servers automatically, while the Cybersecurity and Infrastructure Security Agency (CISA) has released CHIRP, a forensic tool that can help defenders find IoCs associated with the SolarWinds attackers activities.

The future of IT security: All roads lead to the cloudMore and more applications and with them workflows and entire business processes are finding their way into the cloud. Analysts predict that IT security will follow suit, and this raises a few questions.

Securing a hybrid workforce with log managementMoving to a remote workforce in response to the pandemic stay-at-home orders meant that IT departments needed to address new risks, e.g., insecure home networks. However, as they begin to move back into offices, many of these challenges will remain.

A strategic approach to identity verification helps combat financial crime70% of financial services organizations are taking a strategic approach to identity verification to combat financial crime and stay one step ahead of fraudsters according to Trulioo.

Alarming number of consumers impacted by identity theft, application fraud and account takeoverA new report, developed by Aite Group, and underwritten by GIACT, uncovers the striking pervasiveness of identity theft perpetrated against U.S. consumers and tracks shifts in banking behaviors adopted as a result of the pandemic.

Why data privacy will be the catalyst for digital identity adoptionIdentity fraud is rising, even more so since the COVID-19 pandemic took hold, buoyed by the sheer volume of personal information out there.

The dangers of misusing instant messaging and business collaboration tools71% of office workers globally including 68% in the US admitted to sharing sensitive and business-critical company data using instant messaging (IM) and business collaboration tools, Veritas Technologies research reveals.

Why is financial cyber risk quantification important?Why are executives pressuring CISOs to start financially quantifying cyber risk for their business? This process allows CISOs to identify and rank risk scenarios that are most critical to their enterprise, based on factors such as which attacks would have the biggest financial impact, and how equipped the company is to defend itself against any given attack.

Where is 5G heading, and how fast will it get there?When it comes to 5G, carriers are optimistic. In fact, more than half of those surveyed by Dimensional Research expect to deliver substantial end-user benefits within two to five years while 47% reported that users already are seeing value or will within one year.

iOS app developers targeted with trojanized Xcode projectThe trojanized version of the project dubbed XcodeSpy by the researchers executes an obfuscated Run Script when the developers build target is launched. The script contacts a C&C server and downloads a custom variant of the EggShell backdoor

Password reuse defeats the purpose of passwordsWhen a person reuses the same password across multiple accounts, one accounts exposure puts all the others at risk. To prevent this, cybersecurity awareness programs must emphasize the importance of passwords: how to create them, use them, and how to use a password manager.

Threat actors thriving on the fear and uncertainty of remote workforcesThe pandemics work-from-home reality resulted in an unprecedented change for organizations as they fought to defend exponentially greater attack surfaces from cybercriminals armed with powerful cloud-based tools, cloud storage and endless targets. As working environments evolved, so did the methods of threat actors and other motivated perpetrators, as detailed in the SonicWall report.

Women helping women: Encouraging inclusivity in the cybersecurity industrySince 1987, the month of March has been known as Womens History Month, celebrating the historical achievements and contributions of women around the world. It is especially important during this time of reflection and celebration that we recognize the important role women have played in the growing security sector over the years.

Years-old MS Office, Word flaws most exploited to deliver malware29% of malware captured was previously unknown due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection, according to a HP report.

DDoS attacks surge as cybercriminals take advantage of the pandemicDDoS attacks reached a record high during the pandemic as cybercriminals launched new and increasingly complex attacks, a Link11 report reveals.

Risk management in the digital world: How different is it?Managing risk arising from remote work has largely been reactive, and risk managers have had to adapt to new digital threats that werent necessarily as prevalent when work was done from a physical office.

The influence of the Agile Manifesto, 20 years onIn the years since the Manifesto was first published, Agile has been adopted by domains outside of software development, including hardware systems, infrastructure, operations, and even business support to name a few.

The DevOps Guide to Terraform SecurityWhile there are many benefits to using Terraform as part of your infrastructure provisioning workflow, there are also key security considerations that we will cover in this paper.

New infosec products of the week: March 19, 2021A rundown of the most important infosec products released last week.

View post:
Week in review: Attacks on Exchange servers escalate, the influence of the Agile Manifesto, O365 phishing - Help Net Security

Continued adoption of cloud computing could prevent the emission of more than 1 billion metric tons of carbon dioxide (CO2) from 2021 through 2024, a forecast from IDC shows.

The forecast uses data on server distribution and cloud and on-premises software use along with third-party information on datacenter power usage, CO2 emissions per kilowatt-hour, and emission comparisons of cloud and non-cloud datacenters.

A key factor in reducing the CO2 emissions associated with cloud computing comes from the greater efficiency of aggregated compute resources. The emissions reductions are driven by the aggregation of computation from discrete enterprise datacenters to larger-scale centers that can more efficiently manage power capacity, optimize cooling, leverage the most power-efficient servers, and increase server utilization rates.

At the same time, the magnitude of savings changes based on the degree to which a kilowatt of power generates CO2, and this varies widely from region to region and country to country. Given this, it is not surprising that the greatest opportunity to eliminate CO2 by migrating to cloud datacenters comes in the regions with higher values of CO2 emitted per kilowatt-hour.

The Asia/Pacific region, which utilizes coal for much of its power generation, is expected to account for more than half the CO2 emissions savings over the next four years. Meanwhile EMEA will deliver about 10% of the savings, largely due to its use of power sources with lower CO2 emissions per kilowatt-hour.

While shifting to cleaner sources of energy is very important to lowering emissions, reducing wasted energy use will also play a critical role. Cloud datacenters are doing this through optimizing the physical environment and reducing the amount of energy spent to cool the datacenter environment. The goal of an efficient datacenter is to have more energy spent on running the IT equipment than cooling the environment where the equipment resides.

Another capability of cloud computing that can be used to lower CO2 emissions is the ability to shift workloads to any location around the globe. Developed to deliver IT service wherever it is needed, this capability also enables workloads to be shifted to enable greater use of renewable resources, such as wind and solar power.

The forecast includes upper and lower bounds for the estimated reduction in emissions. If the percentage of green cloud datacenters today stays where it is, just the migration to cloud itself could save 629 million metric tons over the four-year time period. If all datacenters in use in 2024 were designed for sustainability, then 1.6 billion metric tons could be saved.

The projection of more than 1 billion metric tons is based on the assumption that 60% of datacenters will adopt the technology and processes underlying more sustainable smarter datacenters by 2024.

The idea of green IT has been around now for years, but the direct impact of hyperscale computing can have on CO2 emissions is getting increased notice from customers, regulators, and investors and its starting to factor into buying decisions, said Cushing Anderson, program VP at IDC.

For some, going carbon neutral will be achieved using carbon offsets, but designing datacenters from the ground up to be carbon neutral will be the real measure of contribution. And for advanced cloud providers, matching workloads with renewable energy availability will further accelerate their sustainability goals.

Original post:
Cloud computing could prevent the emission of 1 billion metric tons of CO2 - Help Net Security

Hafniums cyberespionage campaign exploiting now-patched Exchange Server zero days morphed, in late February, into multiple campaigns conducted by both state-directed and criminal threat actors. France 24s account of the incident bears out their headline: its become a global crisis.

Criminal interest in exploiting unpatched Exchange Servers continues unabated. Check Point says its observed attacks increase by an order of magnitude over the past week. KnowBe4 reports a similar rise in account impersonation attempts.

CISA has updated its advice on dealing with Microsoft Exchange Server exploitation to include notes on China Chopper webshells being used against victims. The UKs National Cyber Security Centre (NCSC), like its counterparts in the US, Germany, and elsewhere, has urged all organizations, both public and private, to apply Microsofts patches as soon as possible. They also recommend that all organizations look for signs of compromise by threat actors, whether Chinese intelligence services or criminal gangs.

Microsoft itself continues to update guidance on protecting on-premise Exchange Servers from attacks. Yesterday the Microsoft Security Response Center released a new, one-click mitigation tool to help users secure both current and out-of-support versions of Exchange Server.

Vice has a disturbing first-person account of how an SMS marketing tool can be abused to redirect messages to a third-party. Its not an exotic hack: all the bad actors would need to do is sign up for the service (its only $16), falsely claim to be the owner of your number, and then have your messages redirected to a number under their control.

Read more from the original source:
Exchange Server patching and mitigation race to keep pace with exploitation. A low-tech SMS snooping method. - The CyberWire