IT-Code-News: IT News HeadLines (InfoWorld) 10/03/2009

Arbor Networks bolsters Internet monitoring system

Network security vendor Arbor Networks is collaborating with more than 100 ISPs worldwide to create a more comprehensive Internet monitoring system.

The newly enhanced 'Net monitoring system, dubbed Atlas 2.0 by Arbor Networks, now monitors and collects real-time data for global Internet traffic, routing, and application performance. Previously, Arbor says the Atlas system had been used mostly to collect data on security-related traffic such as distributed denial-of-service (DDoS) attack traffic.

[ Keep up on the latest networking news with our Networking Report newsletter. And discover the top-rated IT products as rated by the InfoWorld Test Center. ]

Arbor decided to expand its Atlas system to more general Internet monitoring to help its client ISPs gather more business intelligence on the traffic and application trends that guide service providers' business decisions. With more information on global traffic and application trends, Arbor says that ISPs can make smarter decisions about planning their network capacity and managing peer-to-peer traffic.

The new Atlas system is a collaborative effort that culls data from more than 100 ISPs, Arbor says, including British Telecom, Australian provider Netgen Networks and Indian provider Tata Communications. As part of their agreement with Arbor, all ISPs participating in the Atlas system must share anonymous traffic data with one another on an hourly basis. Arbor says that the wide variety of ISPs participating in the program means that the Atlas system monitors and reports on Internet transit traffic at a rate of more than 3 Terabits per second.

Phil Sykes, a managing director at Nextgen Networks, says that the ATLAS system gives his company "actionable intelligence that improves business decisions around capacity planning, selection of content partners and optimal peering relationships."

Gray Williams, who serves as Tata Communications' general manager for managed security services, says that his company is using Atlas to improve its global security intelligence platform by monitoring Web traffic trends that occur outside of its own network.

Arbor has traditionally specialized in delivering threat analyses for ISPs and in guarding service provider networks from security threats such as DDoS attacks, botnets and worms.

Network World is an InfoWorld affiliate

Jive refines corporate social networking tools

Jive Software next week will ship a suite of corporate social networking tools tailored for various activities such as employee collaboration or brainstorming that will pull together both internal and external users.

Slideshow: Where IT pros do their social networking

Jive Social Business Software (SBS) 3.0, is the latest iteration -- and renaming -- of the company's well-known Clearspace social networking tools. Jive, however, has sharpened the focus by crafting the tools around four "centers" -- employee engagement; marketing and sales; customer support; and innovation.

[ Become savvy about the professional uses of social networking; read InfoWorld's Six commandments of social networking at work ]

The company is attempting to capitalize on software it first introduced in 2007 and has developed as a legitimate alternative to bigger platforms for corporate social networking from Microsoft (SharePoint) and IBM (Connections). (Compare collaboration products)

What was an ad hoc platform that required users to bend the tools for their particular use, Jive is now offering a foundation tailored around certain tasks with the flexibility to add other capabilities and build custom applications.

The centers in essence are a set of modules that sit on top of core collaboration capabilities such as discussion, polls, blogs, wiki, documents and workflow. Specific centers also feature unique tools. For example, the innovation center includes a plug-in for voting.

The chief addition to the platform, however, is a technology called bridging, which allows companies to blend internally and externally generated content.

"Companies are asking can we make these conversations more visible and more transparent," said Mike Gotta, an analyst with the Burton Group. "They want to know how to get employees, partners and customers to connect."

Gotta says the idea of templates, customization and adding vertical capability is not new in the software world, but that it is new to social and community platforms. But he says social networking tools have to go in a lateral direction by offering more integration with existing systems using APIs or REST in order to get information from social sites into other applications, and the tools have to offer more analytics on the information collected.

To those points, Jive has beefed up the analytics in SBS 3.0 to help users understand what is happening in their social networking communities and what changes are occurring. In addition, they can now plug that information into business intelligence systems.

The platform's Insight module gauges sentiment about a topic and extracts what people are thinking about certain topics. And Jive also has added social bookmarking and video capabilities to SBS 3.0.

SBS 3.0 is priced at $59 per user per year for all four centers or based on the number of page views for public facing social networking site. The centers can be purchased separately.

Follow John on Twitter. Network World is an InfoWorld affiliate

Sun's Rock processor on track for this year

After a year's delay, Sun Microsystems' 16-core "Rock" server chip is on track for delivery in the fall, the head of Sun's systems business said Monday.

The processor will have a new, multi-threaded design and double the core count from Sun's fastest server processor today, the UltraSparc T2 , which has eight cores. It will be targeted at enterprise servers that process data-intensive applications like databases.

[ Stay ahead of advances in hardware technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

"The processor is in various stages of debug. We're getting close [to release]," said John Fowler, executive vice president of systems at Sun, in an interview.

Fowler didn't provide an exact ship date but said the chip will be in servers by the Fall, suggesting a September to November timeframe. Rock was originally due for release in 2008, but Sun revealed last year that it had delayed the release until the second half of 2009.

The first 16-core chips will go into midrange servers, Fowler said. Sun currently offers a four-socket mid-range server called the Sparc Enterprise T5440, which uses the UltraSparc T2 processor, and Rock will debut in a system "above" the T5440, Fowler said.

"They are not going to be necessarily someone's first purchase but they'll fit nicely into the midrange where a lot of enterprise-level databases and fairly significant amounts of processing will live," he said.

Sun has disclosed in the past that the Rock's processor cores will operate at 2.1GHz.

Increasing the number of cores on a processor was the next logical step for Sun, said Charles King, principal analyst at Pund-IT. However, the company will be releasing the chip during a recession, at a time when server spending has slowed, he noted.

"By the time Rock appears, Sun enterprise customers are going to be hungry for something new. Whether they will be willing to make that investment in anyone's guess," King said.

The new chip may build on the power efficiency and performance improvements Sun delivered in its earlier Niagara processors, King said.

With the new architecture, there could be some programming challenges that Sun may have to keep a close tab on, King said. The company will have to make it easier for software developers to port older applications to Rock to take full advantage of the 16 cores for improved application performance, King said.

Sun, for its part, is trying to optimize software to take advantage of its multicore and multithreaded processors. For example, Sun is preparing its MySQL open-source database software to perform faster by breaking up instances of the application over multiple cores, Fowler said.

"We're working on MySQL to make it scale to higher and higher thread and core counts," Fowler said.

Some recent studies have raised questions about whether a high number of cores will provide a jump in software performance. The Sandia National Laboratories, for example, noticed workload processing improve from two to eight cores, but actually decline as the number of cores expanded beyond that.

The reality is a little more complicated than that, Fowler said.

"You have got to be careful of those very broad-based statements because all software is very different, and even a workload on a database can be different.," he said. Some workloads perform "really well" on a higher number of cores, while others are better suited to four or eight cores, he said.

Sun, along with other chip makers, is continuously adding cores to chips for more processing power. Intel and Advanced Micro Devices offer quad-core chips for servers, and Intel is due to come out with an eight-core server chip codenamed Nehalem-EX later this year. Sun's chips also compete with IBM's Power6 processors and Intel's Itanium chips.

Microsoft cuts software leasing costs to retain companies

In an attempt to retain recession-hit companies seeking to opt out of their software maintenance contracts, Microsoft is wooing them by cutting the price of leasing software by as much as 26 percent.

Until July 3, large companies and organizations can sign up to subscribe to Microsoft Office 2007, Windows Vista, or two bundles of client access licenses (CALs) for server software and save more than a quarter off the list price, according to the Web site, MicrosoftIncentives.com.

[ Cut straight to the key news for technology development and IT management with our once-a-day summary of the top tech news. Subscribe to the InfoWorld Daily newsletter. ]

That would mean that a company that pays about $155 a year per PC for its license and maintenance contract for Microsoft Office could save about $40 per PC, according to Paul DeGroot, an analyst with the independent firm Directions on Microsoft.

Microsoft's maintenance contract is called Software Assurance. Aimed at large customers, SA is a requirement of several Microsoft licenses, such as Enterprise Agreement and Open Value, and adds between 25 percent to 30 percent of the license cost per year, in addition to the license itself.

Cutting maintenance or support contracts with software vendors has become a popular way for corporate users to cut costs during the downturn.

"A lot of enterprises will say, 'You're not giving me anything anyhow, so kiss that revenue goodbye,'" an analyst told Computerworld last fall.

While cutting maintenance contracts can lead to trouble down the road with some software vendors, it's relatively painless for companies to cut SA and stay on the current version of software, which they own the right to run indefinitely, anyway, DeGroot said.

Microsoft's discounts for its Enterprise Subscription Agreements are an all-out effort by the vendor to retain customers on some sort of plan, DeGroot said.

"One reseller I talked to says he has never seen Microsoft doing this level of promotion and price cutting in the enterprise space," he said. And "from Microsoft's point of view, they'd rather have a low-priced subscription customer than a customer who simply didn't renew their Software Assurance. They're still making lots of money off it."

Companies with 250 or more PCs are eligible for Enterprise Subscriptions in three-year terms.

With Microsoft's heavy discounting, the subscriptions should be attractive to many customers, DeGroot said.

"If you're going to be using the Microsoft desktop and CALs for the foreseeable future, it's the least expensive way to do it, and actually would have been a really good choice for companies in a downturn: as your seats go down, so do your annual costs," DeGroot said. "The tradeoff is that if you stop the subscription [because of employee layoffs, for instance], you lose the licenses," which a company may need later when it starts rehiring.

There are also tax and accounting advantages for some companies to lease, DeGroot said, due to the fact that leasing is considered an operational expense, while software purchases are typically recorded as capital expenditures.

"In this economic climate, I think many more companies might be looking at it," he said.

The subscription price cuts mirror some of the aggressive deals Microsoft has in the consumer space for Office 2007.

Computerworld is an InfoWorld affiliate.

Hewlett-Packard: Buy now to prep for recovery

Hewlett-Packard will unwrap on Tuesday several new products and services that aim to help enterprise IT spend prudently now so it can be better prepared to profit once the economic recovery begins.

A Gartner analyst, however, says that IT shops are largely focused on short-term projects rather than planning for a recovery.

[ Related: Learn how to take advantage of the recession. | How IT can help with the financial crisis. ]

"This is the time for CIOs to change the economics of technology, and HP can help," said Deb Nelson, a senior vice president of marketing for HP's technology solutions group. To that end, HP will detail two new enterprise virtual arrays, an enhanced virtualization platform, data protection software, and several services.

On the product side, HP will expand its virtual storage offerings, introducing the new StorageWorks Enterprise Virtual Array 6400 and 8400 that bring new capabilities for easier administration which can reduce costs by as much as 50 percent, Nelson claims. The new SAN Virtualization Platform 2.1, meanwhile, taps thin provisioning to triple a customer's current storage capacity, Nelson added. And improved HP Data Protector software can act as a single solution across both physical and virtual environments and can be used to back up virtual environments.

Hewlett-Packard will also unveil new consulting services on Tuesday. Consolidation and virtualization-centric ROI services can help customers assess where to get the highest return from virtualization and server consolidation, Nelson said. With a new multitiered hybrid service, customers can design a datacenter with tiers of service to reduce costs.

As part of HP unit EDS' application management services, customers can now choose from tiered levels of services, which Nelson said can reduce costs by opting for a less expensive tier for applications that are not mission-critical. Finally, an improved suite of EDS infrastructure services provides more sourcing choices for servers and storage operations, service desk, managed messaging and flexible computing.

"We're all aware of the challenges the economy is presenting," Nelson said. "[These new offerings] don't mean IT has to spend more to stay competitive. It's about spending in a smart way."

Indeed, according to research from Afcom, the association for datacenter professionals, 86.2 percent of 133 datacenter managers surveyed expect to increase virtualization usage. "Whether they're doing it to just to ride out the storm or actually planning for the future, I don't know," said Afcom CEO Jill Eckhaus.

[ Related: "Where today's datacenter have gone wrong." ]

Today, many IT professionals are focused on short-term, tactical projects for self-preservation, according to David Williams, a research vice president at Gartner.

"HP may be 100 percent correct, but the majority of my clients are focusing on the next quarter," Williams continues. "The reality is that people are looking at how to get through 2009 and being very careful about how they spend their money, not making long-term purchases that require long-term ROI because they're responsible for it now. Being accountable is as important for people as being prepared for a recovery."

A SaaS app that's free unless it delivers value

Imagine an application that you don't have to pay a penny for unless it provides measurable value to your company -- and it's up to the vendor to prove that. IT shops the world over would be a lot better off, though the entire class of enterprise applications vendors would be in dire straits if they ever made such a claim. But eGain promises just that.

On Tuesday, eGain is introducing a hosted self-service application that it describes as a solution-as-a-service, or SLaaS, to riff on SaaS. Whether or not the acronym catches on, the idea behind eGain SelfService SLaaS is one whose time has come.

[ Related news: Apps stalwart Oracle recently built out its array of SaaS offerings with sourcing software as a service. | Cut straight to the key news for technology development and IT management with our once-a-day summary of the top tech news. Subscribe to the InfoWorld Daily newsletter. ]

"It's a really authentic and transparent approach in an industry that hasn't had all that much transparency," said Dr. Natalie Petouhoff, a senior analyst at Forrester Research. Instead, customer service, CRM, and ERP, have been mired in what Petouhoff called 15 years of failed projects.

Current economic conditions also make customer service applications ripe for adoption. "Companies don't have a choice," Petouhoff explained. "If there's anything to spend on, it's keeping your customers."

eGain SelfService SLaaS Edition is a hosted application that lets users select from a chatbot, dynamic and contextual FAQs, search, guided help, and escalation to call, chat, or e-mail, the company said in a prepared statement. eGain helps customers design, implement, and manage the app, which it hosts, and also provides self-service usage reports.

Ashu Roy, eGain's CEO, explained in an e-mail response the success metric his company uses to determine when and how much a customer should ultimately pay. "Success is judged by usage, [meaning] the number of self-service sessions conducted by their end-customers each month on the client's Web site. The more the usage, the more the success," Roy wrote.

The company breaks down pricing as such: $0.15 per session when a customer conducts up to 9,999 sessions; more than 10,000 sessions means they're $0.13 each; and those customers surpassing 50,000 sessions pay $0.10 each.

While that seems straightforward, Forrester's Petouhoff said that "customers need to be really careful in their SLA to define what the value is, so you actually get what you expect."

Mozilla bumps up Firefox 3.1 to 3.5

Mozilla announced it will dump Version 3.1 as the name of the next edition of Firefox and instead call it Version 3.5.

"As recently proposed, the version number of the Shiretoko project will be changed to Firefox 3.5 before the upcoming fourth beta release," said Mike Beltzner, Mozilla's director of Firefox, in a brief entry to the company's developer blog.

[ Check out the InfoWorld review "How secure is Firefox?" And see InfoWorld's special report for the full Test Center rundown on browser security. | Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

The name change has been under discussion for several weeks, prompted in part by calls from developers who thought that the "3.1" moniker didn't properly reflect the amount of new features and changes from last June's Firefox 3.0.

"The increase in scope represented by TraceMonkey and Private Browsing, plus the sheer volume of work that's gone into everything from video and layout to Places and the plug-in service make it a larger increment than we believe is reasonable to label '.1,'" Mike Shaver, Mozilla's vice president of engineering, said in a message to a company forum last week. "[Firefox] 3.5 will help set expectations better about the amount of awesome that's packed into Shiretoko."

"Shiretoko" is Mozilla's code name for Firefox 3.1, now Firefox 3.5.

Shaver also spelled out another potential benefit of the name change. "We expect uptake help from that as well," he said.

Mozilla will officially swap version numbers when it releases the fourth beta of the still-under-construction browser. Beta 4 is currently scheduled to ship April 14.

The browser maker added that fourth beta to the schedule two weeks ago, after it decided to release the oft-delayed Beta 3 even if it didn't include a fix for a troublesome bug in TraceMonkey, Mozilla's new JavaScript engine.

Mozilla originally named the next edition "3.1" to reflect the faster-paced development it planned for the upgrade. But those plans were disrupted last year by delays to add more features -- the TraceMonkey engine for one, a new privacy mode for another -- and build in more testing time.

Shaver said that the new name didn't mean Mozilla is now adding more to what was already in Firefox. "It's important to note that 3.5 represents a better labeling of our current scope, and not an indication that we intend to significantly increase this release's scope any further," he said.

The last version named Firefox 3.1 will be Beta 3, which is now slated to release Thursday.

Computerworld is an InfoWorld affiliate.

Report: Apple to launch Snow Leopard OS June 8

Apple will roll out Snow Leopard, its next operating system, June 8, according to a report based on openings at the San Francisco event center the company frequently books for its developer conference.

Last year at its Worldwide Developers Conference (WWDC), Apple confirmed that the next upgrade to Mac OS X would be dubbed Snow Leopard, and would launch "in about a year."

[ Is Snow Leopard Apple's secret business weapon? | Find out how to make the Mac work in business today with InfoWorld's hand's-on guide. ]

According to the Baltimore Sun, the Moscone Center has an opening June 6 through June 12 marked only as a generic "Corporate meeting." That week is the same time of the month that Apple has held WWDC at Moscone in 2007 and 2008.

Apple has not yet published a schedule for WWDC.

The Baltimore Sun, writer noted the similarities between the June opening and past WWDCs. "That's the second week of June, the correct number of days, and ends on a Friday (WWDC nearly always ends on a Friday)," said David Zeller.

Zeller also assumed that, as at previous developer conferences, Apple will hold a keynote on the Monday of the event, and furthermore, use that keynote to announced the launch of Mac OS X 10.6, a.k.a. Snow Leopard.

Last year, CEO Steve Jobs took the stage on the Monday of WWDC to deliver the keynote, during which he unveiled the new iPhone 3G, which Apple started selling July 11. It's not known whether Jobs will attend WWDC this year; when he announced in January that he was taking time off for health reasons, he said his leave of absence would run through the end of June.

One analyst declined to speculate on a Snow Leopard release date, but said that with last week's desktop refresh, Apple now has its hardware pieces in place. "Adding more robust graphics processing is a way for setting things up for developers to take advantage of OpenCL in Snow Leopard," said Ezra Gottheil, an analyst with Technology Business Research Inc.

Apple has said Snow Leopard will support OpenCL (Open Computing Language) to allow developers to "steal" computing power from the graphics processor and apply it to general, nongraphics tasks.

All notebook and consumer desktop Macs are now configured with graphics processors from nVidia, which has been aggressively pushing its chips' ability to take some of the load from the CPU.

According to earlier reports, Apple has also provided developers with Snow Leopard builds that feature tools to mimic the iPhone's location-sensing skills, as well as additional support for multitouch features.

Computerworld is an InfoWorld affiliate.

SpringSource upgrades Groovy, Grails developer technologies

SpringSource is offering on Tuesday upgrades to the Groovy dynamic language and Grails Web application framework with such features as improved performance and OSGi support. The upgrades include Groovy 1.6 and Grails 1.1, which can be downloaded at this Web site.

"Grails is a rapid Web application development framework built on the Groovy language and Groovy itself is a language that has the essence of Ruby and Python and so forth," as well as integration with Java and the Java Virtual Machine, said Graeme Rocher, head of Grails development at SpringSource.

[ Last year, SpringSource took over responsibility for the two open source technologies when it bought Groovy-Grails backer G2One. ]

Version 1.6 of Groovy offers better compile-time and runtime performance improvements, abstract syntax tree transformations that support transformation annotations, and support for OSGi. Developers with Groovy can extend the Java platform to match business requirements, SpringSource said. Extension can be done with scripting capabilities supporting domain-specific languages expressing business concepts.

Performance has been improved as much as 100 to 450 percent in some cases, Rocher said. This was done via call site caching, which is a way for dynamic languages to shorten the path to the invocation of a particular method, he said.

"If you can cache the particular method invocation, then you can callow the HotSpot JVM to in-line that into machine code, which improves performance greatly," Rocher said.

AST transformations reduce the number of lines of code needed to express certain patterns and enables further extension of the language. Meta-programming enhancements in version 1.6 streamline code and enable developers to write more expressive business rules. Also, meta-programming supports common enterprise APIs, such as Java 6 scripting APIs and JMX management.

Grails 1.1 offers optimized performance, incremental improvements to components, and easier integration with build systems. The Ant and Maven Java-based build systems are backed. Also, greater potential for modularity is offered through plug-ins. Transitive plug-in resolution in version 1.1 will install plug-ins that are dependent on each other.

How Vista mistakes guided changes to Windows development

About a year ago on its Redmond, Washington, campus, a member of Microsoft's Windows Vista team met with a group of journalists to face some tough questions about the OS.

At the time, it was clear Vista was not going to be the great success Microsoft had predicted, as many of the company's critical business customers were beginning to reveal they would wait for the next release of Microsoft's client OS instead of upgrading corporate desktops to Vista.

[ From InfoWorld's Test Center: Windows 7 benchmarks unmasked | Special report: Early looks at Windows 7. | Get the analysis and insights that only Randall C. Kennedy can provide on PC tech in InfoWorld's Enterprise Desktop blog. And download our free Windows performance-monitoring tool. ]

Among questions posed to Microsoft that day were how the company could have gotten Vista so wrong after five-plus years of development, and how much longer Microsoft could justify putting out major software releases that needed substantial bug fixes before they were fit for enterprise deployment.

It has long been the mantra among IT professionals not to "go out and buy that first release" of Windows, but "wait until the service pack comes out because there are so many bugs and issues," said longtime Microsoft partner and customer Scott Noles, director of technology and education at Microsoft customer Kinex Medical, a medical rehabilitation center in Waukesha, Wisconsin.

The same rang true for Vista, and even for its predecessor Windows XP, a solid OS still in wide use that nonetheless also required a major service-pack release to deal with critical security issues that plagued enterprise users.

Microsoft had no answers that day to the questions it faced about Vista. Fast-forward a year later to now, however, and the company does.

For the past several months, Microsoft has engaged in an extended public mea culpa about Vista, and in the past two weeks alone has given a series of press interviews to explain how it changed the development process of Windows 7, the forthcoming client release, to learn from the mistakes it made in the past.

"We know we're still learning, but we always want to make tomorrow better than yesterday was," Mike Nash, corporate vice president of Windows product management, said about the development of Windows 7 in a recent interview.

He said Microsoft's move in March 2006 to put former head of Office development Steven Sinofsky in charge of Windows development was a key driver of changes in the process. Sinofsky is now senior vice president for the Windows and Windows Live Engineering Group, and Nash credits him for bringing order to the group.

Vista failed among business customers for a few key reasons. One was that its premium hardware requirements made it incompatible with PCs that companies already had running in their IT environments. That meant that upgrading to Vista meant that businesses also had to update hardware, a more expensive proposition than recycling existing machines.

Another was that Microsoft peripheral and software partners were not fully prepared for the release, which means many third-party products on which business users rely didn't work with Vista out of the gate.

Gavriella Schuster, a senior director of Windows product management, cited the "stop-and-start nature" of Vista's development process as contributing to partners' lack of preparedness for the final release. Microsoft stopped Vista's development in the middle of the process to overhaul the security of the OS, a move that delayed its final release.

Microsoft has changed how it built Windows 7 in a few ways to learn from errors of the past, it says. First, the company decided to "define a feature set early on" and only share that feature set with partners and customers when the company is confident that they will go into the final OS, Nash said.

This should avoid any confusion among Microsoft customers and partners as to what new features Windows 7 will have, and also will give Microsoft a chance to stabilize those features as much as possible.

"We made the ecosystem's job really hard [with Vista]," Nash acknowledged, because so much changed in Vista between the beta release and its release candidate, and then again between the release candidate and the final release. Making Windows 7's release milestones more predictable should ease the preparation process.

The beta of Windows 7 that is now available is already feature-complete, although its final release to business customers isn't expected until November, according to Microsoft's timeline. Microsoft also is forgoing the release of a second beta in favor of one more test version -- a release candidate that will appear soon before Windows 7's final release.

To solve the overall PC-compatibility issue, Microsoft has said that all versions of Windows 7 will run on even low-cost netbooks, which often don't have the same amount of RAM or hardware power that full-featured PCs do.

IT professionals are applauding these changes across the board, from Sinofsky's influence on the development process to the existing Windows 7 beta Microsoft's produced.

"By bringing a leader from the Office team, Microsoft got someone who knew how to ship and understood the responsibility of revving a ubiquitous and infrastructural product," said Andrew Brust, chief, new technology at IT consulting firm twentysixNew York, who is already successfully using Windows 7 on a low-cost PC.

He said that while it's necessary to freshen products like Windows and Office that so many businesses rely on with new features, it's also necessary to ensure updating to a new version won't be too disruptive to the user base. In Brust's opinion, Sinofsky proved in his work on the Office team that he could balance these needs, and was a good candidate to revise the Windows development process.

Stephen Hultquist, a principal with Infinite Summit in Boulder, Colorado, also agreed with the changes Microsoft made to the development process. "I think they're right on" with Windows 7, he said.

Hultquist, who cut his teeth as an enterprise CIO and first worked with Windows when it was still a joint Microsoft/IBM project, now calls himself a "revolving CIO" for a number of small and medium-sized companies. He moved very few of them to Vista, opting to wait for Windows 7, which he is testing.

There's certainly no love lost between Hultquist and Microsoft software. He said he thinks Microsoft put out Vista before it was ready -- even after five years of development -- "because they felt their reputation was at stake if they didn't release something."

However, Hultquist is glad that Microsoft has changed the development process for Windows 7, although he still thinks the forthcoming OS "is what Vista should have been."

Others defended Microsoft, saying the company -- which designs an OS that must work with an incredibly wide range of third-party products -- can't be entirely blamed for the software and hardware compatibilities that plagued Vista and affected its adoption among business customers.

Arlin Sorensen, CEO and president of Heartland Technology Solutions, said Microsoft's business partners and customers bear responsibility for giving themselves plenty of time to test a new Windows OS before it's released to ensure compatibility with the existing IT environment. Heartland, based in Harlan, Iowa, is a Microsoft partner and Windows Vista beta tester and early adopter.

"Contrary to popular desire, stuff just doesn't work without some effort, and it does require planning and budget to stay current and competitive with technology," Sorensen said in an e-mail. "We pride ourselves in engaging with Microsoft early and often, and it has been a great asset to us and our customer base. ...That is a choice we make, and by making it we don't run into the kinds of experiences many just want to point fingers and blame Microsoft for."

Still, Hultquist noted that if you compare the first release of a new Windows OS to the first release of one of Apple's Mac OSes or an update to Linux, the "stability and reliability and compatibility of Windows -- all of those features that matter the most for an OS -- is not even close, not even in the same category" as the other OSes, which tend to be more polished.

Microsoft doesn't have the luxury of developing its hardware and software in a vacuum, as Apple does, nor does it have the benefit of an entire community of open-source developers who can tweak Linux to their liking. Still, Microsoft's need to work with a broader scope of partners and customers to ensure Vista can interact with third-party products doesn't excuse it from being such a poor release in the first place, Hultquist said.

"From an end-user's perspective, who cares?" he said. "It's really about value delivered to the end-user."

If a company can't deliver value in a finished product, Hultquist said, "I can't use it then, I have to wait until it's stable and it helps my business."

Microsoft is hoping that because of the changes in its development process, Windows 7 will be far more stable and lack the myriad complications of Vista, even before its final release.

With Windows 7, "our goal is to make sure customers can treat the beta of one of our products like a release candidate and treat the release candidate as a final version," Nash said. With Windows 7's release date drawing near, customers will soon be able to find out if Microsoft delivers on that promise.

HP expands virtual storage offerings

Hewlett-Packard aims to cut the total cost of storage while allowing enterprises to keep adding capacity and forging ahead with virtualization projects in tough economic times.

In a series of products and upgrades to be introduced on Tuesday, HP will roll out higher capacity virtualized storage arrays with new features such as virtual RAID 6 and a solid-state drive option. The company is also introducing storage virtualization software that works with more third-party devices, and an improved backup platform. The rollout is part of a broader set of steps on Tuesday to help customers cut costs during the recession and prepare for competitiveness in the future.

[ Track the latest trends in virtualization in InfoWorld's Virtualization Report blog. ]

Though enterprises may have fewer resources to work with in hard times, their need for storage capacity is expected to continue growing. HP says it can help them make better use of their IT resources through management software that takes less work, as well as virtualization technology that can increase the utilization of existing storage capacity. With virtualization and easy-to-use management software built in, the new StorageWorks Enterprise Virtual Array (EVA) products can cut storage administrative costs by half compared with traditional arrays from competitors such as EMC and NetApp, Fitze said.

On the hardware side, HP is introducing the Enterprise Virtual Array 6400 and 8400 platforms. Replacing the EVA6100 and EVA8100 units, the new arrays can accommodate more storage -- as many as 320 drives -- and larger caches, as big as 20GB on the EVA 8400.

One added option on the new EVA units is the option of adding solid-state drives (SSDs) for fast access to key information stores such as database logs, said Kyle Fitze, director of marketing for HP's storage platforms division. Customers will be able to integrate multiple SSDs as large as 72GB, he said.

HP is also introducing VRAID 6, a virtual implementation of the RAID 6 standard, which sets up dual parity for every logical volume on an array. RAID 6 lets the array keep working with no lost data even if two disks fail, Fitze said.

The company's SAN Virtualization Services Platform (SVSP) software allows enterprises to virtualize storage across multiple arrays, including platforms from other vendors. The software lets them combine many arrays into one virtual pool and move data across those arrays as needed.

SVSP 2.1, being introduced Tuesday, extends support for third-party platforms to several more products from IBM, EMC, Sun, and SGI, as well as to NetApp's FAS6000 series and other platforms, and 3Par's InServ T400, T800, and E200. It also adds support for HP's own new EVA gear and MSA 2300.

Compared with a traditional array environment, an enterprise can manage three times as much storage capacity per administrator with SVSP 2.1, according to HP. The system allows for greater efficiency, too, with capacity utilization of 70 percent or more in a virtual pool, the company said.

Also on Tuesday, HP is updating its Data Protector Software. Through a virtual backup feature, the new software can reduce the space needed for a backup by as much as 95 percent, according to HP. In addition, the updated product now provides eight different methods for automating protection of VMware environments and makes it easier to use all those methods, the company said.

Storage virtualization can help enterprises realize the efficiency they seek from server virtualization, said Gartner analyst David Russell.

"The server virtualization activity is something of a juggernaut," with a majority of enterprises probably having done some of this, Russell said. But fewer have consolidated their storage capacity into a pool and virtualized it, he said. Some have used storage virtualization on a few arrays but not across the board.

To get the full flexibility promised by virtualization, it helps to implement both technologies from end to end, something that few vendors -- chiefly HP and IBM -- can do, Russell said.

"These domains aren't so discrete anymore," Russell said. "If you're going to make a major initiative in this area, then to make those benefits, you have to think it through end to end."

The EVA6400 and EVA8400 are available now, with U.S. list prices starting at $24,240 and $61,456, respectively. SVSP 2.1 is also available now, with a U.S. list price of $37,180.

Eclipse Pulsar seeks mobile app dev unity

Tackling the complicated issue of developing mobile applications for different platforms, the Eclipse Foundation is set to unveil on Tuesday a project to build a multi-vendor, unified platform for mobile development. But the effort thus far lacks the support of some major mobile players including Microsoft and Apple.

Called Pulsar, the initiative is intended to build a standard mobile application development tools platform. It is being led by vendors like Motorola and Nokia and seeks to make it easier to develop applications for different mobile systems. Although the individual platform technologies would not go away, Pulsar provides a unified platform to work with the individual vendor-specific technologies.

[ Though it hasn't joined up with Pulsar, Microsoft did recently herald the Silverlight-Eclipse link. ]

"The whole notion here is that an application developer can go to eclipse.org, download the Pulsar platform, and it's complete and ready to go," said Dino Brusco, senior director for developer platform and services at Motorola. Pulsar is based on the Eclipse IDE and features plug-ins for different mobile development environments. The Pulsar platform accesses vendor-specific SDKs; the first release of Pulsar is planned for late June when Eclipse offers its "Galileo" release train of multiple technologies.

"A developer does not have to go to the different sites to download [the different SDKs]," Brusco said. Initial supporters of Pulsar, in addition to Motorola, include Nokia, RIM, Sony Ericsson, IBM, and Genuitec. Mobile platforms of all these vendors will be supported by Pulsar.

"We believe that this Pulsar platform will make it easier for developers who have not had experience developing for mobile to come into the mobile space," said Brusco.

A RIM executive stressed that Pulsar is intended to make it easier for developers having to cope with building applications for many devices and work with many development environments. "I think what Eclipse is driving and many of us have been focused on for a while is how do we make the developer's life in mobile a lot simpler," said Alan Brenner, senior vice president at RIM.

Java Micro Edition will be a platform supported by Pulsar. But missing at this juncture is support of major mobile platforms, such as Microsoft's Windows Mobile, Apple's iPhone and Google's Android.

Pulsar, though, is an industry initiative open to all companies, Brusco said. "We hope these other companies will look at it," he said.

The lack of support from vendors like Microsoft and Apple "highlights the schisms that are forming in the smartphone space," said Jeffrey Hammond, principal analyst at Forrester Research.

"There's not really a good way to develop a single app and deploy it across Symbian, RIM, Windows Mobile, iPhone, and Android," said Hammond. "There are mobile middleware platforms and tools that come close, but it's still a least-common denominator approach that doesn't tap into device-specific ecosystems like the [Apple] App Store."

But Hammond did laud Pulsar.

"I think it's an interesting approach to making mobile development more approachable for mainstream developers but it's really only a start," he said. "They will need to get a few releases out and support phones that developers really want to build apps on. Technically though, it's a pretty sound approach."

Microsoft declined to comment on the Eclipse mobile initiative. A Google representative said the company has been approached but declined to participate in Eclipse mobile efforts at this time. Google is an Eclipse member and does support an Eclipse plug-in for the Android SDK, according to a Google representative.

Pulsar differs from the already-existing Eclipse MTJ (Mobile Tools for Java) platform in that it would support MT4J as well as other technologies. MTJ enables development of Java ME (Micro Edition) applications. "(MTJ) becomes the starting point for the Java environment of the Pulsar platform," Brusco said.

Eclipse also offers its tools for Mobile Linux projects, for mobile applications, and embedded RCP (Rich Client Platform) for embedded devices, Brusco said. "What was missing from those projects was a higher level collaboration amongst mobile companies to talk about bringing these projects together, creating a common tools platform for the mobile space," he said.

"The Pulsar initiative is really about a common tools platform that's more than Java," he said.

Specific deliverables of the Pulsar effort include:

* Development of a packaged distribution called Eclipse Pulsar Platform;
* A technical roadmap to advance Pulsar's capabilities;
* A set of best practices, including documentation and test suites;
* Education and outreach to drive adoption of Pulsar.

In conjunction with its participation in Pulsar, RIM has delivered version 1.0 of it Blackberry JDE (Java Development Environment) Plug-in for Eclipse, offering a plug-in enabling developers to build applications for the RIM Blackberry device from within the Eclipse IDE. RIM also has increased its sponsorship level in Eclipse from a solutions-level member to an enterprise member, Brenner said

Anti-virus vendor: ID theft Trojans on 1 in 100 PCs

Perhaps as many as 10 million PCs are infected with sneaky programs designed to steal sensitive financial information, anti-virus vendor Panda Security reports.

The company found that just over 1 percent of systems belonging to the 67 million people who tried out its free ActiveScan test site last year were infected with malicious software designed to help thieves steal sensitive information about victims. If 1 percent of the world's 1 billion computers are infected, that would mean that this kind of software is on 10 million PCs worldwide, the company reports.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

These identity-theft-focused Trojan programs are becoming more sophisticated and more common. Panda's detection rate jumped 800 percent between the middle of 2008 and the end of the year, according to Carlos Zevallos, a security evangelist with the security company. "The report shows a very sobering number," he said. "We don't want it to seem that it is a hopeless battle [but] all businesses innovate, and crimeware is a business."

Identity theft is a big problem. The U.S. Federal Trade Commission estimates that 9 million U.S. residents have their identities stolen each year through a variety of techniques, including dumpster diving, skimming credit card numbers at legitimate businesses, and phishing.

According to Panda, these Trojan programs are a now a serious threat too. Victims of the Trojans are usually tricked into installing the software themselves. They may think they're installing a new plug-in in order to view a video. Once the software is installed, it typically sends messages to a central command and control server

Although banking Web sites have added a lot of features over the years to prevent hackers in another country such as Russia from logging into online accounts, these banking Trojans can be really hard to stop, Zevallos said. "They essentially have complete control of your machine, so they can send a request from your machine and the Web site will not know that it is not being initiated by the user."

Trojans can take screen shots of everything on your screen and search the machine for credit-card numbers, Social Security numbers, resumes -- anything that could be used in identity theft. Today's Trojans can even download software updates from their criminal masters.

Today's most common financial Trojans go by names like Cimuz, Sinowal, and Torpig.

Most of these programs come from China or Russia, but Panda says that a growing number are coming from Brazil and Korea too.

In the past few years, hackers have become very good at cranking out new, slightly altered, variants of their malware, designed to evade anti-virus detection. So anti-virus products will detect identity theft Trojans, but not all of them. Panda said that 35 percent of the infected PCs that it spotted last year were already using up-to-date anti-virus programs.

Judge OKs settlement in Yahoo shareholder suit

Removing one barrier to a potential Microsoft acquisition of Yahoo, a judge approved a settlement that will roll back a Yahoo employee severance plan that critics described as a poison pill.

On Friday, Judge William Chandler III of the Delaware Court of Chancery approved the settlement.

[ For the full story on Microsoft's attempted takeover of Yahoo, see InfoWorld's special report | Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

The severance plan was implemented by Yahoo's former leaders and made it easy for employees to leave the company in the event of an acquisition and receive generous compensation. Some investors, including the vocal Carl Icahn, described the plan as a poison pill because he argued that the severance payouts would be so expensive that no company would want to acquire Yahoo.

Several shareholder groups, including large pension funds such as the City of Detroit retirement fund, subsequently filed lawsuits charging Yahoo board members and executives with foiling a Microsoft takeover to protect personal interests to the detriment of shareholders. Many lawsuits were consolidated into the complaint with the Delaware Court of Chancery.

The settlement, first submitted to the court in December, narrows the reasons why employees can quit and receive the severance, removing some of the incentives for them to leave the company in the event of a Yahoo acquisition. Yahoo said it's happy with the deal.

"We are very pleased that the settlement was approved because we believe it is in the best interests of the company and our shareholders," the company said in a statement.

The settlement could make Yahoo easier to sell, the judge said. "I conclude that the settlement, obtained by plaintiffs, amounted to a substantial benefit to Yahoo's shareholders because the key terms of the settlement made it less expensive to sell Yahoo, making the company a more attractive target to potential suitors," the judge wrote in his ruling.

The severance plan probably wasn't the only reason the Microsoft deal didn't go through last year, said Matt Rosoff, an analyst with Directions on Microsoft. "It wasn't a deal breaker, but it was an indication that Yahoo didn't want to be acquired," he said. The settlement "is an indication that under new leadership Yahoo is more amenable to a deal."

Yahoo founder Jerry Yang fought off Microsoft's acquisition and search partnership attempts last year. Many shareholders and analysts were in favor of the deal. When Yahoo's fortunes failed to improve after talks between the companies collapsed, Yang was replaced as CEO by Carol Bartz. She started in her new job in January and has said that she doesn't intend to publicly discuss any potential negotiations with Microsoft or other suitors. For its part, Microsoft CEO Steve Ballmer has continued to say that some sort of partnership with Yahoo makes sense. Yang remains with the company as Chief Yahoo and as a board member.

Juniper introduces Adaptive Threat Management

Juniper is this week introducing software that lets security platforms -- even those made by other vendors -- share and analyze log information in order to determine the root cause of network problems and fix them.

Called Adaptive Threat Management, the data-sharing software includes upgrades to its SSL VPN and UAC (Unified Access Control) devices that enable them to publish log information to a UAC server that shares the data with other platforms.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The interface between the SSL and UAC devices and the server is a standard known as IF-MAP, a communication interface for creating a two-way street between network devices and the server to which device data is published.

Adaptive Threat Management can support devices made by other vendors, but those devices must comply with IF-MAP. So if a security platform made by another vendor publishes data using the IF-MAP interface, it can become part of an Adaptive Threat Management deployment, Juniper says.

Customers that have a firewall in place from another vendor could potentially keep it but enable it to publish log data to the central IF-MAP server where other devices could access it, analyze it, and act upon it. And the firewall could subscribe to information from the server in order to respond to new threats.

It is important for Juniper to bring together its network and security offerings in order to make the case that its disparate gear can be deployed as a coordinated security system that embraces other vendors, says Phil Hochmuth, an analyst with the Yankee Group.

With Adaptive Threat Management, customers can create a single user-based policy that is pushed to devices in the network, saving administrative time on configuration. "You're not having to scramble around to push policy to 10 different boxes," Hochmuth says.

Adaptive Threat Management is reminiscent of Cisco's TrustSec, which uses centrally defined access policies enforced in the network -- but Cisco uses its switches to enforce the policies, Hochmuth says. "It is a major architectural strategy to glue together the individual parts of access control," he says.

IF-MAP is supported by a handful of vendors including Aruba Networks, ArcSight, Infoblox, Lumeta and nSolutions.

Last year, Juniper revamped and renamed its management platforms to NSM (Network and Security Manager), which centrally manages policies for Juniper's network and security gear, setting the stage for different classes of devices sharing data.

The NSM platform has been upgraded to include more standard reports that map to the behavior of devices in the network that it deals with. These reports can be used as the audit trails necessary for some regulatory compliance or for internal audits to gauge network security, the company says.

Juniper gives an example of how the new capability could work. A user logged in via SSL VPN inserts a USB device into his computer that is infected with a Trojan. A firewall/intrusion-protection system detects the Trojan and that information gets shared with the SSL VPN device, which can interrupt the VPN session. It can then guide the user through remediation of the problem, then let the device set up a new VPN session.

The software for Juniper's SSG series SSL VPN gateways also enables single sign-on, and remote access users are presented with a list of resources they are authorized to access and can go to them directly with out signing on for each one.

This is convenient for accounting consultants with Singer Lewak, an accounting-services firm headquartered in Los Angeles, says the company's CIO Rob Krumwiede. "The SSL VPN is a launchpad to the intranet, e-mail and internal applications," he says.

So a remote user can click on an icon to gain access to one of three e-mail options -- Citrix thin-client-based, Outlook Web Access, and full Outlook -- all without having to authenticate again.

Juniper also is introducing two new models in its SRX series of security devices whose hallmark is that the individual security applications running on them can be integrated, and that processing power can be dedicated for each to insure performance.

The SRX 3400 and 3600 are the smallest members of this high-capacity family, whose biggest brother, SRX 5800, boasts being the fastest at close to 140Gbps. The models top out at 20Gps and 30Gbps on firewall throughput, respectively, but the hardware features the same modular architecture that enables expanding power by adding cards.

The devices also support both VPN and intrusion detection/prevention system (IDS/IPS) at 6Gbps on the SRX 3400 and 10Gbps on the SRX 3600. Starting price for the devices is $50,000 for the SRX 3400 chassis with a network-processing card, a routing engine and support for a 10Gbps firewall, 2Gbps VPN and 2Gbps IDS/IPS.

With dedicated processing per application, users can guarantee performance when additional load or applications are added. Because this is done internal to the chassis, such expansions require no new rack space and cost less than stacking appliances because there is less redundant hardware in a modular box than in a collection of appliances.

Network World is an InfoWorld affiliate

Tuesday, March 10, 2009

IT News HeadLines (InfoWorld) 10/03/2009

No comments: