Of all the problems with making the twenty or more user identity federation protocols in active use today work together, the most prominent is this: The standards upon which all those protocols are based are themselves moving targets. Thus a fixed solution one month may fail to work next month.

“In order for us to build interconnected systems, we need to have some agreement between all of the people who are going to be using this software and the vendors, on what the standards are for interconnecting identities,” said Stuart Kwan, Identity and Access Group Program Manager for Microsoft. “I don’t know if I would characterize it as any one vendor who is leading here. We all have to work together to make things happen, and Microsoft has been involved with a lot of the standards bodies in this area, in OASIS, in the IETF, and increasingly, other places where these standards have been advancing. . . We’ve been making a pretty major investment in engaging in these conversations, both in the industry and in standards bodies, to help move the ball forward with everyone else.”

Many will recognize OASIS as the standards group behind OpenDocument, the format used in Sun OpenOffice and other Microsoft Office competitors, and Microsoft’s rival for the desktop as recently as 2007. Now Microsoft finds itself working in cooperation with OASIS in the development of Security Assertion Markup Language (SAML), one of the many challengers in the overflowing field of claims-based identity, and the focus of Active Directory Federation Services 2.0, released in May 2010. SAML is also backed (though not always exclusively) by Novell, CA, Siemens, and IBM. SAML now competes in this space with another standard which had been the earlier focus of Microsoft’s expansion into claims-based territory: WS-Trust, one of the WS-* (pronounced “W. S. Star”) specifications that is managed by the OASIS standards group, with the help of IBM, Siemens, and the rest.

In the emerging world of “openness,” entities now openly compete with themselves. Interoperability, as Microsoft has managed to demonstrate in every possible way through its history, bites.

Can a Solution Just Compose Itself?

A glimmer of hope recently manifested itself to Microsoft and all its security identity competitors, in the form of an almost other-worldly new concept. Called composable Web services, it’s the astonishing notion that two endpoints with disparate protocols can actually negotiate new languages between themselves as warranted.

There’s no counterpart for this in reality, so I’ll supply one from fantasy: Suppose peoples living on two separate continents spoke completely different languages. These peoples evolve normally, the exception being that their capacities for language increase at ten thousand times normal speed. One week, a nationality is just learning the basics of Linear-B; the next, it’s using telepathy. Any translator who facilitates a communication between continents one week, won’t be able to translate a discussion between the same parties the next week.

So the translator tries this solution: He devises a process for quizzing parties on both continents about the subject matter of their typical discussions. With results supplied from both parties, he compiles a common taxonomy of concepts between them. He can refresh this taxonomy as warranted, as the two people’s languages evolve, but the taxonomy stays fresh. And how he reads the taxonomy doesn’t have to be translated to anyone else except himself. He can share his methods with others, and those methods may work elsewhere, but the taxonomies they produce are exclusive to them.

In the real world, that taxonomy would be called metadata — in this instance, the basic elements of exchange between Security Token Services (STS) endpoints.

“As we see applications wanting to connect to applications, we’re definitely going to see a need in the identity space for protocols to allow applications to call other applications,” remarked Kwan, “the same way that SAML addressed Web single sign-on.”

Stuart Kwan, Identity and Access Group Program Manager, Microsoft.

You can’t talk to Stuart Kwan for too long without him drawing a diagram of some sort, even if you’re just on the phone with the guy and his diagram is made entirely of words. “Let’s take a more traditional federation case, where say, I have a user who’s in the supply chain for a manufacturing company, and they’re accessing a particular application,” his verbal picture begins. “It’s a hub and spoke, where the manufacturing company is in the hub, and you’ve got all these other companies in the supply chain in the spokes, and there are users who are accessing that federated application in the hub. When the manufacturing company is creating agreements with its supply chain, how much user information should be disclosed make sure it gets the right information about the users, and what kind of information should that be?”

“Today,” says Kwan, “That’s an exercise that is pretty much done on a one-off basis, as people are creating these relationships. I think as cloud services take off, continue to grow in adoption, then we’re going to see more and more of these templatized agreements, such that you don’t need to have a one-on-one conversation with the other side. There will be ways, through things like metadata, we can determine, ‘Here’s the kind of information that you need to send.’”

The “templatized agreements” that Kwan would like to see between federation protocols are, in one sense, patterns: ideals for not only what federated STS endpoints should trade with one another in particular sets of circumstances, but methodologies for how such patterns can be realized and adjusted where necessary. Kwan went on to suggest that the metadata itself may be capable of triggering the generation of scripts whose sole purpose is resolving exchanges between STSes for just this metadata. Since the scripts are not shared entities in themselves, they wouldn’t have to be made interoperable — so for once, Microsoft could make use of PowerShell rather than XML.

“In the metadata today, we don’t talk about the values that are expected to be sent, but instead just the types. So maybe there’s room for us to put encodings on [situations where an STS declares,] ‘I expect this enumerated set of values with this meaning.’ And that’s something we think will happen in various industry verticals, where the information about a person who’s accessing a system has some specific meaning. It might be something in oil and gas versus something different in aerospace, versus something different in financial services, government, etc. In those verticals, they have particular terms and types that they use to describe people, and lists of things that are important for them to be able to agree on. . . within the realms of their [given] industries.”

Composable protocols using negotiated metadata would not, despite the imagery that appears borrowed from the Terminator series, become “self-aware;” instead, it would require constant monitoring, including someone to manage and run those scripts. Without a precise and well-considered plan for how to manage the products of these operations, the results might actually be more comparable to Jurassic Park.

The Role-Playing Game

One factor that could potentially determine whether evolution gets out of hand in the future is the limitation security engineers place today on how much information the metadata is allowed to contain. Here’s where we discover that some engineers became spoiled by the comparably rich contents of FBA’s old security tickets.

In FBA (which was not designed for portability), Microsoft and others designed security tickets (not tokens) which encoded not only the authenticated user, but data on the access privileges which the identity provider granted. In other words, not just who is this guy, but what? Is he a mail admin? A SharePoint admin? A department head? This is critical information to Active Directory.

Keith Brown, co-founder, Pluralsight

Last November, at a Microsoft conference session where the subject of metadata in token negotiation was raised, several developers and admins appeared eager to leverage metadata to resurrect role-based authentication.  In response, Keith Brown, co-founder of .NET training provider and Microsoft partner Pluralsight LLC, suggested it might not be such a good idea: “I don’t know that I would try to use claims for role-level access,” Brown told them. “Your biggest value right now in this space, which is evolving, is the federation capabilities that you’re going to get, to be able to. . . have single sign-on. Let’s solve that problem. Trying to get any finer-grained authorization like that, you’re kind of overloading something that people aren’t really trying to solve right now.”

The alternative Brown suggested involved a kind of “trust topology” (my term, not his) where federated RPs are distributed in such a way that they’re only used by clients with the same general requirements. In other words, make the RPs as vertical as the industries they serve, so they don’t have to educate each other too deeply.

“The challenge with authorization is that every app is different, so it might need to have a different, very specific set of permissions,” said Brown. “When you start factoring that up [into a common list], what you’re doing is losing control of that authorization data, you’re centralizing it, so it may be harder to change. And if that thing is not really shared across multiple apps, then I think you’re just making your life harder. So what you really want to think about is, where should a claim be issued from? It should be issued at the location in the trust chain where people can share it, where multiple things are worried about. If only my app cares about this, then really, only my app should be populating those claims.”

Since that time, however, Microsoft’s Kwan told us, security engineers appear to have warmed up more to the idea of encoding roles and privileges along with metadata. Most metadata, he said, may be comprised of numerous, ordinary switches and “knobs,” settings which may be toggled this way or that way — for example, for supporting the stronger SHA-256 encryption algorithm as opposed to deprecated, but still oft-used, SHA-1. Here’s where yet another open identity protocol — this time, the open source project OAuth — enters the picture. Used now mostly for consumer-grade Web apps, OAuth impressed Microsoft with its ability to delegate levels of responsibility for performing deeper functions within an application —responsibilities that applications would otherwise have had to guess for themselves — without disclosing data in such a way that it violates users’ privacy.

“Say I’m on Facebook and I want to find out what my MSN Buddy List is, so I can find out if any of them are also on Facebook. The old way to do this was, you had to provide your Windows Live username and password directly to Facebook in order for it to be able to go read your Buddy List — and that wasn’t desirable, obviously. So OAuth was invented so that you could delegate access to Facebook, not give them your password — instead, go log onto Windows Live ID and give Facebook directly permission to get some specific thing out of your profile at Windows Live, if only for a specific period of time. I think we’re going to see other scenarios like this, but in the more professional cases, [for example], where I have a Zoho application which wants to put a meeting reminder onto my calendar in Hosted Exchange. How is it going to be able to do that, to get the rights to do that, without really complicating the developer experience, [and] complicating the end user experience?

“As those scenarios come up, we’ll definitely see a need to make further technological advances in identity,” remarked Kwan. “I don’t claim that we’ve got all these things figured out yet, but the cloud, I think, [is going to trigger] another surge in this area, and we’ll all be working together to make those things work.”

In another era, it was often said that one company appeared to be calling most or all of the shots for technological standards. Now that Microsoft is resolved to building on top of platforms constructed by others, and in a more transparent way than ever before, it appears the shots are coming from all directions. Even with the online identity problem now ending its first quarter-century, there appears to be no single “leading candidate,” no “favorite,” not even a “default.” Just several dozen entities swimming in the same sea, each of them learning, as if for the first time, how to trust one another.

Related Information From Dell.com: Create a Network Roadmap.

Now more than 10 years old, the Apache Software Foundation has become a repository of some of the most important open source technologies.

The foundation was created to formalize the organizational structure surrounding its flagship Apache HTTP web server and to apply the same philosophy to shepherding other projects – now, nearly 150 of them.

Open source provides access to technologies to power innovation without software licensing costs, especially valuable in an economic downturn. But to use open source effectively, enterprises need to understand the tradeoffs, such as the need for developers skilled with working with open source projects rather than polished commercial products.

Justin Lundy, a systems integration and information security consultant currently working for a major bank, says every Fortune 500 organization he has worked for took advantage of a couple of core Apache components: the web server and Apache Tomcat,  which is Apache’s Java web servlet engine. “It’s the Fortune 500 companies that are truly interested in innovating that we can see adopting some of the newer projects,” he says, pointing to distributed computing and data analysis technologies like Hadoop, HBase, Cassandra, and CouchDB.

“I think we will begin to see more and more migrations away from expensive commercial data warehousing products, database products, and a growing number of enterprises that embrace open source frameworks for distributed databases and distributed data warehousing and analytics,” Lundy says.

Not that this style of computing is for everyone, given the creative chaos of the open source movement. One CIO surveyed for this story wrote that Apache technologies “are not even on our radar at the moment” because he is focused on simplifying and standardizing the technologies in his environment, rather than experimenting with new ones.

But for those feeling a little more adventurous, here are some things to look at.

Hadoop

The Hadoop project attracts buzz because it mimics the style of distributed computing used internally at Google, using technologies cloned on the basis of academic papers published by Google engineers. Using the MapReduce style of programming, developers write data processing routines that fan out across clusters of computers and feed back their results. This turns out to be an efficient way of performing data intensive tasks on commodity hardware.

Yahoo, a major backer of the Hadoop project, has incorporated the technology into its own web data analysis processes. Cloudera, a company formed to provide commercial distribution and support for Hadoop and related technologies, also claims corporations like Bank of America and Samsung as customers. Proving that Hadoop is not just for web data, Samsung says it is applying the technology to its bioinformatics business — albeit delivered as a cloud service.

HBase

A subproject of Hadoop, HBase is another clone of a Google technology, this one known as BigTable, that is used to manage very large database tables — up to billions of rows, millions of columns — with the data stored on clusters of commodity servers. This is structured data storage and analysis, just not according to relational database rules. HBase provides a BigTable-like solution that runs on top of Hadoop.

Cassandra

Cassandra is Facebook’s contribution to the field of Big Data management and analysis. Originally invented to manage Facebook user account data, the code was contributed to the Apache project in 2008 and is now maintained and refined by participants from many companies. Cassandra adopted some of the concepts from Google’s BigTable as well as published details on Amazon.com’s Dynamo distributed computing technologies.

CouchDB

Another non-relational database, designed for easy replication across many nodes and data access via a REST API, meaning that documents and records are posted to and retrieved from the database over the Web’s HTTP protocol. The BBC is one organization that has talked about using CouchDB in combination with Apache Tomcat to build a cost effective content management system that can be replicated across data centers.

Lucene and Solr

Lucene is an umbrella project for developing open source search software, including the Lucene Java library and the Lucene.NET port to C#. Solr is a high-performance implementation of Lucene Java that has been adopted by organizations such as MTV Networks for search applications on their websites.

Nutch

Lundy points to Nutch as an affordable alternative to purchasing a Google Search Appliance. Originally a sub-project of Lucene (as Solr is now), Nutch was reclassified as an Apache top-level project this year in recognition of its growing maturity. Building on top of Lucene, Nutch adds facilities for crawling, parsing, and indexing web documents.

It can also take advantage of Hadoop clusters. Hadoop actually originated as part of the Nutch project.

Tomcat

A free alternative to Java application servers, particularly for situations where basic Java Servlet and Java Server Pages technologies are required and heavy-duty Java Enterprise Edition technologies would be overkill. Tomcat can also be used as the front end to more sophisticated back-end Java technologies.

Struts

A web application framework that extends the Java Servlet API to support a model view controller (MVC) programming model. In other words, it provides a mechanism for enforcing a clean separation between the presentation of an application (the user interface) and the logic behind the application with the goal of simplifying maintenance of the code.

Several competing open source technologies fill a similar role, such as the Spring Framework.

Geronimo

Apache Geronimo pulls together many open source Java alternatives to produce a fully certified Java Enterprise Edition 5 application server.

Axis2

Axis2 is part of the Apache Web Services project. A Web Services engine for the SOAP and WSDL protocols for distributed invocation of services via XML messaging, as well as REST. The primary implementation is in Java, although a port for C is also available.

Apache HTTP

While perhaps less glamorous than some of its distributed computing brethren, the Apache web server remains the workhorse of the web, powering some 70% of all websites and enabling many applications through its extensions for Perl and PHP programming.

Deepak Agarwal, CIO for the Palm Beach County School District, says that’s still the technology from the Apache family he finds most useful, because “It supports a variety of features, many implemented as compiled modules which extend the core functionality.” He also calls the Apache web server “easy to configure and very stable” – valuable qualities for any enterprise environment.

Related Information From Dell.com: Experience the Advantages of Linux.

How often does your team find, while troubleshooting an issue, that were small warning signs leading up to the incident but no one had noticed, or there had been no context to make it clear that they were seeing a real problem? Hopefully you don’t encounter such situations very often, but it happens. A daily log review policy can help to catch some of these issues earlier before they bog down or, worse, break your servers.

One advantage to allocating time for daily log review into your staff’s routines is that they become more familiar with the day to day workings of your systems. This knowledge in turn makes unusual occurrences stand out even more than they would have before.

In its ideal form, in a daily log review the IT staff look through your infrastructure’s collective logs on a daily basis, building rules to tag events as either harmless or warranting investigation. After looking into suspect events, those system administrators (or whomever is responsible for review) double-check that none of the rules are too broad, generating false matches. Rules that don’t quite hit the mark are adjusted, and then the next day, it starts again.

Given how large an enterprise infrastructure gets, the idea of trying to review everything in a month, let alone a day, might give you hives. It’s up to you to determine how exhaustive or relaxed to approach this process.

Getting Ready

To get the most out of daily log review, it’s best to collect all of your infrastructure’s network, application, and server logs in a single place, or to index them into a tool where they can be processed simultaneously. Pulling everything together allows you to build one set of rules that apply to similar logs across every machine at once and ultimately reduces your workload. Doing so also allows you to troubleshoot issues faster because you can look at all of those logs simultaneously.

Daily Log Review is tool agnostic, but due to the volume of data, software can make the process much more manageable. Depending on your preferences and your staff’s skills, your people might be happiest with shell or Perl scripts. Many aren’t. Solutions such as ArcSight, LogLogic, Splunk, and others allow you to collect or index logs centrally or through a distributed setup. Look for tools that search your logs in real-time, looking for events that match user-created rules and firing off alerts when specific conditions are met. The more flexibility you have to add tags or fields, the better.

Before anyone on your staff gets down to the business of building rules, be sure to set policy on how harmless and problem events will be marked. You might have everyone tag them as ok or not_ok, or harmless and suspicious. Sometimes it’s hard to decide what is really harmless, as some events are perfectly harmless unless they’re in combination with others. For example, one failed SSH login isn’t a big deal, but a large number of them in a short span of time is cause for worry. Consider building a wiki that you and the IT staff can use together to make policy notes as you all grow used to doing review.

Depending on the tool you chose, you can probably build rules to watch for these combined event cases. Even better, if you’re required to do review due to regulations, some tools also offer auditing features so you can prove that your staff is following the necessary protocols.

The Process

Daily Log Review can sound more complicated than it is when spoken about generically, so let us focus on an example. Say that you expect administrators to each spend an hour a day on this process, focusing on the systems for which they’re responsible. The order of tasks should roughly follow this model, adjusting for your preferences on how much time and what level of detail you want to attack the issue.

• Start by searching for the day’s not_ok or suspicious events that are already flagged.

Investigate the suspicious events or call them to the attention of the right person. For example, a message such as this from your web server may warrant investigation into whether upload file sizes through the HTTP POST method need to be increased, with the accompanying rule looking for a collection of terms in a single event such as error PHP POST Content-Length exceeds limit:

[Sat Jul 24 06:08:55 2010] [error] [client ::1] PHP Warning:  POST Content-Length of 20556051 bytes exceeds the limit of 8388608 bytes in Unknown on line 0, referer: http://localhost/wordpress/wp-admin/theme-install.php?tab=upload

If the administrator decides false matches are pulling up events that are harmless, she might adjust the rules to not match the ok events or follow whatever protocol you choose to suggest a rule change. For example, someone might have a rule looking for Python errors but the administrator may feel that the following event really doesn’t merit investigation, as it’s fairly minor:

[Sat Jul 24 06:02:03 2010] [error] python_init: Python version mismatch, expected ’2.6′, found ’2.6.4′.

The administrator might suggest adding Python version mismatch as an exclusion to the current rule, and then creating a second rule assigning error python_init version mismatch an ok tag.

• Search for the day’s untagged events (neither ok nor not_ok).

Create rules and tag the untagged events. Here’s where a lot of the heavy lifting occurs in Daily Log Review. This is the spot where you might be most likely to suggest a time limit – or your staff may not get anything else done. Fortunately, since you’re working in a centralized tool across all of your logs at once, each rule created applies across your whole infrastructure.

• Search for the day’s ok events that are already flagged.

Look again for false matches. You don’t want problems slipping by because a rule was too broad and is tagging unforeseen problem events. Either adjust the rules or follow protocol for rule change discussion.

Over time, you and your staff will find a rhythm that works for your organization. Everyone will become more familiar with the daily workings of your infrastructure. People will think to create rules on their own when they see problems so that those problems will flag with an alert or just in the not_ok searches if they recur. There will still be times when you’re trapped in reactive mode, but they’ll be fewer. And you’ll have your handy new tools at your staff’s disposal when the emergencies do occur.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter.

On the one side are seven heavyweight Republican senators and the cable and telecom companies. On the other are myriad net neutrality supporters ranging from the Obama administration and the FCC to Internet-company heavyweights. The latter include all the major search engines and a large group of Internet-only services, ranging from social media giants to VoIP providers.

It’s a huge battle with much at stake.

On the one side, telecom and cable companies have invested heavily in ISP infrastructure. They resent upstarts like Google prospering on their very expensive fiber optics and last mile connections for free. Make no mistake, telecoms and cable companies have invested hundreds of billions of dollars in Internet infrastructure, without which broadband (as we know it) would not be physically possible.

On the other side, Internet companies are keenly aware that cable companies and telecoms could decide to squash competition by blocking subscribers from any sites and services that threaten the ISPs’ revenue. Can you imagine, they say, what damage Verizon Communications could do to the likes of Skype if there are no rules compelling “fair” play? Google has apparently imagined what ISPs could do to Google Voice and search; it has already poured $2.7 million (this year alone) into lobbying activities pushing for federal regulations of Internet providers.

Yet, all the public talk is about consumer access, and precious little about large enterprise impact. Lots of rhetoric is tossed about concerning bridging the digital divide — the gap between the broadband haves and have nots. But the argument is much bigger than that. It all boils down to a jostle for control of the ‘Net and that control or lack thereof will resonate through large enterprises too.

While the outcome is uncertain, the possibilities are pretty clear. The situation could remain unchanged and broadband service would fall under the Communications Act as a Title 1 information service. The situation could pivot to reclassify broadband as a Title II telecommunications service, putting it squarely under the same free and fair access regulations as they currently apply to standard telephone regulations. The third possibility is that a totally different reclassification will occur, one that puts ISPs under a blend of Title 1 and Title II rules.

So what do these three possible outcomes spell for the future of large enterprises operating in the U.S.?

If there’s no change: Broadband speeds in the U.S are unlikely to match speeds widely available in other countries in the near future. The U.S. placed 17^th in a United Nations commissioned study of 154 countries. The report, “Measuring the Information Society –the ICT Development Index,” attributes the U.S.’s steady fall in the rankings to stagnation. This means that ISPs are not investing in new technologies at a sufficient rate. The reason: ISPs are hanging onto legacy networks.

“While Europe and Japan have Fiber to the X (FTTX) services, the U.S. has not rolled out very much,” says Asif Hazarika, senior director of product management at IP Infusion. “There is a great deal of legacy deployment in the U.S. that makes it very costly to match the speeds of GPON or EPON technologies.”

The problem is compounded in mobile broadband. “The U.S. is definitely behind the rest of the world in mobile broadband access, both from pricing and access speeds,” says Hazarika.

Without a change in classification, Internet providers are effectively free of broadband competition so there is little to motivate them to improve speeds, costs or access. Further, they could conceivably limit access to prime Internet services that enterprises use ranging from VoIP to Google search.

Large enterprises will find it increasingly difficult to work in the U.S. with slower broadband speeds. Employee productivity will also be impaired by slow mobile broadband speeds. Remote workers and teleworkers will be similarly shackled. Costs for broadband services, however, will continue to rise and adversely affect enterprise bottom lines.

If broadband is reclassified to Title II: Title II regulations were written to regulate the telephone industry during the monopoly era. The breakup of the original monolith AT&T under this regulation in 1984 paved the way for the advent of cell phones and other mobile and Internet phone innovations. Theoretically, placing broadband under the same fair trade protection will ensure no one entity, ISP or otherwise, can control or restrict access to Internet companies and services or to the Internet itself. This could result in an innovation burst that could be helpful to large enterprise.

Detractors say that the regulations are too arduous and will have the opposite effect. They believe the regulations would stifle broadband improvements and innovations by discouraging ISPs from making large private investments in infrastructure. This is unlikely, however, as free market forces are not currently at play.

“There is not much competition and they are not being forced to improve,” says Hazarika.

While there is some budding competition on the horizon in the form of communications over power lines and the advent of smart grids, these need years to grow to true competitive form. Plus, some of the same telecom players, such as Verizon, are active in this area, effectively containing competition again.

By comparison, the U.S. federal government stands poised to shove broadband innovation and competition forward at near-light speed.

“The U.S. is on the path to become very competitive in the race to deploy broadband services as evidenced by the $7.2 billion Broadband Stimulus initiative, the implementation of the FCC’s National Broadband Plan, the restructuring of the $7.7 billion per year Universal Services Fund to subsidize broadband build-out through a new Connect America initiative, and the FCC’s plan to establish a mobile broadband plan,” explains Gary Bolton, vice president of Global Marketing at Adtran, a manufacturer of datacom and telecom products including DSL. “Federal subsidies, along with private investment, will allow the U.S. to have high-bandwidth competitive broadband services available across the nation.”

This, obviously, would be a good scenario for large enterprises, in terms of speed and access, in the U.S. However, it could also result in increased costs for broadband services above the higher costs already charged in the U.S.

“The verdict is still out on how the stimulus package balances against the burdens of regulation,” says Mike Jude, program manager of Consumer Communications Services at Frost & Sullivan.

If broadband is moved to a new classification: This is the murkiest of the three possibilities. The FCC is currently accepting comments and this scenario is thus still being shaped. Whatever it ends up being, it will be a blend of Title I and Title II rules; the only unknown is how much of each title’s regulations will rule.

Unless large enterprises weigh in on the issue, the odds are roughly 50-50 that rules under a new classification would be advantageous. For now, much of the argument is positioned around the consumer; but in this case the consumer is also the employee for many large companies, so regulations that favor consumers are likely to benefit enterprises. However, that assumption is too broad to calculate actual advantages or disadvantages to the Fortune 500 set.

The only thing that is certain is that this is too important an issue for large enterprises to leave solely at the discretion of the current industry players.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

It’s not always possible to replace critical software with open source, but whenever possible it’s a good practice to invest in open source services to avoid vendor licensing and lock-in. Companies often look to open source offerings like Linux and Apache for infrastructure services, but overlook the availability of open source alternatives for applications higher up the stack.

Only a few years ago, it would have been difficult to find mature open source BI software, but Pentaho and JasperSoft are now established organizations and have become attractive alternatives to proprietary software.

Pentaho

Pentaho has been in development since 2004. As with many business oriented open source projects, Pentaho is offered in a community edition and as enterprise editions.

The Pentaho BI Suite Community Edition components are released under a mixture of licenses, and comprise several components: the data integration component, Kettle; Pentaho Reporting, which includes all of Pentaho’s open source reporting tools, report designer, and libraries; the Mondrian Online Analytical Processing (OLAP) server; Weka data mining component; and several other components.

The open source edition of Pentaho has enough functionality for businesses willing to roll their own BI solutions and deploy them. However the Enterprise Edition has a great deal of functionality not found in the Community Edition. On top of support and service level agreements, Pentaho Enterprise has single sign-on (SSO), clustering, performance monitoring, and integration with Microsoft Active Directory or LDAP services, and many other features.

Configuration of JasperSoft, as evidenced by the number of components, can be complex. The company also offers a hosted “on-demand” subscription for Pentaho which is customized by the company and priced accordingly.

JasperSoft

Another open source contender is JasperSoft. Its BI suite includes the stand-alone JasperServer report server that is at the core of the BI suite; JasperReports and iReport for designing and delivering reports; and JasperETL for data integration. The open source projects are hosted on JasperForge.org and components are licensed under the GPL or LGPLv2.

The community edition may be enough to get started and can be useful in many projects, but may not get you all the way there. The Community Jaspersoft projects don’t include a number of features that large organizations will want, such as the report designer, additional querying and reporting tools, and logging features useful for auditing. And, of course, the Professional and Enterprise editions include support and update features that aren’t included with the community edition.

Organizations looking to deploy or test JasperServer quickly might want to look at the BitNami stacks. BitNami provides installers, virtual machines, and cloud images with popular open source software pre-configured. JasperSoft is the only BI suite currently packaged by the project.

Pentaho and JasperSoft aren’t the only open source offerings, of course, but they are two of the most popular solutions and have been around long enough to mature and to develop a decent community.

Cheaper, But Not Free

While Pentaho and JasperSoft can save on licensing costs, it’s important to note that open source doesn’t equal free. Organizations still need to budget for customization and deployment, and possibly for support or subscription fees. Even if you roll out Pentaho or JasperSoft on your own without any support, deploying one of the solutions is going to take time.

However, BI software is complex enough that those costs will be present even with proprietary solutions. If cost and avoiding lock-in is important to your organization, and it should be, Pentaho and JasperSoft should be two of the first solutions you evaluate.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter.

More than half of US enterprises will use microblogging by 2012, according to Gartner. By 2014 social networking tools will replace e-mail as the primary form of communication for 20 percent of business users, the analyst firm said.

Enterprise social networking has the potential to improve decision-making agility, streamline the flow of communication within an organization, and greatly improve the discoverability of both internal experts and sources of vital information. Unlike consumer social networking services, enterprise offerings promise to provide these benefits with security and policy-based customizability.

Criticized by some as yet another information stream to challenge already-overwhelmed users, enterprise social networking software and services could instead replace existing and less efficient forms of communication, including some in-person meetings and e-mail. For some organizations, they could replace intranets altogether.

Solutions in this category span a very wide range, from minimal microblogging-centric services like Yammer, Microsoft OfficeTalk, and Google Buzz for enterprises to full-blown communication and collaboration suites, including Socialtext, Cisco Quad, and IBM Lotus Connections.

Here’s what you need to know about how these solutions differ, what each offers your company and what you should be thinking about in preparation for the coming new world of enterprise social networking.

Yammer

Yammer is a Twitter-like social micro-blogging service based on the “freemium model,” which means that it’s free at the low end, and costs $3 or $5 per user per month for Silver and Gold packages. Yammer creates separate networks for each organization, and the user’s e-mail address domain determines whether access is allowed to each specific network.

As on Twitter, Yammer users can post short “status updates” with links, and reply to the updates of others. Branding of the user company is displayed prominently on the page. Communities allow limited participation by approved partners and other groups with which a company might want to communicate.

OfficeTalk

Microsoft is testing a social micro-blogging service called OfficeTalk in a closed trial. Functionally, OfficeTalk is similar to Yammer, offering a 140-character post limit, user profiles, and search. Each user has access to two feeds: one for co-worker posts, and the other for official company broadcast messages. Like Twitter, OfficeTalk takes advantage of hashtags, keywords that enable easy searches based on subject.

OfficeTalk is unlikely to ship as a stand-alone product. Microsoft hasn’t announced when or even whether OfficeTalk will be released. But it’s likely to be built into one or more other products, such as SharePoint or Outlook Social Connector or even as a standard part of Outlook.

Buzz

Google Buzz, another popular social micro-blogging environment for consumers, is being re-tooled for enterprise use, according to Google. The company announced in February that it would soon make a special version of the offering available to businesses and schools “with added features for sharing” within an organization.

The current version of Buzz is roughly similar to Twitter, but without the 140-character post limit and with good support for threaded conversations. Google Buzz has an open architecture, so it’s reasonable to assume that data-driven applications could be built into it for enterprise use.

Buzz’s potential to replace meetings, e-mails, blog posts, and intranets is far greater than Yammer’s or OfficeTalk’s, largely due to its ability to handle long posts and threaded messages.

Socialtext

Socialtext, made by a company of the same name, provides cloud-based enterprise social networking. Socialtext offers blogs and micro-blogs, document sharing and collaboration, wikis, and other integrated tools.

Socialtext enables companies to set up “channels,” which are broad topic areas for microblogging. Users can subscribe to various channels, and also tag their own posts to show up in specific channels.

Socialtext Desktop is a PC application that accesses the cloud-based data and services, but the software can also be used in a browser.

Socialtext also has user dashboards made up of OpenSocial widgets. OpenSocial is a set of social networking APIs created by a consortium of companies led by Google.

Cisco Quad

Cisco Quad is an enterprise social networking suite, currently in beta and due on various platforms starting later this year in the U.S., Canada, the U.K., Australia, and New Zealand and elsewhere a year after that. The core social networking features of Quad are roughly similar to Facebook or Twitter, but with strong security and policy control.

Quad enables microblogging that can be posted internally on the Quad system, or externally to Twitter. Companies can enforce external posting policies using rules that automatically filter outgoing posts.

Quad features a wide range of other communications and productivity applications, including a calendar viewer, RSS reader, VoIP application, videoconferencing and instant messaging.

Users can create “communities” — ad-hoc teams — or project-based workspaces where co-workers can collaborate and share documents.

Cisco claims that Quad can be integrated into a wide range of Cisco Unified Communications solutions and with Microsoft Exchange and Sharepoint, as well as other widely used enterprise tools. It can also be integrated into Notes, Sametime, Microsoft Office, Outlook, and SharePoint, RIM Blackberry, and other major business applications.

IBM Lotus Connections

IBM Lotus Connections is one of the few currently shipping enterprise social networking solutions. Like Cisco Quad, Connections seeks to integrate Facebook-like social networking functionality with a wide range of other communications tools, including blogs and wikis.

IBM Lotus Connections enables users to create “Communities” where teams or departments can collaborate on documents. A content library called “Files” enables revision management of documents worked on by multiple users.

Connections supports RSS and ATOM, and provides an API for extending functionality or integrating into existing systems.

IBM is planning a new version of the suite called IBM Lotus Connections Next, which the company claims will bring enterprise social networking to a powerful new level. One touted feature is that the system will automatically recommend both people and content for users based on what they’re working on, and also based on a user ranking system. These features take advantage of “social analytics,” which is business intelligence software for social streams. Connections Next also promises Quad-like content moderation to keep sensitive information off public social networks and blogs.

The suite will eventually evolve into something called Project Vulcan, which IBM believes will be a ground-breaking, comprehensive collaborative social networking platform.

How To Decide

The decision-making process for evaluating, choosing and deploying social networking solutions is complex because several of the strongest contenders are not yet available.

All enterprise social networking products offer microblogging. The first decision is to decide whether you need more than that. Microblogging will likely show up in future upgrades of widely deployed tools like Microsoft Exchange and Office within the next year.

One major consideration is whether your organization is already heavily invested in Microsoft Exchange, IBM Lotus software, or Cisco communications solutions. Embracing the social networking solution of the dominant provider of your communications suite may appeal to decision-makers in your organization.

Regardless of which path your company takes — minimal microblogging or full-blown social communication — and regardless of which company you seek out as the vendor, it makes sense to begin evaluating the move as soon as possible. Enterprise social networking is more than just a buzzword. It’s likely to usher in a new era of business communication that may affect your organization’s business agility, efficiency, and ultimately, its bottom line.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

We all use PHP in our enterprises. It’s become the do-it-all language of choice for Web developers, from the smallest companies to the Fortune 500 and back again. However, PHP — which has been called “the one programming language that makes German look terse” — has problems with scalability. It is all too easy to write sloppy code that never-the-less works well enough to be rolled out.

Of course, as Luke Welling, Web Team Lead at Message Systems, a digital messaging management company and co-author of the “Bible” of commercial PHP/MySQL programming, PHP and MySQL Web Development, pointed out at an OSCON seminar in Portland, OR, that’s true of many corporate programming projects.

So what can you, as IT management, do about this? Well, for starters, Welling suggested that managers fight the attitude that sloppy programming is acceptable because IT can always “throw more and faster processors” at any performance problem. Sometimes, you can’t fix performance problems with hardware. You need to convince developers and their team leaders that writing to the minimum hardware requirements, rather than the maximum, is the smart thing to do.

You also need to fight the common programmer perception that all production code is temporary. This starts with the basics. Welling observed that many developers don’t even believe that the language or dialect they’re writing in is still going to be used in production systems in a few years. Wrong! According to Welling, the idea that “PHP code is going to hang around is not a crazy idea. Programming languages hang around for a very long time, as the COBOL programmers who were pulled out of retirement to deal with the Year 2000 bug found out.”

More specifically, you must convince programmers and their team leads that “No, the code you dash off today won’t be replaced properly next year. Unless the code causes real issues today there will  never be time to replace it in the future.” Welling believes that “Inertia is powerful, platform changes are harder, rewrites are harder still, and people get stuck in their ways.” So encourage developers to get it right, or righter anyway, the first time.

That doesn’t mean that every development environment will be streamlined to make a developer’s life easy. When it comes to Web design, he said, “PHP is still not going to be a pretty language. It never has been and it never will be. Its strength and weakness has been its willingness to adopt features as appropriate.”

PHP is no longer a quick-and-dirty language, however. Or at least not solely. Welling said, “PHP has grown up with the Internet. It’s no longer a place for software tinkerers. People are no longer willing to accept failure since the Internet has become a utility service.” This is an important point to keep in mind. At one time, internal code tended to be inward facing. Now, with enterprise websites, mobile applications, cloud computing, and the programs once behind-the-firewall serving your customers, your in-house programs may be exposed to the external world. Programs that might have passed muster for your own users might not work well at all for the public.

Find a way to encourage developers to write code past what Welling calls the “80% level.” He explained, “Everyone likes writing new code and getting it to the 80% level [when] the features are pretty much done. That leaves the boring, but vital 20% of error handling and proper testing.” Few programmers like doing that last 20% of the work. Welling sarcastically noted, “Getting to 80% takes 100% of the time, and the remaining 20% take the other 100% of the time.” Without providing motivation, getting that last critical 20% done is often a real problem.

Your programming teams also need to be aware that “Today’s bad code often is the same as yesterday’s when spaghetti code was usually the problem,” said Welling. “Today, bad programmers write deeply nested hierarchy structures and Object Role Modeling (ORM) which can be slow and may be almost impossible to debug.”

The solution to such problems is that classic of design: KISS (Keep it simple, stupid). In addition, designers should avoid micro-optimizations. “They’re a waste of time. Your programmers should also avoid ‘cool’ design patterns, obscure performance tweaks, niche language features, new language features (no matter how much they may want to use the nifty new trick), and terseness in coding” that leaves follow-up programmers with no clue as to what the original designer had in mind.

Like any programming project, Web development needs managing and workflow. “It needs a Version Control System (VCS).  It needs a review, build, testing, and release process. And it needs an easy way for developers to set up staging servers,” said Welling. Companies tend to cheap-out on the last matters. In his experience, a business may hire Web developers to create the code but won’t hire quality assurance (QA) specialists. “Someone other than the developers must do the testing,” he asserted, lest your public do the “testing” for you.

For all the problems your company may have with in-house development, remember that performance problems may not have anything to do with code quality, especially when it comes to the Web. Welling commented that “Most people don’t have traffic problems on the Web from their PHP code. The PHP processing time is generally a small part of the experience.” Instead, he said, slow Web load times are more likely to be due to massive third-party JavaScript libraries, large images, or the use of Adobe Flash.

Developers, managers, end-users, and customers want software that gets the job done, can deal with stress and failure, and can automatically recover when something does go wrong. If they can keep that “job one” clearly in mind as the goal and manage to “Write code that is readable and maintainable,” Welling said, Congratulations! Your enterprise will be well ahead of its rivals.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

Canonical, the company behind Ubuntu Linux, has always had many enthusiastic user and developer fans. It’s a different story within the enterprise. Canonical has been trying to improve its business reputation though in both the server and cloud spaces. In particular, according to Neil Levine, Canonical’s VP of Commercial Services, Canonical has been working hard to bring Ubuntu’s well-known ease of use on the desktop to cloud deployments.

The latest example of this was Canonical and IBM’s launch of a virtual appliance of IBM’s DB2 Express-C database management system. This virtual application can run on the Ubuntu cloud computing platform, in private and public cloud configurations.

DB2 Express-C is IBM’s free community edition of DB2 software. Small businesses and multi-branch companies, as well as developers, can use it as their DBMS platform. DB2 Express-C has all of DB2′s core features and can be used to power in-house DBMS applications, Web 2.0, and SOA-based solutions.

How this can work for an enterprise, said Levine, is “to give large companies a way to get a taste of our low-cost way to try Ubuntu and DB2 on public cloud. If you want to try it, you can.” Then, if you like the experience, you can use a more powerful DB2/Ubuntu stack on either a public or private crowd, “using the same tools and architecture that you’re already using. There’s no need to re-architect it.”

This is all part of Canonical’s plan to make Ubuntu just as much of an enterprise business player as Novell or Red Hat. Without much notice, Ubuntu has already “become one of the most popular guest operating systems on cloud services like Rackspace and Amazon EC2,” according to Levine. Increasingly, it is also being deployed as the host cloud infrastructure layer by private organizations and ISPs.

If you don’t trust the public clouds, you can use Ubuntu Enterprise Cloud. This combines Ubuntu 10.04 with the open-source Eucalyptus cloud software so creating your own cloud requires little more than plugging in USB-sticks and running installation routines on your existing servers.

You might say at this point: That that’s all very well and good, but don’t other cloud vendors promise similar services? And, if one really wanted Linux, couldn’t you simply use Red Hat Cloud? Canonical admits that’s all true, but, Levine said, “Canonical is trying to make using Ubuntu and a serious DBMS like DB2 as easy to use on a cloud as using Ubuntu already is on the desktop.”

In addition, like Red Hat before it, Canonical is now offering enterprise-level support for both its server  and cloud-based Linux offerings via its Ubuntu Server Advantage support plan. The Essential edition, which doesn’t include cloud support, includes Landscape Hosted Edition, the equivalent of Red Hat Network.

For cloud users, the Standard edition of the Ubuntu Advantage package for servers adds virtualization and Windows integration support. At this level, cloud support is an option. This edition costs $700 per machine per year and only has 9×5 coverage. The Standard Cloud add-on for Ubuntu Enterprise Cloud costs an additional $350 per year. This brings the total cost to a minimum of $1,350.

Ubuntu Advantage Server Advanced Edition bundles in support for clustering and high availability and the custom package repository that Canonical has set up for Ubuntu; it costs $1,200 per year and has 24×7 coverage. Throwing in the Advanced Cloud add-on for Ubuntu Enterprise runs an extra $600 per year per machine, bringing the total cost for 24×7 support and the cloud to $1,800 a year.

On the other hand, Canonical’s support options is per server, not per core or virtual machine. This makes Canonical’s offering quite attractive.

If Canonical is indeed successful in making its server use as easy on the cloud as it already on the desktop, then even a comparatively minimal support contract might be all your corporation needs to run Ubuntu Linux on the cloud. While it’s still early days in the cloud for all vendors, Canonical’s offerings bears keeping an eye both for its low overall costs and for its ease of installation and maintenance.

Last, but not least, Canonical is forming strong strategic partnerships with such major vendors as Alfresco, Amazon, Ingres, IBM, Rackspace, and VMware. It certainly appears as if Canonical will soon be able to offer not just ease-of-use and low cost, but an excellent selection of both enterprise applications and cloud platforms to business users. When looking at your cloud plans, Canonical deserves to be considered.

Related Information From Dell.com: Dell and Cloud Computing.

While virtual appliance building has never been easier with powerful online tools such as rBuilder or SUSE Studio, there are also advantages to building virtual appliances using local resources that do not rely on the availability of the cloud.

VMware Studio is a tool that enables your team to create a wide variety of simple and complex virtual machines for a very attractive price tag: free.

VMware Studio (VS) differs from the rBuilder and SUSE Studio appliance builders, in that the appliances VS creates are only virtual appliances, built for the VMware platform family. Other virtual platforms, such as Oracle’s Virtualbox, can also be used to run the appliances, or any Open Virtualization Format (OVF)-compatible platform.

Virtual platforms also play a role in actually running VS—the free download is available only as an OVF-ready virtual machine. VMware recommends running VS on one of the following devices:

• VMware ESX/ESXi 4.1 or 4.0 through VMware vCenter Server 4.1 or 4
• VMware ESX/ESXi 3.5 through VMware VirtualCenter 2.5
• VMware ESX/ESXi 4.1 or 4.0
• VMware ESX/ESXi 3.5
• VMware Workstation 7.1, 7.0, or 6.5.1

In testing, VS ran perfectly well in VMware Player, a freely available “lite” version of VMware Workstation, which means that simply for the trouble of registering the Player and Studio products, you can have a free virtual appliance builder on your local system.

VS can build virtual appliances based on both Linux and Windows OS. On the Linux side, Ubuntu, Red Hat Enterprise Linux, SUSE Linux Enterprise Server, and CentOS are available, while Windows 2003 and Windows 2008 (without Hyper-V) are the available Windows options.

One very attractive feature for developers is the ability to directly integrate VS as a plugin to the Eclipse development environment. This makes application building and testing a seamless proposition.

Using VMware Studio

After you download and save the VMware Studio zip file, you need to extract the contents of the archive. Once the files are extracted, open one of the virtual platform applications listed above and open a new virtual machine from the Vmware_Studio-2.0.0…vmx file you just extracted.

When the VS machine is first run, you need to read the initial license agreement, and provide a root UNIX password for the VM. Once this is completed, you see the initial VS screen, shown in Figure 1.

The initial VMware Studio screen.

At this point, you could enter the URL displayed in the [Web] field in your preferred browser, and be on your way to creating a virtual machine. If this is your first time making a VM with VS, you need to acquire an ISO image of the operating system you intend to use. To do so, select Login and press Enter on the initial screen, which brings up a standard UNIX login prompt.

Type root for the login, and the password you previously assigned, which brings you to the command line.

Whatever ISO you use, you need to place it in the /opt/vmware/www/ISV/ISO directory of the VS machine. You can use the available wget utility to bring in the correct file via FTP.

To download an image of Ubuntu 8.04.1, for example, on the command line type:

cd /opt/vmware/www/ISV/ISO
wget http://cdimage.ubuntu.com/releases/8.04.1/release/ubuntu-8.04.1-dvd-i386.iso

The image file downloads to the correct directory. At this point, you can move forward to begin building your template.

Enter the URL from the [Web] field to start the VMware Studio interface. The VS home page opens (see Figure 2).

The VMware Studio home page.

To begin creating a new appliance, click the Create Profile button. The Create a New VM Profile dialog opens, shown in Figure 3.

Base your profile on compatible operating systems.

Give the new profile a name and select the appropriate operating system template. Click Create Profile to display the profile creation workflow (see Figure 4).

You create a profile by stepping through these pages.

To complete the customization of the profile, you visit each one of the pages highlighted in the secondary navigation bar: Description, Hardware, OS, Application, Management, Output, and Build Settings. You can either click on each page’s tab or click the Next button at the bottom of the page to move through this workflow.

The Description page enables you to name and otherwise describe the properties of the VM you’re creating. The key field on this page (other than Name), is the Version field, which is visible in the VM client, and are also used by the VS Update Service to check and install updates for a VM. You can also add your own end-user license agreement and specify the location of the web management console for the VM you’re creating.

The Hardware page (shown in Figure 5) lets you set the kind of hardware you want your virtual machine to access. Much of this is determined by the iron upon which you’re going to install the VM. You can use the virtual hardware version as a hardware meta-setting, since this specifies the virtual hardware interface that is exposed between the guest OS and the virtual hardware. You can also make more granular settings, such as CPUs, memory, and hard drives.

Configuring the hardware for your VM.

In the OS tab, you confirm the connection to the ISO you are using, as well as provide a root password for the new VM. You can also add additional user information for the VM on this screen, as shown in Figure 6.

Get the VM user settings configured.

The Application screen is where you get into the guts of the VM, specifying where the packages and package repositories for the VM are found, and then select the pages to install. Though you have to specify packages down to a very fine level, the VS installation automatically finds all of the relevant dependencies and get those installed, too. You don’t, then, have to specify every package.

Configure the apps you want to run on the VM.

Now that the VM is configured, and has all of the packages ready to go, you just need to polish up the VM settings. In the Management page, define which management services to run in the web management console of your VM. You also need to complete the SSL information, so that security certificates can be generated for each service you make available in the management console.

On the Output page, you define how the finished VM will be deployed. You can use either an OVF package, an OVA package (which is a zipped OVF), or a standard Zip file.

Finally, there is the Build Settings page, which you use to specify the type of platform you’re going to deploy the VM on. If your organization already has one of the VMware server or vSphere products, you can specify the location of the server on your network and pre-configure the VM for that specific platform.

After clicking on Validate to test the new VM, click Save and Build to complete the VM process.

The process is still not complete, despite your expectations. VS is a very robust tool, and allows you to deploy multiple VMs to a given platform using a vApp container. After building the VM, you can click on the vApp tab to step through a similar process to build a vApp with this new VM and any others you might want in your virtual appliance. Once the vApp is built, you can (whew) deploy the virtual appliance.

There is a lot of fine detail involved in the creation of the a virtual appliance with VMware Studio, which has barely been touched on here. Excellent documentation and  a straightforward interface make the learning curve a lot easier.

Related Information From Dell.com: Experience the Advantages of Linux.

Real KVMs cost money, sometimes substantial sums; virtual KVMs are cheaper, if not free. Savvy CIOs and IT professionals find them useful, functional, and affordable.

In most server rooms and in nearly all datacenters, KVMs often are built into one or more server racks. These generally take the form of 1U slide out drawers, with pop-up monitors and slide-out keyboards; they also include wireless or wired mice to support pointing and clicking on GUI interfaces as circumstances so often require when installing, configuring, managing, or troubleshooting servers, routers, switches, and other typical computing gear. For example, Dell offers various 1U KVM consoles that incorporate 17” flat screen monitors, keyboards, and touchpads (in lieu of an actual mouse) that integrate directly and easily into standard 17” racks for just over $1,000.

But if you examine closely how most KVMs are used, you’ll discover only a few compelling reasons to justify the expense (and rack space) that a physical KVM imposes. The vast majority of KVM use comes from routine administrative tasks that involve installation, configuration, updates or patches, and management of servers and other devices (such as routers and switches) that can just as easily be enacted using remote access from an administrator’s desktop or notebook PC.

The basic concept of a virtual KVM, sometimes abbreviated as VKVM or vKVM, involves using some kind of remote access protocol and related software to establish a connection across the network from one computer to another. Perforce, when making such a connection, a login session is created on the remote computer, where a window on the local (or administrator’s) machine reflects the remote desktop, so that what’s displayed inside that window shows what’s happening on the remote system.

Likewise, mouse and keyboard input on the local machine is ferried across the network to the remote machine so that it may be operated, and all responses to such input are then carried the other way back to the local machine to display the ensuing responses and results. Simply put, a vKVM substitutes a PC for a real or physical KVM, and uses the network to create connections that a real or physical KVM might create through a variety of links that also include the network, but might also include serial, USB, VGA or DVI, and other kinds of cables and connections.

Why bother with real, physical KVMs?

Sometimes, the network goes down, or a server or other device might itself lose network connectivity for a variety of reasons (software bugs, failed network interfaces, protocol stack problems, and so forth). In those situations, remote access disappears along with network access because such access depends entirely upon working network links between local and remote machines. KVMs, on the other hand, usually support sideband or different and direct connections to servers that permit access even when the network is down.

In a nutshell, that’s why you can’t simply toss out all your current KVMs and refuse to buy another ever again. But because the vast majority of KVM use occurs when network access is readily available, there’s also no reason to over-spend on KVMs or to insist that administrators use KVMs rather than remote access for tasks that don’t involve troubleshooting network problems of some kind. Remember, then, that KVMs keep working even in the face of network trouble, but that vKVMs work most of the time for most routine tasks, and you’ll have no trouble understanding why KVMs must still play a role, but that vKVMs can do most of the lifting, heavy or otherwise, when it comes to routine network maintenance and administration.

What kinds of vKVM tools and technologies make sense?

For Windows networks, the Remote Desktop Protocol (aka RDP) is included with all Windows Server versions and in all Windows Desktop versions at Professional (Windows XP and Windows 7) or Business (Windows Vista) and better (Ultimate and Enterprise, for both Vista and Windows 7). Using the built-in Remote Desktop Connection facility, administrators can log onto a Windows server (or desktop) of their choosing and perform nearly everything they can do when attached to the same machine directly or via a KVM. They can also cut and paste content from the local desktop to the remote desktop, and vice-versa, in addition to driving a remote interface locally to their heart’s content.

Figure 1: The Windows Remote Desktop Connections lets administrators connect to remote PCs using either computer names or IP addresses.

Of course, many organizations use other operating systems besides (or alongside) Windows, so alternatives to RDP and the Remote Desktop Connection facility are needed. There are lots of commercial and freeware or open source products from which prospective users can choose. On the open source side, the SourceForge “open source kvm and console management site” at okvm.sourceforge.net (click the Virtual KVM tab) points to numerous alternatives that work with many different platforms and OSes, including Windows, MacOS, Linux, and Unix. The Wikipedia KVM_switch article includes a section entitled “Software Alternatives” that lists numerous commercial options available to buyers interested in commercial-grade, supported products. And companies such as Citrix, Symantec, RealVNC, and many others also offer eminently suitable remote access and control packages that can do the job across multiple platforms as well.

In rethinking IT budgets and server room or datacenter planning, it’s often wiser and cheaper to budget for and include administrator desktop or notebook PCs in lieu of KVMs for routine administrative tasks. That doesn’t mean you can do away with KVMs entirely because they will still prove necessary at some times (when the network is down or unavailable to some specific machine or device) and for some tasks (bringing a new server up from bare metal, or restoring a crashed server from the same state). But for most tasks, and at most times, IT professionals will prefer vKVMs because they can use their own, familiar equipment to perform their most routine and regular tasks.

Related Information From Dell.com: Create a Network Roadmap.

“It is gaining momentum at a very deliberate pace,” said John Reed, District President of Robert Half Technology in the Central United States. “I would say it’s continuing to improve every month, every quarter.”

There are a handful of motivations stirring the snail. One is a pent-up itch to dive into projects that got shelved last year, Reed said, including desktop updates. “A lot of companies said, ‛We’re not going to buy hardware, we’re not going to buy software, and we’re not going to kick off projects. We’re just going to maintain, to get through this thing. If it’s not critical to business, we’re going to shelve it.’”

A growing number of companies are now finally moving forward with these projects, Reed said, cognizant of the fact that they have a business to maintain and they’ll lose competitive impetus if their competition moves forward with projects they themselves have neglected.

Dave Willmer, executive director of Robert Half Technology, said you could see an attitudinal shift at Microsoft’s recent Worldwide Partner Conference, which wrapped up on July 15. “Many went into their budget season Q4 [2009], they had a budget set aside, but they … didn’t come out of the gates in January and hire for them. Now, midyear Q3, a lot of companies know where they are in their financials, and they know where they can spend now, and they’re starting to spend more than they were,” he said.

The new-found confidence encompasses Windows 7 upgrades, but Windows 7 is a tiny snippet of the back-on-track scenario.

Here are specifics on how small a snippet and its rate of growth: IT Expert Voice’s Daniel Dern spoke to technology job site Dice.com in January about the worth of Windows certifications. At that time, Tom Silver, senior vice president of North America, reported seeing only a modest demand for Windows 7 skill sets, with a mere 100 job postings requesting this experience on any given day. Seven months later, as the second half of the fiscal year opens up purse strings to a certain extent, the number of requests for Windows 7 skills has tripled. That brings Windows 7 to about 300 job postings on Dice on a daily basis—a drop in the bucket when compared with the site’s 66,000+ total postings.

“So yes, there has been an increase in demand for Windows 7, but only marginally,” Silver said. “As companies continue to migrate towards this operating system, we would expect demand for tech professionals with this skill set to grow.”

Hiring companies are falling into two camps: Those replacing desktops and updating with the most current Windows version, and the type of company that’s biting the bullet and upgrading enterprise-wide. Those diving in whole-hog, updating by hundreds or thousands of PCs, are scheduling the deployment for 30-day stints, Reed said, making it obviously short-term work.

But while RHI is seeing primarily project-based skills demand, Dice is seeing more requests for full-time Windows 7 skills. “About 60% of the Windows 7 job postings are full-time,” Silver said. “There are contract positions as well, but it appears the current job availability is slightly more geared to full-time positions. This is consistent with what we see on the site overall.”

He also said that there are a variety of roles that list Windows 7 as a desired skill, including Systems Administrator, Technical Engineers, and Project Managers, both at the entry level and for seasoned professionals. “So even though it’s early days, there are opportunities,” he said.

So if the hiring recovery is not overwhelmingly fueled by Windows 7, where are the increasing IT jobs? Microsoft’s emphasis on Windows Phone 7 development gives us a clue. As eWEEK reported, Microsoft CEO Steve Ballmer devoted a good chunk of WPC keynote enthusiasm to the next version of the company’s mobile phone operating system.

Microsoft is highly motivated to get a piece of the lucrative smartphone pie now dominated by Google’s Android and Apple’s iPhone. It even went so far as to offer cash to developers who create applications for Windows 7 phones, offering to “co-fund strategic projects” on a limited basis, according to a Microsoft spokesperson quoted on Top Tech Reviews.

Microsoft’s no dummy. That smartphone zest is reflected in hiring trends, with companies snapping up phone developer skill sets, said RHI’s Reed. “That’s definitely a growing area that companies are investing resources in,” he said. “We see that as a place where people are hiring. Everybody does that. Every entity wants their Web presence mobile-friendly. You have more and more applications, with people wanting to access things from their smart phone. To enable that, you’ve got to have people with expertise, people who know how to take those applications and make them mobile-friendly with the user.”

With regards to which segments of the economy are recovering, tech staffing firms report varying results. RHI is seeing growth in healthcare, transportation, some aspects of construction, and education. Sapphire Technologies is seeing feeble recovery from the financial sector, according to recruiter and IT resume expert Shana Westerman, while retail weathered the recession and is still going strong. Yet Dice’s Silver said that the job site hasn’t seen a slowdown in IT growth in technology on Wall Street. As a matter of fact, job listings are up 38% year over year on eFinancialCareers.com, a Dice Holdings service that’s a global career site network for professionals working in the investment banking, asset management, and securities industries.

Related Information From Dell.com: Your Desktop Strategy.

If it is not the first question that’s asked of e-procurement vendors after cloud deployment and features, it’s certainly the next one. How green are you going to help us become?

According to a survey of 230 universities and colleges by the National Association of Educational Procurement, “Thirty percent of those schools have a green-procurement policy, and they are all getting to that point where they can recommend that change in buying behavior,” says Eric Zoetmulder, product marketing manager for SciQuest and coauthor of the survey.

That number is also reflected in the corporate world. According to a 2008 study conducted by AMR Research, 37% of large US companies plan deployment of some type of supporting technology for green procurement, says Zoetmulder.

To support a sustainability plan for your organization, 20% of that sits in buildings and people, 40% sits in operations, and the other 40% is represented in what you buy and how you buy it, he says.

“We actually have a partnership with Dun & Bradstreet to help deliver [sustainability] information about their suppliers as part of analyzing which suppliers they want to work with,” says Henry Hwong, director of Ariba’s Solutions Management Group. “Women- and minority-owned information is important to customers as well. All this information about suppliers is something that our customers have been asking us to help them get.”

E-procurement software is being customized to bring suggested sellers and products to the forefront when a user shops. The customizations can suggest local sellers for reducing carbon footprints, recycled products, sellers that use environment-friendly packaging, and more.

One aspect of green e-procurement is including a good green e-procurement policy in your e-sourcing process, says Zoetmulder, improving the decision making processes as far as contracts. “Most of our schools are getting to the point where they are signing carbon-neutral agreements,” Zoetmulder says.  States and cities and counties are adding sustainability managers, who are closely monitoring their organizations’ sustainability goals.

When you have an environment that people can go to find organization-approved goods, your purchasing process can promote goods that are green and sustainable, Zoetmulder says.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

For IT decision-makers supporting their mobile workforce, understanding the benefits and complexities of the technologies used by their chosen service providers or mobile carriers can make all the difference in delivering a robust mobile implementation at reasonable cost to the enterprise.

This means more than performing quality assurance on the mobile application’s code, and ensuring that the user interface has been designed for a different form factor. Testing mobile solutions involves ensuring your network infrastructure’s performance including availability and quality of service (QoS) is spot on as well as that security policies are in place and that the mobile applications being delivered across the network are threat-free.

Evolving Technology

Transport and delivery technologies have evolved as the demand for mobile support has exploded. Most mobile carriers including Verizon Wireless and AT&T Mobility have chosen to build out their new 4G networks with Long Term Evolution (LTE) technology. LTE is the newest iteration of 3G/WCDMA, GSM, and HSPA radio access technology. It’s very fast and is highly interoperable so any unlocked phone can connect to any company network.

Service providers are moving toward Ethernet backhaul away from T1, which benefits IT managers because Ethernet delivers higher capacity at lower cost. Ethernet services average $40 a month per megabit compared to the average cost of a T1 or E1 link at $200 to $800 per month, per mile. Other strategies include installing microwave backhaul connections instead of leasing backhaul capacity and designing networks for shorter backhaul paths. A recent Infonetics survey shows most operators plan to go with a single IP/Ethernet backhaul, either over microwave, fiber, or copper.

What’s cool about Ethernet backhaul is that the service offering is an extension of the corporate Local Area Network (LAN) with greater flexibility and simplified management in addition to a cost-effective solution.

Testing the Network

Testing Mobile Ethernet backhaul is a must for service providers if they expect to deliver for their corporate accounts. Unfortunately, the amount and granularity of information available directly from most Ethernet switches does not address business critical service level questions. Information provided by the switches is typically limited to aggregated counts of packets into and out of the switch, which doesn’t allow providers to evaluate information from a specific port or network performance in terms of loss, latency, and jitter or traffic frame sizes, protocol distribution, top talkers, top applications, or utilization.

Also critical is specific service analysis for services such as Voice over Internet Protocol (VoIP) or video. On top of those considerations, service providers have to be able to validate end-to-end QoS, identify the offending network segment, have network visibility and validate port/VLAN assignments and configurations, in other words, they must get it right the first time for their corporate customers, to be ready for business primetime.

Testing the Applications

Mobile applications are installed on the phone or device’s file system in much the same way that applications are installed on a desktop or laptop. During installation, new files are added, registry entries are changed, and configuration settings are modified. It’s imperative that pre-installation footprint settings are analyzed and kept on a flash drive prior to any application installation taking place. File system analysis and application reversing are two important tasks that must be done during client side testing.

The chief purposes of performing footprint analysis includes identifying the files created on the device during installation, identifying changes that are made to existing files during multiple application operations, and recording operations that occur during application use. The device file system needs to be closely monitored because developers sometimes take it for granted that the device memory is a safe haven for data storage; they tend to use it to store sensitive information such as passwords, user names, and other similarly private stuff.

After the application has been installed and several tests successfully run, it’s a good idea to reverse engineer the application. This uncovers application logic and code which comes in handy if the code needs to be modified to bring the application in line with security requirements. Sometimes the test process can find a way to bypass security and provide a way into the server. Reverse engineering also has a way of finding design bugs and methods of exploitation.

Ensuring that the mobile applications you allow into your enterprise environment are threat-free and won’t punch holes in your security and that the network you’re trusting your mobile-based business productivity to can deliver on the promise of top shelf QoS are just a couple of the tasks at hand.

Related Information From Dell.com: Your Mobility Strategy.

Software, on the other hand, is more of a challenge. It’s just bits on a hard drive, and without strict controls, it can be hard to keep count of how many copies of a given program are actually installed, and which versions are in use. Especially when, as often happens in an enterprise, the installation media has been copied to a network share for easy deployment.

That can lead to under-licensing, and under-licensing can be a very expensive proposition indeed.

How expensive can it be? Well, as far as software vendors are concerned, under-licensing constitutes piracy, and vendors discovering piracy often demand compensation above the cost of the unpaid licenses.

Consider these examples, all from between March and May of 2010:

• Unlicensed software cost a wireless retail store in Pennsylvania $92,500 in fines paid to industry licensing watchdog the Business Software Alliance (BSA), a group representing 37 major software vendors.
• A Burlington, MA software developer paid $156,002 in damages to BSA to settle claims that it had unlicensed copies of Adobe, Autodesk, Corel, and Microsoft software installed on its computers.
• A Wisconsin steel service company was fined $144,000 for its licensing oversights.

It doesn’t matter whether these infringements were deliberate or accidental; the penalties are the same. It pays to pay attention to licensing!

Overbuying isn’t a good solution either. Having idle assets, either physical or virtual, is bound to garner frowns from the CFO, who has to pay for and depreciate them regardless of whether they’re in use. And they gobble precious capital dollars that could be better used elsewhere.

While a manually maintained Excel spreadsheet of license assets may do the trick in a smaller company, a large enterprise needs a license management program. Often available in conjunction with asset management software, license managers keep track of what licenses have been purchased, which ones are installed and where they are installed. It should log serial numbers and other identifying information, as well as program version and purchase data (such as supplier and invoice number), so should a vendor demanded an audit it’s easy to reconcile in-use licenses with purchases.

That is often easier said than done, however. The problem isn’t a shortage of best practices (there’s even an ISO standard: ISO/IEC 19770) or tools (the BSA has links to several), and most software for managing physical assets also offers some sort of software audit). It’s the fact that installed software can be really hard to automatically identify. There’s no standard way in which vendors indicate program version and so forth within the software and its associated files and Registry settings; plus, vendors sometimes issue upgrades without changing the software’s internal identification. So in many cases software inventory programs can only make best guesses. And without ties to a purchasing system, all the data that proves you did, indeed, buy the licenses you’re using has to be manually associated with the software.

Even with the best tools, however, there’s no escape from some manual data entry. For example, Microsoft’s Client Access Licenses (CALs) have no physical or logical manifestation in most cases, so can’t be automatically audited. But counts of the number purchased, with supporting data, can be entered into a license management program and reconciled with the number of computers needing a CAL to prove you are compliant. Some license managers can import the data from vendors’ volume licensing portals to cut down on the typing, but the initial entry is undeniably a major chore.

That said, once the data is in place, a good license management program can not only report on what is in use: It can help you identify which licenses are un- or under-used, and thus are candidates for reallocation to another user. That can save substantial chunks of cash by eliminating unnecessary purchases.

Not to mention the cash it can save when you ace a vendor audit.

Related Information From Dell.com: Your Desktop Strategy.

According to a recent report from Gartner Research, 2009 saw the most significant drop in server deployments ever. Now this trend is in reversal: In the next few years, server deployments will increase, and the results won’t be pretty. Those data center power, cooling, and space problems you’ve been having? Take a deep breath and start strategizing — because they’re about to get worse.

To help you with that task, IT Expert Voice checked in with Mark Thiele, vice president of Data Center Strategy at cloud computing vendor ServiceMesh, president of the nonprofit organization Data Center Pulse, a member of Green Industry Advisory Board at CSU Fullerton, and strategic advisor at sustainability management software vendor at CSRware. We got his thoughts on the Gartner report and its recommendations, and discussed how companies can cut their data center costs.

IT Expert Voice: Gartner predicts that through 2013, data center power, cooling, and space problems will worsen as a result of new high-density infrastructure deployments. To help control energy consumption and costs, Gartner recommends delaying new high-density hardware procurement where possible. What are your thoughts on the prediction and that recommendation?

Mark Thiele: In effect Gartner is correct, but the problem isn’t just the next couple years. This is partly because cloud computing, combined with higher density computing, will have an interesting effect on the data center market as a whole.

In theory, virtualization, more performance per watt, and cloud computing should drive down the space, power, and cooling requirements for the average data center by 50% or more.

However, what we’ve seen over the last 30 years of semi-modern technology is that IT groups don’t really spend less when solutions become more efficient or cheaper. They instead buy more for the same costs. Think of 1995 when a tower server from Compaq cost $25K. Then in 2000 you could buy a 1RU server for $5K. What do you think people did? They bought four or five servers instead of one.

I believe cloud computing will have a similar effect on the IT world that 1RU servers did (see one of my recent blogs). In effect we’ll be making more technology options available to a much wider audience in much more affordable and digestable sizes. This availability will drive additional use and the generation of new ideas for more IT apps/products.

So in a very small nutshell, what I’m saying is that yes, there will be a crush on data center space, but it won’t be for just two years; it will be until we come up with a quantum leap improvement in how we process and store information.

How might a company delay purchasing new hardware without compromising its growth, uptime, and so on?

There are several options with varying degrees of cost and complexity that can help slow the need for more data center capacity. Here are five:

1. Push the envelope on your virtualization efforts. Regardless of what you hear (myths), virtualization is ready for even the biggest jobs.

2. Move some of your processing out of your data center and into someone else’s (i.e., Amazon, Opsource, Savvis, etc).

3. Ensure you’re effectively using the hardware that you have (i.e., what is the average CPU utilization rate? What is your performance per watt?). This is as much an asset management play as it is cloud and virtualization. Also, don’t be afraid to look at some of the new server options like SeaMicro and Tilera. In the right situation, these new server solutions can dramatically increase your capabilities, while driving down ownership costs.

4. Implement the basic data center improvement options that are widely understood, airflow being a key opportunity area in many data centers that are two or more years old.

5. Don’t assume that delaying hardware purchases is your answer. Your best answer might be to replace some of your power-hungry low-performance older devices so that you can concentrate more performance in a smaller footprint.

Gartner also makes the recommendation to deploy server-based energy management software tools and intelligent power strips on racks to monitor and control energy consumption. Do you agree this is a good strategy?

In general, yes. However, this is not a simple task and it can be very interruptive for the average data center. An intelligent power strip costs upwards of $600 each. If you have 50 cabinets with two strips each and you replace all of them you’re looking at spending $60K. It would take years to make up that cost in the small incremental power savings you’ll get, and that doesn’t even account for the potential interruption to operations and labor or software costs.

In most cases it’s better to put in new solutions like this when you’re doing a major rebuild or doing a greenfield data center.  An alternative that will get you much of what you need is looking for wireless sensing for the environment and branch monitoring for the power.

What are some of those options?

There are many options in the space. Some of the newer players in the wireless solution space are Arch Rock and SynapSense. However, there are also solutions available from some of the bigger players like Eaton and Emerson, among others. APC has a very comprehensive solution, but customers should be cautious about buying a bigger solution than they need. The potential ROI must be considered as there is no guarantee that any of these solutions will cost less than your inefficiency. They must also be considered against the time of ownership expectancy of the space to be monitored.

“Visibility” is important. Just as an example you could put a “monitoring/management” solution from a company like CSRware. It doesn’t actually provide much efficiency on it’s own, but it does give you a low cost, low risk, quick return on investment opportunity to get visibility to your environment relative to power, water and e-waste among other things. Similar to a scale in the bathroom, because it shows you the problem, you’re more likely to act on the information.

What challenges might these solutions pose to an IT department’s usual way of doing things?

The simple answer here is ROI and people/process. No solution will provide you a benefit if the people and process aren’t well defined in advance. Also, if you don’t have well-defined ownership and reporting criteria for the solutions, they will end up unmanaged and relatively useless in a very short time. Remember, most IT orgs are already overtaxed for resources. If you throw a new solution in the mix without making real accommodations for how it will be owned, no one will own it.

What do you recommend for overcoming these challenges?

Change management is a critical component of any IT environment, so again it boils down to people and process. If a process is poorly managed when it’s manual and you throw a technology at it, you’ll just end up with poorly managed automation. Also, you need to carefully consider the resource and impact requirement of any change versus the proposed efficiency gains. Power is often considered the biggest problem in a data center from a cost perspective, but it’s not.

Here’s an example based on a $1 million a year spend on data center:

Solution: Power monitoring and management with an expected savings of 2 to 5% are implemented.

Costs: The costs are 150K for hardware, software and implementation, and the ongoing yearly maintenance and management costs are 50K, for a five-year cost of $350K.

Savings: The savings over five years based on a 5% efficiency gain are $250K.

The average greenfield data center has a life expectancy of 15 years, so you can quickly surmise that there’s a much more obvious opportunity in a new facility than in retrofitting an older one.

The above is a very conservative and admittedly “back of the napkin” example, but it should give you an idea of what the risks/rewards are. (This example also doesn’t put a cost on the risk incurred during implementation. )

Gartner also recommends accelerating the speed of virtualization and consolidation projects to yield power, cooling and space benefits in 2010 and 2011 to offset the capacity requirements of new hardware.

I agree. I can’t emphasize enough that you should be pushing the envelope on your virtualization efforts. The majority of IT organizations are at 30% virtualization or less.

Do you think organizations are already speeding up virtualization and consolidation projects anyway?

Yes. Interestingly, many of the efforts are being accelerated due to a desire to utilize cloud computing as much as they are to save on power, space and cooling. Either way, it’s the right thing to do.

How about the cutting data centers costs overall? What strategies do you think are most important?

Here are four: First, know the total costs and the cost drivers for your Data Center. You also need to ensure you have a strategy for ownership with a top-down cross-functional leader. In addition, know how are your assets managed. And finally, create efficiency opportunities in the area of airflow management.

If a company is serious about cutting data center costs, should energy-saving/green IT-focused strategies be the top priority?

Many of the ideas I’ve covered have a significant impact on your carbon footprint (your “greeness”). I am a casual conservationist, but assume that my first responsibility to any business is to help ensure bottom line success through ethical business practices.

That being said, a well thought out efficiency plan is the same as a “going-green” plan. Anytime you’re using fewer resources (people, space, equipment, boxes, trucks, and so on) you’re being greener. For larger enterprise customers, there are even less obvious options like having their equipment delivered in more environmentally friendly packaging. An example would be having the hardware vendor deliver a rack full of gear in one box, versus having 5-30 servers delivered in individual cartons.

What are your thoughts on how well companies are doing—or not doing—in terms of focusing on cutting costs in the data center? And what do you think the motivation is?

As a global community I think the top 30% of data center owners are making excellent progress. My biggest concerns are for the thousands of companies with 10K server farms or less, who don’t have the appropriate ownership strategy in place.

As for motivation, it varies depending on the maturity, size and industry. With maturity comes an understanding of the costs and an increased focus. Size is similar to “maturity” in the sense that when you get big enough you can’t ignore the costs anymore. Across industries, IT and finance companies tend to have a stronger focus on their data centers. IT companies because it’s embedded in their DNA and finance because they have a high level of risk aversion and strong cost management strategies.

Any last words?

Buy what you need to solve a problem or enable a business opportunity—don’t buy technology.

Related Information From Dell.com: Your Power and Cooling Strategy.

It seemed so clear. Like it or lump it, the top brass realized, your company would move its enterprise desktops to Windows 7 as Windows XP came to the end of its sales and service life. Then, Microsoft changed the rules. At the same time that Microsoft announced the beta program for Windows 7 and Server 2008 R2 SP1s, the company “decided to extend downgrade rights to Windows XP Professional beyond the previously planned end date at Windows 7 SP1.” This means you’ll still be able to “downgrade” PCs from Windows 7 Professional or Windows 7 Ultimate to Windows XP Pro until early 2015.

Despite that sort-of announcement, Microsoft’s Windows Communications Manager Brandon LeBlanc, insisted that “Support for Windows XP Service Pack 3 will [only] continue through April 2014.” According to Microsoft, “After April 2014, customers will need to either get a custom support agreement or install a more modern OS on those PCs.”

Some observers, like Microsoft expert Ed Bott, think that this means Microsoft won’t generally support Windows XP SP3 even though the company will let you purchase it. Others think that Microsoft won’t cut off Windows XP SP3 support until five years or more after the last copy of XP is sold. This would put Windows XP’s enterprise end-of-life in 2020.

What’s an enterprise IT manager to do? Despite Microsoft’s glowing reports of Windows 7 sales, Tami Reller, Corporate VP and CFO of Windows & Windows Live, admitted at the Worldwide Partner Conference on July 12 that “74 percent of … business PCs are [still] running XP.” Clearly, businesses aren’t rushing to Windows 7.

Some IT executives, like Jeff Cooper, IT Infrastructure Manager at Abbott Vascular Devices, aren’t tempted by the thought of sticking with Windows XP through the end of the decade. Cooper assumes that Windows XP support will still end in April 2014, and that there “will be no more patches issued for XP, and that you are ‘on your own’ by running it without Microsoft backing.”

That really doesn’t appeal to him. “Additionally,” Cooper continued, “third party hardware and software vendors are likely to not support Windows XP beyond what Microsoft has claimed (2014), and are likely to phase out XP support between now and then. So if I understand this correct, organizations should still continue their plans to move to Windows 7 and not interpret this as a reason to slow down.”

Others, like Steve Kilbride, the owner of ThermaRay, sees no reason to shift from Windows XP. “Our choice of OS is driven by the apps that we need to run. So far, we have not found critical applications that rely on newer OSs,” said Kilbride.

Windows 7 isn’t the only option, if he is going to change OSs. Kilbride is also considering replacing Windows XP with Linux or a server-based Virtual Desktop Infrastructure (VDI) solution whenever Windows XP reaches the end of the road. Their concerns are largely driven by financial issues; the company decision makers hope that the growth in software-as-a-service (SaaS) and Web-browser based applications like Google Apps for Business will be mature enough to allow them to avoid paying for pricey Windows 7 Professional or Enterprise client-access licenses (CALs) while still providing basic office-worker functionality using alternative desktop operating systems.

Rajesh Goel, the CTO of Brainlink International, an IT support business, on the other hand, loves Windows 7 both for their in-house users and for their customers. “We’re switching to Windows 7 [and] Office 2010 as fast as possible. Clients love the stability and power. We love the fact that Windows 7-64-bit lets us deploy desktops with 8GB or 12GBs of RAM. This is a life saver for folks who like to keep 10-30 Outlook windows, 5-20 PDFs and dozens of Word documents open all day.”

Perhaps the most common response was that companies simply prefer to stick with Windows XP. As Tom Catalini, the Technology VP for William Gallagher Associates, a Boston-based insurance brokerage, observes, “We’ve looked more carefully than ever at our IT investments in recent years, and operating systems quickly fall down the list of initiatives to consider, even among the Microsoft family of products. Investments in their other products, like Office, Exchange, SharePoint, or SQL [Server], would offer much more bang for the buck. So, in some ways, Microsoft is competing with itself for our technology dollars.”

Besides, Catalini continues, “At the end of the day, there just isn’t enough value offered in migrating to a newer version of Windows. An operating system upgrade is very costly, both in terms of time and money, and it’s very disruptive to the end users. In many ways, this is also a testament to the fact that Windows XP is serving our needs very well. We very much welcome the news of extended support for this platform, as it allows us to consider far more strategic investments in technology going forward.”

What about your business? Where do you see its desktop going?

Related Information From Dell.com: Why Dell for Windows 7?

Not all business is conducted within range of major mobile networks. What happens when your mobile workforce does business quite literally in the field, or telecommutes from a town that’s off the beaten path? One wireless broadband start up is building out wireless networks to support the rural American mobile workforce, one small town at a time.

Grass roots marketing, along with identifying and then tapping into an underserved market and complementary acquisitions, are the cornerstones of one Internet-focused corporation’s anticipated double-digit growth in 2010. Yonder Media, headquartered in Reno, NV, is extending the Internet’s reach out to roughly 50 million Americans, remote enterprise workers, and telecommuters via WiFi wireless broadband technology one small town at a time, and banking on rural America to come through.

Founded in 2006, the company goes into towns of 3,000-5,000 people who are predominantly served up access via antiquated dial-up or expensive satellite technologies. Yonder Media installs WiFi mesh networks that deliver 3 to 6 MB bandwidth along with customized portals that support local community activities. Yonder is turning church towers, water towers, and even hilltops into WiFi towers and stringing together one town after another.

According to Dirk Christiansen, president & COO, the company’s marketing strategy is based on straightforward word of mouth, traditional marketing tools, and the referral system. He says, “In rural America, we primarily use doorknockers, mailers, even flyers left in coffee shops and the referral system.”

Christiansen is pragmatic and at the same time optimistic about Yonder Media’s growth in the current economy. “During this past year we have continued to grow, maybe not as quickly as originally projected, although still in the lower double digit numbers. We’ve seen some economizing taking place with our customers and we’ve also seen a fair amount of migration in our networks. So when someone’s dropped off, we’ve picked up new folks along the way.

The competitive landscape is interesting. Christiansen notes, “We don’t see much in the way of competition from dial-up, satellite, or small local ISPs who are slow, expensive, or don’t provide great quality of service.” Significantly, Yonder brings in fiber as a differentiator as opposed to some providers who bundle DSL lines and resell them. He says Yonder Media bumps into Comcast and AT&T networks occasionally and can’t compete with their $7 per month price tag. While they’ve lost a few customers to large carriers offering triple play bundles (voice, high speed data, and TV), that isn’t Yonder Media’s market.

Acquisitions will play a large role in the company’s anticipated 15-20% growth this year. Christiansen explains, “We buy a lot of small companies and migrate them into the Yonder Media umbrella, upgrading their quality of service and customer support along the way. We’re currently actively engaged in conversations with 14 or 15 different companies, looking for the most appropriate acquisitions.”

He says that their biggest hindrance to growth is securing financing for the acquisitions. The company is privately held and has purposefully not sought out venture capital because according to Christiansen, most VCs just don’t get their market. He says they don’t use proprietary technology; they use equipment from leading network infrastructure equipment manufacturers like Cisco, Motorola, and Proxim so there’s no smoke and mirrors involved. Their model is subscription based, and the VC model is not built around that.

As a result, he says they secure their financing through banks. “We spent a lot of time back on Wall Street last fall obtaining money, so as we make these network acquisitions we have banks and supporters that will help us fund those purchases.” He added that the question they were asked most often was if people who lived in the American countryside could afford Yonder’s services; Wall Street bankers had this certain perception that rural America had no money when in fact, often the case is that rural folks have more money than do inner city dwellers.

An additional misconception by the city bankers was that great coverage already existed across America. They’d evidently swallowed Verizon and AT&T’s advertising Kool-Aid and thought Americans could get coverage on their donkey in the desert. Fortunately, Yonder convinced its potential backers by demonstrating that coverage was great as long as you stayed in town, on the interstate, or in first class on United – but decide to telecommute from your home five miles outside of Carson, NV and you were in the sticks with few good options.

Related Information From Dell.com: Your Mobility Strategy.

HTML5′s greatest contribution in the enterprise will be the way it re-unifies development, bringing together efforts for desktop and mobile applications, as well as “native” and Web apps. That’s one promise, at least, of this already-misunderstood standard.

Fragmentation of GUI Skills

One of the most vexing managerial challenges of the last several years has been the balkanization of graphical user interface (GUI) technologies. Progressive organizations have wisely embraced the opportunities new interfaces – telephone handsets, netbooks, “pads,” virtualized desktops, “webtops,” kiosks, and more – have brought. Deployment of applications on new devices improves an organization’s efficiency and leverages its underlying “knowledge base” and business rules. Development of those applications, though, has too often demanded unique and expensive skills in device-specific interface programming. It’s hard for programmers to move among Java, .Net, Objective C, Qt, and all the other toolkits likely to be involved in GUI development of modern applications.

HTML5, though, has (finally!) advanced to the point that it’s reasonable to re-consolidate much or all of these specializations. It’s time for development departments to standardize on HTML5 and take advantage of the interoperability it offers. Programmers can turn their focus from the low-level “widgetry” necessary in the last few years, and concentrate on contributing business value that aligns with larger organizational goals.

Time for Judgment

Let’s be clear on exactly what HTML5 offers. Like any realistic technology, it doesn’t so much solve problems, as rationalize them, so that they become more manageable. Suppose, for instance, that your organization has an existing internally-maintained desktop application available on your LAN for scheduling such corporate resources as videoconferencing centers, specialized testing equipment, time with outside consultants, and so on. While plenty of “schedulers” have been written, this one is unique to your organization because it embodies specific business rules on chargeback, security, and traceability constraints.

You know what happens next: As soon as the scheduler is working smoothly on desktops, employees ask when it’ll be ready for access from home, or Blackberry, or so on.

Answering such questions never becomes automatic. Slogans about “write once, run everywhere” are ideals that simply don’t apply in practical situations. A sophisticated smartphone application must behave differently, and be coded differently, than its desktop counterpart.

What is possible, though, is to take advantage of robust, broadly-backed standards to make the best of the portability challenge. HTML5 has become one of those standards. It’s a good target for your interface programmers. While its “completion” is years away — in an interview a couple of years ago, the standard’s editor Ian Hickson gave a timeline that stretches to 2022! — it has achieved a “critical mass” in the last year. Savvy programming teams are turning out sharp-looking applications of all sorts based on HTML5 now. More than that, industry leaders such as Microsoft, Google, Apple, Oracle, and even Adobe are committing to HTML5 in ways that ensure its growth and health.

Technical Details

The bottom line: The default assumption for any new development deserves to be an HTML5-based GUI. HTML5 supports plenty of the graphical building blocks — such as sliders, combo-boxes, and canvases — over which Web applications stumbled for so long. HTML5 standardizes multimedia such as <video> at least as well as any other common toolkit. Moreover, graphical engines are increasingly exploiting hardware acceleration, so that the newest browsers render HTML5-based graphics at full speed.

When there’s a requirement for an older browser, or a specific mobile handset, it might be necessary to use a compatibility library. These libraries have become quite capable just in the last year, though, and are appropriate accessories to a good development process now. HTML5′s expanding standardization has nearly made these libraries into commodities, and largely eliminated the problems of vendor “lock-in” that plagued the market for Web scripting in the past.

HTML5 doesn’t change programmers’ need to understand their deployment targets: a public kiosk, a salesman’s Palm, and a factory workstation all have different security profiles, network reliability, and so on. Programmers can reasonably select from the same bundle of HTML5 features and techniques, though, in addressing the range of targets they encounter in enterprise-level development.

HTML5 even has the potential to affect information technology purchasing:

• Proliferation of Web applications combines with desktop virtualization to extend the effective life of individual workstations;
• A strong standard such as HTML5 increases the likelihood that demanding end-users actually benefit from high-end hardware, rather than having its advantages lost by a toolkit that doesn’t happen to make the most of them; and
• Mobile technologies can be analyzed and purchased more as commodities than as long-term commitments only safe in their own silos.

HTML5′s benefits are strategic. They arise almost entirely beyond the scope of any one application or program or purchase. That’s why it’s important to understand at an executive level how this standard has reached its “tipping point.”

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

Through it all, NASA CIO Linda Cureton must transform IT capabilities to enable NASA’s mission, no matter what that turns out to be. It’s a situation far too many CIOs can identify with. Here is her take on how to manage change when change is clearly managing you.

ITEV: How do you cope with such a sea-change? And what tips can you offer other CIOs who find themselves in charge of steady upheaval?

Linda Cureton, NASA CIO: At the end of the day, we are here to facilitate NASA’s mission, no matter how it changes. An increased flexibility to adapt to an always-evolving Agency is certainly one of the benefits we hope to achieve through the current efforts in which we are investing.

An example of the kind of flexibility that allows us to adapt quickly is Nebula, our cloud computing initiative. By pooling resources, a new program can access computing needs without a lengthy acquisition process for new hardware.

ITEV: How do you learn of new and emerging technologies? From your own staffers? NASA’s R&D labs? Reading? Analysts? Some combination of the above?

Cureton: I do my best to keep up with NASA’s emerging technologies, of which there are obviously many. But I am more focused on keeping my fingers on the pulse of IT-specific technology. I read a lot, from magazines to online resources, to keep up with the latest trends and news.

I also get information from my staff, including the many CIOs at the NASA Centers. Some of our most cutting edge IT efforts can be found incubating at the Centers. Under my watch, I’d like to see us do a better job of making sure those best projects and practices percolate to the top and get shared across the Agency.

We have heroes at our Centers whose IT innovations need to be tapped across the Agency. Our first IT Summit this year will help us do this. It takes place August 16-18. In the interest of cost efficiency, we are bringing much of the CIO staffs across the Agency together all at once to reduce travel needs the rest of the year. While many internal meetings will be going on, we will also have a larger Summit that is open to the public to present and attend. We have our CIOs and many staff showcasing their efforts to spread knowledge across our IT organization. We will also get perspectives from public- and private-sector IT leaders such as Vivek Kundra, CIO of the United States, and Google’s Vint Cerf.

ITEV: Every CIO has to contend with staff reductions and budget cuts at one time or another. How do you keep up your own – and your staff’s – morale when you have to contend with cuts?

Cureton: I have been very lucky in that regard. The Office of the CIO is working to make smart investments in our IT infrastructure now to standardize our end-user services, strengthen security of our IT systems, and achieve greater efficiency in our operations. These investments have meant a ramp up in staff in the near term, which is surprising in this fiscal environment.

But that increase in resources demonstrates that we have a strong mandate to transform our IT organization into the leading example for the federal government. In fact, Vivek Kundra, the CIO of the United States, has asked us to take the lead in forming a task force to demonstrate to other Agencies a pragmatic way to implement cyber security using automated systems.

ITEV: For some CIOs the biggest challenge is explaining technology to non-geeks. But for you at NASA (arguably the holy land of geeks), you must convince tech-savvy folks to adopt your strategy.  How do you handle this, and what tips can you offer CIOs in a similar position?

Cureton: I have to admit, this makes my job easier. Leadership at NASA has an inherent understanding about both the power and challenges of technology. We went to them with a vision to strengthen our IT efforts, and while we didn’t get everything we asked for, it is clear we have the support we need to ensure our IT keeps pace with NASA’s needs.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

As more and more application workloads are transferred to the cloud, it is becoming increasingly cost-effective to build appliances, both physical and virtual, to serve as platforms for these cloud-bound apps.

The benefits of the cloud extend beyond just a new application platform. A cloud-based appliance also lets IT professionals save time. No longer do you need to physically prepare a computer system and then arduously install its operating system and applications. These appliances let you pick and choose operating systems, applications, and files; configure them exactly as needed; then create multiple images of virtual machines that can run in Hyper-V, VMware, and Amazon Elastic Cloud Computing (EC2) environments.

One beneficial use case for such appliances is within software development and testing. Testers can build virtual environments that exactly duplicate their end users’ platforms. By conducting their QA analysis on multiple virtual platforms, many incompatibility issues and bugs can be found and removed by QA teams. Software appliances are also gaining traction with software sales teams, who can configure an appliance with the potential customer’s system configuration, loaded with the software to be sold. Such systems make for powerful demonstrations.

How much financial savings your IT shop can gain depends on the use case from which the appliance builder is working. Independent software vendors (ISVs), for instance, spend an estimated 40% of their R&D budgets on multiplatform development and testing, according to rPath co-founder and former CEO Billy Marshall. The ISVs’ customers, in turn, spend 50-60% of their IT personnel budgets making applications and operating systems work together. Appliance-building tools can eliminate most of these budget line items by allowing ISVs to create multiple testing environments in minutes rather than days; the promise is that the ISVs can ship applications to their customers that reduce or eliminate application deployment incompatibilities.

One such tool is rPath’s rBuilder, one of the forerunners in appliance building technology. rPath’s app-centric approach claims it can cut IT costs and simplify deployments to multiple platforms. It also aims to bridges the gap between development teams and IT staff when applications are moved, scaled, or provisioned.

rPath got its start five years ago after ex-Red Hat employee Erik Troan started mulling over the problems he saw first-hand in large-scale deployments — problems like applications breaking, hitting the scalability wall, or sprawling out of control. The solution emerged: application deployments done on a unit basis.

Troan’s concept completely upended the existing, all-purpose horizontal infrastructure stack (OS, database, libraries, application server, etc.) that must support applications with widely varying requirements. So Troan proposed a sleeker, vertical, customized, app-centric layer with just the application and the specific runtime elements or dependencies (JeOS or Just Enough operating system, middleware and other components) that it needed to function.

That’s the core philosophy behind rBuilder, an online tool that lets users choose-and-click appliances together at a very granular level. And getting started is very simple.

Using rBuilder

rBuilder can be downloaded from its website, and is available also as a local Linux distribution that can be installed on a dedicated physical computer or virtual machine. Both versions are identical in functionality, though the online version of rBuilder can take some time to build an image.

Also, rBuilder Online is very much geared as an evaluation version for larger enterprises. You can manage up to 20 instances of an appliance on Amazon EC2, but no more. But this edition is a very good tool for users with modest requirements, or departments that want to get started on a small scale.

When you first visit rBuilder Online, you sign up for a free account. Once logged in, it’s a fairly straightforward three-step process to begin building your first appliance, as indicated in Figure 1.

Figure 1: The initial rBuilder home page.

To begin, click the green plus (+) icon in the Appliances section of the Resources pane. The Create Appliance dialog box (see Figure 2) opens.

Figure 2: You can choose from a variety of target images for your rBuilder appliance.

Give your appliance a unique name (which must be free of uppercase and special characters, as well as whitespaces), and a more plain-English appliance name. Next, choose one or several types of destination images from the six types presented.

Only two types of platforms are presented as options for the user in rBuilder Online: CentOS 5 (a direct clone of the Red Hat Enterprise Linux 5 OS), and rPath Linux 2, which is more of a JeOS-type platform. In advanced options, select whether you want your appliance to be public or private.

When Create is clicked, the rBuilder Workspace page will appear (see Figure 3). Here is where much of the configuration happens.

Figure 3: The rBuilder Workspace page.

To configure your appliance, hover the mouse over the Appliance contents section, and click on the Edit icon when it appears to open the Appliance Content Editor, shown in Figure 4.

Figure 4: The Appliance Content Editor.

This is at once rBuilder’s most flexible and most potentially confusing feature. Almost nothing is pre-loaded into the CentOS or rPath Linux platforms, so you need to install every package necessary for your application to run. Select the packages, then click the appropriate arrows mark them for installation. To install your own package, click the green plus (+) icon to access a file browser for uploading your software. When finished with package selection, click Done.

If the choices for images were not enough when you first began the appliance creation process, here’s a handy tip: on the Workspace page, click the green plus (+) icon in the Image definitions section to open the Image Definitions Editor. This unassuming dialog box gives you a much broader range of image types to choose from, for both 32- and 64-bit computers.

Once you have your packages and images configured, click the Create build icon in the Appliance content section. Again, depending on the work load in the rBuilder queue, you may have to wait some time before the software is compiled.

Users with an Amazon EC2 account can manage their EC2 builds using the rPath Management Console, which allows for fairly seamless integration the EC2 toolset.

Of the appliance building tools available, rBuilder is not the most intuitive on the market, but its bare-bones approach can deliver enormous flexibility to users looking to build very customized appliances.

Related Information From Dell.com: Experience the Advantages of Linux.

The best way to think about a PivotTable is as though you are a newspaper editor. In any journalism class you learn that the key to making sense of a news story is to answer the “five Ws:” Who, What, When, Where, and Why.

Excel can’t really answer the Why, but instead it can supply the key fifth element in any such analysis, namely “How Much.”

We use a simple spreadsheet as an example of how to create a management-themed pivot tables. It has seven columns, listing a lot of data that is difficult to comprehend at first glance.

A basic spreadsheet in Excel tracks a lot of information but it doesn’t make a lot of sense.

In Excel 2010 and Excel 2007, to begin a PivotTable, you select a cell in the spreadsheet, and click PivotTable on the Insert tab. In earlier versions, you use a Wizard to begin a PivotTable, under Select Data. In either case, you end up with a scary dialog box that probably is responsible for most Excel users deciding learning the feature is not worth the effort.

A basic spreadsheet in Excel tracks a lot of information but it doesn’t make a lot of sense.

Don’t let the choices here confuse you. All they’re asking is where the data is. Excel selects the spreadsheet in its entirety by default. Click OK, and you are provided with a very useful set of tools in a new Worksheet.

The PivotTable Field List lets you quickly and easily reorganize and configure the confusing data into a view that makes sense.

In newer versions of Excel, an entire PivotTable tab opens on the menu. We can ignore that for now and concentrate on the basic features that really are key to analyzing data.

Let’s look at our list of Fields more carefully:

• Who/What = Client; Supervisor
• When=Quarter
• Where=Branch
• How Much=Expenses; Sales; Gain/Loss

Start with the first Who — the Client — and check that box. By default, it becomes a Row heading in the new interface we’re creating.

If we want to track results by Branch (for the sake of our example), we drag that field into a Column Label.

And now here’s the key to the puzzle: How Much is almost always the payoff. Generally it’s a calculation of Values. So whatever numbers you want to see, drag them into the Values panel.

The result shows the essential beauty of the PivotTable. The question we asked is, “How much gain or loss have we had for each Client (in mobile operations—relative to Sales and Expenses) by Branch (or region).”

By posing questions about your data, you drag Field labels into Rows and Columns to determine what you want to know, and drag Fields for “how much” into the Values panel.

We can make this prettier. We can fine tune the appearance by formatting the values as Currency, and using AutoFit to widen the columns. However, in just a few moments we now can clearly answer the question we posed; we see Gain/Loss data clearly by Branch for each Client.

But wait, there’s more! (Actually, there’s quite a bit more, but we’re just covering the basics here; for more in-depth explanation of what you can do with pivot tables, you may want to look at Pivot Table Data Crunching, by Bill Jelen and Michael Alexander.)

Notice that the pivot table has an empty panel, for Filters. If we want to detail the data by Supervisor (Who) or Quarter (When), we can drag those labels into the Report Filter panel, and then use the drop down arrow to drill down deeper into the data.

With the values organized in the center, adding Report Filters lets you quickly recalculate the values for each individual.

By filtering the data, we can quickly determine which client had the best results for a particular supervisor, in her branch or area.

Filtering the data gives the user an even clearer or more precise snapshot of the values being compared for the parameters Who, What, Where, and When.

To remove or change the Report Filters, just click the drop down arrow again and select All to remove the filter, or drag the unwanted filter back from the Report Filters panel and drop it back up into the main PivotTable Field List.

To reconfigure the rows and column headings and reorganize the data, you can also just uncheck the unwanted labels, or drag and drop them back up into the main PivotTable Field List.

If you use the new Microsoft Office Web Apps, either with WindowsLive or on SharePoint, you can also upload a version of your PivotTable and give others permission to view it, While you can’t revise the PivotTable directly online, you can use the Report Filters you’ve already added to the PivotTable to share your analysis with others.

The Excel 2010 Web Application lets you upload a PivotTable from your desktop and share it with others to analyze the data.

As you begin working with PivotTables on your own data, I recommend that you articulate your question of the data before you even begin: What do you really want to know? Then, keep the process as simple as possible by using only those fields that are directly relevant to your question. If you have another question, you can reconfigure your PivotTable accordingly by adding and removing field labels.

One reason that pivot tables are so powerful is that they don’t mess with your data. A pivot table doesn’t change the underlying values of the original spreadsheet, although if your spreadsheet depends on values from other sources it updates as those values change.

You can also always go back and begin another PivotTable from the same data, place it into another new Worksheet, and rename the worksheet to remind you what the information represents, or what question it answers.

As a manager, pivot tables give you instant flexibility and power over your ability to get the information and answers you want from columns of data that really make no sense when they are originally entered. Using them makes it a lot easier to make informed decisions, to plot strategy, and to report to the board of directors. It also gives you summarized information that helps you discuss results with those under your supervision, with the facts clearly in hand.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

Perhaps Ray Bradbury would be the person who could best appreciate this newest metaphor from the burgeoning realm of cloud computing: Imagine a chapter from The Martian Chronicles where, in a distant city, people are not educated but instead “provisioned.” In their youth, they’re bred and raised only to be adequate vessels for the information that would be imprinted on their minds like a laser etching — information that instantaneously enables each individual to perfectly fulfill a designated role in society. When a vessel fails, as vessels are prone to do, the image of that perfect function can be recalled and re-imprinted from a backup. In such a world, what constitutes a person’s identity for the sake of his function in society would be relocated from the integrity of his mind to the reliability of his image. And inevitably, better images could be replicated, distributed, and given market value.

It Was Inevitable: The App Store for Servers

In the real world, in data centers everywhere today, the thing that we refer to with the term “server” is changing form. It’s moving from the box with the processors and the network cable and the cooling, to a unit of fully installed, pre-activated, self-sustaining software. And even the notion of infrastructure is moving from a physical to a virtual foundation.

The Windows Server provisioning table from version 3.0 of GoGrid.

GoGrid’s system is the first to employ Windows Server 2008 (as opposed to Windows Server 2003, which Amazon EC2 uses, although it’s not yet 2008 R2) in a stable, “non-beta” scenario. This screen capture from the newly released version 3.0 of GoGrid’s management interface shows where customers can instantiate fully configured Windows Servers on the fly. Notice the separate instances that include pre-installed middleware such as Microsoft SQL Server and IIS, which are necessary components for a number of Web-centered applications (for example, content management systems like Umbraco). And in the first of what may turn out for GoGrid to be many partner-sponsored selections, notice the rather surprising entry for Hedgehog 3.5.2. This refers to Sentrigo Hedgehog, a database activity monitoring tool that scouts for suspicious usage patterns and applies policy-based responses — a tool that first rose to prominence with Oracle, and now works with SQL Server and Sybase.

This is the server market of the 2010s decade: a kind of app store where the product for sale is a fully defined set of IT functions. The whole metaphor completes its 360-degree rotation, for what a customer of cloud service provider BlueLock called “service-as-a-product.”

A screenshot from The Cloud Market, a Web site that exclusively dishes up Linux and Windows Server images for Amazon EC2.

For Amazon’s Elastic Compute Cloud service (EC2), the server image market has not only matured; it’s already being franchised. The Cloud Market is an independent service for the marketing of preconfigured server images already prepared for EC2. Without even having to download the software locally yourself, you claim the image with the buildout you need; the transfer takes place between the Market and Amazon.com.

The Newest Subsidiary Market: Image Maintenance

Economists typically point out that a clear sign of a healthy market is the presence of  little subsidiary markets that sprout around it like mushrooms. In the cloud space, these new markets include some that were originally intended for conventional data centers, but which are finding new life in the cloud.

An established backup service named Zmanda is one example. Its recently announced Zmanda Enterprise 3.1 package is both mindful of cloud deployments, and uses Amazon’s EC2 as its own platform for disaster recovery. Making use of Microsoft’s Virtual Shadow Copy Service (which, for reasons too numerous to explain here, is abbreviated VSS), Zmanda effectively places backup agents in the midst of major middleware installations.

“To be honest, [backup] used to be much more complex than it is today,” admits Zmanda CEO Chandler Kant. “It used to be that basically you had to do some kind of reverse engineering based on what Microsoft was giving you, figure out what had changed, and extract it out. Today Microsoft provides VSS, and we interact with VSS to get live data out of Microsoft Exchange, SQL Server, and SharePoint.” Kant adds his software agents also can determine what data has changed at a more incremental level.

That’s not substantially different than other backup services. What is different is the disaster recovery component. Zmanda effectively uses the data acquired from those agents to enable an emergency image of sorts to be deployed on Amazon’s infrastructure, in case Zmanda’s clients go down (something which can still happen, even in the cloud). It’s not an easy setup process, so although documentation is available, Kant tells us, many customers often end up retaining Zmanda as a kind of auxiliary architectural consultant.

“Let’s say you have an internal private cloud, with Windows Server 2008 R2, and you’re backing it up to Amazon S3 (Simple Storage Service). You can create an instance of Windows Server 2008 R2 on EC2, and have that as your disaster recovery location. We do not charge extra for that, [but] if you want us to set this up for you, we will charge you a consulting fee.”

The Four Dimensions of Cloud Provisioning

With conventional servers, you pay not only for the mechanism but the space it consumes, the work needed to keep it functional within that space, the licensing of the software installed on it, and the upkeep and maintenance of that software.

By contrast, this new class of server images consumes four dimensions of configuration space, all of which are measured more granularly:

• Time: The memory required for each image to be hosted within the cloud data center, often payable by how much time the memory is actively available (what GoGrid calls the “gigabyte-hour”);
• Space: The bandwidth consumed by the image’s Internet connection during its normal course of operation, payable by the megabyte;
• Breadth: The storage necessary to host the database accessed by the software and middleware these images will run;
• Depth: The software that makes the image functional, typically including the operating system — for which Windows Server is rarely, if ever, the least expensive option.

As the first retailer to discover a viable formula for selling computing as a commodity, Amazon’s EC2 pricing is based on the size of the machine each image represents. The twist here — the concept that effectively launched this industry — is that you have to think of size in terms of time; Amazon charges for the relative bigness of its server images by the hour. EC2’s smallest “Standard” instance consumes 1.7 GB of memory, for which the Windows-based charge is $0.12 per hour; its largest “standard” instance consumes a full 15 GB and costs $0.96 per hour. (Amazon offers as much as 58% discount for prepaid, “reserved” instances.) Much higher memory instances are available on a separate tier, for a substantial premium.

Here is where you may find yourself actually making an architectural decision, for a higher memory instance in a high-bandwidth scenario may result in greater speed, which could result in efficiencies that pay for that premium.

One alternative to housing all that memory on one image could be apportioning a separate cloud-based storage unit (which you may have to do in a multi-image scenario anyway), although you may need to calculate in advance the extent of data transfer between your images and that storage unit. Any transfer that takes place over the Internet incurs a separate charge. For Amazon EC2, it’s $0.10 per gigabyte incoming (effective November 1, 2010) and $0.15 per gigabyte outgoing, for the first 10 terabytes. The separate data storage block (the “depth” in our dimensional metaphor) incurs $0.10 per gigabyte per month, plus an additional $0.10 per month for every 1 million read/write events.

“The ability to increase or decrease compute capacity within minutes, not hours or days, has been a game-changer in terms of cost, performance and business growth,” explains Amazon spokesperson Kay Kinton. “When computing requirements unexpectedly change (up or down), Amazon Web Services can instantly respond, meaning that developers have the ability to control how many resources are in use at any given point in time. In contrast, traditional hosting services generally provide a fixed number of resources for a fixed amount of time, meaning that users have a limited ability to easily respond when their usage is rapidly changing, unpredictable, or is known to experience large peaks at various intervals. As a result, companies either provision too little resources, in which case their customer satisfaction suffers, or too many resources, in which case they’re losing money by not being at full utilization.”

To be competitive against market leader Amazon, GoGrid charges nothing for incoming bandwidth. The size of its instances is measured in RAM-hours; and here, you have to be careful. Even though GoGrid’s marketing and its provisioning calculators imply that you can select server image sizes in increments of 0.5 GB RAM-hours, in fact, when you get to the part where you’re selecting a pre-provisioned image, you realize that Windows Server-based images (true to Microsoft’s specifications) are limited to 2 GB minimums. So the per-hour cost of running any Windows Server image on GoGrid makes it instantly preferable to prepay for one month’s run time ($199 on the “Professional Cloud” plan).

Holding Your Cloud Over the Provider’s Head

The personal service aspect — specifically, the upkeep of the data center hosting these images — is typically considered part of the package. The cloud server market is competitive enough today that no player should stoop to the level of rendering a service charge for availability.

“Amazon Web Services is able to aggregate hundreds of thousands of customers with every imaginable use case to have very high utilization of our infrastructure,” says Amazon’s Kinton. “AWS gives users a great deal of control and visibility into their environment. Users can choose where to place their data [and] run their applications; they can back up to multiple availability zones; and in the event of any service interruptions, they have access to a service health dashboard that gives regular updates on the service health. We also offer services that provide monitoring, auto-scaling and elastic load balancing for even greater resilience in building applications. . . Most customers tell us that our services are also more reliable than what they achieve themselves.”

Up-and-coming cloud service challenger BlueLock makes a similarly bold claim, but then raises Amazon’s bet. It’s willing to state that the business relationship between BlueLock and its customers gives them a more executable form of accountability that they don’t have with their own IT departments.

Boasts BlueLock director of sales engineering Bob Roudebush, “BlueLock specializes in managed IaaS cloud offerings which add a layer of people on top of that compute capacity, who are able to manage those hosted resources as well as — and many times better than — that company could on its own. Whether or not one takes stock in either of these assertions, the difference between hosting this in an outsourced data center versus one on-premise is the accountability aspect. With an outsourced solution, companies can have SLAs in place with guaranteed commitments and financial penalties of those commitments aren’t met. Typically a business unit (the R&D division, for example) wouldn’t have this ‘stick’ to use with an internal IT department.”

Elsewhere, we examine some of the more technically complex methods in which cloud service providers are extending premium tier services to enterprise-level customers, including effectively reselling a policy management service that originally sprouted forth from VMware.

Related Information From Dell.com: A Success Blueprint for the Efficient Enterprise.

On second thought, perhaps the stateless model for the Web wasn’t such a good idea. Sure, it made serving up hypertext easier. And it enabled the first model for distributed applications on a global scale that actually worked. But it’s left us with a significant problem, one so unique and complex that inevitably, enterprises like yours may need to solve it by making tough choices and rolling their own solutions.

True, the typical technology story is about some vendor’s new, or announced, or projected “solution.” This story is actually about a loophole, for which a Microsoft product manager recently told a conference there are “no absolute answers,” despite all the progress that company and others have made in reaching a common diagnosis.

It has to do with identity: in this case, how software attributes requests for resources to individual users. Without some notion of identity, of ascertaining who is making requests for data, modern applications cannot function securely — which today is the same as saying they can’t function. But the service models on which distributed applications depend do not attribute identity to users. They require added-on technologies to affix real-world identities to service requests. That’s where the problem starts.

Who Gets to Say Who You Are

All distributed, networked applications today are designed around simple Web services. In most respects, this model is efficient, elegant, and cost-effective. If all information processing were conducted not online but rather by mail (not the electronic kind), then the Web services model would look like any company’s basement mail room. Someone would open up envelopes containing forms sent and signed by customers requesting some information. If a sender filled out the form properly, the office worker would send her back another form containing whatever information she requested, or a simple rejection.

The assumption is that the mail handler would trust the identity of the return address on the corner or back of the envelope. After all, who would dare forge a false return address? In the old world of the postmaster, the problem of trust is resolved by certified mail, since naturally, everyone trusts the Post Office. In the  modern world of distributed applications (in which the Web now plays a critical role), there is no central Post Office.  In its place is a cluster of third parties, independent services that earn their living certifying — or rather, authenticating — the users of services such as Microsoft Exchange and Salesforce.com, and the providers of services such as PayPal and FreeCreditScore.com. In keeping with the trend of borrowing ominous sounding terms from science fiction, these third parties are called identity providers.

Two centuries ago, the evolution of the Post Office was driven by the need for consolidation — for one centralized, trustworthy service to shuttle messages between two points on the map. With the Internet as the backbone of today’s distributed applications, competition works against consolidation. The result is a plethora of competing solutions, with names that call up metaphors ranging from ballistic missile launchers to political action committees: SAML, SWT [pronounced “swat”], WRAP, WS-* [pronounced “W.S. Star”], Shibboleth, Liberty Alliance. Their simultaneous existence has itself given rise to a handful of competing proposals for how those solutions become interoperable.

The Promise(s) of Claims-Based Identity (-ies)

By design, and for simplicity’s sake, Web services are stripped down to simple request/response message pairs. Because nothing about these messages can be implicitly trusted, distributed applications rely upon identity providers (IdP) to examine the signatures attached to them, and authenticate their claims to identity. Without this basic bond of trust between the relying party (RP) and the IdP, all business conducted online today would disintegrate, and the foundation of modern online commerce would collapse. There is no safety net; this has to work.

The closest that Windows has come to a truly viable, efficient identity provision service is a system inspired by Web services. Claims-based identity is a kind of role reversal for the server/client model, wherein the client asserts its identity and the server (the RP), and in an effort to pin down that assertion, asks the client for data that can prove its claim. This challenge and response continues, perhaps indefinitely, until the RP is either satisfied or convinced otherwise. The data the client provides is verified against the database from the third-party IdP, whose identity has already been established, thus forming a bond of trust. Once the RP is satisfied, it grants the client a token — a nugget of XML-encoded data whose basic contents represent the IdP’s certification that the client is privileged to be using the services it’s requesting.

The concept of claims-based identity is at least a decade old, perhaps longer. As such, it’s had plenty of time not only to mature, but to be fruitful and multiply. There are now more than a handful of identity claims formats. The differences between them may actually be trivial, though they’re quantitative enough to render these formats effectively distinct and unique.

“That’s one of the challenges, to get everyone to agree on a protocol for passing these tokens around, and what are the tokens themselves going to look like, and how do I get them from point A to point B,” stated the co-founder of .NET developer training service Pluralsight LLC, Keith Brown, at a recent Microsoft developers’ conference — specifically, to a room full of IT professionals who had been invited to tell Brown, along with other Microsoft representatives, how they’re dealing with the multiple-format problem.

This has been going on for a decade,” Brown said.  “This started with SAML way back in 2000. These protocols have been developed, and the problem is that there are a plethora of them. Everybody’s got them,” he continued, before referring to a homebrew solution one of the attendees cooked up to solve the claims translation for his own company. “I’ve never even heard of it before. It’s ‘Protocol X.’ And the SAML guys have the SAML protocol stack; Microsoft has WS-*; there’s a new protocol out called WRAP; and SWT. There’s all these different protocols out there.”

A Token Solution, or Just a Token?

In recognizing that distributed software needs to be interoperable with other distributed software, multiple vendors have prescribed approaches to resolving each other’s problems, ways to trade incompatible tokens for compatible ones, embracing the even bolder ideal of identity federation. Now, major players like Microsoft, Oracle, Novell, CA, VMware, Siemens, SAP, and IBM (via Tivoli), plus new and emerging brands such as Ping Identity, Symplify, Radiant Logic, PortWise, and Entrust are all offering identity federation platforms, resulting in more ways to federate the various claims-based token standards than there are standards.

Everyone wants to be the identity federation, the “United Nations of Me.” Not just a member state in that federation, but its capital.

Microsoft’s play for the identity federation market began last November with its rollout of Windows Identity Foundation, essentially an API that provides a layer of abstraction between .NET-based Web services and the multitude of claims token formats with which they may have to interoperate, if they’re to effectively trade identity data with one another. That was followed up in May with Active Directory Federation Services 2.0, which extends its support of security token formats beyond WS-* to include Security Assertion Markup Language (SAML), believed by many to be the claims market leader, and the basis of Novell’s and CA’s product line.

When WIF and AD FS were first announced, Microsoft marketed them to systems developers as a way to “externalize” the problem of identity management, divorcing that topic from the logic of the applications they’re building. The key takeaway from their message was “Keep using WIF and the problem will migrate elsewhere.” Taken to its extreme, “externalizing” the problem could become another way to pass it down the chain — to make someone else deal with the architectural decisions imposed upon businesses by dueling identity systems.

“Claims-based identity is the identity layer that the Internet has been missing,” program manager Stuart Kwan told me last November. “Windows Identity Foundation is our contribution to making it possible to build applications that will plug into this missing identity layer, and make it really easy for you, so you don’t have to think hard about it anymore. . . Most developers don’t have the time to spend to become an expert in the SAML protocol. They just don’t. And what we’re offering to them is, you don’t have to. You just need to learn the programming model of WIF and claims-based identity, and you’re good to go. You can leave the, ‘What knobs should be turned and what underlying mechanisms are actually going to be used,’ to the IT professionals who are going to deploy and manage your application, who really do become experts in things like SAML protocol, or X.509-based cryptography.”

In retrospect, the notion of “leaving it to the professionals to fix” may not have been the most federation-friendly approach. The very next day, a group of those IT professionals who are going to deploy and manage your application, showed up at Keith Brown’s chat session, along with several security developers. There Brown, Kwan, and their colleagues got an earful. Politely, but firmly, the professionals related their stories of rolling their own solutions, creating their own federations between Exchange and Salesforce.com and SharePoint and Domino using duct tape and baling wire.

These are the people whose job it is to craft some way to literally federate the federations — to interoperate with all types of identity services platforms and parse every permutation of claims token format. They’re proud, but they’re not happy, and they’re demanding action.

There were unresolved questions about the limits of claim tokens’ functionality (could a token be used to claim a specific privilege, for example, and have that privilege be parsed across platforms?); whether claims can be used to authenticate the roles of users, including in Active Directory; and perhaps most importantly, what happens when the Web browser in the enterprise seals off access to identity functionality from within the “sandbox” in which Web apps run? The predicaments these implementers face, and gauging the progress Microsoft and others may have made in resolving them since that time, are topics for another discussion.

Related Information from Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter.

Identity management is usually thought of in terms of security. By properly assigning passwords, permissions, and such, you can help to protect your company’s computers from data loss and other bad stuff. But a well-managed identity management program can also help cut IT costs.

Unlike some management initiatives, especially in the area of security, the cost savings from a good identity management process are easy to quantify. They show up every place from support costs to licensing to reductions in audit costs. This makes identity management “low hanging fruit” for IT executives looking for fast, straightforward cost savings with a minimum of disruption.

Basically, identity management consists of making sure employees have the right permissions to let them do their jobs and don’t have access where they don’t need it. This is something you do even if you didn’t have a label for it before, although like any other IT process it generally works better once you’ve given thought to doing it right. With or without automated tools, identity management is fundamental to running an IT operation.

Identity management starts with assigning passwords to new users and includes adding permission to access the applications and data the employee needs to do the job. It ends when an employee or associate severs relations with the company, by an IT staff member making sure that person no longer has access to the company IT system.

This is undoubtedly the most common part of identity management. It also has a lot in common with being nibbled to death by ducks. The problem isn’t that provisioning, change, and deprovisioning is hard, or even that each instance of it takes a lot of time. It’s that there’s so much of it. By some estimates, as much as 40% of all help desk calls involve identity management issues.

The result is something that adds up to a significant cost over the course of the year. It robs both support people and end users of valuable time.

A good identity management system largely automates this process. The department supervisor or human resources person authorizes the changes and they’re made automatically. In the case of changes in permissions, the employees can often do most of it themselves.

However, that isn’t necessarily where a well-managed identity management program saves you the most money. Potentially larger savings come from adequately controlling identities and the associated licensing costs.

The most obvious part of this are phantom users: “Users” whose identities are still on the system long after they no longer need them. Typically these phantoms were employees who left the company, moved to different jobs, or contractors who are no longer working with the enterprise. Because of slip ups in record keeping or lack of attention to detail, these phantoms can hang around for weeks or months after they should have been killed, using up resources.

A more subtle but much more expensive cost associated with poor identity management involves unneeded software licenses. Since most large companies license their software on a per-user basis, each unnecessary software license costs the company money. When you consider that many systems have software with hundreds of dollars in licensing costs associated with the average employee, this mounts up fast.

There are really two parts to this problem. The easy one is the effect of phantom users. By killing those phantoms, or by more quickly deprovisioning users, you save licensing costs.

The other part is more complex but potentially saves a lot more money. That is: managing permissions more strictly so people who don’t need a software package don’t have access to it.

In a perfect world, identities are assigned on a case by case basis. Every person gets exactly the permissions he or she needs and no others. Except in the smallest enterprises that’s impossibly unwieldy, so permissions are usually assigned en masse. Often, employees are divided into classes with associated bundles of permissions.

The trick in this kind of identity management is setting up the classification scheme. You want permission classes that are broad enough to let everyone do their work but include the minimum of unnecessary permissions. Of course, setting up such a classification takes work; too many user classes become difficult for the IT staff to manage. As a result, there’s a constant tension between ease of use of the identity management process and granting precise permission bundles.

To get the most out of identity management, and to keep licensing costs down without burdening your support staff, you need to think carefully about which permission classes you create with what permissions that category of user needs. This is, in general a one-time effort that pays off in the end.

One popular way to handle classification is to establish a basic classification which includes software everyone gets, such as e-mail and antivirus, and create additional classes for more specialized needs, such as accounting. You also need to make sure you can easily add permissions for specific applications if needed on a custom basis.

Related Information from Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

“As far as companies actually having policies, it’s more rare than you would think – even for very large companies. Often they’re very limited and not customized – just pulled off the Internet,” says Alex Hamerstone, a security consultant at SecureState. He writes a few hundred policies a year in his role there.

Of course, security policies must start with the basics. “In most cases, IT security needs be neither radically complex nor confusing; common sense and basic protection are generally more than sufficient,” says James Quin, lead research analyst at Info-Tech Research. Policy #1, then, starts at the ground floor, with foundational requirements to end users that they utilize at least 7-character password protection for access to corporate resources, and that forbid employees to share passwords and user names.

Users also need to take proactive protection when they’re away from their systems, to protect data against insider activity as well as outside penetration. This seems obvious, but isn’t always followed. Policy #2: End users must lock up their desktops when they walk away from them. This policy not only helps prevent access to data by those with malicious intent, but also it’s just a sound precaution for avoiding accidental breaches in compliance requirements. So, it’s particularly effective in organizations subject to regulations securing consumer and patient data.

Tip: Technical controls matter a great deal to enforcing security policies. As an example, if you say you need a 7-character password in your written policy, you need to require that in Windows Group policy or other software that supports that. Erdman also points out that Windows 7 has much better security controls in important areas that IT can leverage to secure end user computing. AppLocker, for instance, is a set of control rules that administrators can setup which determine what applications certain users are allowed to run, he says, and BitLocker’s full disk encryption capabilities address the fact that data no longer lives securely in the data center but on traveling laptops’ hard disks.

Securing systems against breaches of industry or regulatory requirements, from PCI to HIPAA, is a reason to institute Policy #3: End users may not access their personal email accounts on corporate-owned resources. An incident at Ohio’s Akron Children’s Hospital last year sheds light on why: A man e-mailed commercial keylogger spyware to an ex-girlfriend’s personal Yahoo account, so that he could monitor her actions on her own PC, according to reports of the incident. But she wound up opening the message on a shared computer in one of the hospital’s departments and installed the program on that system. As a result the man was e-mailed more than 1,000 screen captures that included details of medical procedures, diagnostic notes, and other confidential information pertinent to more than 60 patients, reports said.

Encompass All IT-Owned Infrastructure…

That incident could have been prevented if employees at Akron Children’s Hospital understood a policy not to install any application on their desktops that hasn’t been IT-approved. But even if such a policy already exists in an organization, it can be made more current by making it clear that it extends beyond traditional PC systems. Policy # 4: End users may only install applications noted on the published list(s) of acceptable applications to any corporate-owned device. That includes desktop PCs, laptops, and wireless devices. Employees otherwise are strictly prohibited from downloading/installing applications to any of these devices. All other applications must be approved by IT before end users may download or install them. Employees are not authorized to download any unapproved software. (That’s a long one but you can’t be too careful when it comes to being clear here.)

Wireless mobile devices’ increased ubiquity and capability means that, in many respects, best security practices should be to treat them no differently than laptops are treated, says Quin. For example, “Encryption of the hard disk of a laptop is a great way to stop attackers from getting data by stealing laptops,” notes Steve M. Erdman, Hamerstone’s security consultant colleague at SecureState. So why not apply that same thinking and deploy encryption technologies to all portable computing devices containing restricted or confidential data? Or even to desktops that may contain a certain number of restricted or confidential data records?

Getting encryption technologies on board your systems is a job for IT and InfoSec, but IT also needs to create encryption policy for users. To that end, Policy #5 should require end users to take actions such as reporting any known, unencrypted restricted data that exists on portable or other computing devices to IT, and not to attempt to disable, remove, or otherwise tamper with encryption software.

…And Account For Non-IT Owned Infrastructure, Too

Security has to come into play from the very personal to the most public – and by that we mean the cloud. “There really are a litany of security concerns associated with cloud computing, ranging from insecure interfaces, to untrustworthy employees to risk of search and seizure,” says Quin. “Most of these issues revolve around an enterprise’s relinquishing of control (i.e. the lack of control of how interfaces are coded, lack of control over employee screening processes, lack of control over data storage paradigms).”

Fortunately, at least one of those can be addressed with a policy measure. Policy #6 should mandate that leadership in business and IT units should use the cloud only for storage and processing of non-confidential, non-proprietary data, to use the cloud most safely. (That refers only to data that you can afford to lose, Quin explains).

To really ensure your polices are effective and enforced, educating your end users must be a priority. Train them about the risks, help them understand what threats look like (such as suspicious emails), and tell them they should keep IT in the loop when something concerns them. Says Hammerstone, “If they don’t understand why policies are in place, they tend not to follow them or to look for ways around them…. If they understand why, they tend to be more receptive,” he says. “They don’t think of it like ‘the man’ coming down on them.”

Related Information From Dell.com: Create a Network Roadmap.

“Virtualization lengthens the rope for a company to hang itself,” says Gregory L. Smith, senior product architect at DR vendor SunGard Availability Services. “A poorly set up virtual environment or one with a sub-optimal recovery strategy may leave a client in a much worse position than prior to the virtualization.”

It’s vital to know what virtualization can – and cannot – do for DR efforts.

License Agreement Snafus: Virtualization can’t magically change license agreements. “If your licenses are tied to specific hardware or not supported on virtual systems – as many are – you may be out of compliance using virtualization for DR,” says Andi Mann, vice president of Product Marketing at CA Technologies.

Customized Hardware and Compliance Issues: If you have systems and applications requiring very specific or customized hardware with high resource consumption (CPU, memory, etc), you may not be able to use virtualization for all recovery systems. “Certain clustering and load balanced scenarios may be better enabled with physical systems, as well,” explains Dave Shackleford, a security and virtualization consultant and a 2010 VMware vExpert.

“Organizations with extremely sensitive security or compliance requirements may opt to use physical systems for recovery to ensure the maximum possible segmentation or separation between systems, applications, and data,” he says.

Near-term Budget Issues: It costs more to buy virtualization products and services than it does the traditional alternatives, although total cost of ownership for virtualized products is significantly lower. Additionally, the front-end costs are dwarfed by the value of saving the enterprise from complete failure or lengthy delays caused by a disaster. Still, you’ll need to spend some money upfront for virtualization.

Virtualization Doesn’t Replace Backup and Storage Needs: “IT managers will need to make sure there is ample storage for the VMs and provision sufficient resources (memory, CPU, bandwidth),” advises Koka Sexton, manager of business development at Paragon Software Group, a global data security and storage software developer. “Make sure you build virtualization into your DR plan with regular backups and redundancy as you would with any other DR plan used.”

Virtualization Won’t Address Priorities for You: There are as many levels of DR as there are IT infrastructures. There is data you’ll need to recover instantly and data you’ll need later. Risk acceptance also varies by department and data set. All of these priorities must be determined at onset of virtualization. Otherwise, virtualized sprawl will complicate recovery efforts. Unfortunately, internal politics can make prioritizing a more complex issue than simply weighing data value.  “Determining the appropriate technology is actually the easy part,” notes Jeff Nessen, practice director of Platform Virtualization at Logicalis, an international provider of information and communication technology (ICT) solutions and services. “An often more difficult challenge is negotiating internally what levels of risk different departments within an organization are willing to accept for their applications and data.”

Virtualization, like any other technology, is a tool, not a goal. In this case, however, the tool is exceedingly handy and its uses are numerous. Still, use virtualization only if you have a real reason to – otherwise leave it alone.

Remember, as Mann puts it, “Virtualization is not a silver bullet, for DR or anything else.”

But then again, was a silver bullet the thing you were looking for – or did you just want to make DR a little faster and easier? Go into it with open eyes and practical approaches, and virtualization will deliver.

Related Information From Dell.com: A Smarter Path to Virtualization.

“While it is tough to justify shelling out the extra dough for a top-of-the-line processor, it is well worth it on the day that your processor fails,” says Jerry Melnick, CTO at Marathon Technologies Corporation, a provider of automated, fault-tolerant, high availability software for Windows applications.

“Many IT staff are working with constrained budgets and therefore have to buy lower priced equipment,” he says. “This equipment is more likely to see failures, increasing the likeliness of future problems.”

However, there are ways to cut costs in DR without jeopardizing the enterprise. You just need to know where to slice and where to steer clear.

Where Not to Skimp

Don’t guess where to cut: Know! “The best way to determine where financial resources should be dedicated is to conduct a business impact analysis,” says Simon Kissler, executive director and director of technology at Indiana Higher Education Telecommunications Services (IHETS), a consortium of Indiana’s public and private higher education institutions, state government agencies, public libraries, public broadcast stations, and K-12 schools collaborating to advance the education and public service activities of its members through shared technology and eLearning services. “This process will identify the most critical components of the overall system, their tolerance, or lack thereof, for downtime, and create a logical mapping of where dollars should be dedicated and where an organization may be able to skimp.”

Never skimp by using common components in the physical network hardware. Dual-ported network cards share common hardware logic, and a single card failure can disable both ports, advises Melnick in one example. “For full redundancy, you need either two separate adapters or a built-in network port combined with a separate network adapter,” he says.

Have a telephone disaster recovery plan. Customers need to reach you and the telephone is a common touchpoint, especially in emergency situations. Make sure phones are answered and messages are properly forwarded to your company during and immediately following a disaster. Don’t assume Internet telephony will save you, as it too is vulnerable to connectivity outages. Make sure you have a full telephony DR system in place.

Make regular and frequent data backups. Be sure that data is automatically backed up on a frequent and regular schedule. Otherwise, you may recover old and worthless data during an actual emergency.

“There are two methods for replicating data across sites,” explains Melnick. “One method is to tightly couple redundant servers across high speed/low latency links, to provide zero data-loss and zero downtime.” The other, he says, is to loosely couple redundant servers over medium speed/higher latency/greater distance lines. “This provides a disaster recovery capability where a remote server can be restarted with a copy of the application database missing only the last few updates. In the latter case, asynchronous data replication maintains a backup copy of the database.”

Where to Cut Costs

Use virtualization technologies. These are cheaper to use technologies that often maximize bandwidth, and make data accessible from any device anywhere. “Well planned virtualization as a disaster recovery strategy significantly reduces, or in some cases eliminates, the need for secondary hardware, creating a many to one relationship,” says IHETS’ systems security engineer, Brandon Beale. “Capital cost savings can be substantial.”

Guard against an under/over vendor purchase. Do your homework. Many vendors use the same terms but mean very different things. Make sure you know what you are buying and how it fits your actual needs. “For example, if you plan for a 24-hour recovery time objective (RTO), but your application and business needs require a four-hour RTO, then your plan – at any cost – will not be successful in meeting your requirements,” says Jim Grogan, senior director at SunGard Availability Services. “Alternatively, if you develop the capability to recover in two hours, but your business processes really only needed 24-48 hour recovery, then you have likely invested in premier services that were not needed.”

Plan personnel to prevent staff shortages and payroll overages. Identify a core group of key employees as “first responders.” Make sure you have enough people to schedule relief after reasonable work periods and to prevent as much overtime and human exhaustion as possible.

Additionally, plan for reserve employees as backup for key employees who may be hurt in the disaster or otherwise unavailable for duty. A common mistake is to identify key personnel initially but not to appoint a replacement if one or more of those individuals leave the company. The time of disaster is not the time to discover necessary staff is not in place or that sufficient training was never done. “Without the structure of an existing plan that has been validated in both practice and in meeting the business requirements, an ad hoc response can make matters worse rather than advancing any recovery effort,” says Grogan.

Ineffectiveness costs far more in the end than whatever you think you saved in the beginning.

“If a DR program is not effective, then any investment of time and resources become wasted investments,” says Grogan.

Related Information From Dell.com: Create a Network Roadmap.

In fact, a misstep in cloud use can totally train wreck your DR efforts. So, when is it wise not to use the cloud in DR? We asked three top experts to give you their tips.

Andi Mann, vice president of product marketing at CA Technologies, an IT management software and solutions company that serves Fortune 500 companies: A few scenarios come to mind. For one, workloads that have large data volumes may be difficult to recover to a cloud, especially an external or public cloud. The need to transfer big data volumes can simply make external recovery impractical, if not impossible. Local or private cloud recovery will not always have the same issues, but even across a high-speed WAN, inter-data center recovery may still take too long to be useful.

Workloads that have strict compliance requirements may not be appropriate for cloud recovery either, depending on your cloud destination. If you are recovering a customer payment application to a public cloud, for example, you may not be able to maintain PCI-DSS compliance; if you are recovering a health care patient data application, you may not be able to maintain HIPAA compliance. This may force internal or private cloud recovery, but you may be able to work with an external provider to ensure compliance.

Workloads that depend on specific hardware – like industrial equipment, barcode scanners, or graphics chips (e.g. for design applications) – may also pose significant challenges. Mostly, such hardware requires a local hard connection or specific device support, and cloud systems depend substantially on hardware independence. These types of workload may therefore require a specific and dedicated selection of hardware for failover and recovery purposes, which makes cloud DR more difficult, though not necessarily impossible.

Lawrence Guillory, CEO of Racemi, a provider of rapid imaging and cloud migration solutions: Core business data, for now, is not something you want residing outside of your business. We believe you should first use the compute power for all of the different use cases where public clouds make sense, and until you have the processes and security well accepted and the risk well mitigated, you should not consider allowing core business data to leave your own IT services.

And even then, we believe it should likely remain on-premises where you can maintain 100% responsibility for the security of your core business data.

Michael Miora, president and founder of security and disaster recovery consultancy firm, ContingenZ Corporation, author and a professor at Norwich University’s Masters of Science in Information Assurance and Masters of Science in Business Continuity programs: If you are an organization with multiple and geographically dispersed locations, and have sufficient storage at each location so that you can replicate all the information in multiple places, then your best option may be to store data in multiple at your own locations. This way, you stay in complete control.

Related Information From Dell.com: Dell and Cloud Computing.

Consumer electronics and computer vendors used the Consumer Electronics Show this past January to launch USB 3.0, an update to the popular standard external data transfer interface. The new speed of USB 3.0 generated a lot of interest.

The Universal Serial Bus (USB) has done wonders for creating a standard interface on PCs. Prior to the USB port, PCs were a mishmash of various proprietary ports, often single-vendor efforts. There was no effective means for transferring files between two PCs. If you’ve been around PCs long enough, you remember LapLink, for transferring files between two PCs, a popular application that relied on proprietary software and a thick cable connected to the serial port.

USB freed us from proprietary solutions, proprietary software, and perhaps best of all, bent pins. Ever bend a pin when plugging in a PS/2 mouse or keyboard? It’s a recipe for a bad hardware day.

The USB standard has had long lags between revisions but made up for it with quantum leaps in speed. The first version shipped in 1996, and featured a data rate of 12 Mbits per second. USB 2.0, released in April 2000, specified 480 Mbit/s, a forty-fold increase over the 1.0 specification.

USB 3.0, also known as SuperSpeed USB, has throughput of up to 5 gigabits per second. That’s even faster than the 3Gb/sec of SATA hard drives and 1Gb/sec. of high-end networking in the home. There’s 10Gb Ethernet, which has no mass market use, and is meaningful only in data centers – not on an enterprise laptop. So unless you have one of those new 6Gb SATA drives, you won’t max the speed of a USB 3.0 cable.

As a more direct comparison, it would take 14 minutes to transfer 25GB of data over USB 2.0, but just four minutes with USB SuperSpeed.

USB is standard on every PC that ships these days. Even though yours has USB 2.0 built-in, add-in cards support USB 3.0, and there are PC Card cards for laptops as well. You can buy a PCI card with two ports for as little as $39, and a host of external drives and case enclosures. If you’re into building systems, there are also motherboards with USB 3.0 as well.

External storage in particular has embraced USB 3.0 because the new hardware standard finally allows for external drives that can operate at a speed comparable to internal drives. A USB 3.0 drive wouldn’t  require an external power supply, drawing power for the drive through the USB cable. Old external drives using USB 2.0 usually required an external power supply; in some cases, they used two USB 2.0 ports at the same time to get the power and throughput they needed.

USB 2.0 was such a bottleneck that a stopgap was introduced called eSATA, which allowed for external drives that used a SATA hard drive interface. Well, USB 3.0 pretty much that out to pasture.

What’s New?

The USB Implementers Forum, which coordinated development of the spec, used the same physical plug with both USB 1.0 and USB 2.0, so it was possible to plug a 1.0 device into a 2.0 port, or a 2.0 device into a 1.0 port. In the case of the latter, the USB 2.0 device simply ran at 1.0 speed.

But with USB 3.0, even though the plug looks the same, the cable has extra wires. Because of this, it will not work in a 2.0 port. The edge of a USB 3.0 plug is colored blue so you know it’s a 3.0. The USB 3.0 cable has nine wires, compared with the five in a USB 2.0 cable, even though it’s the same thickness.

Likewise, the end of the cable that connects to a USB device, such as a printer or external drive, is also different from the old USB 2.0 connector. Because of this, you can’t use USB 3.0 cables to connect USB 2.0 devices. Also, if your drive, scanner, printer, camera, or whatever is a USB 3.0 device, then you must use a 3.0 cable.

On the plus side, you will be able to plug USB 3.0 devices and cables into the USB 2.0 ports on your current computer, but you won’t get the speed advantage.

With nine wires, USB 3.0 has two additional lanes of traffic for data, and the traffic can flow bi-directionally. USB 2.0 can only do single-direction transfers. If a device and computer were to send data back and forth, the two devices had to take turns exchanging data.

Also, USB 3.0 supports asynchronous transfers between devices. In USB 2.0, the host controller had to ask for data and then the device sent it. Imagine you want a book from someone. The USB 2.0 way would require you to ask for the book’s contents one page at a time, and would request each page one after the other. The USB 3.0 way simply hands you the book.

Power to the USB

USB 3.0 SuperSpeed has a higher power draw. A USB 3.0 device can get up to 50% more power through the port than through 2.0. This permits powering much more powerful devices instead of just little thumb drives or small digital cameras.

But another big change in USB 3.0 is very important: They ended a feature in 2.0 called polling. When a USB device is plugged into the port, the computer keeps polling the port. This keeps the device and computer from going into low power states and drains the battery at a faster rate. That’s not big deal on a desktop, but on a laptop it matters.

At one time or another you probably used a notebook running on battery power, then plugged in a USB device and left it there. Next thing you knew, the battery was at 20%. That’s because the computer kept polling the USB device, sucking up its battery power.

USB 3.0 will be interrupt-driven, so if nothing is happening with the device, the machine doesn’t poll it. If you are working on a Word document, it won’t poll the device until you actually read or write to disk. This will allow the CPU to go into a low power state and thus preserve battery life.

Your Move, Intel

Intel is a member of the USB working group but has been rather quiet about USB 3.0. In late 2009, Nvidia (no friend of Intel), told anyone who would listen that Intel would not put USB 3.0 support in its chipsets until 2011, and Intel chipsets are dominant in the x86 market (unless you go for AMD).

Later, that rumored delay date was pushed out to 2012. The motherboards and add-in cards you see now with USB 3.0 use chipsets from NEC, and other vendors are reported to be so frustrated with Intel’s foot dragging that they may do their own.

So why would Intel sabotage an industry effort in which it participates? Most likely because it has its own solution in the works, called Light Peak. Intel first showed it at the Intel Developer Forum (IDF) in September 2009 and gave an update in June of this year.

Light Peak is a fiber optic wire connection. It uses the same size connector as USB but the wires are thinner than a shoe lace, as opposed to the rope-like thickness of USB. But much more important: Light Peak can transmit data up to 50 meters. USB tops out at five meters, and that’s pushing it.

The other plus of Light Peak is its speed. It can transmit 10Gb of data per second bidirectionally, twice that of USB 3.0. At the June update, Intel showed it running on a laptop computer, streaming high-definition video while transferring multiple gigabytes of files at the same time.

Would Intel favor Light Peak over USB 3.0? Why not? It has a technically superior product that could easily be used inside computers as an alternative to the much slower SATA as well as external connectors, and Intel would get all of the royalties instead of sharing them with a consortium.

They aren’t hurting the industry by not producing a USB 3.0 chip, just inconveniencing it. Other vendors are making USB 3.0 chips, after all. And USB 2.0 is so entrenched it will take a while for mainstream support to come about.

Windows 7 does not have USB 3.0 support in it yet. There are rumors Microsoft will add native USB 3.0 to the first Service Pack for Windows 7. Currently, the USB 3.0 support requires drivers from the chipset maker, but Microsoft will reportedly make it native with SP1. The beta still has not been announced as of this writing, so at this point it’s all conjecture.

The future is going to be much faster. Which road we take is not entirely clear. It all depends on what Intel chooses to support. As a major supplier of chipsets, the direction it takes could be make or break, or at the very least a headache for one side.

Related Information From Dell.com: Create a Network Roadmap.

Most enterprises use server virtualization because an organization’s most critical resources are usually server based. “Critical business services, customer-facing applications, partner-oriented systems and data, etc. are all housed on servers, for the most part, so ensuring these are highly available is usually a top priority from a risk management and mitigation standpoint,” says Dave Shackleford, a security and virtualization consultant and a 2010 VMware vExpert.

But desktop virtualization is also useful, and the two kinds of virtualization often work better together than apart.

“Now more organizations are starting to leverage desktop virtualization to minimize standalone workstation costs and management overhead,” adds Shackleford. “For organizations with largely autonomous users who store important data on local desktops, the use of desktop virtualization can be a cost-effective way to improve centralized backup and accessibility of their data, which would need to be available in a disaster scenario as well.”

That is not to say that companies are rushing to deploy desktop virtualization. “As most larger enterprises discourage local workstation storage today, this is a somewhat slower area to emerge,” explains Shackleford.

There is compelling reason to ditch desktop device reliance. Desktop devices are easily destroyed in disasters, information stored only on these devices can be lost or stolen, and information on desktops can be noncompliant with regulations or company policies and thus a cesspool of trouble for enterprises.

Being able to see, retrieve and manage client-side data is a darned smart and safe thing to do. “With a client/server model, the complexity for disaster recovery increases dramatically,” says Gregory L. Smith, senior product architect at DR powerhouse, SunGard Availability Services. “With the introduction of virtual desktops into the enterprise ecosystem, the client/server interaction can be recovered by IT with no client- side work needed.”

Microsoft Windows 7’s desktop virtualization “may be the bridge necessary to allow greater adoption of virtual desktops in the enterprise,” Smith says. Microsoft Enterprise Desktop Virtualization (MED-V) will allow Windows 7 to act as Windows 2000, Windows XP, or Windows Vista for specific applications. “The ability to deploy a universal desktop and move it with the server aspects of an environment may help dramatically reduce the complexity of recovery,” he says.

Certainly, desktop virtualization can substantially speed recovery times.

“For example, many companies have access to SunGard DR stations, but without desktop virtualization, the employees just have a computer to work on,” explains Mike Strohl, president of Entisys Solutions, a top-tier consultant and integrator of datacenter and desktop virtualization solutions. “With Windows 7 desktop virtualization, they will be up and running within minutes, using their personalized desktop and applications, in the same operating environment as they are accustomed to, from the SunGard, or whatever workstation they have chosen,” he says.

Companies have alternatives to Windows 7 for desktop virtualization. Products including VMware View and Citrix’s Xen Desktop provide a means for end user content and settings to be stored on a central device.

“I would expect that desktop virtualization delivered from an organization’s data centers will be a more popular choice than virtualization within Windows 7 itself,” says Martin Ingram, vice president of strategy at AppSense, a leading provider of user virtualization for the enterprise.

However it is achieved, desktop virtualization is increasing in popularity as an important part of the recovery strategy whereas server virtualization is considered a cornerstone in the DR effort. In most cases, using both will achieve the best results.

Related Information From Dell.com: A Smarter Path to Virtualization

Managing Bond was no picnic for the head of the Secret Service, “M,” who tried to enforce strict control and to communicate clear objectives, but Bond always got the job done—his way.  And he managed to stay employed through dozens of novels and movies (not to mention seven actors).

While today’s manager may not be willing to grant a mobile worker a license to kill, she still needs to clarify objectives, maintain channels of clear communications, and evaluate whether tasks were completed and deliverables obtained—holding  the worker accountable for the results.

In many ways, the mobile world parallels that of Bond. To accomplish the mission you need to pick the right people, give them the necessary tools, and let them use their best judgment and resources in the field. Then, evaluate the results in ways that don’t always fit neatly into a spreadsheet.

Bond is no longer an anomaly.  By next year almost three-quarters of the U.S. workforce is anticipated to become mobile [pdf] in some fashion, says IDC, along with one-third of the world’s workforce.

So how would the tactics of Bond’s “manager,” M, translate into getting a mission accomplished and holding her rogue agent accountable in today’s remote workplace?  We can focus on three main areas:

• Setting clear objectives
• Providing the necessary resources
• Granting trust and autonomy (with verification)

Set Clear Objectives

A major aspect of getting positive results from your mobile workers is setting expectations realistically and communicating them clearly when you seek accountability. Coaches Roger Connors and Tom Smith, authors of the bestselling books The Oz Principle and How Did That Happen talk about an accountability paradox: the more you enforce standards of accountability, the less accountable and more resistant employees become.

Connors and Smith emphasize the need to keep expectations consistent and aligned with organizational goals, make sure they are achievable, clearly communicated, and then they can be measured and evaluated. That’s true for all employees, but especially so for remote workers and telecommuters.

The following areas need to be clearly defined:

• Tasks and behavioral objectives
• Metrics for completion of tasks/success
• Specific deliverables and deadlines

The coaches stress that managers should “Never play the blame game. It’s not productive and will only give everyone else in your organization permission to waste time and energy on something that yields no results. Remember, what you create accountability for is what you get.”

Provide Resources

In the Cisco report, Understanding and Managing the Mobile Workforce (PDF), Stuart Duff (occupational psychologist at Pearn Kandola) wrote, “Managers must not fall into the trap of treating mobile workers in the same way as office-based employees. They need to be effective communicators and relationship builders with an adaptive management style that they can tailor to the personalities within their team. Organizations must also ensure that the right tools and resources are made available to mobile workers, giving them the same connectivity as office-based workers.”

The study emphasizes the need to provide mobile teams with the communications technology they need to reduce a feeling of isolation. In Bond’s case, Q the gadget man anticipated this aspect of remote activity, although Bond would frequently shed the device de jour and act autonomously to save the day—as you may recall Bond tended to have female companionship to reduce his feeling of isolation.

Peter Linkow, president of WFD Consulting, advises creating a three-part support network for work support, career support, and psychosocial support for remote workers. Work support is normal management supervision, while career support is essential to make mobile workers feel like part of their organization and not “invisible” to the home office.  Psychosocial support involves “acceptance and confirmation” of their efforts.

Linkow is also an advocate of regularly scheduled communications — but without micromanagement­­ — focusing on results and not methods.  He says that effective managers are religious about maintaining consistent connections and “being open with feedback and coaching.”

Grant Trust and Autonomy (with Verification)

In his whitepaper, The Top Ten Strategies for Managers of Mobile Workers: Surviving and Thriving in the Emerging Mobile Workforce, Terrence Gargiulo goes through the following methods managers can use to ensure that deliverables and deadlines are met:

1.              Focus on building relationships

2.              Streamline communications

3.              Incorporate less didactic forms of communications

4.              Spend more time listening

5.              Let mobile workers define communication and reporting practices they want to follow

6.              Manage deliverables not activities

7.              Engage in more frequent and informal performance management activities

8.              Give complete trust until given a concrete behavioral reason to do otherwise

9.              Use adaptive management styles tailored to individual workers

10.           Leverage technology

Gargiulo’s strategies emphasize the need for managers to be systematic in their communications and open to feedback from workers as to the means by which they communicate. Managers should implement a communications plan that has buy-in from all participants, calls for specific interaction at regular intervals, and is re-evaluated periodically, so that milestones and issues can be effectively tracked. Gargiulo suggests that to ensure accountability the manager “treat these employee-defined practices as privileges that can and will be modified if key performance metrics are not hit.”  Managers should also let workers know that projects occasionally “require less flexible, employee-driven communication and reporting practices.”

A communications plan that supports accountability might include regular e-mail, IM, an online status conference, memorandums, customer surveys that evaluate performance, or even social tools like blogs and private networks. Creative techniques using anecdotes, stories, videos and other less structured forms of communication can keep a manager in the loop and also provide remote workers with a sense of freedom and participation.

Gargiulo contends that these strategies allow managers to maintain a sense of authority, while also freeing up their own schedules. That lets the manager concentrate more on planning and strategic initiatives, something that Bond’s boss, M, would certainly appreciate, giving her time for lunch with the Queen.

The Digital Nomads blog has a wealth of information on increasing productivity by mobile workers.  Steve Litchfield wrote, “Make sure targets are set each day/each week for your nomadic staff. As with any employees, they need to know that ‘you’re on their back.’ Not necessarily in a heavy handed way, but with enough sense of communicated urgency that the priorities filter down into their hourly activities. There has to be some sense of guilt when a nomad veers too far in the ‘email/coffee/Bejewelled’ direction. And, of course, targets needed to be daily/weekly checked, discussed and revised.”

In his book, Keeping Employees Accountable for Results, Quick Tips for Busy Managers, Brian Cole Miller presents a six-part plan for effectively getting employees to conform to business policies. He calls it “SIMPLE”:

• Set Expectations: clearly documented
• Invite Commitment: buy in to benefits personally and for organization
• Measure Results: make them quantifiable
• Provide Feedback: share your own information
• Link to Consequences: not blame or punishment but guidelines and (re)focus
• Evaluate Effectiveness: hold yourself accountable along with the team

No matter what the technology may be for deploying and monitoring such behavioral strategies, they are the basic concepts to follow for holding workers accountable for meeting the manager’s expectations and ultimately achieving the organizations objectives.

If you have an operator like Bond on your team, of course these behavioral strategies may need to be modified to account for games of Baccarat, car chases through Monte Carlo or skydiving in the Alps; but for the ordinary sales or service remote worker, Miller’s concepts can foster conformity to procedures and ultimately accountability.

Learn from Social Media

Social media did not exist at the time of James Bond but it has a lot to teach us about giving employees incentives to embrace corporate objectives and building relationships that foster accountability.

One of the best examples from the world of social media is Blue Shirt Nation, an internal social network developed by two marketing gurus at Best Buy, as a way to research issues of customer service. As Gary Koelling and Steve Bendt interviewed employees, they discovered an unanticipated eagerness to participate and share information that eventually grew into a worldwide social network – in which Best Buy employees freely and actively improved the level of service.

This only happened because savvy upper level managers recognized what the marketing folks were doing. They invested in the network both financially and emotionally, and more importantly listened to the workers’ concerns and ideas, making sure that their input was put into practice.

Managers of remote workers can learn a great deal from how a vibrant social network works and connects people, and they need to do so because the Internet is their lifeline of communication. Of course, implementing clearly defined social media policies is a fundamental part of any such strategy, so that remote workers clearly understand what they can and cannot post online.

Today’s remote worker has plenty of tools with which to communicate with the main office, but how she fulfills her responsibilities still comes down to managing behavior and not just handling technology.  While Bond gave his manager (and audience) many anxious moments about whether he would succeed in his mission, M’s confidence in her rogue agent—how he would perform outside her immediate range of control—came down to handling him correctly.

With respect to road warriors or telecommuters equipped with a company laptop or PDA, successful management means defining expectations clearly, giving them the support and resources they need both technically and emotionally, and finally giving them a trust-but-verify sense of autonomy with which to perform their tasks.

Related Information From Dell.com: Dell and Cloud Computing.

Why would you want to run Linux on the desktop? The largest driver is cost, with secondary motivators including Linux application support and developer needs. Users now have increased Linux exposure, with implementations on netbooks, notebooks, and desktop systems. Younger users are more likely to be familiar with Linux.

The Linux operating system often costs nothing and is available as a re-distributable download. Some Linux distributors charge for media, proprietary drivers and software, and organizational user support above Linux community online forums, which are often specific to the distributor and Linux version release.

An application called a desktop hypervisor is needed to run Linux concurrently with Windows 7. Microsoft provides a desktop hypervisor called Windows Virtual PC 7 that’s designed for running Windows XP XP3 on Windows 7, but it can be used for minimally functional concurrent Linux hosting. The only interaction you’ll get between Windows 7 and any Linux version using VPC7 is at the file level. It’s not recommended for a useful Linux sampling.

Other vendor’s desktop hypervisors are available with a higher degree of feature support for Linux. The base prices range for slightly stronger Linux support found in Oracle’s free VirtualBox, through Parallels Desktop 4 at $79.99 that has a very high, almost transparent integration between many Linux guests and Windows 7.

Organizational Deployment Considerations

As with any guest operating system, management/administrative overhead increases for each user of the guest OS. Each user has two operating systems that IT needs to support, the Windows host OS and the Linux guest. Additional costs include malware and anti-virus costs for the guest OS, and organizational training and application support/licensing costs for guest OS applications and use, although base costs for Linux applications is often free.

Each guest OS used represents a newly supported instance, and therefore, costs associated with inventory, application licensing tracking, problem remediation/helpdesk costs, and lifecycle considerations—as well as compliance, audit, and systems security.

Sampling

Ubuntu and Novell SUSE Linux Enterprise Desktop are strong choices for enterprise desktop Linux deployments. Both have customer support communities and paid support. Both products are free to license. (Although Novell charges for some proprietary software pieces, there is a free version). Both are full-featured releases that can be installed in normal or minimized-footprint forms.

The PC needs room for the guest OS. In a 4GB-based system, at least 1GB of memory and 20GB of hard disk set-aside space should be allocated for each user machine. The guest OS will be compatible with most Windows 7-based hardware components and network connections—if the hardware is up-to-date. Certain features, such as Bluetooth, wireless cellular, and USB connections can be directly allocated to either Windows 7, or the guest OS. Here, the weakness of integration in VPC7 shows, as it’s unable to give Linux guests advanced sound features, Firewire, and a list of other peripherals to Linux. By contrast, desktop hypervisors from Oracle, VMWare, and Parallels give most peripherals automatic (or by selection, exclusive) access to most all peripherals. It’s advisable to check if specific printer, webcam, cellular modem, and other connected peripherals will be able to be linked to the Linux version you select; they’ll need Linux driver support. Most popular peripherals (but not all) have Linux drivers available. Your PC hardware vendor is the best source for peripheral driver compatibility.

Installation of Linux isn’t easy under VPC7, requiring advanced installation steps and preparation. By contrast, Parallels Desktop 4 for Windows and Linux is an example of a desktop hypervisor application that’s less difficult with Linux than Microsoft’s VPC7. It knows both Ubuntu and SUSE by name and can install the web distributed versions simply, although customizations for both are available to add-in organizational software selections as well as corporate logos and links if desired.

PD4WL integrates Linux  into the Windows 7 GUI in a method that Parallels calls “Coherence.” Coherence allows the Windows 7 user interface to show and run Linux applications as though they were native Windows 7 applications, although the behavior of the Linux apps won’t completely match the behavior of Windows applications for users. The PD4WL also allows the guest operating systems to be distributed to users for easy installation.

VMware Workstation 7.1 is similar to Parallels Desktop, allowing users to intermingle Windows 7 UI features like Aqua as well as Flip 3D when using Linux programs. The experience for both desktop hypervisors is far more seamless than the distancing found in Windows Virtual PC as VMWare Workstation 7.1 supports Windows UI-Linux UI integration as well as user-selectable peripheral integration.

Finally, Oracle, through its acquisition of Sun, offers VirtualBox, which has the current benefit of being free, while running largely the same guest operating systems choices as Parallels and VMware. While not as feature-filled as Parallels and VMware, VirtualBox works solidly, and Oracle continues to support its use and development. Oracle also offers paid support for VirtualBox, as well as free support on the VirtualBox community forums.

Security and Administrative Policy

Each instance of a guest operating system must be protected separately from its host operating system. If the guest OS is unprotected, it represents a hole in security and manageability. While many Linux versions, including Ubuntu and SUSE Desktop, are compatible with Active Directory Services, these Linux guests must be configured to adhere to organizational security; default settings won’t work. Indeed, if a network is secured through Microsoft’s IPSec VPN protocol, the use of Linux editions requires a slight lowering of overall Active Directory security, or the introduction of third-party tools to allow Linux to adapt to Microsoft’s IPSec requirements. This will change as the Linux-Active Directory adaptation software, SAMBA, releases its new version this year.

Additional Microsoft security protocols, such as network admittance controls (NAC), have to be modified through the use of third party tools to allow Linux operating systems to be admitted to the Microsoft Active Directory where NAC is implemented.

Patches and fixes for Linux guests can be administered automatically where permitted by the Linux guest operating system. Ubuntu and SUSE Desktop both have this feature enabled by default. The network traffic generated, however, can trip Intruder Detection/Prevention software, as the sites where updates are found are occasionally black/grey-listed by these security applications.

Enabling Positive Experiences

Planned rollouts of Linux require planning to standardize the initial experience, training, helpdesk and support, provisioning, and application payloads. IT managers should consider a shakedown period.

The initial experience of users requires training and provisioning of things like organizational logos on desktop wallpaper files, icons representing website or application destinations Consistent experience reduces support calls. Nothing, of course, replaces initial training and self-support links to which users can refer to help themselves.

Helpdesk workers need to be trained on Linux support. They aren’t likely to understand Linux foibles. Help desk personnel need training to prevent their call centers from lighting up like the Fourth of July during a Linux rollout.

Part of the success of Linux has been a diversity of free sources of software for users. Limiting initial application choices (by policy, and even controlling outbound access) also confines support for the applications—usually office automation tools. Great initial choices include Oracle’s OpenOffice for word processing, spreadsheet, presentation graphics, database, and math equation editor. Online apps like Google Docs might prove sufficient. Training for both is recommended where budgets aren’t as dry as the Sahara.

Online applications—cloud apps—may not be suitable for organizational Linux users until the application providers have been vetted according to organizational policies regarding security and audit. Further information regarding security, compliance, and audit procedures can be found at ISACA, which has regional chapters devoted to IT and organizational compliance issues.

Once you vet application loads and distribution prototypes, you should roll out Linux in stages, so the tech support infrastructure isn’t swamped with queries.  Depending on the desktop hypervisor chosen to host Linux, users may be able to download and import Linux into their systems easily and simply. But you need to  understand and test variants of hardware. There’s nothing like testing to prevent surprises.

Initial rollout usually includes training, but resources such as user how-tos, and YouTube videos can help users enable themselves.

Planning a rollout of Linux guest operating system instances isn’t difficult, but there are decided costs involved in training, support, compliance and audits. You might be happy with Microsoft’s Windows Virtual PC 7 support, but there are competing products that offer specific and higher-level integration between Windows 7, the hardware that you’ve bought, and Linux applications. These range in licensing cost between free and $80/user, depending on features and your negotiating skills. The payoff may be a more successful rollout with lowered costs.

Related Information From Dell.com: Get Beyond the Status Quo.

Best Buy, for example, uses WordPress to allow store managers to independently manage the sites for their own stores. Take a look at what Best Buy has going on at a microsite for its store in Fairless Hills, PA. These localized sites are managed within a multisite framework that allows for centralized control, meaning that a “super administrator” controls what options, templates, and plugins are available to those local store administrators.

Eric Fliegelman, General Manager of the Pennsylvania store, says the ability to post local content has paid off. “It’s a good way to get information out to customers, and it’s made me more accessible to the customers by having my picture, my cell phone number, and my email on the website,” he says.

Fliegelman’s staff updates the site at least once a week, posting things like holiday hours and specials, and availability of individual open box items for sale at a discount. “That keeps people coming back,” he says. And it’s easy to keep the site current because the site is easy to update.

Although multisite configurations are a little more complicated than single site ones, it’s still the simplicity of the system from a user standpoint that’s the major appeal.

This multisite capability used to be only available from a fork of the WordPress codebase called WordPressMU (for multi-user), but WordPress 3.0 merges it with the core system. So now multisite is just another capability you can turn on if you need it, or ignore if you don’t. The new release also supports custom post types, so that you can go beyond the built-in “page” and “post” content types to create your own hierarchies for events, real estate listings, or any arbitrary content category.

If you’re wondering whether the core system meets your enterprise requirements, that depends on what you want to do with it.

Consultant Richard Knudson, a specialist in Microsoft technologies, has a good blog post comparing WordPress to SharePoint, but ultimately coming to the conclusion that the comparison is beside the point for most IT managers. That is, yes, WordPress is a better blogging tool than the one included in SharePoint, so if your goal is to field a bunch of blogs, WordPress is your choice. On the other hand, if you’re looking at blogging as one component of a larger collaboration and content management strategy and you have any significant investment in Windows technologies like Active Directory and Exchange, SharePoint is your answer. That would be particularly true if you’re talking about some sort of internal web collaboration project that might involve giving employees their own blogs.

However, if you’re more focused on streamlining content publishing to the world at large than you are with maintaining an all Windows-centric architecture, WordPress can be a fit. And you can achieve some level of enterprise network integration with WordPress using plugins that connect to Active Directory or LDAP authentication.

WordPress is backed by Automattic, the company founded by WordPress project founder Matt Mullenweg. Automattic runs WordPress.com (where it hosts entry-level blogs for free) and employs many of the core developers for WordPress software, which is available as a free download from WordPress.org. If you want professional support for your WordPress installation, Automattic will sell you a VIP Support package, and it also offers a directory of consultants with WordPress expertise. But part of the point of going with a popular open source tool like WordPress is to tap into the pool of free community resources that surrounds it.

Automattic says it doesn’t consider WordPress to be in competition with the likes of SharePoint, period. However, it does offer some add-ons like the P2 theme for enhancing the collaboration and discussion capabilities of WordPress sites. That’s one of the tools Automattic created for internal collaboration with a geographically dispersed development team.

Microsoft has enough respect for WordPress’s charms that it is promoting the advantages of running WordPress on Windows and supporting a project to make the software run on SQL Server (by default, WordPress works with MySQL).

The more frequently cited head-to-head comparison is between WordPress and Drupal, another open source content management system with a fanatical following. The big contrast between the two is that Drupal was from the beginning designed for maximum flexibility to manage any sort of content, meaning it can be configured many different ways. Fans cite that as a virtue, while critics say the complexity can get in the way of doing simple things. (Also see Replacing SharePoint with Open Source CMSs.)

In contrast, WordPress developers for many years resisted demands to generalize the system, instead staying focused on getting the core blogging and web publishing functionality right. As a result, the default configuration is a very usable basic content publishing system that you can build upon with free, commercial, and custom plugins and themes to provide whatever additional functionality and styling you require.

In WordPress, a plugin is just a PHP script with some identifying comments in its header that you place in a designated plugins directory and activate through the administrator’s control panel. The WordPress API allows you to invoke custom functions whenever the system initializes, a page loads, or a specific piece of placeholder text occurs within a document. So if you have (or hire) PHP developers, they can add just about any desired behavior to your WordPress installation. For example, you could have a plugin that calls out to an external database or data feed and graphs the results, placing them wherever a placeholder “shortcode” like [saleschart] appears in a post or page.

So you can stretch WordPress to do almost anything. That doesn’t mean it’s the right tool for every job, but it can be a good tool for many of them.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

Interviewing candidates for network administrators is a bit like opening up the door to a herd of Chihuahuas. Sit them down and start talking and all you hear is Yip! Novell? Yip! VPN services? Yip! MCSE? Yip! CCNA? Yip! Yip!

IT managers need to bring on the best talent to run their networks; the company’s infrastructure relies on productive, capable staff. How do you cut through all the Yipping? What questions do you ask to find that stately Shepherd amidst the dog pack?

Whether you are a technical hands-on manager or a business-centric CIO doing that final “check for a fit with the company” job interview, the questions you ask a network admin candidate should check on seven aspects of what makes a good employee: Knowledge, Tinkering, Honesty, Ethics, Community, Discretion, and the all important Sanity Check. We asked network specialists to share their favorite questions (and best answers) to help you eliminate those annoying Yippies.

Knowledge Check: What is a TCP Three-Way Handshake?

Let’s go right for the jugular. By now, you’ve asked a few questions, sniffed through the resume looking for fudged qualifications, determined a level of expertise, and found out how many years she has spent using the technologies on which your organization relies. But do you know what your candidate really knows? Asking a simple question rather than a tough one can be revealing.

Only 5-10% of IT professionals have very strong technical skills, says Robert Brockway, a system and network administrator at a software development company based in Toronto. “I would rather ask them, ‘Describe a three-way handshake.’ That is really an introductory question for a network administrator.”

“Maybe one in 10 people get it right,” he says, “And sometimes these [candidates] are for senior positions.” If someone gets the answer right, Brockway can ask harder questions. “But more often than not, they get that question wrong, and that troubles me,” he says.

The right answer? SYN SYN/ACK ACK. The candidate can go into more detail, Brockway adds, but if the interviewee says that phrase, he gives them high marks. “When you are diagnosing network problems you have to understand the network or you don’t know what you are looking at,” Brockway says.

Tinkerer Check: What is Your Home Network Like?

A good employee manages his own mindset. He has to do what is necessary to keep that elan for the work. A true love of technology helps, especially on the days when you have to slog through one too many worst-case scenarios.

“We’re looking for someone who can bring enthusiasm and curiosity to the office. What we’re looking for the most is someone who has a tinkerer’s mentality. Someone who wants to try out things at home, because they can’t get enough of the technology at work,” says Scott Sherrill, senior systems engineer for the Regional Educational Media Center, a Michigan nonprofit that provides desktop, network, and ISP support for K-12 schools, libraries, and other local agencies.

Perhaps the job candidate is using a wireless server for the family or maybe just trying out cutting-edge technology to see how it goes. Maybe she’s turned an old laptop into a picture frame. Any of those technologies are okay. It’s not necessarily one specific technology that you should look for. It’s more the mindset, says Sherrill.

Of course, this is not to negate a person who has a healthy balance of home life and work; you also want people who don’t invest too much time into their home operation.

However, the answers you get to this question can provide more character insight than the candidate realizes.

“We had a candidate who went on and on about all the pirated software that he had, so right away we had the opportunity to ask: Is this the type of character we want in our organization? He was trying to score points by describing how big his network was and that sort of thing. That this person admitted to something like this in an interview means he is probably not going to be good for us,” says Sherrill.

Honesty Check: What was the Worst Mistake You’ve Made as a Network Administrator?

All thieving aside, a good check of a person’s honesty is finding how easily he will lie to make himself look good.

“I look for a willingness to admit your own faults. Everybody makes mistakes. The key aspect of a mistake is to learn from that mistake. If you’re not willing to say, ‘Here’s what went wrong, here’s what I did,’ then you are never going to learn from what you did,” says David Nolan, a senior network engineer for a midsized global company in the Pittsburgh area. “It’s not about who’s to blame. It’s about how do we avoid this in the future, how do we improve the process, how do we make this better.”

Nolan also presents a list of technologies that his company uses asks the candidate which ones she knows. “If I list 20 technologies and you claim to be experienced with all of them, I’m going to be worried,” says Nolan.

Weeding out the hands-off managers is also key. While the above question is a good indicator, so is asking a candidate to give a detailed description of a project she worked on, from high level to ground work. If the candidate can’t articulate a coherent project vision, you’ve found a superficial show dog whose resume is a waste of ink.

Discretion Check: What was the Worst/Strangest Network You’ve Managed?

In addition to checking whether your candidate can bark out a clear narrative that tells the story behind a beyond-bizarre network and how its oddities were resolved, by asking this question helps you find out if the job candidate will blurt out the secrets of his previous employer.

For example, the job candidate might explain a problem encountered on a network she managed – “how the guys at AT&T had exposed all this iPad stuff” and add, “I told them and told them and they didn’t listen to me.” At one level the candidate is explaining a technical issue. However, “You just told me who your client was, and you just told me what their problem was,” points out Terry Hamilton, president of IASSIST in Toronto. That’s a breach of trust, if not a security issue — and it does not bode well for the candidate’s trustworthiness.

“If someone had relayed that type of information who had worked in a financial institution, or somewhere similar, I would not want them to tell me the organization had (or even perhaps still has) a hole in their network, or had security problems, or had issues with data loss,” he says.

Ethics Check: Do You Belong to LOPSA, SAGE, or USENIX?

People with a code of ethics have given time and thought about the kind of person they want to be. They live according to a set of standards they have given themselves, and no one has asked them to do it. A code of ethics is often something you have to search for and adopt. The League of Professional System Administrators (LOPSA), USENIX (The Advanced Computing Systems Association), and the USENIX special interest group for system administrators known as SAGE all share a code of ethics.

“I always ask if people belong to [these organizations], and people rarely say Yes. It has been my experience that only a small percentage of the people have given any consideration to the ethics of what they are doing,” says Brockway.

“Consider how we use the Internet these days and everything we use it for. The network administrator can spy on your traffic and can do so without anyone knowing, because the network administrator has that privilege and has that knowledge. I’ve come to the conclusion that ethics is extremely important. And that’s one of the reasons why I’m a supporter of these organizations,” he says.

Community Check: Do You Belong to Any User Groups?

If your network administrator doesn’t know that answer to a problem, especially a time-sensitive one, how does he solve it? Does the candidate have a network of peers to turn to, either online or offline? How plugged in is he to technologies that are gaining speed or losing momentum? Who or what is his sources of research and information?

Belonging to a user group, says Brockway, shows that the candidate is interested in technology. “The people who are passionate about something are the best at the subject,” says Brockway.

Sanity Check: If You were a Kitchen Appliance, What Would You Be?

Wisdom, character, honor, integrity, your candidate can have it all. But if they are a whack-a-doodle all that becomes moot. A nut-bar hunt requires drastic measures—even shock and awe tactics. Granted, asking this may backfire and you can lose a good candidate, but you might just be better off without her if she can’t fetch an answer to this question.

There are clear warnings in people’s responses. Electric knives, garbage disposals, bread makers are all cause for alarm. But an interviewee may say he is an oven because he likes to be where the action (and heat) is, or the microwave because he is quick and convenient. Better yet, he might say he is the coffee maker, and as we all know, no office should be without one of those.

However, there is a method to this madness, says Damion Alexander, a system administrator for Bard College in Annandale-on-Hudson, NY.

In addition to checking whether the candidate has a sense of humor, he says, “I want to know if they can think on their feet. Since this question is rarely heard of (so far), it catches people off guard. This gives some measure of how they respond to a situation they’ve never seen or heard before.”

“I rarely measure time [in answering the question], but if they give up easily that doesn’t fare well.  If they give the name of an appliance and can’t come up with at least a basic reason why, then I would worry if they would just spew answers to customers and coworkers with no comprehension of why they were giving that answer,” Alexander says.

“I’ve actually had a CIO candidate refuse to answer the question. Since he had pondered for a while before that, everyone came to the conclusion that he would not do well when things hit the fan.”

The question also shows how a candidate views himself and how he operates, says Alexander.

“For example, we had two candidates for the same position give an answer of dish washer. The first ‘liked to throw everything in and make it clean.’ The second ‘liked to line everything up nice and neat, so that the water reaches every surface, etc.,’” says Alexander.

“The second response, and how he said it, caused some concern because it gave a sense that he preferred a degree of order that our environment just couldn’t provide. Compared to the first who seemed to accept some level of chaos.”

In the end you really have to go with your gut, he says.

What questions would you ask when interviewing a candidate for network administrator? Share your experiences in the comments.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

[Editor's note: Edited to change the "right answer" for the technical question.--Ed.]

Intel and AMD have done their best to differentiate the x86 architecture as much as possible while retaining compatibility between the two CPUs, but the differences between the two are growing. One key differentiator is hyperthreading; Intel does it, AMD does not.

Multicore and HyperThreading (referred to as “HT”) are not the same, but you can be suckered into believing they are, because hyperthreading looks like a core to Windows. My computer is a Core i7-860, a quad-core design with two threads per core. To Windows 7, I have eight cores.

Multicore CPUs were introduced as a solution to the fact that around a decade ago, processors hit a clock speed wall. The CPUs just were not getting any faster, and could not do so without extreme cooling. Unable to get to 4GHz, 5GHz, and beyond, AMD and Intel turned to dual core designs.

There’s two ways to look at computation: speed and parallelization. In some instances, such as tasks involving massive calculation, it makes sense to have an 8GHz core. The thing, is most business application uses don’t really need this. In fact, there are vendors arguing that the Xeon is overkill for many server tasks.

So the solution was multicore. AMD was the first consumer chip vendor to release a multicore chip in 2005 with the Athlon X2. Intel followed in 2006 with the Core 2 Duo. (The first non-embedded dual-core CPU was IBM’s Power 4 processor in 2001.) If a vendor’s CPU couldn’t improve performance with one 5GHz core, they could get there with two 2.5GHz cores.

To use a highway analogy, it’s the equivalent of going from a one-lane road to a two-lane road. Even if the two-lane road has a lower speed limit, more cars can travel to their destinations at any given time.

You may remember the days of symmetric multiprocessing (SMP), when computer systems had two physical CPUs on the motherboard. There’s no difference in execution between two single-core processors in an SMP configuration and a single dual-core CPU.

The difference, though, is that the dual-core CPU has much, much faster communication between the cores. That’s because they are on the same die and connected by a high-speed interconnections. In an SMP system, “communication” between the CPUs has to go out through the CPU socket, cross the motherboard, and go through the socket of the second CPU. So inter-CPU communication is considerably faster.

Intel first introduced HyperThreading with the Pentium IV processor in 2002 and that year’s model of Xeon processors. Intel dropped the technology when it introduced the Core architecture in 2004 and brought it back with the Nehalem generation in 2008. Intel remains firmly dedicated to HT and is even introducing it in its Atom processor, a tiny chip used in embedded systems and netbooks. As Tom’s Hardware found in tests, HyperThreading increased performance by 37%.

AMD has never embraced hyperthreading. In an interview with TechPulse 360, AMD’s director of business development Pat Patla and server product manager John Fruehe told the blog, “Real men use cores …  HyperThreading requires the core logic to maintain two pipelines: its normal pipeline and its hyperthreaded pipeline. A management overhead that doesn’t give you a clear throughput.”

With the June 2009 release of the six-core “Istanbul” line of Opteron processors, AMD introduced something called “HT Assist,” a technology to map the contents of the L3 caches. It reserves a 1MB portion of each CPU’s L3 cache to act as a directory that tracks the contents of all of the other CPU caches in the system. AMD believes this will reduce latency because it creates a map of cache data, as opposed to having to search every single cache for data. It’s not multithreading and shouldn’t be confused for it. It’s simply a means of making the server processor more efficient.

HyperThreading Deconstructed

HT is the technical process where two threads are executed on one processor core. To Windows, a core capable of executing two threads is seen as two processors, but it’s really not the same. A core is a physical unit you can see under a microscope. Threads are executed inside the core.

HT is like passing on the left on the highway. If a car ahead of you is going too slow, you pass it at your preferred speed. In HyperThreading, if a thread can’t finish immediately, it lets another run by it. But that’s a simplistic explanation.

Here’s how it works. The CPU has to constantly move data in and out of memory as it processes the code. The CPU’s cache attempts to alleviate this. Within each CPU core is the L1 cache, which usually is very small (32kb). Outside of the CPU core, right next to it on the chip, is the L2 cache. This is larger, usually between 256kb and 512kb. The next cache is the L3 cache, which is shared by all of the cores and is several megabytes in size. L3 caches were added with the advent of multicore computers. After all, it was easier and more efficient to keep data in the super fast memory of L3 cache than let it go out to memory.

The CPU executes one instruction at a time, according to its clock speed. Instructions  take a various amount of cycles; some can be done in one cycle, others may require a dozen. It’s all based on the complexity of the task. Cycles are measured  in nanoseconds.

Every CPU core has what’s called a pipeline. Think of pipelines as the stages in an assembly line, except here the process is the assembly of an application task. At some point, the pipeline may stall. It has to wait for data, or for another hardware component in the computer, whatever. We’re not talking about a hung application; this is a delay of a few milliseconds while data is fetched from RAM. Still, other threads have to wait in a non-hyperthreaded pipeline, so it looks like:

thread1— thread1— (delay)— thread1—- thread2— (delay)— thread2— thread3— thread3— thread3—

With hyperthreading, when the core’s execution pipeline stalls, the core begins to execute another program that’s waiting to run. Mind you, the first thread is not stopped. If it gets the data it wants, it resumes execution as well.

thread1— thread1— thread2— thread2— thread1— thread2— thread1— thread2— thread2—

The computer is not slowed by this; it simply doesn’t wait for one thread to complete before it starts executing a new one.

HT in Practice

There’s two ways HT comes into play. One is execution. A multithreaded computer boots much faster, since multiple libraries, services, and applications are loaded as fast as they can be read off the hard drive. You can start up several applications faster with a HT-equipped computer as well. That’s primarily done by Windows, which manages threads on its own. Windows 7 and Windows Server 2008 R2 were both written to better manage application execution, and both operating systems can see up to 256 cores/threads, more than we will see for a long time.

Of course, the same applies to cores. A quad-core processor is inherently faster than a dual core processor with HT, since full cores can do more than HT. However, benchmarks have found that for system loads, you don’t gain much after four cores (or two cores with two threads each). More cores and threads cannot compensate for other bottlenecks in your computer, like the hard drive.

Then there’s application hyperthreading, wherein an application is written to perform tasks in parallel. That requires programming skill; in addition, the latest compilers search for code that can be parallelized. Parallel processing has been around for years, but up until the last few years it remained an extremely esoteric process done by very few people (who commanded a pretty penny). The advent of multicore processors and the push by Intel and AMD to support multithreading is bringing parallel processing to the masses.

Intel has never, ever claimed that HT will double performance, because applications have to be written to take advantage of HT to make the most of it. Even there, HT is not a linear doubling. Intel puts the performance gain of HT at between 20% and 40% under ideal circumstances.

Threads can’t jump cores. Because threads are hardwired to the core,  chip vendors can’t put too many threads per core or they slow the core down. That’s why Intel has just two per core.

Multithreading does not add genuine parallelism to the processing structure because it’s not executing two threads at once. Basically it’s letting whichever thread is ready to go run first. Under certain loads, it can make the processing pipeline more efficient and to push multiple threads of execution through the processor a little faster.

So while multithreading is good for system level processing — loading applications and code, executing code, etc. — application-level multithreading is another matter. Multithreading is useless for single-threaded applications and can even degrade performance in certain circumstances.

AMD takes great delight in pointing this out. On a blog entry, “It’s all about cores,” the company points out examples from software vendors against HT.

• A consultant who deals with Cognos, business intelligence software owned by IBM,  recommends disabling HyperThreading because it “frequently degrades performance and proves unstable.”

• Microsoft recommends turning off HyperThreading when running PeopleSoft applications because “our lab testing has shown little or no improvement.”

• A Microsoft TechNet article recommends disabling HT for production Microsoft Exchange servers and says it should “only [be] enabled if absolutely necessary as a temporary measure to increase CPU capacity until additional hardware can be obtained.”

Why? Because these applications have not been optimized for multithreading, for starters. And, since two threads are sharing the same circuitry in the processor, there is the odd chance for cache overwrites and data collision. Even with Windows Server 2008′s multithreading management, it can’t fully control what the processor does.

It should be noted that these are exceptions and not the rule. Hypervisors, the software layer that manages a virtualized server, are HT-aware and make full use of the threads. HT provides the virtual machines with more execution scenarios than if HT was disabled, because the CPUs might otherwise be viewed as busy.

Applications that need lots of I/O – network and disk I/O in particular – can benefit from splitting operations into multiple threads in a HT system. By splitting tasks like disk and network I/O into multiple threads, you might see some performance gains.

The bottom line is that when considering hyperthreading systems, you need to check with your software vendors to learn what they recommend. If a number of your applications are better off with HT disabled, that should play into your decision-making process.

A Hidden Cost

The threads vs. cores argument has one more element to consider. Enterprise software vendors have two pricing policies that could potentially impact you: by the core and by the processor. Both Intel and AMD have encouraged the industry to support pricing on a per-processor (or per-socket) basis.

Some do. Microsoft has a stated policy that it charges by the processor, not by the cores. VMware’s software license is on a per-core basis. Oracle licenses its software both ways. Its Standard Edition software is on a per-socket basis, while its Enterprise Editions are on a per-core basis. Fortunately, they actually charge by the cores, and don’t view HT as extra cores.

Because of this variance, it’s incumbent on every company making a purchase decision to ask the software providers if their pricing scheme is per-core or per-socket. A typical blade server from Dell has two sockets on it, and some have four, but CPUs are moving to four, six, eight, and 12 cores.

If you purchase an AMD blade server with two Opteron 6100 processors, it’s the difference between two processors or 24 cores. Or you may want either an Intel Xeon 5600 with six cores, or an older AMD Opteron 6000, which also had six cores but no HT. It certainly adds a nice layer of confusion, doesn’t it?

Related Information From Dell.com: A Sea Change in Efficiency.

The HTML5 standard promises “to ease the authoring of Web-based applications,” according to the specification current in summer 2010. Improvements in security are a vital part of that “ease,” especially the iframe “sandbox.” Let’s look at sandbox’s costs and benefits – not how to code with sandbox, but how to decide where to use it, and what the implications will be for your software development team. Before your in-house programmers baffle you by giving you more techie detail than you need to know, here’s what you should understand about the choices inherent in a migration to HTML5.

The purpose of HTML5 sandboxes is to manage iframe “mash-ups,” web pages that pull together their content from more than one site. You might build an application, for instance, in which part of the screen shows price-and-availability from a third-party vendor. The easiest way to accomplish that could be simply to retrieve a Web page from the vendor, and display it within your application.

Think what that means from a security standpoint, though. Anyone who trusts your application is now implicitly willing to render the vendor’s page. Permission to run scripts, allow cookies, and so on, given to your application, are all extended to the vendor’s page. An iframe-d page could pop up an annoying advertisement and make your application look vulgar.

That’s a steeper cost than many of us can bear, and it’s a situation that can and should make a CIO nervous. In fact, it’s even worse than this description suggests, for there are implementation reasons – state management, performance, and modularization, for instance – to use iframe even when the user-view doesn’t directly involve a mash-up. Also, iframe is an accessibility challenge; conventions for browsing iframe-based pages with non-visual browsers are unsatisfying.

The result: iframe has the reputation of being hazardous, and is probably used less than it should be. Web coders end up relying on more difficult or fragile codings, simply to avoid iframe. Over-all security suffers both when iframe is used and when it isn’t.

HTML5 Changes All That

The HTML5 sandbox changes that conclusion: It limits the trust the browser puts in iframe-d content, to eliminate the damage a third-party site can do within your Web application.

A clear picture of the gain that the sandbox brings requires first an understanding of HTML5 and its role in construction of Web applications.

HTML5 is a medley, not a symphony. HTML5 is not a single definite standard, like, say, FORTRAN 77, or a specific recipe for farfalle; it’s more of a style, like “Italian cooking.” HTML5 isn’t fully “baked” yet, and probably never will be; it’s likely that, by the time all its many parts have been formalized, the Web world will have moved on to something new.

When someone says he’s writing HTML5 now, he probably means he’s using an HTML5 <!DOCTYPE html>, and perhaps the canvas widget. He might be doing more in CSS these days, and relying less on <center>.

Beyond these general tendencies, it’s hard to pin down “HTML5″ as developers speak of it in terms of specific features. Different programmers do or don’t think of:

• drag-and-drop
• geolocation
• scalable vector graphics (SVG)
• Web storage
• Web forms
• media playback
• …and at least another half-dozen major features

The point for an IT manager should be this: When a developer on your team talks about HTML5, and especially about browser support for HTML5, have the person say exactly what that means to her.

“HTML5 sandbox,” in contrast, is relatively well-defined. Web applications have experimented with several sandbox concepts and implementations before; from now on, though, the HTML5 sandbox as it appears, for example, in this July 2010 reference will be the winner. Browsers will increasingly support it, and coders will increasingly rely on it.

Direct support for HTML5 sandbox is narrow today. The only major browser to claim it as of this writing is Google’s Chrome. However, it’s widely assumed that all other browsers will support it in their next releases, and libraries and plugins implement compatibility patches for essentially all the browsers. Your front-line coders should be able to use sandbox freely, and count on being in an environment that implements the standard correctly. (Unless you’re still committed to IE6, in which case, God help you.)

If your development team is thinking about HTML5 sandbox, it needs to do a serious analysis of the implications for your users. Keep in mind that HTML5 as a standard is so fragmented that any other analyses you’ve done are unlikely to bear directly on HTML5 sandbox. Whether you use canvas or SVG or off-line storage doesn’t determine at all what is right for you with HTML5 sandbox. In most cases, though, the security enhancements HTML5 sandbox brings are so large that it’s easy to decide go with it. The only occasions I’ve seen for it not to be chosen are when a user population is particularly dependent on a legacy browser (IE5 or IE6, for example), and the team already has in place another solution for the security challenges iframe presents.

The bottom line is this:

• If iframe benefits your Web applications, then HTML5 sandbox is probably the safest way for you to use iframe.
• If you’re thinking about HTML5 sandbox, you need to design a compatibility strategy that fits your users and the browsers on which they rely. Which browsers will natively support sandbox when you roll out? Which will need auxiliary libraries?
• Once you’ve chosen to code against HTML5 sandbox, expect to use it with every iframe. The security boost it gives is so strong, and its application so flexible, that there’s unlikely to be a good reason for any iframe to be without it.

Related Information From Dell.com: Dell and Cloud Computing

Despite the benefits, companies aren’t moving quickly to establish social media policies. A June 2010 report from Forrester Research, the “CIO’s Guide to Creating a Social Media Policy,” found that 43% of respondents’ organizations did not have a social media policy, and 11% were unsure if a policy existed.

The data indicates that many employees access social media without a policy to guide their efforts. At the same time Forrester found that when a policy is in place, employees do read it.

According to Forrester’s research, a quarter of organizations, 26%, do not sanction social media access while at work.

CIOs worry about the potential security risks of social networking, according to a  May 2010 report by IT recruitment company Robert Half Technology. Still, only 38% of CIOs reported tightening up IT policies in response to social networking. Twenty-three percent of that 38% implemented stricter policies for personal use of social media, while 5% tightened up controls when it came to business use.

Planning Before the Plan

Before creating a policy, think about whether your company can sustain social media activities. If your company is not committed for the long haul then all the work related to creating, implementing, and enforcing policies is pointless.

Outline the social media goals for your company. Are they used to communicate with customers? Get feedback? Mine for new leads? Upsell products? Crafting a successful policy without a clear idea of the end goals is unlikely.

Identify which stakeholders need to be involved in setting social media policies. CIOs should take the reins in outlining the security risks, IT architecture, and potential productivity drain, but other departments such as human resources, compliance, legal, public relations, and marketing also need to be in on discussions. Remember that each of these departments likely believes social media to be its domain. Be prepared to support the sometimes-competing needs of each entity with a cohesive plan that gets everyone onboard.

Crafting the Plan

There is no one-size-fits-all  plan when it comes to social media policies. Rules or guidelines related to social media can be incorporated into existing media-related policies, treating social media like any other form of media.

For some companies social media may seem like Wild West. In those cases you may want to have a set of strict regulations and policies to protect against unforeseen problems. However, if your company is more open keeping policies loose and free-flowing is the best way to go.

Because social media technology is still in its infancy, policies need to be broad and should not focus on a specific technology that might be out of favor (or fashion) in six months or a year.

The policy should be positive. Rather than telling employees what they can’t do, focus on what they can do. That leaves them feeling empowered rather than hindered or restricted by the new rules.

And while you want to empower employees, social media does represent a critical risk to corporate security. Employees must understand that the company — in the person of a department head or direct boss or the IT department — will monitor of social media and social networking websites. Employees need to exercise good judgment; respect copyrights and fair use; and protect confidential and proprietary company information. All of the information regarding enforcement should be clearly laid out. However, consequences resulting from misuse or policy violations are probably best handled by department managers or direct supervisors.

Keep it simple and accessible. If the guidelines are overwhelming, no one is going to read them, which means no one will follow them. Make sure that the policy is announced to employees and published in a place (like the intranet and company handbook) where it can be easily accessed.

Finally, look at this as a work in progress. Understand that these policies will evolve over time. Set a time — maybe 4 to 6 months — after putting the policy in place when you evaluate what is working and what might need tweaking. Gather feedback from stakeholders and employees to implement changes.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

Even though cloud computing has seen setbacks, generating distrust and concern over security and stability, corporations and governments are actively moving data into the cloud. Just last month, InformationWeek reported that recent surveys show two of the most conservative industries—financial and healthcare—are adopting cloud solutions.

Even the U.S. government’s CIO, Vivek Kundra, wants to see the government migrate its systems to the cloud. Back in May, he wrote an excellent blog post explaining his goals and defining the cloud by way of an analogy:

“There was a time when every household, town, or village had its own water well. Today, shared public utilities give us access to clean water by simply turning on the tap. Cloud computing works a lot like our shared public utilities. However, instead of water coming from a tap, users access computing power from a pool of shared resources. Just like the tap in your kitchen, cloud computing services can be turned on or off as needed, and, when the tap isn’t on, not only can the water be used by someone else, but you aren’t paying for resources that you don’t use.  Cloud computing is a new model for delivering computing resources – such as networks, servers, storage, or software applications.”

But wait! That sounds rather different from the supposed “cloud” that’s described periodically in the mass media whenever a large online service loses data. Suddenly the cloud is considered any online storage system. If you’re a bit overwhelmed by the numerous definitions of cloud computing, you aren’t alone. (In one news report, somebody used Flickr as an example of the cloud.)

I don’t hold universal authority and therefore can’t declare unequivocally that the inhabitants of Earth must, henceforth and hitherto, only refer to the cloud in one way or another. But as a software developer, the definition given by the White House CIO is much closer to the version of the cloud for which I’ve written software.

But still, others disagree, and that’s why we need an organization to define not only what the cloud is, but how it works and the standards it needs to operate successfully. Standards-creation is commonplace in the world of programming, because we need agreed-upon rules for software to interoperate. We have an official standard for the C++ programming language, for example, overseen by the International Organization for Standards (ISO). We also have standards for HTML, XML, and CSS, headed up by the Worldwide Web Consortium (W3C). The organization tells us what HTML is, and the developers of the web browsers, after much bickering, finally agree to follow these standards.

However, sometimes standards compete. For example, word processing has two competing standards, one created and pushed by Microsoft and adopted by ECMA, and another, OpenDocument, embraced by Open Office and adopted by the ISO.

No actual laws say that software developers must use one or the other. Rather, over the long term one standard usually wins out through more software adopting one technology or way to accomplish things.

Today there are no fewer than 13 active organizations in the cloud computing universe. But they’re not all trying to create standards. Some are pushing for the use of cloud computing (however it’s defined), while others focus on security issues or on creating APIs. Here’s a rundown of the organizations and what they’re trying to accomplish:

The Standards Organizations

When I started searching for organizations involved in Cloud standards, I at first came up with over a dozen. But once I started organizing the organizations, I realized that really only two are involved in creating overall cloud standards, and two are creating standards for one aspect of cloud technology. Let’s look at those four first.

Open Cloud Incubator

This is an initiative of the Distributed Management Task Force (DMTF) to create a set of standards for cloud computing, with primary focus on interoperability between platforms. It has many members, and several of the big names. Yahoo is present, as is Microsoft, Oracle, Rackspace, Red Hat, VMWare, and Novell.

One goal of the Open Cloud Incubator is to bring together what would otherwise be competing companies so that they can together create a set of informal, agreed-upon specifications. These informal specifications would later be revised and deemed as official by this organization. The DMTF has been around since 1992 and has over 3,000 members from over 200 different organizations. While this isn’t quite ISO or ECMA, it is on the same level of the W3C. Standards produced by this organization are respected and implemented by the industry. For example, DMTF has produced web-based enterprise management standards, a desktop management interface standard that’s part of the Linux kernel, and a Web services management protocol.

Open Cloud Consortium

This is the other organization trying to create a set of standards. Their website states:

“The Open Cloud Consortium (OCC) is a member driven organization that supports the development of standards for cloud computing and frameworks for interoperating between clouds, develops benchmarks for cloud computing, and supports reference implementations for cloud computing.

“The OCC also manages testbeds for cloud computing, such as the Open Cloud Testbed, and operates clouds computing infrastructure to support scientific research, such as the Open Science Data Cloud.”

Members include Cisco, NASA Ames Research Center, and Yahoo. Most of the big cloud players, such as  Microsoft, Google, Rackspace, Dell, and Amazon, are absent.

Committee to Advance Identity Standards for Cloud Computing

This committee, which is part of OASIS (Organization for the Advancement of Structured Information Standards), is creating a standard focusing on the security concerns of identity management in cloud computing. According to the website, the technical committee’s purpose “is to harmonize definitions/terminologies/vocabulary of Identity in the context of Cloud Computing; to identify and define use cases and profiles; and to identify gaps in existing Identity Management standards as they apply in the cloud.” They plan to release a set of documents, including one that details the use cases of identity management, and others that identify gaps in existing standards (although they don’t say what those existing standards are). Its members include Alfresco, CA, Capgemini, Cisco, Cognizant, Boeing, eBay, IBM, Microsoft, Novell, PingIdentity, Red Hat, SafeNet, SAP, Skyworth TTG, Symantec, Vanguard, VeriSign.

Open Cloud Computing Interface Working Group

This working group is part of the Open Grid Forum, and is creating an API standard for the remote management of cloud computing infrastructures.

Because cloud computing includes the approach of dynamically allocating resources and billing them like a utility, many of the technologies used in utilities apply to this dynamic aspect of cloud computing. Remote management is one technology that is used in utility companies, and this organization recognized the need for an API for remote management of cloud utilities as well. They’ve completed the first proposed recommendation for the standard; it is now available for public inspection and comments through the website.

Other Influential Cloud Organizations

Several organizations are thinking beyond standards. They are actively working to influence the direction of cloud computing and to help encourage businesses to adopt it. Here’s a rundown of the bigger players.

Open Cloud Manifesto

This consortium of companies isn’t creating a set of standards, but is instead creating a list of core principles that are, as their website states, “fundamental expectations of cloud computing technology providers.” Their six-page document, the Open Cloud Manifesto, was written a little over a year ago, at a time when the cloud was getting bad publicity from the data loss incidents. As a result, the document includes a detailed definition of cloud computing (in line with the definition the White House CIO gave) and is frank about challenges and barriers to adoption. But they go beyond what the cloud currently is and present the concept of an open cloud, which focuses on the ability of cloud customers to change providers without much trouble.

This group has a huge list of members, including Sun, VMWare, Akamai, Rackspace, AT&T, Sybase, Cisco, and many others. Microsoft isn’t present, nor is Amazon, Google, or Salesforce.com.

Cloud Computing Interoperability Forum

This organization was started by a single person, Reuven Cohen of Enomaly (which markets Elastic Computing Platform, an Infrastructure-as-a-Service product), but includes several big-named sponsors: Cisco, Intel, IBM, RSA, Thomson Reuters, Sun, Orange, Enomaly, Adaptivity, Appistry, SOASTA, Zero Nines, CloundCamp, SIMtone. The group’s goal is to create a common framework by which cloud technologies can exchange information.

Cloud Industry Forum

The Cloud Industry Forum aims to create a certifiable code of practice in an effort to spread adoption of cloud computing and help consumers know that they’re going with a dependable cloud vendor. The founding members are Microsoft, Rackspace, Computacenter, Fasthosts, FASTiis, nominet, and Scalable.

Cloud Security Alliance

This group is promoting the use of various “best practices” regarding security in cloud computing. Members include pretty much all the big names, such as Google, Rackspace, Microsoft, Cisco, you name it, as well as the cloud-standards.org group. (Although it doesn’t appear Amazon is present.) This organization has several subgroups called Research Initiatives focused on various aspects of cloud security. The research groups have produced several documents, such as “Security Guidance for Critical Areas of Focus in Cloud Computing” (currently at version 2.1).

Cloud Storage Initiative

This initiative is part of a larger group called the Storage Networking Industry Association, and is creating a single standard that focuses only on storage in the cloud, called the Cloud Data Management Interface. The group is a professional association of producers of storage and networking products, and has been around since 1997. The member organizations support the use of cloud technology, since such technology requires the purchase of the members’ products. Version 1.0 of the standard is available, as is Java source code for a reference implementation of the standard.

Cloud Services Initiative

This is a project of the TM Forum, an industry association for communications and media companies. So far they’re not creating any standards. Instead, they’re focused on helping their industry adopt and adapt to the cloud. They produce several news articles and general information documents about cloud technology to assist IT managers in making informed decisions. Additionally, they have a set of projects called Development Catalysts, where member organizations work from buyer specifications to solve various cloud-related challenges. For example, one such project is called Cloud Service Broker, which is creating a trusted cloud management platform.

Cloud Standards Coordination

This group is documenting the activities of the various standards groups—sort of what I’m doing with this article, but with a lot more words and a lot more detail.

Focus Group on Cloud Computing

This is part of the International Telecommunications Union (ITU), which has developed various standards in the past pertaining to the telecommunications industry. However, at present they’re only gathering other cloud standards and developing documentation for how they apply to the telecommunications industry. Their focus group has only been around since May 2010, so it’s barely off the ground. In my experience, standards and recommendations put out by the ITU are usually embraced by European telecom companies, and largely ignored by American telecom companies. My own personal assessment is that if they do create any cloud standards, such standards would probably follow a similar path of embracement.

Standards Acceleration to Jumpstart Adoption of Cloud Computing

This initiative is part of the National Institute of Standards and Technology (NIST), and was started in response to a request by Vivek Kundra, the U.S. government’s CIO. The goal is to provide a process primarily for the US government, which industry optionally may follow. This is a new project (initial publication [PDF]), and will bring together various standards and suggestions. At present a website isn’t built, but they intend to create one to serve as a portal for cloud computing information.

Where Do They Stand?

Looking through this list, you’ll notice that only two groups (identified by a single asterisk: Open Cloud Consortium and Open Cloud Incubator) are actually creating standards for the cloud. A handful of the groups are creating standards or APIs for specific aspects of cloud computing. This is good: We don’t need a dozen standards organizations. Two is a good number. And by far most of the blogs that I read about this topic are rooting for the Open Cloud Incubator.

Finally, we should note one major problem with all this: Amazon is clearly one of the big players in the cloud space with its Amazon Web Services. They were one of the forerunners in the cloud game, laying an early groundwork. Yet, oddly, Amazon isn’t involved in either of the two groups creating standards. That’s pretty typical in the computing world; it’s not a surprise when one of the biggest players doesn’t play well with others because they really don’t care what their competitors are doing. So perhaps in a year or two we’ll have a cloud standard that some organizations use and others don’t. What, then, is my final analysis? It appears that IT managers should watch the work of the two standards groups, especially the Open Cloud Incubator, while choosing the cloud.

Related Information From Dell.com: Dell and Cloud Computing

It isn’t a pretty thought to consider migrating an enterprise to a new Internet addressing scheme. Any change to the network can be time consuming and expensive to deploy. But in addition to the technical forces making the move a necessity there are good technical reasons for making the switch.

What are the differences between IPv6 and IPv4? Well, for starters, there’s a gigantic difference between the 4.3 billion unique addresses you get with IPv4′s 32-bit addressing, and IPv6′s 128 bits worth of address: 340,282,366,920,938,463,463,374,607,431,768,211,456. That’s 2 to the 128th power. IPv6 addresses are composed of eight groups of four hexadecimal numbers. So, for example, 2010:0625:0000:0000:0000:0000:0433:56cf would be a legal, albeit eye-watering address.

With that many addresses, we won’t need to worry about running out of network addresses unless we give cats and dogs Internet-enabled devices.

Fortunately, network administrators seldom need to deal with IPv6 addresses. One of IPv6′s design goals was to cut down on the time technicians had to spend configuring and managing systems. IPv6 networks can use stateless auto-configuration to assign addresses without manual intervention.

Of course, you can use Dynamic Host Configuration Protocol (DHCP) to do that on business LANs today. But, with DHCP you can only assign unique addresses within your own network.

Problems get in the way when you try to use Internet applications like videoconferencing or Voice over Internet Protocol (VoIP) with the Network Address Translation (NAT) wall that usually comes between users and the Internet with DHCP. While these problems can be overcome, they take time to repair.

With IPv6, every device on every network has a unique IP address, and your IT staff should have less trouble deploying Internet-dependent applications.

In stateless IPv6 addressing,  your network equipment assigns unique IP address by combining its LAN Media Access Control (MAC) address with a prefix provided by the network router. This means your network administrators don’t need to worry about setting up unique IP addresses. Your hardware will do it for you.

Another IPv6 plus over IPv4 is that Internet Protocol security (IPSec) is built-in. IPsec is a framework of open standards for protecting communications over TCP/IP networks. Typically, it’s used in virtual private networks (VPNs) through the use of cryptographic security services. IPsec supports network-level peer authentication, data origin authentication, data integrity, and encryption. The net result should be to make all Internet traffic safer, since IPv6 can secure and authenticate communications at the network layer, instead of the higher levels of the stack such as today’s commonly used Secure Sockets Layer (SSL) and Hypertext Transfer Protocol Secure (HTTPS).

In addition, while IPv6 doesn’t prevent spam getting through completely, it becomes one more barrier for the spammers. With malware trying to get into your Windows PCs every hour of every day via e-mail, anything that helps blocks spam is a good thing.

IPv6 also speeds up networks. The header of an IPv6 packet has a fixed length, little-used IPv4 fields have been removed, and the network packet itself has been designed not to fragment. The net result is that IPv6 switches and routers throw and catch IPv6 network traffic at far higher speeds. In practice, this means that, for example, your IPv6 10Gigabit Ethernet switch should be able to send and receive traffic at 99% of the device’s top speed. Thanks to IPv4′s overhead, it can’t come as close as IPv6 does to reaching a device’s theoretical wire-speed.

That speed increase is boosted by another specific kind of performance boost that we’re all going to need more of in the coming years: multimedia performance. While you may not want your employees watching the World Cup during business hours (GOALLLL!!!), you probably do want to maximize your videoconferencing capabilities and make your real-time applications as close to real-time as they can be.

For this, IPv6 comes with baked-in support for multicast — the transmission of a single datagram to multiple receivers. Or, as Internet architect Dave Clark described it: “You put packets in at one end, and the network conspires to deliver them to anyone who asks.”

IPv4 has some multicast capabilities, but these are optional and not universally supported. With IPv6, multicast is part of the package.

While IPv6 has advantages, switching may be painful. It would be great if IPv6 were simply backwards compatible with IPv4 so we could easily switch over to the inevitable IPv6-dominated Internet. Alas, it’s not.

“The lack of real backwards compatibility for IPv4 was the single critical failure [of IPv6],” said Leslie Daigle, Chief Internet Technology Officer for the Internet Society, said at a June 2009 meeting of Internet Engineering Task Force (IETF) leaders. “The reality is that nobody wants to go to IPv6 unless they think their friends are doing it, too.”

It’s a different story today. The need to migrate to IPv6 has become more urgent, with the Internet running out of IPv4 addresses, as measured by the IPv4 clock.

The original transition plan was dual-stack. “We would start by adding IPv6 to the hosts and then gradually over time we would disable IPv4 and everything would go smoothly,” said IETF Chair Russ Housley. “It hasn’t worked out that way, although dual IPv4/IPv6 stacks will end up being part of the answer.”

There are some advantages, besides simple necessity, to switching to IPv6. Would they be enough by themselves? No, the record is clear: They haven’t been. Still, as we’re forced by the coming scarcity of Internet addresses to move to IPv6, it’s nice to know there are some advantages to be gained from our future network architectures.

Related Information From Dell.com: Create a Network Roadmap.

It would have been so easy if the early Internet and TCP/IP network designers had made IPv6 backward compatible with IPv4. They didn’t. And, while  Leslie Daigle, Chief Internet Technology Officer for the Internet Society, admitted at a June 2009 meeting that IPv6′s “lack of real backwards compatibility for IPv4 was [its] single critical failure,” crying over spilt standards isn’t going to help us now. No, instead we have to make the best of using IPv6 in an IPv4 world.

How? It depends on what your network and operating system vendors offer. You may not know it, but almost all vendors already have a variety of solutions in place. You must — I can’t emphasis this enough — must test IPv6-to-IPv4 component interoperability before deploying them. Let’s take a look at the options.

IPv4/IPv6 approaches usually take one of two forms. One is dual stack, where your network hardware ends up running IPv4 and IPv6 at the same time. The other is to “tunnel” one protocol within another. Usually, this means taking IPv6 packets and encapsulating them in IPv4 packets. Their technical basics are outlined in the RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers.

There are other methods as well. For example, there’s Network Address Translation – Protocol Translation (NAT-PT). Like the name says, in this method an additional device translates IPv6 packets into IPv4 packets.

Dual-stacking and tunneling are going to be your main choices. Both come with advantages and disadvantages.

Dual-IP Stacks

With this method, your computers, routers, switches, and other devices run both protocols, but IPv6, if it works, is the preferred protocol. A common procedure is to start by enabling both TCP/IP protocol stacks on the wide area network (WAN) core routers, then perimeter routers and firewalls, followed by your data-center routers and finally the desktop access routers. As the public Internet transitions to IPv6, your network administrators may need to deploy dual-stack capable switches on the enterprises’ edges earlier.

The advantage of this approach is that Dual-IP stacks are supported by all the major operating system and network vendors. The downside is that many legacy networking hardware and servers don’t support IPv6. This can lead to such problems as dual-stack edge switches running into DNS (Domain Name Server) problems while users are trying to get to various Internet sites.

Dual Stack Application Level Gateway

A related problem is that some versions of older network programs, such as File Transfer Protocol (FTP), won’t work with IPv6 addresses. That’s where Dual-Stack Application Level Gateway (DS-ALG) comes in. This gateway acts as a proxy that translates between the two protocols over the IPv4 Internet.

There are several downsides to this method. First, it will only work for specific applications and it will also slow traffic down as every packet has to be inspected to see if it needs DS-ALG services.

Network Address Translator – Protocol Translator

Another approach is to set up a table where an IPv6 switch has all useful IPv4 addresses mapped within it. As you might guess, this can increase network latency because of the time spent updating these tables and giving packets new addresses on the fly. In addition, NAT-PT also requires ALGs to resolve application-level issues that arise from those IP address translations.

IPv6 over IPv4 tunneling

In tunneling, one protocol is carrying inside another. Typically, that’s going to be IPv6 in IPv4. These tunnels can move your IPv6 packets across both your internal IPv4 WAN and the Internet, which will stay primarily IPv4-based for years to come. Another way to think about this technology is to consider it as tunnels between IPv6 islands with IPv4 seas in the way. Eventually, as IPv6 becomes dominant, we’ll start to see IPv6 tunnels carrying IPv4 traffic across IPv6 seas.

There are two types of tunnels: manual, aka static,  and dynamic. Manually configured IPv6 tunneling requires configuration at both ends of the tunnel. As you can already tell just from the sound of it, this manual approach is not an ideal solution for businesses looking to keep networking costs down. Dynamic tunnels use a variety of techniques to establish packet destination address and routing on the fly. This makes them far easier to create and maintain. On the other hand, manually set up static tunnels make it possible to track traffic from endpoint to endpoint. This in turn makes static tunnels more secure.

Dynamic tunnel technologies are becoming dominant. Businesses would rather deal with the security headaches of dynamic tunneling tomorrow than pay for static tunnel maintenance today.

6to4

The most popular tunneling technique is 6to4. It has the advantage of not requiring an explicit tunnel set-up. Instead, it uses dedicated relay routers to forward encapsulated IPv6 packets over IPv4 links. A significant advantage of 6to4 (which has nothing to do with the Chicago song “25 or 6 to 4“), is that it’s lets you set up Ipv6/V4 tunnels without jumping through a lot of configuration hoops. The actual traffic uses IPv4 unicast to create point-to-point links over the IPv4 backbone for transmission.

To be used safely, your vendor and network engineers must be sure to set its security up carefully. It’s all too easy to hide bad traffic inside the encapsulated packets and  to spoof addresses within the IPv4 and IPv6 headers, which can lead to Denial of Service (DoS) attacks.

So what’s a CIO to do? Well, at this point, 6to4 tunneling looks to be the easiest path to take. It also has the advantage of having wide vendor support even down to inexpensive commercial off-the-shelf equipment.

However, before deploying any IPv4/IPv6 bridging solutions, you’re going to need to spend a lot of time having your network engineers and vendors making sure that everything in your new network stacks can interoperate. It’s all too easy to mix and match equipment and methods in ways that will slow your network down to a crawl. Do you want to explain to your CEO why no one  could reach the Internet from the corporate intranet for a week? I didn’t think so.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

When you were a kid, all the other kids would head down to the beach, creek, or swimming pool. Even though the purpose was to go swimming, there would be a minute or two before anyone would jump in. Everyone kept waiting for someone else to take that first frigid plunge. It’s the same with businesses getting their feet wet with IPv6. No one wants to be the first to jump in. Well, now you don’t have to, since one of the biggest kids on the block, Google, has already jumped into IPv6.

Google, which saw the need to start moving to IPv6, began its implementation in March 2008. By May of the same year, Google started offering Google Search over IPv6 at http://ipv6.google.com. (Unless you have an IPv6 connection to the Internet this site will not work for you.)

Since then, with Google network engineers Lorenzo Colitti and Erik Kline leading the way, Google has started offering more services over IPv6. It’s not been easy. As Steinar H. Gunderson, a Google open-source and IPv6 developer explained at the Google’s IPv6 Implementers Conference in June 2010, when trying to retro-fit network programs for IPv6 (PDF), your software should “Start listening on IPv6, then send IPv6 data. Watch it crash. Fix, repeat until it looks OK.”

In short, they learned, if you don’t want your company to have real fits come the day that you start implementing IPv6, have your internal programmers start working on in-house software now and start insisting that your ISVs (independent software vendors) deliver IPv6 ready software.

That advice is not what CIOs want to hear. But it’s a good guideline about what you should expect, if that’s what Google has found — and they know about as much about writing network-enabled programs as anyone on the planet.

In addition to search using IPv6, Google offers Google Alerts, Docs, Finance, Gmail, Health, iGoogle, News, Reader, Picasa Web Albums, Maps, YouTube, and App Engine applications on appspot.com over IPv6.

But not just any IPv6 implementation will work with Google IPv6 enabled applications. Google has very specific IPv6 requirements for its users. First, your DNS server must natively support IPv6. Supporting IPV6 through an IPv4 tunnel does not work. For smaller companies that use their ISP’s DNS, that also means that the ISP’s DNS server must support IPv6.

Then, you need to get Google’s permission to use their IPv6 services. Google states, “To qualify for Google over IPv6, your network must have good IPv6 connectivity to Google. Low-latency, redundant paths using direct peering or reliable transit are required. Your network must provide and support production-quality IPv6 networking and provide access to a substantial number of IPv6 users. Additionally, because IPv6 problems with users’ connections can cause users to become unable to access Google if Google over IPv6 is enabled, we expect you to troubleshoot any IPv6 connection problems that arise in your or your users’ networks.”

You are welcome to try to use IPv4/IPv6 tunneling to Google, but Google warns, “We prefer to avoid enabling Google over IPv6 for networks behind tunnels at this time, as it can be difficult to guarantee good performance and to debug problems. If you would like to use Google over IPv6 but your up-streams only provide tunneled connections, or don’t provide IPv6 connectivity at all, we encourage you to ask them to support native IPv6. If there is sufficient demand, we may consider developing a solution to offer Google over IPv6 for tunneled networks, so please let us know if you’re interested.”

You’ve got the right stuff, or not, and you still want to give it a try? Then drop Google a note at google-ipv6@google.com.

You may be wondering why isn’t Google just opening the door to every brave network thrill seeker? It’s because, according to the Google IPv6 FAQ, “We continuously conduct detailed measurements on the quality of IPv6 connectivity, and our latest results show that making Google services generally available over IPv6 at this time would lead to connection problems and increased latency for a small number of users. User experience is very important to us, and we do not want to impact users on networks that do not yet fully support IPv6.”

Looking ahead, Google has been joined by its partners, and indeed some of its competitors, in getting the Internet and Internet services ready for IPv6. These include Cisco, Comcast, IBM, Nokia, T-Mobile, and Yahoo.

As you can probably tell from the above, while Google is working hard on IPv6, it’s not really ready for prime-time yet. That said, like it or lump it, we’re all going to need to start working with IPv6, so it would be better to start working with IPv6 now and companies like Google that are already in the IPv6 swimming hole then wait too long. After all, if you wait until the last minute before switching your network infrastructure, you may find yourself at a competitive disadvantage on the Internet, and no company can afford that in the 21^st century.

Related Information From Dell.com: Create a Network Roadmap

A combination of services, were previously only the province of very expensive and customized clustered configurations, are now available in the virtual world.

These services, including high availability, virtual storage management, and near-term server failover, can serve as a good substitute for many enterprise’s disaster recovery (DR) applications, too. Virtual machines are easily portable and replicated across the Internet, so you can quickly get a secondary site up and running when the primary server fails. “We have seen disaster recovery protection [become] available to a whole class of customers that couldn’t do it before,” says Bob Williamson, an executive VP with Steeleye Technology, a specialized virtualization vendor. ”In the past, you needed to buy another physical server and have it ready if the primary machine went down.” But, he says virtualization and hosting servers at a remote location permits enterprises to use these machines if their data center goes out. “That lowers the entry cost for deploying wider-area disaster recovery, and opens up this protection to a whole new set of companies that haven’t been able to consider it before,” he says.

In the past year, the three major virtualization vendors — Microsoft, VMware, and Citrix/Xen — each have strengthened their ability to provide more capable DR and business continuity services in their products. These have lots of appeal for enterprises that previously would have either considered a full DR solution or clustering too expensive.

It is possible using these newer tools to replicate and bring up a new instance of Windows Server 2008 in a few milliseconds. For example,  you may need to provide additional capacity on an overloaded server or in case of planned upgrades. Consider a server farm with a dozen physical computers, all delivering a Web application. If an enterprise has designed for peak load performance, at other times many of these systems will do  little or no work, twiddling their little digital thumbs. The ideal solution is to spin up or spin down new instances of application servers when these loads change, to match a particular service delivery metric and to keep the costs of power and cooling to a minimum.

These solutions aren’t appropriate for transaction processing applications, where immediate failover is required to handle tasks like online payments processing or airline reservations. “There are still times when you need clustering, such as when you can’t afford to lose a single transaction and have to restart this transaction on the new machine after a failover,” says Carl Drisko, an executive and data center evangelist at Novell. “If your virtual machine goes down, anything that is being processed in memory is going to be lost.” But the high-availability virtualized applications can work for less demanding applications, such as enterprise e-mail servers.

One of the issues with earlier custom clustering solutions is that they require identical hardware and operating system versions for each physical machine that was part of the cluster; virtualized servers are more forgiving and flexible, not to mention less expensive. Microsoft’s HyperV, for example, now supports the ability to migrate a running virtual server to a new physical host that even has a different processor family, such as moving from an Intel-based server to one running on an AMD processor.

Another issue is that many of the older-style clusters required very high-speed  links to tie together the members of the cluster. Virtualized solutions are also less demanding of connectivity and can make do with longer latency connections, even across typical Internet connections.

As these “almost-clustering” solutions become more popular, look towards increasing sophistication from third-party monitoring tools to help provide a complete solution. For example, Lyonesse Software’s Double-Take, Steeleye’s LifeKeeper, Symantec’s Veritas Application Director, and Cassatt’s Active Response can monitor both physical and virtual applications on running virtual servers, and notify IT staff when a virtualized host or application fails, so that a new virtual instance can be quickly brought online.

All this means that virtualization and clustering will become more interrelated and complementary solutions for IT managers. While the two technologies have come from different heritages and infrastructures, they are now merging and providing a powerful tool for managing more complex workloads in the data center.

Related Information From Dell.com: A Smarter Path to Virtualization

Telehealth is bringing treatment to rural patients in Colorado. In June, health insurance carrier UnitedHealthcare and Centura Health, Colorado’s largest health care provider, launched Connected Care, which uses telehealth technology to give patients in four rural Colorado communities expanded access to physicians and specialists. “The goal of the Colorado Telehealth Network is to improve patient safety, increase access to care, reduce health care costs and allow providers to focus on the needs of the patient,” said Steven J. Summer, CEO and president of the Colorado Hospital Association.

Telemedicine also allows healthcare to expand outside the doctor’s office. Medication-management vendor CompuMed, partnered with California School Health Centers Association to use CompuMed’s CardioGram and CardioGramKids electrocardiogram (ECG) telemedicine technologies in more than 150 school health centers throughout California.

It’s programs like those in Colorado and California that are driving adoption of telehealth nationwide.

“We have clients who are really looking at telemedicine from a strategic standpoint,” said Gerard Nussbaum, director of technology services at the Health Care Consulting Group, Kurt Salmon Associates.

Of course, doctors have consulted each other for years, relying on telephones and conferences, telegrams and journals, as well as crowded hospital rooms. Networking technology combined with security and videoconferencing solutions now bring the doctor to the patient, and a growing number of hospitals are tapping into this invaluable resource.

Telemedicine will reshape treatment, with 89% of healthcare decision-makers predicting that telehealth will transform healthcare in the next decade, according to a study by Penn Schoen Berland for Intel.

The anticipated doctor shortage, too, could promote the use of telemedicine. Based on current graduation and training rates, the United States could face a shortfall of up to 150,000 physicians in the next 15 years, the Association of American Medical Colleges estimated.

At first, the shortage will likely be for primary physicians, but specialists will also come into demand. By 2020, the nation could be short up to 4,000 cancer doctors, the American Society for Clinical Oncology reported. One reason for the increased demand is the aging population — including, ironically, a growing number of retiring oncologists, the study found.

A Healthy Habit

The main reason for investing in telemedicine is to improve patient outcomes, respondents to the Intel study said. Other returns on investment include more complete clinician access to patient data, and early identification of health issues. Telehealth can cut financial costs by reducing the need for patient readmissions by up to 25%.

Telemedicine has been a technology-show staple for years but is now a reality. “Cisco has been advertising this on their home page for a while, but now we are really seeing it,” said Ryan McGowan, technology solutions engineer, at distributor Ingram Micro.

The market for telehealth and home health monitoring will reach $7.7 billion by 2012, compared with $3 billion last year, according to Data Monitor. Some of the billions of dollars the federal government allocated to healthcare spending are directed toward telehealth — $12 billion will go to broadband access, facility construction and telemedicine initiatives, according to Gartner.

A Tough Regimen

Perhaps the most difficult component of beginning a telemedicine regimen has nothing to do with technology. Rather, it has to do with credentialing.

“Current CMS [Centers for Medicare and Medicaid Services] regulations require that hospitals and [critical access hospitals] receiving telemedicine services privilege each physician or practitioner providing services to its patients as if such practitioner worked onsite. While the current regulations permit the use of third-party credentialing verification organizations, the hospital’s or CAH’s governing body retains responsibility for all privileging decisions,” Nussbaum said.

CMS proposed revised conditions of participation (CoPs) that would allow hospitals to rely on information provided from another location, rather than being forced to conduct their own individual appraisals and examinations of credentials, he said. The goal is to simplify the process for smaller hospitals that do not have the necessary resources.

In June, however, CMS delayed the requirement to implement telemedicine standards until March 2011. It originally had set a deadline of July 15, 2010, for Joint Commission accredited hospitals to implement new elements of performance to conform to Medicare’s credentialing and privileging requirements for telemedicine services.

The subject is getting attention everywhere. During the American Telemedicine Association meeting in May, President Barack Obama’s federal CTO Aneesh Chopra said CMS was “actively working” to address the Joint Commission Standards for Credentialing and Privileging, especially the area of telehealth across state borders.

No matter whether the doctor is three feet or 3,000 miles away, if the diagnosis is accurate, the treatment is correct and the cure works,  that’s a good bedside manner.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency

The HITECH Act, with its electronic record-keeping requirements for healthcare providers, gets a lot of attention and financial investment. But competition and margin pressures, coupled with technological developments, are encouraging both large and small healthcare providers to research and invest in a diverse array of solutions.

Take a Tablet

Mobile devices including tablet PCs, jazzy handhelds and smartphones can do anything short of perform surgery.  Sales of handheld devices in healthcare will hit $8.8 billion this year, up 7% from last year, according to “Handhelds in Healthcare: The World Market for PDAs, Tablet PCs, Handheld Monitors, & Scanners,” by healthcare market research firm Kalorama Information.

“Healthcare workers need to be mobile, and so PDAs and monitoring devices have long been a good fit,” Bruce Carlson, publisher of Kalorama Information, said in a statement.

Because flat-screen tablet computers are user-friendly and intuitive, North Shore University Hospital is using the devices for medical-records entry, said Emil Novelo, a healthcare IT consultant.

In other instances, handhelds are the preferred device. That was the case at Palm Valley Health Care, which equipped its 250 field nurses with wireless Pocket PCs, said Nathan Armstrong, IT administrator. Instead of commuting back-and-forth to the office to access their schedules and record patient assessments such as vital signs and other data, nurses now securely enter the data remotely. The information is synchronized with the company’s centralized servers to ensure fast and efficient billing, thereby shortening Palm Valley’s medical reimbursement cycle, Armstrong said.

“Everything is Pocket PC-based here at the company,” Armstrong said. Many other companies use laptops, but Palm Valley Health Care has found laptop users require a great deal of support. ”You can imagine the number of calls we’d get saying, ‘I can’t connect to Wi-Fi,’ or ‘I’ve lost my connection.’” The mobile devices are less expensive, and virus-free. ”It’s worked very well for us,” he said.

Wireless Wellness

Wireless adoption continues to flourish within healthcare: It grew more than 60% in the past year worldwide, both in wireless LANs and Wi-Fi Real Time Location Systems (RTLS), with high double-digit growth projected over the foreseeable mid-term, according to ABI Research.

“It’s definitely taking place in the United States at the same rate as the rest of the world. It has stayed on course,” principal analyst Jonathan Collins said. “It’s not going to stop tomorrow. It’s going to continue.”

Wireless is moving beyond traditional computer devices into the world of sensors placed on patients for real-time remote tracking and monitoring of heart rate, sugars, and other parameters, he said.

At first, that kind of monitoring might be more well-accepted in the world of fitness, not healthcare, said Collins.

“People opt in to check their own heart rate and so forth. That’s an existing market with a good amount of take-up. That’s already transitioning into a wellness market, where it’s part of a fitness routine or weight-loss package,” he said. “That’s also getting included into health care premiums so employers or employees get a reduction on their insurance premiums if they sign up for healthcare monitoring.”

The Office is Open

Some practices are taking a long, hard look at their open source options. Palm Valley needs to upgrade Microsoft Office, and could save about $20,000 by switching to an open source office application to run on its Linux-based desktops, said Armstrong.

“I don’t believe a lot of companies realize what they can save with open source,” he said.

Some healthcare providers expect to save on their government-mandated EMR investment by implementing one of several open source EMR solutions. Some, such as Practice Fusion, include features like e-prescribing, along with patient records and other primary requirements.

Indeed, Practice Fusion, which partnered with Dell to offer a user-friendly EMR, grew 72% in the first half of 2010, reaching 43,000 users, according to the developer of the free, open source, web-based EMR solution. It now represents about 7% of the total ambulatory EMR market, according to Software Advice.

And that’s nothing to sneeze at.

Related Information From Dell.com: Experience the Advantages of Linux

Both healthcare and education are collaboration-intensive environments where quality improves in direct proportion to the amount of valuable input from the right sources. In the hospitality industry, hotels, convention centers, and resorts vie for the conference organizers’ mindshare and money by offering them a smorgasbord packed with every conceivable amenity, be it massages and luxury rental cars, or on-demand videoconferencing and enhanced IP communications.

The Doctor Is In?

It’s a good fit. But so far, healthcare has lagged behind in unified communication adoption, according to Robin Gareiss of Nemertes Research.

“UC adoption in healthcare has lagged the overall market, with only 27% of healthcare organizations deploying vs. 47% of all industries,” she said. “But UC offers significant advantages to a vertical where reducing transaction times and speeding access to information has benefits beyond saving money. Healthcare organizations can reduce costs and improve patient care by leveraging vertically focused UC solutions.”

Already, some hospitals are using unified communications to leverage their best assets: their people. In regions where specialists are in short supply, hospitals are beginning to consider telemedicine by contracting with specialists to provide follow-up visits via secure videoconferencing links, said Gerard Nussbaum, director, technology services, for the Healthcare Group of Kurt Salmon Associates.

“We have clients who are really looking at telemedicine from a strategic standpoint,” he said.  ”Telemedicine is going someplace.”

Wuesthoff Medical Center in Rockledge, Fla., for example, contracted with a teleneurology company called Specialists on Call which provides 24×7 emergency consulting services to between 15 and 20 hospitals in the Sunshine State. Communicating via a secure videoconferencing connection, a doctor in Orlando sees stroke patients as they come into the emergency room.

“A shortage of specialists is driving it,” Dr. Mylissa Graber, the new medical director of the emergency department at Wuesthoff-Rockledge, told Florida Today. “But, from the emergency room point of view, it cuts down on time. And with stroke, every minute counts.”

Staying in touch with busy nurses is another challenge facing hospitals. At the University of Colorado Hospital, nurses now communicate using a combination of unified communications technologies from NEC and Cisco to make certain a live caregiver receives and responds to a patient’s call for assistance. The nurses’ old wireless handsets had short battery lives and limited features and were cumbersome to use. Since the devices had no storage, caregivers had to hand-write notes and contact information when they were away from their stations. The switch resulted in improved patient care and more satisfied nurses.

“Instead of being at the nurses’ station, our caregivers are on their preferred devices, in-building, [on] wireless IP phones, responding to a patient need, even as they are on the way to the patient’s room,” said Joe Bajek, chief technology officer at the hospital.

A Suite Spot for UC

In the cut-throat world of hospitality, high-end hotels are investing heavily in unified communications,  from swanky videoconferencing and telephony solutions to back-end systems designed to make guests feel pampered and secure.

The Spotlight 29 Casino, for example, credits its NEC Univerge SV8500 communications server and UC for Enterprise (UCE) solution with improving customer service, enhancing productivity and cutting phone-system costs in its call center, said Jim Galvan, IT director.  Over at theWit Hotel, guests are protected by the Chicago hotel’s Amcom enhanced 911 system, running on NEC’s Univerge SV8500 IP communications server to give an emergency-caller’s location, including the floor and room number, to the local 911 call center. If someone calls 911 from within the hotel, the system alerts specific hotel staff via screen prompt, text message, or phone call, too.

Although the Park Hotel Weggis in Switzerland is using Avaya’s call center technologies to support guests transparently and seamlessly, it also opted to use Avaya’s Guest Media Hub to stream live webcam feeds of the natural landscape and Lake Lucerne.

Streamlining a hotel’s guest services through unified communications not only improves the customer experience; it also saves the resort money, according to vendors and hotel executives. Messages appear in one box so agents do have to check e-mail messages, faxes, and phones, and a centralized contact center eliminates the need for phone responders for various hotel departments.

The savings extend beyond reservation agents and housekeeping. In the case of Australia’s Crown Entertainment Complex, which opted to replace a private branch exchange (PBX) with a Cisco unified communications solution and Cisco Unified Contact Center Express, it also saved on IT maintenance. Before the switch, each guest room would have needed five cables to support the standard two telephones, two TVs, and Internet access. Today, all these devices are supported over one Cisco IP network, reducing the cabling requirements throughout the sprawling hotel campus.

Plus, the hotel no longer needs technicians to relocate phones, a step that is expected to save significantly over time, according to the complex spokespeople.

Talk may be cheap. Undoubtedly, unified communications are not. But for businesses in communication-intensive industries, these technologies are a sound and a necessary investment, and certainly are something their competitors are considering.

Related Information From Dell.com: Get Service and Support Wherever, Whenever You Go

Not only does unified communications include multiple technologies — think phone calls, voicemail, e-mail, instant messaging, videoconferencing, and presence, among others — it also includes hundreds, if not thousands, of vendors and their channel partners. Each of these brings their own expertise and bias, their own history and legacy, and their preferred methodology and technological approach. No wonder some corporate customers, already burned by proprietary systems and vendor incompatibilities in other implementations, are leery of promises to play well together.

“We are sometimes challenged with the integration of those respective manufacturers,” said Kent MacDonald, vice president of infrastructure solutions at Longview Systems, a unified communications user and solutions provider. “We’d like the manufacturers — the Ciscos, Microsofts of the world — to all work together. They are both recognizing they have mutual clients and collaboration is a work in progress.”

Or, as independent analyst Dave Michels said, “Un-unified communications. How to create a unified communications solutions among different vendors, clients/servers, and cloud services.”

Come Together

Vendors are working together in organizations such as the Unified Communications Interoperability Forum (UCIF), a non-profit alliance of worldwide technology leaders working together to fully realize the potential of unified communications, formed in May 2010. Participants include Microsoft, Polycom and Hewlett-Packard. Although invited, Cisco and Avaya did not join the group.

“Interoperability is not only critical to customer success for deploying unified communications but intrinsic to the delivery of legacy, current and next-generation UC tools, services and infrastructure from multiple vendors.  Until now, efforts to achieve interoperability have appeared ad-hoc, which has given customers little assurance that their existing and planned investments are protected and will deliver the value promised,” said Jonathan Edwards, research analyst, unified communications at IDC. “Together, these companies will help drive industry-wide adoption of open standards and develop programs that put accountability on the vendors and provide peace of mind and investment protection for end customers – something that will surely accelerate adoption of UC technologies.”

In January, Cisco released an interoperability protocol that allows multi-screen telepresence systems to interoperate into the public domain. LifeSize, Tandberg (now part of Cisco) and RadVision signed agreements to license Cisco’s TelePresence Interoperability Protocol (TIP), which Cisco offered to industry participants royalty-free, according to the networking giant.

” We want to make sure we can interface to other technologies,” said Joe Vitalone, vice president of sales at LifeSize. “You don’t want to live on an island, however beautiful it is. You always want to make sure you live on an island that has a bridge.”

A Simple Call

Others are looking to further simplify unified communications from the services perspective. Verizon Business recently took the wraps off three plans designed to reduce communications costs for Verizon VoIP customers. Its IP Audio Conferencing plan for instant meetings eliminates extra fees for calls beginning on a Verizon IP-enabled location, while its VoIP IP Enterprise Routing (VIPER) cloud-based VoIP feature was designed to reduce the cost of business-to-business voice calls be cutting out the domestic or international per-minute calling charges for calls made between Verizon VoIP customers who sign up for VIPER.

And a centralized multi-site design for Verizon’s Hosted IP Centrex clients in Europe aggregates calls to reduce costs in those countries where the communications company offers VoIP.

For its part, American Express Business Travel is expanding the services it offers to its almost 12,000 clients, who together spend more than $26 billion, to include access to public Cisco TelePresence Suites through American Express Business Travel’s virtual meetings eXpert (vmX) solution. Under this agreement, American Express Travel gives corporate clients virtual meeting consulting services to help them select the best method of face-to-face collaboration by leveraging publicly-available Cisco TelePresence rooms and increasing the use of private, corporate-owned systems around the world, said Issa Jouaneh, vice president of global meeting strategy within the Advisory Services group at American Express Business Travel.

“I think this applies to organizations of different sizes. We launched the solution with a Fortune 500 company and we have several clients in the pipeline that are looking at and evaluating the solution,” he said. “Clients have a real interest in the solution. As with any new technology there is a maturity cycle and there is an element of education and change management and then optimizing it over time to get the best yield for our clients.”

The lines are open and operators are standing by, ready to take calls, answer questions, and guide businesses through the evolving tangle of unified communications technologies.

Related Information From Dell.com: Get Service and Support Wherever, Whenever You Go

Last year, Mad Money’s Jim Cramer predicted that the mobile Internet would bring the tech sector out of the recession, and his prediction is right on track. Sales of mobile devices are going through the stratosphere. According to Gartner, over 347 million smartphones were sold in Q1 2010. For the first time, global laptop computer sales are exceeding desktop system sales. The Apple iPad and tablet computers are becoming part of the business environment.

In short, businesses have turned to mobility to make the difference in their bottom line. Mobile technology, along with its benefits and challenges, is infiltrating the corporate landscape faster than any other technology out there. And the crush is on to support the mobile workforce like never before.

That’s the good news. The not-so-surprising, not-so-good news is that cyber-crime is up. The Federal Bureau of Investigation (FBI) notes that reported criminal activity was up 22.9% in 2009 from 2008. Losses more than doubled from $264 million in 2008 to about $560 million in 2009. According to MarkMonitor Inc., an online brand protection solutions company, online sales of counterfeit and gray market goods will cost companies more than $135 billion in 2010.

Along with mobile computing’s obvious benefits come headaches for the IT security folks who have to ensure the sanctity and tranquility of their networks. Three major considerations that security experts need to address are that traditional security models don’t work for several reasons; smartphones are sometimes too smart for their own good; and mobile applications downloaded from app stores by employees to their “personal-but-also-dialed-in-to-the-network” PDAs can wreak havoc.

Think Outside the Box

Laptops and netbooks are really PCs in a transportable form factor. However, smartphones are quite different animals. You can’t install typical security measures like a firewall, virtual private network (VPN), or anti-virus on smartphones like you’d traditionally install on a desktop or laptop. Doing so would put a major load on the phone’s CPU, causing reduced performance as well as eating up bandwidth and battery life. Not to mention that users can turn off such features (also a sure bet, if they’re losing bandwidth and battery life).

Bear in mind that mobile operating systems are much different. For instance, mobile operating systems don’t really multi-task and a cool user interface doesn’t mean it’s necessarily secure. For instance, Apple’s iPhone has drawn criticism from IT managers for its lack of enterprise manageability and in response has developed Mobile Device Management service (MDM) but it still falls short when security and app stores come into play.

Unfortunately, application stores are fast becoming the biggest culprits and delivery systems for malware. A recently published study says that about 20% of the apps for sale in one store are already infected. Additionally, 5% of applications have the ability to place a call to any number, without requiring user intervention, dozens of applications have the identical type of access to sensitive information as known spyware, and 2% of market submissions can allow an application to send unknown premium SMS messages without user intervention. Ouch!

Too Smart for Their Own Good

The obsession to have the “hottest” phone is driving the influx of smartphones into the enterprise environment from the executive level down, and iPhones and Droids are at the top of the hit list. The gotcha with these phones is that they are inherently insecure. Active Sync isn’t secure enough and Native iPhone security isn’t by any means secure so if you connect your smartphones using native security you’ve just blown any compliance you hoped for.

But it’s not all bad news; there are ways to safely integrate smartphones onto the network by maintaining their invisibility on the Internet and tightly controlling them via a policy driven umbrella. Alternatively, you could form corporate policy to populate your network with Blackberrys from RIM. Although they’ve not viewed as the hot ticket gadget, these smartphones can be secured with user experience regulated.

Corporate culture and management requirements need to be taken into consideration when deciding which position to adopt. There are some clear cut options available. You can let users connect their various devices to the network, take the associated risks and throw compliance to the wind. You can go to the opposite extreme, allowing only corporate issued devices on the network and having them guarded by a strictly centralized mobile and smartphone policy. Or you can accommodate in the middle ground where you allow employees to connect their devices but have them comply with a centralized policy and maintain compliance enforcement.

Many businesses want the functionality of Microsoft SharePoint without the limitations and lock-in that come with building on a Microsoft platform. While SharePoint 2010 is undeniably a strong product, it has hefty system requirements and its use limits an organization’s IT choices in other areas. The only way to get full functionality out of SharePoint 2010 is by using Windows Server 2008 and Microsoft Office 2010 on the desktop – upgrades your organization may not be ready to deploy.

SharePoint 2010 is a bit better than its predecessor in regard to vendor lock-in. SharePoint 2007 required ActiveX controls, shutting out everybody on Macs and Linux. SharePoint 2010 isn’t as restricted, and even works in a limited fashion on iPads and iPhones.

But SharePoint 2010 also limits browser choice. While you can work with SharePoint 2010 with Firefox or Safari, they aren’t treated as “first class” browsers for SharePoint 2010. Only Internet Explorer (later than IE6, which has been rightfully deprecated) can exploit all of SharePoint’s features. Note that even some features in 2010 require ActiveX controls that are not available for 64-bit versions of IE.

Probably the most compelling reasons to deploy an open source solution instead are price and flexibility. The licensing costs of SharePoint, plus Windows Server, plus SQL Server and the rest of the bundle are not insignificant. If you’d prefer to avoid becoming too deeply entrenched in Microsoft-based solutions, you’ll find several open source alternatives — and three I personally recommend: Alfresco, MindTouch, and Drupal.

Why those, and not some of the other open source CMSes? Alfresco and MindTouch are two of the most feature-compatible replacements for SharePoint. Drupal is not a direct replacement for all of SharePoint’s features, but handles many of the use cases for which SharePoint is popular. All three not only enjoy a strong user and developer community, but also have strong commercial support, making them much more suitable for enterprises that choose open source but still seek support and training services.

Alfresco

Alfresco is an enterprise content management platform (CMS) that runs on Windows, Linux, Mac OS X, and others. Its a Java-based system that utilizes Hibernate, Lucene, Spring, and other enterprise-class open source components. It’s billed as faster than proprietary systems, and (of course) is cheaper.

Like SharePoint, Alfreso provides content management for documents, records, images, Web pages, and it allows users to collaborate on content development.

Alfresco can be extended and offers a number of third-party solutions. It provides a CIFS connection to Windows so that your users can connect and share files in a similar way to SharePoint. Users can also access repositories over WebDAV and FTP.

The underlying platform, of course, is radically different from SharePoint. Organizations with a Java bent will probably prefer Alfresco to SharePoint, while Microsoft shops may choose SharePoint over Alfresco.

In most cases, users will find Alfresco an adequate substitute for SharePoint. Alfresco is integrated with both Microsoft Office and OpenOffice.org, so your organization can continue to use the Microsoft suite or migrate away from both SharePoint and Microsoft Office.

Organizations have a couple of licensing options. The company offers an entirely open source stack that’s licensed under the GNU Lesser General Public License (LGPL) as well as an enterprise subscription. The Enterprise edition also work with MS SQL Server, Oracle, and proprietary Java application servers like BEA WebLogic and IBM Websphere.

The Enterprise Edition also has system monitoring and clustering features not present in the community edition, which may or may not be vital for your organization. The licensing for Alfresco’s Enterprise Edition is, obviously, more expensive than the community edition, but provides technical support and additional options like platform certification, system monitoring, and enterprise extensions that might be interesting to large organizations.

Drupal

Drupal is not a drop-in replacement for SharePoint if you need a records management system. It’s not a enterprise content management system by any stretch. But for organizations that adopted SharePoint for intranets or building external websites, Drupal should not be overlooked.

The Drupal CMS has scaled to power some of the world’s busiest sites. Drupal is used by the U.S. Federal government to power sites like Recovery.gov, but also can be (and is!) used by much smaller organizations.

The Drupal tagline is “community plumbing,” which is an apt description of the project. Drupal alone is useful for developing websites, intranets, blogs, and the like. However, Drupal’s real power is in its developer community and the thousands of modules that extend the CMS’ functionality. Your organization’s developers can extend the platform or simply take advantage of Drupal’s existing add-ons. With the modules on Drupal.org, you can add file management, e-commerce functionality, LDAP authentication; you name it, it’s probably been added to Drupal.

It can be a bit of a beast to tame. Drupal’s user interface is, charitably, best described as “unintuitive.” This is something that’s been acknowledged by the Drupal community, and it’s one of the focal points of the Drupal 7 development cycle (which should be complete by autumn of this year). Drupal’s APIs are not universally loved by developers, either. In short, Drupal has its flaws,but it’s very widely and successfully used and for all manner of content management.

Drupal is written in PHP and licensed under the GNU General Public License. It runs on Apache or Microsoft IIS, uses MySQL, PostgreSQL, or Microsoft SQL Server, and PHP 4.4.0 or higher. Because the Drupal community has tried to push towards compatibility with PHP 5.x, many modules may require PHP 5.x or better even if Drupal runs on 4.4.x.

Commercial support for Drupal is available through a number of vendors, most notably through Acquia, a company run by Drupal founder Dries Buytaert.

MindTouch

If your company has a strong Microsoft bent, but would like to avoid SharePoint for some reason, MindTouch may be a good compromise.

MindTouch is a collaboration platform for internal and external work. In addition to the expected content management features, MindTouch’s “mashups” extend the software and enable connections to popular Web services and sites (such as Windows Live and Amazon).. It also works with popular open source publishing systems like WordPress, Joomla, Drupal, and Mambo.

MindTouch has “desktop connectors” that provide similar functionality to SharePoint for Windows users, and has Active Directory and LDAP support for authentication.

The downside to MindTouch is that much of its functionality is only available in paid releases. MindTouch Core is the fully open source release, available under the GPLv2. The Standard edition doesn’t have connectors for Microsoft Office or the features needed to easily scale MindTouch for larger organizations. Still, even the paid versions are likely to be less expensive than SharePoint, and having a open core provides the ability for third-party vendors to offer support.

MindTouch is built on top of PHP and .Net, and programmers can add functionality using PHP, C#, JavaScript, and other languages. You can deploy MindTouch on Windows using the .NET framework or on Linux with Mono. MindTouch uses MySQL on Windows or Linux, and also requires PHP 5.2 or better.

Final Thoughts

Should every organization run out and ditch SharePoint? Of course not. If SharePoint is already a working solution for your organization, it’s a bad idea to rip and replace just to implement an open source solution. If the business has made a large investment in SharePoint already, a switch would be expensive and probably would bring unwanted costs in terms of training users and dealing with user dissatisfaction. (Assuming users are happy with SharePoint, of course.)

But if SharePoint isn’t deployed widely in your organization, now’s a good time to consider whether SharePoint is a requirement or if open source solutions would be a better choice. It many cases, Alfresco, MindTouch, Drupal, or another open source solution — I’ve mentioned only a few of the dozens of open source CMSs — might be a suitable replacement.

All are easy to deploy for testing purposes, so there’s little reason not to road test an open source solution to judge if it’s a suitable option.

If SharePoint is part of your infrastructure, consider keeping it in check and using an open source solution for new deployments. Don’t try to rip and replace, but if you need a new Web site for the organization, use Drupal. Need a records management solution for a department not yet using SharePoint? Roll it out using Alfresco instead of SharePoint.

Open source solutions and SharePoint can co-exist. If your organization is mostly a Microsoft shop, deploying a few open source solutions can introduce the IT department and your knowledge workers to alternatives. If nothing else, the in-house use of open source CMS is useful negotiating tool with Microsoft when discussing licensing and future purchases.

Related Information From Dell.com: Experience the Advantages of Linux

There is such as document. It has existed and been updated since 1960, it is available to anyone to read for free and to own for $37 — and you don’t know about it.

Simple and commonsensical, the National Fire Protection’s NFPA 75, “Standard for the Protection of Information Technology Equipment,” is a detailed, explanatory almost-checklist for how to keep your business’ heart beating in case of a fire. While the standard was written for larger data centers stocked with mainframes and Cray and IBM BlueGene supercomputers, its wisdom is applicable to smaller setups. In 2011, a revised version of the standard will be released that addresses a wider audience.

NFPA 75 is under the covers of other standards that are in place, says Brian Rawson, senior program manager for Installation Planning with IBM. Rawson’s role is to provide business and technical support to data installations in the field worldwide. “Typically, this standard falls under the umbrella of the fire sprinkler standards. If a building has a water sprinkler standard, then usually so shall the data center.”

But by following NFPA 75, you go above and beyond. “It means you have more options, and that’s where the standard comes into play,” says Rawson, who is a principal on the NFPA 75 committee.

First Evaluate the Risk

Anyone who is considering an upgrade to the company’s data center should consider fire safety – but many IT professionals don’t know where to start. These guidelines are just a sample of what is in the standard, which also touches on electrical systems and other building code issues, telling you explicitly where to go for more information.

Clear thinking leads to clear planning, says Thomas Wysocki, a technical consultant and senior scientist for Guardian Services, a fire protection research firm and a member of NFPA 75′s committee. “The data is often more important than the equipment itself. You can replace the equipment easier than you can replace the data,” he says.

A CIO has plenty of questions to answer. First and foremost: Are your systems in charge of life safety, such as hospital services or air traffic control? What is the potential for fire; for example, are you located in an industrial facility where manufacturing could raise the potential for danger? What is the economic loss to your business if you had to shut down for a period of time or if you lost records? What is the economic loss of some or all of your equipment?

When evaluating your risk considerations, remember to evaluate your records. Classify your data into three kinds of records: Important, Master, and Vital. The standard qualifies these records according to the difficulty of replacing them. For example, you can replace important records with considerable expense and delay. Master records are those that you turn to when you need to rebuild your database. Vital records are irreplaceable, in which the reproduction is not as valuable as the original, the records are needed to sustain your business, or they are the records that would help you recover from a disaster.

Once you’ve gone through this straightforward process and quantified your business’ risk, you can next move to the construction or retrofit of your data center. You know the extent of the protection you need. “Look at your risk considerations and apply the standard as to mitigate those risks, reduce those risks to an acceptable level. That’s what safety engineering, fire protection engineering, is all about,” says Wysocki.

Designing Your Data Island

Thinking of your data center as a data island is absolutely correct says Wysocki.

Your data should be separate from other sections of your building, especially any hazardous areas, and surrounded by fire-resistant construction, according to NFPA 75. That construction should be capable of providing resistance from fire for at least one hour. That construction should include the ceiling, doors, and the floor. Windows should be fire-rated or have a fire-rated shutter. Air ducts should also have automatic fire and smoke dampers where they pass through fire-rated construction. The temptation is to put the data center in the basement, but the possibility of a fire on an upper floor makes such a location undesirable, the standard says.

“The separation from other spaces is very important. Having a fire-resistant barrier around the space and even separating large data storage rooms from the equipment room is an important recommendation,” says Ralph Transue, senior consultant for Rolf Jensen & Associates and current chair of the NFPA 75 committee.

Top of the line data centers have a main disconnection switch that allows for the shutdown of power and HVAC and closes all smoke dampers. That main switch should be located near the exit doors.

The ideal, of course, is for a company to have a data island that is protected and furnished with its own utilities. “Very often it’s not that way,” says Wysocki. “Someone may decide they are going to rent part of the 94th floor of the Sears Tower and put in a data center. You may not have the ideal conditions in there, but you do the best you can to apply the standard and make the appropriate modification to the structure’s fire resistance and isolation of air handling systems,” he says.

Furnishings should be fire-resistant or even made of metal. No exposed plastics are permitted by the standard. If you have a raised floor, it should be made of noncombustible material, the space underneath the floor must be accessible, and the floor should have provisions for drainage (in case of fire wherein the sprinklers discharge).

Fire Protection Should Complement Your Goals

To design the safest data center, get all the key organizations in the same room talking to each other, says Rawson. “You have the brick and mortar infrastructure people and then you have the software applications people. If they’re not talking to each other and on the same page, you could design a data center and have a production center that is really inadequate just two years down the road,” he says.

“You have to have a very good idea of where you are going as an industry as well as an organization. Understand what your information technology needs are going to be, then match the infrastructure with the fire protection to complement it,” says Rawson.

Related Information From Dell.com: The Smarter Path to Tackling Power and Cooling Issues

If ever there was a time when green initiatives ranked high priority on the global corporate mind, it has to be now with the ongoing Gulf Coast oil crisis in full bloom and government regulatory efforts becoming increasingly stringent. Not that that’s a bad thing; in fact, it’s cool to be green. IT managers and decision-making influencers are reviewing their existing IT infrastructure with new scrutiny and mapping it toward increased environmental responsibility.

Their data center is likely at the top of their list. While migrating a data center into the green world isn’t an easy task, it’s helpful to see how other businesses have achieved their goal.

Ikomm, a Nordic application service provider (ASP), wanted to build Norway’s greenest data center and they did so in a year. According to a recent case study (PDF), Ikomm managed to reduce energy consumption by around 40%. Doing so gave them a competitive edge on pricing and earned the company the first “Green Datacentre” certification awarded by the Norwegian government. Ivar Rusten, Ikomm product and partner manager explained the company reasoning behind the decision saying, “Energy-efficient data centers are now a key factor when companies choose ASPs, and we wanted to be the greenest of the green.”

Founded in 2003, Ikomm provides managed services to private companies and Norwegian city governments such as Lillehammer and Gausdal. Due to rapid growth, the data center outgrew its original facility even after infrastructure and application consolidation efforts in 2004. According to Rusten, their legacy equipment as well as their cooling system was not energy efficient. “More than 50% of our total energy consumption was used just to cool the system, which drove up costs for our customers and increased our carbon footprint.”

Ikomm decided to design and build out a brand new data center based on the newest, greenest technology available rather than re-engineering its existing facility and equipment. It contracted the build out to Dell. While this may not be a universally feasible solution, for Ikomm, with its anticipated growth, it seemed the best solution given they expect ROI in six years.

The subsequent needs analysis process involved measuring existing data residing on Ikomm’s storage area networks (SAN) as well as the energy consumption of the existing setup to provide a baseline from which to generate accurate metrics on the new environment once complete. Once Dell recommended a new infrastructure prescription consisting of various PowerEdge servers, blade servers running on Intel x86 architecture, server cabinets and a state-of-the-art cooling system, they sized out the required facility real estate square footage and began construction on the building to house the new data center. Even the materials used in the construction adhered to sustainable standards and allowed for easy expansion for growth.

One unique feature of the data center is its cooling system. According to Rusten, the cooling system uses eight holes in the earth and circulates water to a depth of 230 meters. He says, “Because the temperature underground is always between seven and ten degrees Celsius, we can cool the APC racks extremely efficiently and use the heat generated by our equipment to heat our offices. The green system gives us 80 kilowatts of cooling and heating power while consuming just 500 watts of electricity.”

In the event of a power failure, the new data center has an uninterruptible power supply (UPS) generator. Data disaster recovery is covered; Ikomm created a disaster recovery center in its old facility, which also mirrors the site and regularly backs up the data.

Building out an entirely new facility may not be in the cards for your green migration, but sound planning and a comprehensive needs analysis and individual elements of Ikomm’s project may serve to take you down the path in the right direction.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency

I’m sitting outside an office building in Portland, Oregon. The building has at least half a dozen businesses with about 40 Wi-Fi access points (AP). In the hour I’ve been sitting here, I’ve broken into 28 of these corporate networks.

While I certainly know more about networking than most people do, I’ve no special expertise. I’m no hacker. I’m just making use of a good network packet analyzer, Wireshark (formerly known as Ethereal) and several common-as-dirt, dead simple to use cracking tools.

The simple truth is that, given a few days and publicly available programs, any wireless network can be broken. Sadly, as I just rediscovered today, most Wi-Fi networks don’t require that much trouble. Heck, it barely requires any effort at all.

Indeed, two of the businesses (downtown businesses, mind you, not Harry’s Home Network) didn’t have any security on their APs. Sigh. Leaving an open AP isn’t just a matter of letting other people share your bandwidth. It’s also an open door into your network. Another three were even worse: They used the default passwords for their wireless routers and APs. As for the rest, most were little more trouble to unlock.

That’s because most Wi-Fi security protocols are pathetically easy to break. For example, it’s a good bet that every Wi-Fi device your company has supports Wi-Fi Wired Equivalency Privacy (WEP). And many of you, including ten of the companies I just “visited,” use WEP for security.

It’s just too bad that WEP was broken, for all practical purposes, back in 2001. WEP stops someone with no clue about Wi-Fi networking security, but those are the only people that it will stop. However, every vendor still includes WEP as part of their laundry list of supported protocols; some reputable sources, like Consumer Reports, as recently as 2009 recommended WEP’s use. Consumer Reports subsequently corrected its mistake, but alas its “better” recommendation, WPA (Wi-Fi Protected Access), is also pretty easy to crack.

WPA, with its baked in security protocol, Temporal Key Integrity Protocol (TKIP), was broken more recently. It takes more of an effort to break than does WEP, but it’s also useless against any determined attacker. If someone wants to be fancy about it, he can try cracking your WPA using either a vulnerability in Quality of Service (QOS)  or using a man-in-the-middle attack.

Practically speaking, I, and anyone else who wants to jump into your network probably doesn’t need to bother with these methods. Instead, they’ll use the rainbow tables, lists of the most common WPA passwords. That’s because your SSIDs (the broadcast name of your Wi-Fi Access Point) makes up part of the password. Thus, chances are you’ve already given any would-be hacker part of the key. They then use the rainbow table to look through likely passwords until they find one.

How successful is this technique? With a 2.2GHz processor and an 8GB rainbow library, I broke into 15 WPA “protected” networks. Mind you, I didn’t have to do any work; I used a common program that automated the process and set it to work. Had I more time, I have no doubt I would have cracked the other WPA networks. There’s even a service, WPA Cracker to do it for you!

Perhaps you imagine that WPA2, the most advanced standardized Wi-Fi security protocol out there, would be immune. You’d be wrong. You see WPA2 has two security standards: TKIP and the jaw-breaking Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), also known as Advanced Encryption Standard (AES).

It’s more trouble to break WPA2 with CCMP, but thanks to those rainbow tables, it can be done on any ordinary laptop computer. Such as mine, which managed to bust into one WPA2/TKIP network. In 2011, both WEP and TKIP-based security will no longer be supported by the Wi-Fi Alliance. But, of course, millions of legacy devices, including any that you buy this year, will still include them.

So, what you really want is WPA2 with AES. Unfortunately, a lot of older equipment and operating systems don’t support it. For example, Windows 2000 and Windows XP SP2 systems cannot support this protocol natively. If for some reason you just won’t move to Windows XP SP3, you can add WPA2-AES support to Windows XP SP2 with the Windows KB893357 hotfix. Note that this is not a patch. Even if your system techs. were keeping Windows XP SP2 up to date, before Microsoft pulled the plug on Windows XP SP2 support, you still won’t be able to use WPA2-AES unless they deployed that hotfix.

OK, let’s say you are using WPA2. You probably know that it comes in two versions: Personal and Enterprise. With Personal version there is a single universal password, the so-called Pre-Shared Key (PSK) for everyone. With the Enterprise version, each Wi-Fi wireless network user gets his or her own password.

As you might guess, the Personal version, even with AES, is more dangerous to use than the Enterprise one. But both can be broken. As long as your network is constantly sending and receiving packets over the air anyone can snatch them and try to brute-force their way into the network. If you were using a really long, random password, like say 20-characters, you’d be “relatively” safe. But how many of us would really use 20-character long passwords like sfds*&10wiJMdis12rt?

The other networks I visited were all “protected” by WPA2-Personal with a really easy to guess password. In one case, the password was the same as the SSID. In the other, it was the name of the company. Great security there, guys. Just great.

Of course, you could just let the machine remember the password rather than try, and fail, to get people to remember it. That will fail, of course, if anyone with malicious intent ever steals a PC.

Here’s the simple truth. People being people, your Wi-Fi security will be broken.  It’s just a matter of time. That being the case, if you’ve got information on your network that you really don’t want anyone getting into, consider making it only available over wired networks. Yes, you get into those too, but the skill sets needed to break into a building are entirely different, and a lot harder to find, than those needed to break into a wireless network.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

MSPs are becoming more popular. Using an MSP can help an enterprise maintain existing service levels with a reduced IT staff, or provide a less-costly means of increasing services than hiring new staff. Since many of them have expertise in Internet applications, they can quickly bring them online. Also, increased regulatory complexity requires offsite storage, which can be provided by MSPs.

“Everyone is taking this stuff more seriously now, and managed services is a very common practice,” says Charles Weaver, president of the International Associated of Managed Service Providers, a trade group. “Larger enterprises have IT departments who are overtaxed and underfunded, and they are doing more with MSPs to offload certain segments of IT management such as e-mail management, server management, VPNs and security, log monitoring, and auditing.”

Even Dell, long the king of direct sales, has gotten into the MSP action by purchasing SilverBack Technologies and offering its own array of managed services.

Clearly, the pool of managed applications will continue to widen. So we’ve put together a short guide to help you choose the right MSP partner. Ask candidates these five questions before you decide.

1. Does the MSP have its own data center or does it rent space somewhere else?

Many MSPs don’t have their own data centers and rent space elsewhere, thus putting yet another intermediary in between your apps and your users. When considering an MSP that rents a data center, make sure that the MSP’s data center is at least up to the same level of integrity and reliability as your own.

2. Do you need .Net or Java? Windows or Linux?

Many providers are either/or and want to stay that way. Others are generalists and don’t have a lot of depth. Some are focused on Web-based applications; others say that they are Web-focused but don’t have much security expertise. Make sure the specific technology and programming expertise you need is what they offer. Ideally, you want someone who can do more than just bring up a new server when you need it. The MSP should also be able to do application optimization and maintain your applications to run at peak performance.

3. What kind of connectivity do you need?

Part of the MSP evaluation is how the company is connected to the Internet, how it prices its bandwidth, and how it measures its overall network quality of service. If your needs vary by time of day or month, or you need a partner that can grow with you as you offload more applications without escalating prices into the stratosphere, the MSP should understand what your usage needs are and scale up or down accordingly.

Also, while everyone promises redundant Internet backbones, check these claims carefully. Look for MSPs that have at least two and ideally three different ISP connections. They should have set up and actively tested failover scenarios with your particular applications portfolio to make sure you stay online all the time. Some providers take pains to route their connections through different paths and separate routers to increase redundancy.

Still, you can’t plan enough. A few years ago, a fire in the Baltimore Harbor Tunnel knocked out all three Internet connections to a financial services company’s data center 50 miles away in Virginia. No one on the company’s IT staff knew that all of their Internet providers had lines that went through the tunnel; since then, the IT staff has requested network maps from providers to ensure better path diversity.

4. Talk to reference customers who are outsourcing the same applications portfolio.

It can be hard to properly vet an MSP, because, as Weaver says, “Even hairdressers have more government oversight today than MSPs.” Nevertheless, look for staffers who were former – and successful – IT managers at larger companies prior to joining the MSP.

A good warning sign is if the MSP is still charging time and materials for services, rather than offering a fixed monthly fee. Charging by time and materials shows that your potential MSP doesn’t understand its business model. Another factor to watch for is whether the ISP has the personality and people skills to handle relationship building. You want to be able to talk to your MSP about more than TCP/IP packet sizes and protocols, and have them become a true partner to your business and operations.

5. Does your MSP also provide service and support for your remote offices and users?

Some MSPs are just interested in housing your data and applications, while others are more full-service operations and offer desktop support for remote users as part of their services package, no matter where they are located. If you have many remote offices, it pays to find one place that can handle these offices as part of the MSP arrangement, so users have a single point of contact for support.

Related Information From Dell.com: Dell and Cloud Computing

When Emerson Network Power consolidated dozens of data centers around the globe into a facility at its campus just north of St. Louis, the most interesting feature wasn’t even inside the building.

As part of its consolidation, Emerson, which makes a wide array of power conditioning and management systems, built a new 35,000 sq. ft. data center in St. Louis last year. The building sports a rooftop 100 kV (DC) solar array that occupies about a quarter of its surface area. The array provides about 15% of the power requirements for the equipment inside and is just one of several technologies that are used to show how green a new data center can be.

Emerson's new data center has a large photovoltaic solar array on its roof.

The new data center is in a particular spot on Emerson’s campus that doesn’t line up with the best orientation for the array.  This required an extra expense to tilt the array on a slight angle for the maximum exposure to sunlight. Emerson’s installation is the largest collection of solar panels in Missouri on a commercial building.

The array is just one of several green building technologies used to qualify the data center for Leadership in Energy and Environmental Design (LEED) Gold certification. (To put this in perspective, a new data center built last month for StreamDataCenters.com in San Antonio only received silver LEED certification.) Emerson also put the air conditioning condensers on the roof, which reduced the overall building footprint by more than 15,000 sq. ft. and eliminated more than two miles of copper tubing needed to carry the coolant. The saved space on the ground was used for plantings and grass.

The roof is white to save about $800 per year in cooling costs, and all exterior lighting was shielded to minimize light pollution to the surrounding area. Interior lights turn off automatically when a room is not in use, and large hurricane-proof windows are used liberally to bring daylight into the offices and further reduce power consumption.

The data center has a twin (without the array) in Marshalltown, Iowa, used for disaster recovery and R&D. It is also the first commercial deployment of Liebert’s NXL power conditioning system (pictured below). There are other Emerson technologies installed throughout the building, both for practical purposes as well as to showcase the products for visitors.

Caption: Emerson’s Liebert NXL power conditioning equipment is just one of many Emerson technologies used in their data center.

Emerson's Liebert NXL power conditioning equipment is just one of many Emerson technologies used in their data center.

Typical of many a newer data center is the use of rack-specific cooling towers to eliminate the need to air-condition the entire air volume of space inside the server area. Only the air space immediately inside each rack is cooled, which results in big power savings. Emerson used the XD equipment from its Liebert division to pull cold air directly to the racks.

The Liebert XD rack-specific cooling equipment moves a minimum amount of conditioned air through the individual server racks.

The data center also alternates hot and cold aisles for more efficient air handling. The ambient room temperature is kept at a comfortable 76 degrees, again to reduce power consumption. The raised floor has a capacity for 5,000 servers but it is running less than 10 percent of that capacity at the moment, according to Keith Gislason, who oversaw the IT infrastructure project for Emerson and since has moved on to join the Avocent product management division of the company.

“We have had zero downtime during the past year. And while we have had some failures – including a lightning strike that caused one of our power buses to fail – otherwise we have been operating continuously,” he says.

Another innovative feature is that fiber optics, rather than copper, handle all rack-to-rack wired connections. This boosts bandwidth and cuts down on the power needed to move all the data between racks, since fiber doesn’t have as much electrical resistance as does copper wiring.

Emerson is powering its Dell Windows and Sun Solaris servers at 240 volts directly from the power distribution equipment. “All the high efficiency power supplies already supported that voltage, so we didn’t have to special order any gear,” says Gislason. In older data centers, power is provided at 480 volts and then stepped down to 120 volts to operate the equipment. Dell estimates that Emerson’s configuration will save around 20 MWhr of electricity annually.

There aren’t any mainframes on the floor. Emerson made a conscious decision to move away from them in their new data centers. The company is in the process of migrating its enterprise resource planning applications – their last critical IT infrastructure – onto more distributed systems hardware.

Locating a data center in Missouri makes a lot of sense … and cents too. The area has one of the lower power rates in the country. Combined with high telecom bandwidth (most of the cross-country Internet lines are nearby) and a moderate climate, power needs are also reasonable.

Emerson also makes use of lower-powered CPUs and, like many modern data centers, extensive use of virtualization technologies to consolidate servers.

The array has been operating within its predicted parameters. There haven’t been any problems in the past year, according to the company. Emerson says that the data center is at least 31% more efficient than traditional data centers that they were moving out of. So going green can end up saving a lot of green, too.

Related Information From Dell.com: The Smarter Path to Tackling Power and Cooling Issues

Most open source software licenses have two provisions in common:

No limits on personal use, unmodified redistribution, or internal re-use. You can use the software as-is on your own, redistribute it, or modify it from source for your own use. This makes most every open source application immediately useful as an in-house productivity booster: you don’t pay anything to use it, no matter how many seats you deploy it on. And as long as you restrict the software to in-house use, you can modify it freely and keep the modifications confidential.

No warranty. You use the software entirely at your own risk. This is not always a comforting thing to hear, which is why any major open source software deployment should be cared for by a consultant or a full-timer to ensure it works.

Many licenses add two other stipulations:

Restrictions on redistribution of modifications. If you modify the software and redistribute it in binary form, you have to also release the source code for your changes. This prevents the software from being incorporated into a commercial product (or a web service) without the creators’ consent.

Derived works are under the same license. Any software you create by modifying the source of an open source licensed program has to be re-released under the terms of the same license.

Provisions vary greatly between licenses. The MIT/BSD licenses, for instance, doesn’t require redistribution of modifications; the Apache license doesn’t require that derivative works be relicensed under the same terms.

Now let’s have a look at the top five most commonly-used open source licenses and their implications. I’ve derived this list from a list of top 20 open source licenses as tabulated by Black Duck Software’s Open Source Resource Center, which tracks the usage of open source in many ways. Remember that this isn’t an exhaustive overview of open source licenses generally – there are many others not listed here, but they are typically variations on these five.

GNU Public License

The GNU Public License (GPL) and its derivates are the most widely-used free/open source software licenses around. That makes them a source for a great many powerful and useful applications. But “free” doesn’t always mean “do as you please.”

The rights granted under the GPL are at their core quite simple. You can use the software as-is for any purpose, without paying anything. But if you modify the source code and publicly release a version based on those modifications — that is, if you create a derivative product for public use — you must also release the changed source code under a matching license. Any programs you create from GPL-ed source must also be released as GPL. (This restriction doesn’t apply to programs written in a GPL development environment; those can be licensed any way you see fit.)

There are other provisions, but that one premise remains consistent across versions of the GPL: you must give back to the community any changes you make that are intended for public consumption.

The GPL comes in a few different iterations. Version 2 of the GPL, or GPL v2 for short, is the most commonly-used version of the license and works essentially as described above. Version 3, or GPL v3, adds (among other things) a provision involving software as a service: you can’t take a GPLv3 product, modify it, and then only release it in the form of a web service without also releasing your changes in source code form. For a good way to understand what you can and can’t do with GPLv3 software, the law firm De Bandt Keustermans and Van den Brande has created a bullet-point rundown[PDF] of GPL v3’s restrictions.

The LGPL, or “Lesser GPL” (also now in version 3), allows software under that license to be linked to and included with any other kind of software, be it free or commercial. It’s typically used for libraries or executables where the output is passed directly to other programs, and where the creators don’t mind its proper re-use in commercial applications.

Examples of GPL software: The Linux kernel (GPLv2); the OpenOffice.org productivity suite (LGPL v3); and the VLC media player (GPLv2).

Recommendations: Any modifications intended for public re-use need to be released as source code, with additional restrictions applying for GPL v3 software.

MIT/BSD License

The MIT and BSD licenses, also known as “permissive” licenses (sometimes “three-clause” licenses), could hardly be simpler. They consist of a copyright notice, permission to use the code as long as the copyright notice is left intact, and a disclaimer of fitness (no warranty, express or implied, etc.). The BSD license spells out the terms of attribution a little more explicitly — it requires notice of copyright to be retained in the binaries as well as the source. You are not obliged to release the source code for any derivative versions, just leave the copyright notice intact.

Because the MIT/BSD licenses are almost totally unambiguous, and software written under their terms has almost no practical restrictions on its use, such software has been re-used in everything from simple web scripts to full-blown commercial software. Mac OS X and the current Windows networking stack, for instance, both use BSD-licensed code — all perfectly legit, since re-using MIT- and BSD-licensed code in commercial apps is well within the intended scope of the license.

To that end, any code released as MIT/BSD can be re-used in most any context: as part of an internal project, as part of something for commercial or noncommercial release, and so on. Just remember to give credit where it’s due.

Examples: The original X Window system for UNIX; Ruby on Rails; and the Mono development platform class libraries are all MIT-licensed. The jQuery library for JavaScript is also dual-licensed under both the MIT and GNU GPL licenses. The family of BSD operating systems (for which BSD licensing was itself named) all use the BSD license, as well as Yahoo!’s YUI library. The Python language is released under a custom license that resembles the MIT/BSD licenses in that the main restriction is that you cannot remove the copyright notice from the code.

Recommendations: You can use MIT/BSD software as-is or modified in any context, public or private.

Artistic License

Originally devised by Larry Wall as the licensing terms for the Perl programming language, the Artistic License (currently in a 2.0 release) resembles the GPL v2 license but with some slight differences in how changes must be released.

You can use and redistribute unmodified Artistic License software without restrictions. You can also modify the original from its source, but you cannot redistribute it without doing one of two things: a) publicly release the changes in source form along with the modified program, or b) give the changes to the program’s original copyright holder. This way you’re not obliged to give changes you make to everyone, just the author—who can then optionally include your work in future releases of his product.

There are a few other restrictions: for one, the derived work cannot prevent users from installing or running the original version. But the redistribution policy is the most important one.

Examples: The Perl programming language, of course.

Recommendations: Any modifications for public use need to be either released as source to the public or provided to the copyright holder of the original code.

Apache License

Another license that was originally devised for a specific piece of software (in this case, the Apache web server), the Apache license is closest in spirit to the BSD license. You can redistribute modified versions of the software under completely different license terms. The main restriction is that every licensed file must have attributions, copyrights, or other similar notices preserved intact, and changes to any files (whether binaries or not) have to be documented in the modified version.

Examples: The Apache web server; the CouchDB document-oriented database system; and the SpamAssassin email filter.

Recommendations: Modifications should be annotated when released for public use, but there are otherwise few restrictions on repurposing Apache-licensed software.

Mozilla Public License

The Mozilla Public License, or MPL, works as a hybrid of the BSD and GPL’s approaches. MPL-licensed works can be combined with other proprietary software, as long as any MPL-licensed source code files are not intermixed with proprietary code.

For instance, if you have an MPL program that consists of a single C++ file, you could modify that one file freely and re-use it in a proprietary program. But you couldn’t make it part of another C++ source code file in the proprietary work; you’d have to keep both C++ files separate, and any changes made to the MPL-licensed file would have to be released to the public.

Examples: Mozilla Firefox, Mozilla Thunderbird. The Mozilla license has also spawned a few derivatives—the Common Development and Distribution License (CDDL), for instance, which has been used for OpenSolaris and other Sun projects.

Recommendations: Keep careful control over source code licensed as MPL, but remember that it can be re-used in proprietary programs where needed.

While open source licenses have a great deal in common, there are important differences. The software produced under those licenses can almost always be used as-is – it’s when you create derivative works from them that the restrictions of the license come most into play, and require the most attention. But those restrictions shouldn’t keep you from evaluating open source as a powerful asset.

Related Information From Dell.com: Experience the Advantages of Linux

“Because we can” is a lousy reason to virtualize a server.

Yet in a surprising number of cases that’s what the argument for virtualizing a particular server boils down to. The company has a virtualization initiative under way and that server is just sitting there, so . . .

While the advantages of server virtualization are undeniable, that doesn’t mean it’s a good idea to virtualize every application and every server in the data center. In fact, in some cases, using virtualization is asking for trouble. A “virtualize everything” policy can cause many problems, including degraded performance, support headaches, increased licensing fees, and sudden lack of support from software vendors.

One of the tricks in a successful server virtualization program is to know what you don’t want to virtualize – and why not.

Resources, Not Applications

The “why not” part is important. Many discussions of virtualization candidates deal with particular applications. You’re told, for example that you shouldn’t virtualize SQL databases, or Exchange servers.

Actually, that’s exactly the wrong approach. Such advice, followed blindly, can cost money in lost virtualization opportunities. In fact, SQL databases, Exchange servers, and such are successfully virtualized all the time. Given the right SQL database or Exchange server, that is.

Instead, look at the underlying reasons why some things aren’t good candidates for virtualization. The key issue is resources.

The Tao of Virtualization is that:

• There’s a real computer down there somewhere, and
• Virtualization is not magic.

In other words, each physical server has finite resources, including I/O bandwidth and RAM, and everything still has to fit.

Some applications and servers aren’t good candidates for virtualization because they use excessive resources. It may be that the candidate takes too much of just one resource, such as input/output operations per second (IOPS), or it may need several of them. Big production databases of any variety are a classic example. They tend to eat too many CPU cycles, too much memory, and too many IOPS.

An example of a server that might be limited by a single resource is a web server, which uses most of the available I/O bandwidth. There just aren’t enough resources left over to effectively share the physical server.

The key here is not the kind of application or server; it’s the demand on available resources that defines a poor virtualization candidate. Thus, many databases, web servers, and such are good candidates for virtualization as long as they don’t put too much demand on the physical server’s resources.

The first step in deciding if something is a good candidate for virtualization is to see how much of what resources it uses. This includes peak load as well as average use of the big three: I/O, CPU cycles, and memory. These need to be monitored over a period of time, including any significant events, such as end of quarter. Fortunately, the performance monitoring tools in most data centers easily can log and report this information.

Disaster Recovery

Even if you can’t save money or energy by virtualizing an application or server, you may still want to do so for disaster recovery purposes. A production database may need its own physical computer, but it may be worth virtualizing anyway if it cuts hours off the time needed to get it up and running at a remote site when a hurricane, earthquake, or fire comes calling. However that’s a separate calculus with its own decision tree.

Licensing Issues

Intellectual property barriers to virtualization are becoming lower, but they’re significant enough that they need to be considered.

The most common problem is that the software’s license doesn’t allow virtualization. This may be because the vendor has determined the software won’t operate properly in a virtualized environment. More commonly, these days, the vendor isn’t sure how well the application runs in such an environment, and just doesn’t want to take the chance.

Whether the software works or not, it is not a good idea to use it on a virtualized system contrary to the vendor’s license agreement. If nothing else, it will probably cut you off from support if something does go wrong.

Specialized Hardware

Another problem, especially outside the confines of the IT department, are systems with specialized hardware such as controllers. These often include unexpected hooks into the hardware, and they may not virtualize well at all. The vendor should be able to tell you about support under virtualization, and you should follow their advice.

A combination IP/specialized hardware problem is the dongles that some software vendors, especially of CAD and graphics programs, still use for copy protection. These things are a pain in general, but they are a particular problem when you want to virtualize the application. Again, check with the vendor about compatibility with virtualization or the availability of a workaround.

Still A Win

Server and application virtualization is still a win in most cases. You just need to make sure you understand the limits and pick your virtualization cases carefully. Check the resources each application needs and look for other issues before you decide to virtualize.

Related Information From Dell.com: A Smarter Path to Virtualization

These are just a few of the situations that create the need to dispose of old computer hardware, or IT asset disposition, a term Forrester Research defines as “processes to redeploy, remarket, donate, recycle, or dispose of IT assets in compliance with data security, environmental, and industry regulations” which you and I might call, “Getting rid of our old computers.”

This area of IT asset management can no longer be an afterthought or a “waste-management” issue. Cost-savings imperatives, and security and environmental accountability have pushed IT asset disposition to the forefront.

That’s a good thing. Caring for your corporation’s IT equipment in the proper way is an opportunity for IT to generate savings and to protect the company’s brand reputation both in terms of privacy and green reputation.

Maturing the IT Asset Disposition Strategy

Don’t get the impression that CIOs and IT managers are allowing companies to become IT equipment graveyards: a basement office littered with discarded PCs and a dusty old dot-matrix printer. In fact, Forrester found that four out of five companies it surveyed had IT equipment recycling programs in place.

Robert Houghton, president of Redemtech, an IT asset management company with a focus on green practices, agrees with that finding: “These are issues that most larger organizations are quite aware of and most have some sort of practice and policy.” Still, he says that many organizations still consider IT asset disposition a “waste management issue.” However, a mature IT asset disposition strategy “can be a source of considerable savings for the enterprise through reuse and resell programs and it can add to the corporate social responsibility goals of the enterprise through donation of surplus equipment to nonprofits,” says Houghton.

The authors of the Forrester report, “Q&A: IT Asset Disposition,” agree. They point out that IT asset disposition strategy “can help reduce costs and operational risks throughout the IT asset life cycle.” For example, a mature strategy can offset the purchase of new equipment through the revenue gained from reselling end-of-life assets or through vendor credits. The authors point to the example of a large U.S. government agency that used Dell’s Asset Recovery Services to receive $166,000 in equipment exchange credits, which gave the agency significant staff savings by cutting removal times from six months to five days.

According to the Forrester report, a proactive IT asset disposition strategy (under a comprehensive IT asset management program) can be an effective part of identifying legacy equipment at risk for failure and in need of a refresh, thus reducing operation risks.

Refurbish for Savings

The 3 R’s—reduce, reuse, recycle—is not just a slogan applying to the EPA and upheld by the environmentally minded, says Houghton. “It also makes tremendous financial sense.” He points to one of Redemtech’s clients, a large bank that has a robust redeployment program cutting across all technology platforms—everything from big servers to PCs to teller equipment to phones. Houghton says that when comparing the amount of deferred procurement against the cost of reusing a refurbished item that the banking company already owns, the ratio is $1 to $14.50. In other words, for every dollar the company spends in new IT equipment, it saves $14.50 in procurement expenses.

Reusing can’t take the place of buying new equipment, of course, he says; there’s an appropriate time to retire equipment from the enterprise. However, when you’re strategic and judicious with redeployment, you can really save the business a lot of money. “These are capital savings as much as expense savings; this is stuff that the CFO cares about every bit as much as the CIO,” he adds.

Elvis Cernjul, VP of IT for retailer Spiegel Brands, follows this principle at his company. Cernjul maximizes savings through waterfalling servers and network gear from production to a lab environment. Though a once high-performing server may no longer be suitable for a particular system, it may be so for other applications. In addition, when Spiegel’s IT department replaces power users’ desktops, they reallocate those assets to other users using Citrix (for example, in the call center and warehouse). “Bottom line: We try to extract as much utility out of our assets as possible.”

Donating Old IT Equipment

Donating old hardware to charity is another option for old equipment. First off, you need to identify which charities you’d like to donate to and make sure they actually need and want what you’re willing to give, says Angie Singer Keating, VP of Compliance and Security for Reclamere, an asset management and security consultancy. Cernjul has simplified the process of choosing by focusing on low-income schools.

Donation is not without its issues, however. What you donate must actually be useful for the organization, and many software licenses cannot be transferred. Plus, says Keating, many companies find that when the nonprofit runs in IT trouble, they call on the donating company for the technical fixes; that said, donating IT time is also an option for charitable donation. For software issues, open source can give computers a longer life and provide usable equipment for charities. You can also work with a vendor that provides support in dealing with donation issues.

Resell Programs for Savings

Alternatively, you may choose to work with a vendor to resell equipment outside the enterprise, which can be a powerful method of recouping revenue from old equipment. There exist a number of vendors to help you with this process (a process that starts with data wipes). Many vendors will jump to the recycling option for old equipment, says Houghton. However, both for financial reasons and for environmental reasons, it pays to work with a vendor who can give old equipment new life. Of course, refurbishing old equipment for resale is a complex issue and must be looked at on a company-by-company basis. However, an inoperative laptop that may be worth only $150 in parts but, restored to working condition, can be resold for more money. This strategy gives the equipment longer life (lessening ecological impact) and generates more savings for the company.

Although the economy may be showing signs of recovery, a corporate emphasis on savings isn’t likely going anywhere soon, predicts Houghton. “Thrift will be one of the key drivers in enterprise asset management—money will be tight, capital will not be abundant—and business leaders will continue wanting to get their money’s worth: In the future we will be much more sustainable out of necessity.”

Related Information From Dell.com: The Smarter Path to Tackling Power and Cooling Issues

Every few years there’s another panic about everyone running out of IP addresses. The terror that the Internet would simply run out of room is finally coming true. It’s not so much that computers are consuming the IP addresses; it’s all those smartphones, iPads, and other devices that require Internet access.

The Number Resource Organization (NRO), the organization that oversees the allocation of all Internet number resources, announced in January 2010 that less than 10% of available IPv4 addresses remain unallocated.

“It is vital that the Internet community take considered and determined action to ensure the global adoption of IPv6,” Axel Pawlik, chairman of the NRO, said in a statement. “The limited IPv4 addresses will not allow us enough resources to achieve the ambitions we all hold for global Internet access.”

IP addresses are allocated by the Internet Assigned Numbers Authority (IANA), which in turn is run by the Internet Corporation for Assigned Names and Numbers (ICANN). IANA distributes IP addresses to regional Internet registry (RIRs) who issue these addresses to ISPs and from the ISPs to you. “This is the time for the Internet community to act,” said Rod Beckstrom, ICANN’s president and CEO. “For the global Internet to grow and prosper without limitation, we need to encourage the rapid widespread adoption of the IPv6 protocol.”

When the Internet began (then called ARPANet), IPv4′s possible 32-bit 4.3 billion addresses looked like it would be more than enough. That was then. This is now.

Since the NRO made its announcement, we’re now down to 6% of possible Internet addresses being available. According to IP address distribution statistics, IANA will run out of addresses to distribute on August 9, 2011 and the RIRs will assign its last IPv4 address on April 14, 2012. (Concidence that the Mayan calendar also ends in 2012? That’s for you to decide!)

For over a decade, we in North America and Europe have avoided running out of IPv4 addresses. Alternative network technologies, such as network address translation (NAT) and Classless Inter-Domain Routing (CIDR) have made it possible to squeeze more devices within the IPv4 address range. NAT solutions, used in most business and home gateways, let us use dozens to thousands of PCs within a local area network while requiring a minimal number of Internet addresses.

But even with these methods, North America and Europe are running out of IPv4 addresses. IPv6, with its 128-bit address space, has orders of magnitude more addresses. It may be possible to run out of IPv6 addresses, but we’ll probably have to have interstellar colonies before that becomes a concern.

IPv6 is already very popular in India, China, and South Korea, and is supported by all the major operating systems such as Windows 7, Windows Server 2008, Windows XP, Mac OS X, and Linux. It also has hardware support from such all the major network switch and router vendors as Cisco, Juniper Networks, and Foundry Networks.

So why aren’t we using it in the U.S., Canada, and Europe?

Partly it’s because Americans and Europeans have had the lion’s share of IPv4 addresses assigned to them. In countries like Korea, where the country is, according to the Korean Organization of Economic Cooperation and Development, “the most advanced country in the world in terms of broadband Internet network connections,” there simply weren’t enough IPv4 addresses (23.6 million) to go around, so Korea quickly adopted IPv6.

Another problem is that IPv6 rules forbid multiple Internet connections. In practice, this means that companies can’t obtain service-provider independent addresses. If you have an IPv6 address from one backbone provider and they were knocked off-line, you couldn’t, as you can with IPv4, simply fall-back to your backup backbone provider.

The real reason, though is that, frankly, we’ve been lazy and cheap. We’ve managed to avoid upgrading our legacy Internet systems for years. It’s not as though there are some killer IPv6 applications. While IPv6 does make Virtual Private Networks (VPNs), Voice over Internet Protocol (VoIP), and peer-to-peer (P2P) networking easier, we’ve all been happy to get the same functionality from applications running on the IPv4 network stack. The bottom line has been, “It’s not broke, why fix it?”

Alas for us, it’s about to break. We can no longer afford to be either lazy or cheap. Like it or not, it’s time to upgrade your network infrastructure to IPv6 or you’ll face the daunting prospect of paying premium prices for an IPv4 address.

How would this work? We don’t know. We have some theories, but that’s about it. There’s no IANA or RIR method for handling this situation. When you get right down to it, we aren’t completely certain how all our current applications and servers will run on an IPv6 Internet.

With less than two years before we face this situation, it’s time to start running IPv6 pilot programs and seeing exactly what this new era of the Internet is going to mean for our businesses. If we don’t, we’ll find out the hard way: By running out of resources when we need them the most or by switching to IPv6 only to find that our services crash under it.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

GPUs are normally used in desktop PCs, where they serve as high-speed graphics accelerators, primarily for games. But it’s slowly dawning on both server makers and end-users that GPUs make great math co-processors for more tasks than just gaming.

In May, IBM announced plans to offer a pair of Tesla M2050 GPUs in its iDataPlex dx360 M3 scale-out servers. Dell followed with an early June announcement that its PowerEdge M610x blade servers would come with a pair of Tesla GPUs. The M610x, equipped with an Intel Xeon 5500 or 5600, can generate up to 400 gigaflops of performance.

These announcements were a big win for Nvidia, which has been pushing the concept of using its graphics chips as massive math co-processors for math-intensive tasks for some time. Until the Dell and IBM announcements, Nvidia didn’t have much tier one hardware support.

If you’ve been around PCs long enough, you remember that the 8086, 80286 and 80386 processors had math co-processors available: the 8087, 80287, and 80387, sold separately. If you bought a PC back in the late 1980s to do a lot of math or scientific work, the PC sales staff would sell you on the notion of the math co-processor. These add-on chips were tuned specifically for fast and accurate calculations, assuming that the software was written to exploit the chip’s capabilities. The primary buyers were spreadsheet users, since the original x86 “killer app,” Lotus 1-2-3, recalculated much faster when a math co-processor was installed.

With the 80486, the math co-processor was integrated into the CPU, and subsequent architectures added instructions to speed up math calculations. Even today, CPU design documentation makes references to a “floating-point unit,” since floating-point math is used in math calculations. This includes graphics processing, signal processing, string processing, and encryption — not just obvious number-crunching.

Computers see a number as either an integer or floating point. Integers have no decimal place (13 people, for example) while floating-point numbers do (3.14159, for example). Fine-grain calculations are all the floating-point unit’s job.

This is especially important in graphics, because calculating the positions of triangles that constitute a smooth 3D image requires extremely precise fractions. If the calculations are off, then you get splits in between the triangles, breaking the image. Graphics software developers need to calculate to the 30^th decimal point to get precise fitting, color, and lighting.

Over the years, Nvidia and its rival ATI (a part of AMD since 2006) have built massive multicore math processors. Here’s a little perspective: Intel and AMD are at the four- to six-core level these days; Nvidia’s new Fermi architecture has 483 stream processors (and would have had more except for heat and power concerns) while the ATI Radeon 5000 series has 1,600 stream processors.

Stream processing is a computation technique used in parallel processing designed to use many computational units, whereby the software manages things like memory allocation, data synchronization, and communication. All of those cores are connected by high-speed interconnects.

GPU threads are much smaller than CPU threads because they are just a bunch of math instructions. Often, the math instruction might be as simple as addition, done over and over. That makes GPU cores great for switching threads, because the cores can change from one thread to another in one clock cycle, something CPUs can’t do. A CPU thread is a complex series of instructions, such as a system process or operating system call.

Lately, people with jobs requiring high performance computing are realizing that those 483 to 1,600 math cores might do something besides render videogames. Nvidia and AMD wholeheartedly agreed, and lately have promoted their GPUs as math co-processors, although Nvidia has been far more emphatic in pushing the idea.

The final missing ingredient was double-precision floating-point math, a necessity in complex scientific calculations. Both Nvidia and ATI added double-precision floating-point capability to their chips. A single-precision floating-point digit is 32-bits long, or 2^32, while double precision is 64-bits long, or 2^64. This is irrelevant to gamers but a must-have for a scientific researcher or software developer who is, say, simulating global climate patterns.

Programming a GPU

If the server in your data center is likely to include a GPU, then it follows that the programmers in your IT shop who write server applications should understand the basics of programming for the new hardware. Here are some of the decisions you, and they, need to be aware of.

Adopting GPU computing is not a drop-in task. You can’t just add a few boards and let the processors do the rest, as when you add more CPUs. Some programming work has to be done, and it’s not something that can be accomplished with a few libraries and lines of code.

Video games have always been the primary example for applications using massive amounts of floating-point calculations, but they are far from the only uses. Most math-heavy applications are in visualization-related fields. This includes medical and scientific imaging, 3D imaging and visualization for oil and gas exploration, processing 3D graphics used in entertainment and advertising, and financial modeling.

The process is known as GPGPU computing, or general purpose GPU computing. The task basically involves programming an application to send its calculation work to the GPU instead of the CPU. Up to now, that meant rewriting code. Nvidia handled it with its CUDA development language.

CUDA is a C-like language that gives developers the instructions to write applications that run in parallel and execute on the Nvidia GPU. Unlike an x86 processor, the applications aren’t running two, four, or eight threads in parallel; they run hundreds of threads.

Nvidia made a serious effort to get universities behind CUDA, with more than 350 universities around the world offering courses. But, just as Nvidia gets momentum going, it may prove for naught.

The OpenCL project is an offshoot of OpenGL, the graphics library used by 3D cards (although largely supplanted by Microsoft’s DirectX). Apple was the original author of the Open Computing Language (OpenCL) framework, which is used to write programs that execute across a CPU, GPU, and any other processor. OpenCL includes a language for writing kernels and APIs used in task-based and data-based parallel programming.

OpenCL has strengths and weaknesses when compared to CUDA. For starters, it supports multi-processor computing. CUDA supports Nvidia GPUs only. OpenCL gives any application access to the GPU without having to be rewritten. CUDA means writing in C code for the Nvidia GPU. OpenCL is for any input/output processor, so it could conceivably support everything from Itanium to a Sun UltraSparc to an ARM embedded processor.

The OpenCL framework is newer than CUDA and lacks a lot of CUDA’s features and maturity. Most notably, CUDA has its own Fast Fourier Transform (FFT) kernel but OpenCL does not. FFT is a complex algorithm used in everything from advanced scientific calculations to image processing.

Both frameworks have plusses and minuses. CUDA is in the hands of Nvidia, a hard-charging company that’s its own biggest motivator and competitor, while OpenCL is managed by a standards group, which is a great way to get nothing done, at least in a hurry. There’s also the specter of  vendor lock-in with CUDA, and waiting who-knows-how-long for the OpenCL library to get updated.

There’s a third competitor: Microsoft’s DirectCompute. DirectCompute is a component of Microsoft’s DirectX11 API library that was released with Windows 7, which means it works on exactly one operating system. Like OpenCL, it enables applications to take advantage of the GPU’s computing power.

Because it’s only in DirectX 11, DirectCompute use is most limited; it only runs on Windows 7 computers. Since Microsoft has not made DirectX available for any other platform, there aren’t that many DirectX 11 cards on the market. ATI has a lead, but Nvidia is trying to get product out as fast as possible. For now, DirectCompute is not a server technology.

Usage Models

So where is a GPU best? As said previously, it’s ideal for high mathematical usage cases. This includes medical research, where diseases are “reverse engineered;” medical imaging, where an ultrasound image can be rendered in minutes, not hours; and video and image processing, such as movie effects.

Nvidia recently scored significant bragging rights that the three films up for Best Special Effects in the 2010 Oscars — Star Trek, Avatar, and District 9 — were rendered using Nvidia GPUs. In the business arena, Nvidia pointed to GPUs being used in energy research to crunch seismic data for hints of oil and gas reserves, and in finance, where the entire stock market is analyzed in real-time for trends and patterns.

Your data center does not necessarily need GPUs, so don’t feel as though it must be included in your next server purchase. For basic server tasks, such as file serving, Web page serving, or databases, a GPU is not needed at all. Those are not number crunching tasks. Anything I/O intensive, such as an application servers or databases, does not need a GPU. It needs memory, fast connections, and perhaps solid-state storage, but not a GPU.

Some programming work has to be done to take advantage of GPUs, and it’s a new type of programming. That requires some education and training on the part of your programmers. The training won’t necessarily come from the hardware companies; it will come from Nvidia and AMD, which have solid developer programs but are still relatively new to enterprise development.

Related Information from Dell.com: The Dell High-Performance Computing (HPC) Strategy Helps You Better Use Your IT Resources

From the first, we have done our best to provide you with articles that help you make good decisions about information technology. Initially, we focused on Windows 7 in the enterprise – and I’m rather proud of the articles we published on that topic, over a hundred of them, covering everything from how to deal with slow startup times in Windows 7 to challenges in Windows 7 software development.

We’re broadening our focus, starting today. In addition to Windows 7, you will now see articles on a broad range of topics that help you as IT leaders make the right choices by giving you useful, pragmatic guidance. Our articles, written by experts in their fields, provide business analysis of technical issues, underscoring ROI concerns while also making it clear which technologies matter (and why); explaining the technology influences that will impact boardroom decisions; teaching best practices learned by other senior practitioners; and motivating IT staff to make the IT departments work flawlessly.

It would be easy to tick off on my fingers the technologies you’ll find covered at the new IT Expert Voice, such as virtualization, green IT, and enterprise-class networking. But as you’ll see, our emphasis is less on the boxes that have blinking lights than it is on the business reasons for acquiring those boxes and the management issues box-ownership implies. Managers need to understand technology too, but a techie can often make the boss’ eyes glaze over as she does a deep dive into the underlying architecture; we share enough technology for you to make a good business decision based on personal understanding, without insisting that you become an expert in the knowledge domain.

I’m really excited about this new chapter. I hope you are, too!

With Microsoft having abandoned Windows XP SP2, late-adopting companies still using XP are being pushed to make the upgrade to Windows 7. Windows XP is a dying breed.  It’s time to upgrade. Microsoft says only Windows Vista systems are eligible to upgrade, while Windows XP users need to make a clean install of the new operating system:

You can’t directly upgrade from Windows XP to Windows 7, says Microsoft.

Thankfully, you can avoid the need to wipe the disk of each PC and clean-install Windows 7 manually.  Some tricks are more effective than others. Let’s look at some of these upgrade options, the DO’s and DON’Ts, and pick the slickest (and cheapest) and method.

#1: Don’t migrate from Windows XP to Windows Vista to Windows 7

Some IT departments are so desperate to avoid clean-installing Windows 7 that they “upgrade the upgrade.”

The workaround involves performing an in-place upgrade from Windows XP SP3 to Vista SP2 (which is possible), then an upgrade from Windows Vista to Windows 7 using Setup.exe (which is also possible, of course). This is a bad idea because it requires paying for Windows Vista licenses. There are other reasons why no company should even consider going that route.

The reason Microsoft doesn’t recommend upgrading from XP to Windows 7 is that there are too many changes to PC configurations (such as applets, hardware support, and the driver model) to carry it all forward, according to Microsoft’s Engineering 7 blog. A clean install is better.

The driver and legacy applications problem could be solved if your IT department puts enough time into it. But also, PCs become unstable. After years of installing programs, collecting temporary files, crashing dozens of times and sometimes fighting malware, most old Windows XP systems have become messy. Performance is just not on par with a clean install; neither is stability.

#2: Clean-Install and Rely on Windows Easy Transfer

Small businesses and home users may be fine with a clean install and moving files from the old Windows XP to the new Windows 7 installation. Windows Easy Transfer is a nice little helper here. It collects user data (such as video, music, and documents), some basic Windows settings, and a handful of supported programs. Easy Transfer saves that information to an off-client location. However, this process involves moving data off of Windows XP, installing Windows 7 and then using WET again to migrate the data back. It’s too much hassle for a larger enterprise.

Also, Windows Easy Transfer is limited. It doesn’t migrate applications, only application settings. Furthermore, only settings from a handful of selected programs (such as Google Chrome, Microsoft Office, iTunes and the Windows Live Suite) can be transferred. WET doesn’t save network settings, such as permissions for shared folders and firewall policies.

So while WET is a handy tool for individual or a small businesses with only a few PCs to migrate, it’s just too much work and too limited for enterprise users. You’ll suffer the “Click Next” syndrome after the first few PCs.

#3: Don’t Clone The Hard Drive

Here we have a quite a sneaky upgrade method: You create a reference Windows 7 install on a PC with all the applications your clients need. You clone this Windows 7 install and – using diskpart and other tools – copy the image to all your XP clients. It’s quite easy to duplicate a hard drive.

User data migration might take hours, depending on how much data is involved. Also, cloning only works in infrastructures with absolutely identical hardware; you can’t easily clone a Windows 7 image between two systems with different hardware configurations and expect it to work instantly. You may require several hard disk images, depending on how your company’s PCs and notebooks are equipped. Creating them takes time, and you have to pay the cost of storage to keep larger image sizes.

#4: Use User State Migration Tool 4.0 only

USMT is sort of a “very pro” version of Windows Easy Transfer, and it’s my semi-recommendation. Like WET, USMT collects user accounts, files, Windows settings, and application settings from one system and migrates them over. Using XML files, you can control exactly which files and settings are being captured. Check this MS TechNet article for a complete list of what information and settings USMT copies.

USMT supports two scenarios:

• Computer Update: Migrate the user state from Windows XP to a central migration server, installing Windows 7, migrating the entire user state back to Windows 7.
• Computer Replacement: Migrate the user state from a Windows XP PC to a migration server and restoring the user state on a new Windows 7 machine.

The advantage: Using MS System Center Configuration Manager, an administrator can use the LoadState and SaveState tools (included in USMT) to capture user data for dozens or hundreds of machines simultaneously and roll them out. The problem with this, again, is the manual handling of programs, user data, and many settings.

#5: Automate migration with programs, updates, and drivers

By far, the most streamlined solution is to use MDT 2010, which lets administrators create a fully automated Windows 7 install image in which they include updates, drivers, many programs, and settings – even language packs can be included. Using simple wizards, you can deploy a custom Windows 7 installation that lets you do a “click and forget” package.

While you still have to deal with some settings, it’s the most automated and hassle-free solution for your company. In a separate article, we’ll show how this is done step-by-step, including installing Microsoft Deployment Toolkit 2010, importing the right drivers, creating silent application packages, building a task sequence, capturing the user state and all data of a Windows XP system, and rolling out the custom Windows 7 image to your clients. In the meantime, the link above should help you learn the basics of this Microsoft tool.

Want your new Windows 7 applications to take advantage of the new operating system? Here’s how to add functionality to the Windows 7 Task Bar, using the Windows 7 API Code Pack, .NET, and very little effort.

When I first started with .NET programming back in its version 1.0 days, I noticed how shielded we Windows programmers were from the good old Win32 API. On the one hand, that was a great thing; no longer did developers have to fuss with enormous calls to CreateWindowEx and the related RegisterClass function. While functions like these and the message handler functions were the lifeblood of our applications, with .NET our programming became substantially easier.

But on the other hand, at times our hands were tied. Despite the size of the .NET framework, there were some API features that the .NET creators seemed to skip. As .NET moved forward and included WPF features, Windows Vista come along, and now Windows 7, both of which had lots of features that were absent in .NET.

The way around this was to call directly into the Win32 API. That’s certainly possible in both C# and VB.NET. But it’s not fun, not by any means. A better way, however, is a .NET library that encapsulates the missing features. And that’s exactly what Microsoft did with the Windows API Code Pack for Microsoft .NET Framework.

The API Code Pack includes classes for accessing the Windows Shell, the Windows Taskbar, task dialogs, the sensor platform APIs, the Extended Linguistic Services APIs, the power management APIs, Application Restart and Recovery APIs, Network List Manager APIs, Command Link control and System defined Shell icons, DirectX, and even the Aero Glass system.

The classes are very clean, and are more than just a wrapper around a bunch of functions. (Remember the early days of MFC, which was little more than a basic wrapper? This is much better.) Simply put, programming with the API Code Pack feels like .NET programming.

To get started, I decided to try the Taskbar features. The Taskbar is one aspect of Windows 7 that is substantially different from earlier versions of Windows, even Windows Vista.

Exploring the Taskbar

As I got started, I realized that I wasn’t totally aware of the Windows 7 taskbar features. I had vaguely noticed them but hadn’t recognized that they could be programmed. Even if you know the TaskBar well, it’s worth a moment to review a few user capabilities before we look at the programmer’s options.

There are two main features that you can access programmatically.

First, when a program is “pinned” to the start menu or the task bar (by right-clicking on its shortcut and choosing Pin to Start Menu or Pin to Taskbar), the program can include a submenu beside it on the start menu..

It also can have a popup menu-sort-of thingamajig on the taskbar.

I had noticed these menus in various programs such as Internet Explorer, but didn’t really consider how I could program them myself (or that they have a name: jump lists). But you can program these jump lists through the Win32 API for Windows 7, and, in .NET, using the API Code Pack.

Programs can display multiple icons in the Taskbar, representing various pages. For example, if you have multiple tabs in Internet Explorer open, you see a thumbnail version of each page in a popup above IE’s icon on the taskbar. These thumbnails represent separate tabs inside a single IE window—not separate IE windows. Again, that’s all programmable; the following figure shows what these things look like in a sample that ships with the API Code Pack.

Programming the Jump Lists

Rather than talk you line-by-line through the code, in the rest of this article I point you to the examples that ship with the API Code Pack, and explain how they work. The examples are contrived in that they don’t serve any real purpose beyond demonstrating the features; but they do a find job of helping you explore the classes in the API.

If you look at the earlier image for a jump list, you see there’s a Recent list, a Tasks list, and a list called Custom Category 1. The first list can be configured to show Recent, Frequent, or nothing at all. The next list is a set of tasks that you can add, which are really just shortcuts to programs. Then you can have custom lists, each with whatever name you like.

Before you aim to show items in the Recent (or Frequent) list and the custom lists, there’s a caveat you need to be aware of: You can only show file types (that is, file name extensions) that are registered with your application. The sample app shows .txt files, and as such, must associate .txt files with the sample app. (The sample includes code to show how to do this, and such code makes use of shell features in the API Code Pack.)

Note: I got a little bit confused after I asked the sample to register itself with .txt files. I double-clicked several .txt files, and Notepad opened. Then I remembered that any file type can be registered with multiple applications, and one can be set as the default application. The way to choose which registered application is to right-click the .txt file in Explorer, and in the popup menu, click Open With, and then click the name of the application.

After your application has registered itself with a particular file type, it can use classes in the Microsoft.WindowsAPICodePack.Taskbar namespace for manipulating the jump list. First, you create a new instance of the JumpList class; then you set the JumpList instance’s KnownCategoryToDisplay member to show either Recent, Frequent, or nothing for the first list.

To add items to the Recent list, call the JumpList instance’s AddToRecent class, passing the file name. Easy enough. Then call the Refresh method to commit the change.

To add your own custom categories, call AddCustomCategories, passing instances of a class called JumpListCustomCategory, each of which contains a category name. Then, to add items to a category, call a JumpListCustomCategory instance’s AddJumpListItems method. Again, easy enough. After a call to Refresh, the list is created.

Adding tasks is equally easy; you call the JumpList instance’s AddUserTasks method, adding instances of classes derived from IJumpListTask.

Creating Custom Thumbnails

Creating the thumbnails that appear above the items in the taskbar is about as easy as adding to the jump lists. First, you need to get an instance of a class called TaskbarManager. That class has a member that’s an instance of ThumbnailToolbarManager, which in turn has a method called AddButtons. You call AddButtons to add thumbnails above the taskbar.

In general, you don’t need to be aware of the underlying Win32 API when using these classes. The AddButtons class is an exception, but only slightly. The call to AddButtons needs a window handle (a number that uniquely identifies a single Window) so that it can take a snapshot of the window and display its thumbnail version. However, in the Win32 API world, a “window” isn’t automatically a single window that holds an application; rather, every control within a window is itself a window. In the sample that comes with the API Code Pack, the main window contains individual tabs much like those you see in Internet Explorer. These tabs are individual Win32 API windows, and as such can appear as thumbnails.

That said, when you call AddButtons, you add a handle for each window (or control, or tab, and so on) that should appear as a thumbnail. Fortunately, in .NET, you still have access to the handles, as each control contains a Handle property inherited from the System.Windows.Forms.Control class. Just pass that handle, and you’re good to go.

Running a Taskbar Progress Bar

Another useful and programmable Taskbar feature is the ability to have a moving progress bar that runs across the icons in the taskbar. This is hard to demonstrate with a simple screen capture, but in the little image below you can see the left third or so of the taskbar item is colored green.

The progress bar works like other progress bars in that it doesn’t automatically increase. Instead, your program sets the value, and changes the value as needed, increasing it over time to make it look like the progress bar is growing.

To set the value, you start with the same TaskbarManager instance you used with the custom thumbnails, and call its SetProgressValue method. (The method takes two parameters: a value, and a maximum, which the system divides to get a percentage.) Additionally, you call the TaskbarManager instance’s SetProgressState, specifying an enumeration of type TaskbarProgressBarState; this enumeration contains values Normal (to make the progress color green), Error (to make the progress color red), Paused (for color yellow), or NoProgress to hide the progress bar. (Another enumeration, Indeterminate, had no apparent effect on my system for some reason. But according to the Win32 API documentation, not the API Code Pack documentation, the indicator should cycle “repeatedly along the length of the taskbar button.”)

What About Earlier Windows Versions?

When I set out exploring the API Code Pack, I wondered what would happen if you created an application that uses Windows 7 features and tried to open the application under Windows Vista, for example. Fortunately, the API Code Pack includes a set of methods for checking the current version of Windows that’s running. Using these methods, you can first check if Windows 7 is running, and only then use the Windows 7 Taskbar features, skipping over the code otherwise.

The API Code Pack makes it incredibly easy to program for the taskbar, and I have only scratched the surface on its features. Since you can test whether Windows 7 is present, you might as well include Taskbar support in your software to add that extra professional touch – and to impress the users who want to see what advantages Windows 7 might have for their work.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

People have dug deep into Windows 7, in the several months since the operating system’s release, and they found all kinds of hidden gems. One big surprise is the major overhaul given to the most modest of built-in applications: Windows Calculator.

Yes, the native calculator. We’ve all used it to do some quick math. Microsoft keyboards even have a hotkey mapped to the calculator. But did you ever think you could do scientific or financial calculations on it? You can now.

In Windows Vista, Microsoft basically didn’t do anything except give the calculator an Aero skin, but this version in Windows 7 is in fact quite different. It has a new layout to support multi-touch displays, since Microsoft built a lot of touch screen support and functionality into Windows 7.

You now have four modes to choose from when operating the calculator: Standard, Scientific, Programmer, and Statistics. Let’s cover them individually.

Standard Mode Features

A new Memory key, Memory Minus (M-), is in the upper right. It subtracts whatever figure is in memory.

The new Calculator lets you see your calculation history by typing CTRL-H or selecting View, History. Doing so displays your previous calculations. Let’s say you’ve done a series of four or five calculations in a row. You can backtrack to your prior steps by clicking on that line and if you need, correct your typos (changing “335” to “333”). All of the subsequent calculations are then recalculated (using “333” so your final result isn’t wrong).

Copy and paste are expanded. Your entries be copied and pasted into other apps, such as Excel. The calculation history can also be copied (Edit, History, Copy History) and pasted into Excel. I did a 10-line calculation then copied the entire thing into the spreadsheet, and it filled into 10 cells in a column.

You can do unit calculation and date calculation. These are not features I need often, but when I do, it’s a pain using other means.

The unit calculations cover angle, area, energy, length, power, pressure, temperature, time, velocity and weight/mass. I find area nifty because it does instant calculations between measurements like square feet and square meters. Energy is an interesting option; you can convert calories to BTUs. The calculator’s Length features cover a variety of measures. You can find out how many microns there are in a mile (a question that I seriously have wondered about). The rest all have specialized use cases, but the fact is, they are there. In many instances, you don’t have to go digging through Google for unit conversions.

The date calculator is also nifty. Want to know what day it was on this date x number of years ago? Just subtract x years from the date. This is all done through radio buttons and input boxes. You can also calculate the number of days between two dates.

Scientific, Statistics, and Programmer Modes

The scientific features from the old calculator have been split into the Scientific and Statistics features. I’ve combined them into one group because, in all candor, I’m not a heavy user of these functions and only understand the basics.

In Scientific mode, Calculator is precise to 32 significant digits and honors operator precedence. It offers functions such as basic to-the-power-of calculations as well as more powerful functions like sine, cosine, and pi functions. You can use them in normal or inverse mode.

In Programmer mode, Calculator is precise up to 64 bits, depending on the word size. The calculator honors operator precedence in Programmer mode and works in integer only mode. Decimals are discarded. This mode lets you work in a variety of base operations: binary, octal, hexadecimal, and decimal; it can do calculations from one base to another, such as converting octal to binary.

The Statistics mode isn’t quite as elaborate as the other two, but it’s still something the old calculator did not have. You get functions like the sum of numbers and the sum of numbers to a power to make statistical calculations.

The C key in statistics mode deletes the current value expressed instead of clearing it. The CAD button clears all the values from the dataset, since statistics are usually built on a large number of figures.

Usability Tweaks

The Calculator is fully usable from the keyboard as well as with the mouse. Every function (as far as I can tell) is mapped to a keyboard shortcut. A complete list of shortcuts is here in PDF format.

For people still stuck using Windows Vista, there is a workaround to get the Calculator running on 32-bit or 64-bit Vista. You have to download the Calculator from a number of sites, which will we not link to here out of obvious respect for Microsoft copyright.

Back up the existing calc.exe file from the C:\Windows\System32\ directory and exe and calc.exe.mui from C:\Windows\System32\en-US\ directory into a separate folder. Replace calc.exe in C:\Windows\System32\ and calc.exe.mui in C:\Windows\System32\en-US\ with the Windows 7 versions. This must be done in Administrator mode.

It’s hardly a replacement for the HP 12C calculator, but Microsoft has given the Windows 7 Calculator a very nice overhaul, putting in many features that I frequently had to find on Google. No more Googling a metric converter or volume converter, and the mileage tool is a real handy thing for business travel. Once you find out how much Microsoft has added, you may find yourself turning to the Calculator a lot more often.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Whatever happened to the next wave in enterprise knowledge management, the one that was destined to disrupt old business models and leave behind a new world of collaboration-based tools? It shouldn’t be any surprise that when the tide subsided, Microsoft Office remained standing right where it was.

In the evolution of every class of tool in human history — the washboard, the six-pounder cannon, the oil lamp, the flint knife — there is one common element: It was rendered obsolete by the sudden and welcome appearance of something better, more efficient, more adaptable, more relevant, more practical. Marginal improvements to a tool — anti-lock brakes, Touch-Tone dialing, the “mute” button — typically take longer to phase in. Despite all efforts devoted toward evangelistic offensives, markets have more difficulty embracing something that’s slightly better than something that’s obviously better.

Case in point: Microsoft Word. You may not recall that Word spent the first ten years of its existence languishing behind WordPerfect, whose place in the workforce throughout the 1980s (at least among smaller businesses that had adopted PCs and the first LANs) appeared unshakable. This despite the fact that with Word, you could actually see italic text as italic (albeit with a special switch), and make swift corrections using on-screen menus that guided your keystrokes. Most every businessperson to whom I demonstrated Word versus WordPerfect during the ‘80s declared Word easier to use.

Yet they kept buying WordPerfect, in gross, which often made my life as a business consultant difficult; I was the one touting ease of use and adaptability. The most common reasons my proposals for migrating from WordPerfect to Word  were rejected (mostly by big law firms and wildcat oil drillers) remain imprinted on my mind:

• Everyone else uses WordPerfect. If we’re going to spend good money blazing a new trail, a driller once told me, it’s going to be something we can market and that our clients can see. Clients won’t care which brand of word processor we use.
• WordPerfect has a huge support base, with literally hundreds of licensed, logo-wearing partners producing add-ons and training materials. Microsoft, by contrast, expects clients to generate their own support networks out of the goodness of their hearts, which as everyone knows is not an ample resource.
• Learning curves cost money. Ease of use is nice, but it’s change, and change has to be taught. It’s cheaper and more practical to build one’s knowledgebase about a product organically than it is to rip it out and transplant some other knowledgebase in its place.
• Businesses don’t have time to serve as foot soldiers for brand wars. That’s why they pick the standard and stick with it. If companies had the time and resources to fight technology brand wars, we’d be walking around with Apples in our pockets.

Suffice it to say that Microsoft Office now occupies the same castle that fortified WordPerfect two decades ago. Essentially the same arguments that defended businesses’ reliance on WordPerfect in the 1980s, today defend Word, Excel, PowerPoint, and Outlook. However, the landscape of computing has changed, and the new, cost-effective mechanisms for delivering functionality to businesses now makes businesses reconsider whether Microsoft’s position is vulnerable to the same kind of attack that dethroned WordPerfect, albeit from a new front.

Enterprise 2.3 (Beta 4)

While some big businesses invest time, resources, and even money in the adoption and promotion of a packaged business philosophy, in the end their own purchasing and resourcing decisions typically revolve (as they should) around practicality. So while the whole notion of “Enterprise 2.0” took flight in the middle of the last decade, centered around the principle that Web-based technologies would envelop businesses in a rapturous aura of nearly telepathic collaboration, in the end, they purchased SharePoint.

“The technologists of Enterprise 2.0 are trying hard not to impose on users any preconceived notions about how work should proceed or how output should be categorized or structured,” wrote Harvard Professor Andrew McAfee, in the 2006 article that launched the Enterprise 2.0 movement, subtitled The Dawn of Emergent Collaboration. “Instead, they’re building tools that let these aspects of knowledge work emerge.” Rather than a system with a pre-determined template that establishes rules and practices through a standardized taxonomy, Professor McAfee envisioned a blank information space to which information workers would contribute tagged knowledge, creating an emerging, organic form of data association he called a “folksonomy.”

Since so much successful effort had already been expended in the collection of knowledge repositories such as Wikipedia, which fascinated McAfee, he imagined the same incentives being put to work for actual work. With tools no more radical or complicated than ordinary Web browsers, he believed, knowledge workers would contribute to each other’s “blank pages,” and the resulting data would associate itself into some kind of order. He wrote, “Enterprise 2.0 technologies have the potential to let an intranet become what the Internet already is: an online platform with a constantly changing structure built by distributed, autonomous, and largely self-interested peers. On this platform, authoring creates content; links and tags knit it together; and search, extensions, tags and signals make emergent structures and patterns in the content visible, and help people stay on top of it all.”

The first sign of trouble in the E2.0 camp came when McAfee and his colleagues allowed “largely self-interested peers” to define “Enterprise 2.0” itself for Wikipedia, with the result being that different contributors’ self-sustaining goals tended to conflict with one another. As Burton Group analyst Mike Gotta noted in a 2007 report (PDF available here) on the emergence of E2.0 software as a market category, “Wikipedia’s entry reflects confusion that exists in the industry at large (i.e., social software as a category overlaps with definitions related to online communities and collaboration). The result is that virtually any type of communication, collaboration, and information-sharing tool can be arguably part of E2.0. No design or other criteria exist for how social software tools satisfy an E2.0 context and under what circumstances tools (or their use) are considered outside the scope of E2.0. Absence of even a modest set of guidelines has confused the market to such a degree that the term ‘E2.0’ is widely used to describe any new software product or service released over the past two years.”

“Enterprise 2.0 is going to happen in your organization with you or without you,” wrote veteran consultant Dion Hinchcliffe in 2007, at the apex of the E2.0 movement, employing the type of black-and-white, polarizing metaphor that media consultants usually reserve for desperate times. Indeed, times may have been desperate; E2.0 had left open a hole big enough to drive a platform through, and Microsoft did exactly that.

So it was that many of the companies that helped spur the whole Web 2.0 movement began embracing SharePoint as their nerve center for collaboration. For instance, in the summer of 2008 alone, Clearspace wiki technology maker Jive, RSS aggregation service NewsGator, social network integration provider WorkLight, and Confluence co-authoring tools maker Atlassian all enhanced their products with SharePoint connectivity. All of this endorsement of new bottles for old wine took place during the “Enterprise 2.0” conference that year.

Apparently what E2.0’s originators forgot was the fact that only poets appreciate the beauty of blank pages. The rest of the world prefers to pick up where others left off, which is the real reason why there are wikis in the first place: They enable others to take additional credit for something someone else started. Platforms work the same way; they’re structures that you build on top of. Rather than build a new utopia upon a blank page, the E2.0 world opted to build a SharePoint-based sharing system attached to the platform they could already depend upon: Microsoft Office. SharePoint carved out Microsoft’s space in the Enterprise 2.0 realm, and Office occupied it firmly.

After wiki software producer Jive partnered with Microsoft for a SharePoint integration feature, its CEO told CIO Magazine, “Around 80 percent of our customers have SharePoint. You have to recognize it exists.”

And that could very well be among the smartest things anyone has ever said, at least in a long while. Businesses are not ant farms; they don’t congregate in open fields to share information and build taxonomies, or something-onomies, where there were none before. Resourcefulness is always about taking advantage of the existing structure, or infrastructure, as a platform for something greater.

The Deathmatch is Canceled

Microsoft’s entire business model stands as proof that products need not be revolutionary to be successful. But they do need to be evolutionary; they must present some quantifiable reason for businesses to justify the expenditure necessary to effectuate a transition. Maintaining the usability of a business’ applications as it evolves is among the biggest expenses it faces. In light of that fact, the principal case made by competitors (Oracle Open Office, Corel WordPerfect Office, Lotus Symphony, Google Apps Premier Edition, Zoho Business Apps) is that they are undifferentiated from Office in every important regard except cost.

In January 2009, Google began its effort to convert Google Apps into a revenue center, competing directly against Microsoft. Since observers realized that online services was Microsoft’s soft spot, they foresaw Google — whose search application was one of the catalysts for the E2.0 movement — as the best equipped to lead a charge.

“Make no mistake about it. Google is going for Microsoft’s jugular,” wrote InformationWeek’s David Berlind, putting on his best Don LaFontaine voice. “The deathmatch is on and, at the very least, it’s for bragging rights to what we…are calling the ‘collaborative backbone.’ It becomes a battle that’s less about Google Docs versus Microsoft Office and much more about the collaborative infrastructure behind Google Apps versus Microsoft’s SharePoint and Exchange.”

A few days prior to Microsoft’s worldwide release of Office 2010, Google made its case for enterprises suspending their migration plans and going with Google Apps instead — whose premium package is licensed at $50 per user per year. As usual, Google’s case was brief, direct, and sociable, arguing that switching to Google would be an “upgrade” where you wouldn’t have to do very much: “If you choose this path, upgrade means what it’s supposed to mean: effortless, affordable, and delivering a remarkable increase in employee productivity. This is a refreshing alternative to the expensive and laborious upgrades to which IT professionals have become accustomed…Google Docs represents a real alternative for companies: a chance to get the collaboration features you need today and end the endless cycle of ‘upgrades.’”

Google makes an interesting case that’s both clever and familiar: It doesn’t render Office obsolete, but then again, it doesn’t have to. Perhaps only certain people really need Office apps on their systems; and for the rest of your company’s employees, the argument goes, maybe you could install Google Apps, and folks who don’t use Office’s more obscure features anyway won’t miss them. Notice also how (correctly) Google identified its Apps customer using second person (“you”) language, and “IT professionals” in the third person.

Still, like it or not, Google raises a very pertinent issue: Why pay for functionality — or even quality, for that matter — if not everyone needs or appreciates it? If Google can win over some converts from the bottom up, perhaps some companies that typically deploy applications from the top down, some believe, will take note of what their employees are doing anyway and cut costs.

The problem is, contrary to reason, the addition of one simply does not replace the other. While analyst firm IDC predicted in July 2009 that adoption of Google Docs among enterprise-class users could reach 27.1% by summer 2010, it simultaneously predicted, using the same survey data from the same participants, that Microsoft Office adoption would remain flat at 96.9%.

If there’s a deathmatch on, then someone clearly forgot to don his “Nacho Libre” outfit. Indeed, businesses are claiming to embrace what now passes as Enterprise 2.0 technology; but more and more, Microsoft is being associated with it, thanks to SharePoint. “Embrace and extend” has succeeded yet again; and while Google Apps may yet win over more converts in the general user community, Office’s platform is already equipped with a top-down delivery approach.

Microsoft has the wherewithal and the gravitas necessary to stop Google Apps’ advance with Office Web Apps. So for the only relevant market to which Google Apps appeals — everyday users who want convenience and simplicity — Microsoft can add the convenience of working the same way that regular Office apps work, for the same limited class of work that Google Apps covers. Thus if anyone at the top of the ladder in IT management truly does pay attention to the advice of everyday users at the bottom of the rung, to borrow the self-deprecating E2.0 metaphor once more, they’d have nothing persuasive left to say.

What makes Microsoft Office work for businesses is the only reason that matters: It’s worked before.

Having worked at the bottom of the E2.0 food chain an eon ago, I can sympathize with those individuals upon whose minds is just now being imprinted these important messages:

• Everyone else uses Office. If you’re going to spend money blazing a new trail, it needs to be one that someone else has blazed first, with some modicum of success, and has found a way to package and resell.
• Office has a huge support base, and Microsoft knows how to keep building it, by offering partners tools and resources they can use, to build tools and resources that others can use. Platforms don’t just blossom in the desert from the goodness of people’s hearts.
• Learning curves cost money. The most fearsome image you can stick in front of a knowledge worker is a blank slate, a null platform, “square one.” It’s cheaper and more practical to build upon what exists than collaborate over the extent to which something doesn’t exist.
• Businesses don’t have time for deathmatches. If the company with the worst marketing could be declared the loser, Microsoft would have been tossed from the ring the moment it ditched Multiplan.

The good news is, as long as Microsoft Office remains une réalité de la vie, businesses have the opportunity to embrace and extend this platform themselves. You may as well, because until the formula for Enterprise 3.0 comes along, the desktop belongs to Office.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Process Explorer v12.03 is a neat — and free! — little utility that extends what you can do beyond the task monitor that is found in Windows.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

If your Windows 7 systems need half an eternity to boot up, there’s clearly something odd going on. Dealing with slow boot problems is annoying and – let’s face it – is mostly guesswork. Guesswork that costs money and time. We have got you covered: Learn how to analyze the startup process, find the cause in no time, and get rid of bottlenecks once and for all!

Windows 7 is a fast beast, especially when it comes to its startup process which was optimized dramatically compared to Windows Vista. No wonder, as Microsoft has a dedicated team focusing strictly on startup performance. And it shows: On one- to two-year-old hardware, Windows 7 usually takes only 20 to 40 seconds to boot up. Even the performance-wise challenged netbooks rarely need more than a minute to be ready for work!

Certainly, boot times vary significantly from one computer to another. This is nothing new. But if Windows 7 clients need way longer – and we’re talking way over one or two minutes – then you’re looking at a resource hog. So what could be causing the problem?

• You just installed a new driver, which hasn’t been WHQL-certified and delays the boot up process. It could be a simple driver bug!
• You installed a piece of resource-intense software that initializes a process or a service during startup.
• You updated existing software or Windows 7 itself. Yes, it’s not unheard of that some updates cause a significant boot delay.

Maybe it’s a combination of all three causes. In any case, something is clearly taking up too much resources during startup time. To get to the bottom of the mystery, you need to follow a couple of step-by-step instructions to find and resolve the issue. Ready? Here’s how!

Find Out Exactly How Long Windows 7 Needs to Start Up

Let’s start off by finding out the exact time the Windows 7 client needs to start up. And guess what, no stopwatch is required! Windows 7’s very own Event Viewer does the trick. In the following four steps you learn to measure both the raw boot time and the real life boot time (and what both mean).

1. Open up “Control Panel,” go to “System and Security” and head over to “Administrative Tools.” From here, launch “Event Viewer.”
2. Expand “Applications and Services Logs,” “Microsoft,” “Windows,” “Diagnostics / Performance,” and finally “Operational.” Now look out for the Event ID 100:
   

   This Event details how long your Windows 7 client takes for a full boot. This is what I call raw boot time.
   
   The value represents the exact time necessary to go from the first startup phase (right before the animated Windows boot logo appear) to the final stages. This is when the desktop is visible, startup programs are being loaded, and network connectivity is up and running. Remember to take this value with a grain of salt — more in Step 4!

3. As seen on the screenshot above, my test bed needed 103 seconds. That’s okay, but pretty bad compared to the original performance. The week after I installed and configured Windows 7, it needed about 46 seconds to start:
   
   In my example, this is quite a loss in performance: From 46 to 103 seconds!

   You can find the original boot up time if you sort the list by “Event ID” and look for the earlier couple of entries.

   Note: I wouldn’t necessarily take the very first boot log for a comparison. In the first couple of days after installation, Windows 7 needs to adapt the SuperFetch feature to all programs and install updates during boot up.

4. You have the “Raw boot time” value now. As I said, this value doesn’t necessarily represent the actual startup performance. Even though the desktop is visible and you have a working internet connection your PC may behave incredible sluggishly. For example, even launching a small footprint browser like Google Chrome can take up to 10 seconds in the first minute after boot. No surprise here; Windows is still busy initializing services and paging data in and out of RAM.To get the real life boot time, double-click on the latest Event ID 100 entry, go to “Details” and check the “MainPathBootTime” value:
   
   Phew! Another 38 seconds until Windows 7 is done with all its “post-boot” workload and I am actually able to work with the PC.

It’s important to watch both the raw boot time and real life boot time to troubleshoot a slow startup!

Step-by-Step: Finding Boot Delays

If you’re plagued by a slow startup, there is probably more than one problem going on. And guess what: Windows 7 knows them all. The “Diagnostic Performance” category (mentioned above) keeps a record of all startup issues. Simply sort the list by “Task Category”…

…and go through all the events you see in the “Boot Performance” category. Look for “Warnings” and “Critical” errors. The following entry is a prime example:

This event clearly shows that MsMpEng.exe needs 26 seconds to start, which is 10 seconds longer than normal! If this event only crops up once, you don’t need to go to Red Alert. However, if you see the same warning more than once, then this is definitely a call to action.

Eliminating Boot Delays

Next up: Commonly found causes for boot delays! The following problems originate from a dozen computers of a client who asked me for troubleshooting advice. In each case, I’ll explain how I treated these issues.

Problem: WLIDSVC.EXE needs more time to start up.
Diagnosis/Solution: First of all, I evaluated if my client really needs the Windows Live ID Service,  which is responsible for linking a local user account to the Windows Live ID for an automatic logon. As he really did not know what it is and never used it, I decided to completely uninstall the service:

Problem solved! That actually took three seconds off the startup process. It’s not much, but a penny saved is a penny earned.  If his business depended on Windows Live, I would have used the repair option to reinstall the service or I would have looked for a newer version.

Problem: The Eventlog service suddenly needs more time to run.
Diagnosis/Solution: I did absolutely nothing. It’s important to pay attention to which service is slow; explicitly check the service or file you see (“File Name”). Make sure it’s not in any way crucial to your business. Google for it, if necessary! Also, “Total Time” and “Degradation Time” are in the milliseconds – nothing to worry about.

Problem: Prefetching took longer than usual.
Solution: Windows 7’s optimization features (Prefetch and SuperFetch) took longer than usual to optimize performance. This may be due to a newly installed program or a program that you start much more frequently. Both may cause Windows 7 to optimize its cache for faster application launch times.
In this particular case, I didn’t see a reason to react. I noticed this event coming up every one or two weeks; that’s normal behavior for Windows 7 as it’s adapting its caching routines mentioned above.

Problem: The Windows Audio service causes a delay during startup.
Diagnosis/Solution: This seemed like a bigger problem. Apparently, the Windows Audio service needs more time to get started. Hmm…a problem with the sound card, maybe? My first reaction proofed to be the answer. I checked the driver version of the build-in “Realtek HD Audio” sound chip and noticed that it was last updated in September 2008. I downloaded the latest drivers from Realtek and installed it; the error never came up again!
If you see these kinds of driver related issues in your event log, I suggest updating the related driver. This IT Expert Voice article helps: “Doing the Driver Dance: Updating and Maintaining PC Drivers.”

Problem: MsMpEng.exe causes a noticeable boot delay.
Diagnosis/Solution: Microsoft Security Essentials (MsMpEng.exe) added a significant amount of startup time to the boot process. Obviously, disabling it was out of the question; security comes first! Reinstalling MSE did not help things. In this case, I am basically powerless and need to wait for an update that might improve the performance of MSEs antivirus engine during startup.

Problem: NVIDIA Driver Helper Service causes a delay in startup time.
Diagnosis/Solution: The helper service that comes with all nVidia drivers doesn’t actually do much except maintain overclocked display settings. That ‘s something my client did not need. I immediately opened up “msconfig” and disabled the NVIDIA Driver Helper Service using the “Services” tab:

That took care of it.

Problem: Windows Live Messenger causes a boot delay.
Diagnosis/Solution: Although the client needed Live Messenger for external business communication, he did not necessarily want it to launch right after Windows 7’s startup. I opened up “msconfig” (see above), clicked on “Startup,” and removed the entry that belongs to “msnmsgr.exe.”

You get the drift: In each individual case I decided if the startup program or service was needed and tried to patch it. If it’s not needed, I uninstalled or disabled it. Keeping all the drivers up-do-date was also essential in reducing the Warning and Critical entries found in Event Viewer.

Step-by-Step: Finding CPU Hogs

In some cases, boot delays are not detected by Event Viewer, possibly because a specific process eats up CPU for a constant period of time. Finding this bottleneck is pretty easy using the Sysinternals Process Monitor utility. Here’s how it works:

1. Download Process Monitor. Unzip the file and open Procmon.exe with administrative privileges:
2. Stop Process Monitor from logging all the current events by clicking on “File/Capture Events.” Now go to “Options,” where you will find the crucial entry: “Enable Boot Logging.” Enable it, click on “Generate profiling events” and click “OK.”
3. Now reboot your PC. After the startup process is done, launch Process Monitor again and click on “Yes” once you see the following message:
4. Save the boot log wherever you want (on your desktop, for example). Process Monitor now generates a huge list of basically each and every boot event.
   
   591,892 events?! This is too much to bear, even for the geekiest of us. Instead, let’s focus on process that use a lot of CPU usage during boot time. To do that, click on “Tools” and go to “Process Activity Summary.”
   
   You’ll get a list of all processes that keep your PC busy. Click on “CPU” and see for yourself which is the all-time CPU hog:
   
   To get more information of its resource usage, double-click on the entry. In our example, CPU hog number one is – yet again – Microsoft’s Security Essentials. While it is relatively lightweight when Windows 7 is up and running, it can be quite a boot hog.
   All the advice I gave above still stands: Go through the entire list and get rid of processes and programs that you don’t need. If you don’t know what is behind certain entries like this one…
   

   …use your search engine to find and troubleshoot them.

5. In this list you might come across a (unnecessary) process that you can’t find using any conventional means (for example, using msconfig). In that case, try out SysInternals very own Autoruns. Autoruns lists all processes and files that are used during boot up and lets you disable them individually – no exception!

That’s it! With all the given advice you should be able to handle each and every boot delay that crosses your way. Go back to the Event Viewer to check if and how much all these steps affected raw boot time and real life boot time — I bet there’s a huge difference! On my client’s PCs I was able to cut boot times in half (or even less). A nice side effect that you should also consider: Now that you’ve gotten problematic services and processes out of the way, overall Windows responsiveness and performance probably has gotten a lot of better as well.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

No matter how we try to get away from the command line, for many administrative and maintenance jobs for both individual PCs and for an office full of Windows 7 computers, when push comes to shove you can’t beat individual shell commands or reusable batch or script files. That’s why I was very happy to see Microsoft’s new PowerShell 2 baked into Windows 7 and Windows Server 2008 R2.

The single most important change in PowerShell 2 is that it is not just for individual computers, retro-fitted for administering multiple PCs. No, this version of PowerShell was designed from the beginning to manage networked PCs. In short, PowerShell is just as much for network administrators as it is for system administrators or PC technicians.

PowerShell’s Heart

PowerShell is built on top of Microsoft’s .NET Framework. Its commands, or “cmdlets,” are actually .NET classes that invoke a PowerShell program, script (*.ps1), modules (PowerShell scripts that execute in its own environment without affecting the outside system), and executable file. The PowerShell user interface, which looks a lot like the old Windows DOS prompt, also lets you create aliases with familiar DOS command names for cmdlets. So, for example, you can still use “move” to move a file or directory even though “mv” is the PowerShell command.

PowerShell also uses that old Unix/Linux concept of pipelines to “pipe” or transmit the output of one command to be the input to another. Unlike Unix though, which uses character streams, PowerShell pipeline passes PowerShell Objects, which are all typed .NET objects, between cmdlets.

The end result is a programming language and environment that you can use to create quite complex programs. Administrators who also have .NET development experience will find PowerShell programming to come quite easily.

Putting PowerShell to Use

For those to whom coding doesn’t come easily, Microsoft provides a pair of tools to help them get up to speed. The first, PowerShellPack consists of ten PowerShell 2 modules. These let you set up everything from a user interface to a simple graphics editor.

What’s far more important for an enterprise administrator is that the PowerShellPack includes several ready-to-use modules such as PSUserTools (for adding users on a system, checking for elevation, and to launch an administrator session) and TaskScheduler (for setting up, managing, and deleting system tasks). These represent a big step forward toward easy remote administration without the need for a third-party program.

For administrators who really, really do not want to touch a command line again or to write out scripts by hand, there’s the PowerShell Integrated Scripting Environment (ISE). With the ISE, according to Microsoft, you can run “commands and write, test, and debug scripts in a single Windows-based graphic user interface with multi-line editing, tab completion, syntax coloring, selective execution, context-sensitive help, and support for right-to-left languages. You can use menu items and keyboard shortcuts to perform many of the same tasks that you would perform in the Windows PowerShell console. For example, when you debug a script in the Windows PowerShell ISE, to set a line breakpoint in a script, right-click the line of code, and then click Toggle Breakpoint.” To get a better idea of what PowerShell ISE looks like in action, watch this ITExpertVoice screencast.

Of course, to really get the most out of PowerShell 2, you’re going to need to get your hands dirty and code. Or, do you?

Microsoft provides numerous PowerShell guides, which have some of the best question and answer sessions with experts I’ve seen for any programming language. If you’re already a VBScript expert, Microsoft provides a guide for getting up to speed with PowerShell. Finally, Microsoft has an excellent collection of ready-to-use PowerShell scripts.

One thing I especially like about the Microsoft PowerShell script collection is that it’s easy to sort through them; you can find exactly what you need without much fuss or muss. For instance, I quickly found scripts for digging out User Object information from Active Directory; Creating an Active Directory User Object, and the ever-useful, List Inactive Computer Accounts in Active Directory. It’s worth picking up PowerShell just to use these automated scripts.

There are also several useful independent PowerShell script sites. Among the better ones are PowerShellCommunity, ScriptFanatic, and PowerShell Pro. (Know of some other good resources? Share them with the rest of us in the comments section.)

PowerShell 2.0 for the Administrator

Just at a glance at the sheer number of new PowerShell cmdlets that were designed with system manager and network administrators in mind is impressive. These include: Get-Hotfix, Send-MailMessage, Get-ComputerRestorePoint, Add-Computer, Rename-Computer, and Reset-ComputerMachinePassword. Maybe the day will yet come when we really can sit at our desks and remotely manage all our users!

OK, that’s a pipe-dream so long as users can manage to kick free their power-cords and insist that you come fix their “broken” computer. But, the richness of PowerShell 2′s commands does make it possible to do a lot of remote PC provisioning and management without stirring from your chair.

What makes this possible is PowerShell Remoting. This feature enables you to execute scripts to one or hundreds of remote machines. In addition, thanks to PSJob, you can run PowerShell commands, cmdlets, and modules in the background. Best of all, you can perform transaction operations that let you run cmdlets when certain conditions are met and roll them back if circumstances change.

PowerShell 2 supports two kinds of remote management: Fan-in and Fan-out. With the first, scripts are pushed to remote users as they log into a single corporate server. Once they are connected, the scripts run automatically. So, you could have your users automatically get their patches from a server when they login to the office network. In Fan-out remoting, which uses Windows Management Instrumentation (WMI) and Windows Remote Management (WinRM), commands and scripts are pushed out to PCs to run immediately.

I’ve only scratched the surface of what’s possible with PowerShell 2, but I think you get the idea. Scripting has never offered such powerful potential before for managing whole networks of Windows 7 and Windows Server 2008 R2 systems. In addition, since PowerShell 2 can be added to earlier versions of Windows, you can expand your PowerShell management tools across your entire Windows-based network.

If you’ve been avoiding scripting, it’s time to stop. These tools are exactly what you need to make managing even the largest networks much easier and less time-consuming. Enjoy.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

“These apps, although convenient, are potentially dangerous to organizations,” says Rob Fitzgerald, president of Lorenzi Group, a digital forensic firm. “They immediately give employees control of company data.”

Fitzgerald cites the recent case of a City of San Francisco administrator who refused to hand over administrative control to the city’s FiberWAN as an example of how things can go badly when the employee, rather than the organization, controls the database. It cost the city $900,000 to regain control. The motive, said the district attorney, was job security. “This is nothing more than his attempt to become an indispensable employee,” Assistant DA Del Rosario said in the closing arguments. “You suspend me; the FiberWan goes down.”

Several state regulations hold CIOs personally responsible for data security. Imagine the hundreds of possible scenarios your department might face, and the potential risk of additional access via remote desktop software becomes even scarier.

“Sixteen states are looking to pass regulation similar to Massachusetts’, Nevada’s and California’s laws requiring CIOs to sign off on data security under possible civil and criminal penalties,” says Fitzgerald. “With multiple phones and easily-obtained remote desktop apps that cross platforms – how can you lightly sign off on that?”

Now that remote services have gone rogue, what’s an IT department to do to regain data control?

Scale, Scope, and Surge

“One must remember that smartphones are powerful; they are equal to PCs about ten years ago,” says Tom Blackie, vice president of mobile at RealVNC, a company founded by the original developers of virtual network computing (VNC), the de facto standard for remote control computing.

Smartphones are perfectly capable of wreaking havoc with data security. They are also becoming more prevalent. The trend of 80% dumbphones and 20% smartphones is reversing. “The industry expects a complete reversal, that is 80% of all phones to be smartphones, within three to five years,” says Blackie.

Such a startling uptake of smartphones coupled with the easy-to-get, easy-to-use remote desktop apps could lead to widespread, albeit unintentional, admin privileges — if your data isn’t secured properly.

“And, the surge of remote computing has just begun — the automotive industry, for example, considers the VNC protocol to be the latest hot thing in telematics,” Blackie explained. “Soon VNC will be commonplace in vehicle dashboards to automatically connect PCs, iPads, phones, etc. to the screen in the car.”

PC and software manufacturers are also producing remote desktop capabilities as a routine offering. Microsoft has its Remote Desktop Services and Intel is embedding it directly in its chips.

“Intel is embedding our VNC product directly into its silicon so that no software is needed,” explains Blackie.

The primary reason Intel, Microsoft and others are including VNC or related remote desktop tools is to aid customer service and helpdesk functions.

“Intel KVM Remote Control, working as a part of Intel Core vPro processors, makes remote PC servicing significantly easier, allowing businesses to keep their PCs up and running with less disruption when issues occur,” said Rick Echevarria, vice president and general manager of Intel Business Client Platforms Division in a recent statement to the press. “This capability can transform help-desk processes for IT as well as enabling new service capabilities for IT outsourcers.”

While it would be folly to forbid remote access entirely, it is reckless for enterprises to neglect to address it responsibly.

To compound the problem further, employees are demanding remote desktop access in record numbers. “Demand is increasing rapidly; it isn’t just salespeople that want remote desktop software now,” says Jae Lee, manager for product marketing for Array Networks. “Everyone wants it.”

The pressure on IT to provide the software is reminiscent of the earlier movement to accept and support employee’s personal cell phones. And, just like before, employees can circumvent IT completely if they feel their needs are denied or if they decide that IT is too slow in delivering.

Meanwhile, other computing trends – from cloud computing to telecommuting – are shifting workers outside company walls, necessitating managers to form a new mindset towards access and security.

It’s the Data, Not the Device

The answer to this burgeoning dilemma is in protecting the data itself. “Protect the database as a whole,” advises Steve Moyle, CTO of data security provider Secerno. Moyle’s original research in machine learning and security was done while he was a member of the Oxford University Computing Laboratory where he still continues to give guest lectures. He is also a frequent presenter at RSA conferences in Europe.

“Look at the database as a whole rather than how devices are connecting,” he says. “Data leakage prevention (DLP) technologies protect data the same if it moves to a Blackberry as it does if it moves via e-mail. The key is to protect the movement of data rather than the device it is moving to.”

That is not to say, however, that connections and transfers should be unsecured. Certainly every enterprise should have strong policies and procedures already in place regarding encrypting data, public hotspot use, and stolen device lockdowns. Many of the remote desktop offerings also include encryption and other data safeguards.

“IT departments should also implement network monitoring solutions,” advises Fitzgerald. “Remote network and desktop computing is an excellent way to control and move data. Rogue employees will move the data; network monitoring will help you catch that.”

Safety Beyond Technology

Technology alone cannot stop potential problems with remote desktop access.

“You need to have policies in place similar to pornography policies,” says Fitzgerald. “Be specific about whether such [remote] apps can be used, how and when, allow no exceptions, and specify punishment for deviations from the policy.”

Fitzgerald says termination for a first offense makes sense, “It sounds harsh but we see so much data leaving organizations without them ever being aware of it,” he says. “You need to make it clear that the ‘Ask for forgiveness later rather than permission first’ approach carries dire consequences.”

Indeed, so much of an organization now exists outside its walls that a new mindset towards security is in order.

“The companies that fare the best have a ‘Jericho is falling’ approach to security. They trust no one and no technology and they plan their security accordingly, inside and out,” says Moyle.

“The companies that fare the worst think they only need to protect the perimeter and build a better firewall to keep intruders out.”

The key is in balancing access with security. Too little access will impede business, too much will give control away.

“It’s easy in a large enterprise to give too much access rather than take the time to weigh the matter per individual worker,” says Moyle. “Access then becomes totally uncontrolled as employees come and go and their privileges are not managed and changed accordingly.”

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

One important task in keeping notebook and desktop PCs up-to-date is periodic scans of installed drivers to make sure they’re current and working properly. The more computers (or reference hardware configurations) you must maintain, the more important this task becomes. Fortunately, lots of good tools abound to assist in this task.

Keeping up with change is always a tricky and sometime irksome part of maintaining current, correct hardware configurations. Despite your best efforts to create stable, persistent reference configurations, bits and pieces here and there will keep changing. That’s particularly so for the hardware components that go into standard desktops and notebooks. But the drivers that support the display cards, network interfaces, chipsets, peripherals, and other components that go into and onto such systems also stay in an ongoing state of ferment.

In dealing with device drivers, however, you can bring considerable assistance to bear on maintenance tasks, particularly in the form of driver scanner tools. Basically, these distributed toolsets combine client-side software that enumerates all the devices on a Windows PC and checks related driver information (particularly version numbers and file dates) against a server-side database that compares what’s found on the scanned PC to what it has stored about the most current drivers available. The scanning software marks that driver as “current” if the installed driver is at least as new as what’s in the database, or its version number is greater than or equal to the database information.  If, however, the database has information about a driver that’s newer or that has a higher version number, the driver is marked as “outdated.”

Most driver scanners do this check for free. What you must pay for is access to the links to the newer drivers, making it both easy and fast to download newer drivers when you need them. Readers on extremely tight budgets can surf the web to find the drivers they need, but this takes time, and time is worth money. Prices to license the downloads usually start at about $30 per year for up to 10 computers, and cost $2-3 per machine for licenses for more than 10 computers. I’m paying DriverAgent $100 a year right now for a license that covers up to 50 unique systems, as identified by their Windows computer names. Most organizations will find the benefits of access to outweigh the relatively minor costs involved.

A Short Sweet Set of Driver Scanners

There are probably hundreds of driver scanner packages and offerings available nowadays. Most require their users to install a scanning program on a target PC, though some sites offer Web-based scanners that use Java applets or ActiveX controls instead of full-blown local executable programs. I’ve worked with dozens of such programs myself, each of which has advantages and shortfalls, but here’s a short table of offerings that I judged good enough for me to pay to use them for a year or longer.

Table 1: Driver Scanners Worth Considering

Sampling DriverAgent Screens

For good or for ill, I still use DriverAgent on a monthly basis to check my various computers and those I’ve built for friends and family. Currently that number is under 20, but I signed up for DriverAgent’s 50 PC license; what with machines that come and go at my house for reviews, and those I work on for friends and family, 50 is a big enough number that I’ve not yet had to extend my license further. I recommend that you purchase at least 10-20 licenses more than you actually need, because as old machines go, new machines will come in, and each new Windows computer name counts as a new license (alas, for my multi-boot machines, of which I have several, each bootable OS counts as its own machine as well).

When you visit the DriverAgent website, you have the option of downloading a resident driveragent.exe file to your PC, or installing a browser-based program to perform a Web-based scan instead. I like the Web-based scanner best nowadays because although exe versions work fine, many are not as good as warning you about the need to update the software as are the Web scanning tools (and the DriverAgent version, at least, updates itself automatically whenever a new version comes along).

Running the Driver Scanner

After you run the scanner (either version), scan results appear on a Web page.

Figure 1: Initial scan results show you how many of your installed drivers are out of date.

Initial scan results indicate that 3 out of the 121 drivers I’ve got installed on this particular system are out of date. A careful check of the lower right-hand corner of the screen shows that DriverAgent also scans for drivers on disconnected devices as well as active ones, where a quick reset to turn this feature off lowers that number from 3 out 121 to 3 out of 65.

Zeroing in on Outdated Drivers

If I scroll down on the screen that’s partially depicted in Figure 1, eventually I’ll find a driver with a red X in the Bad column, as shown in Figure 2. This screen capture also includes a shot of the detail/download page available to DriverAgent subscribers when the click the blue down-arrow icon to access any particular driver’s download page.

Figure 2: Entries with a red X denote potentially bad or out-of-date drivers.

This particular screen highlights one issue with DriverAgent that all of the scanners I know well also manifest to some degree or another:  namely, the tendency to associate the release date for the newest device driver in a release with all components in a device. What does this mean? It means that the driver for the Dell AIO 968 printer not only includes the printer driver, but also includes drivers for the USB ports on that device (to which this entry refers), as well as the drivers for its built-in memory card reader.

Unfortunately, DriverAgent does not distinguish the printer driver date and version number information for the printer itself from the USB and memory card drivers also installed as part of that device’s overall capabilities. Alas, this means that DriverAgent uses the date of the printer driver (2006.08.21 as shown in Figure 2) to decide that its USB port (with the standard Microsoft Windows USB driver release date of 2006.06.21) driver is out of date. After talking with the folks at DriverAgent tech support (with several, I’ve built up name recognition over the past few years), I learned that this is a side effect of the hierarchical way in which driver information for multi-function devices are organized in the Windows OS, where the parent driver “trumps” any of its children, even when family members rightfully use different device drivers, each with its own separate and correct date. As it happens, in fact, the USB 2.0 and memory card reader drivers haven’t been updated since Windows Vista was released (which explains why the date shown in Figure 2 actually predates the Windows 7 release date itself).

Downloading and Installing New Drivers

Once you call up the driver detail page shown at the right-hand side of figure 2, you’ll want to examine the dates and particulars for in the Details and Current Driver sections at the bottom of that Web page. If you can see that the recommended driver is indeed newer and appears to be a legitimate replacement for the currently installed driver, download and install it on a test system. Then, you can re-scan that computer to see if the status changes or otherwise. Tip: items that don’t change either indicate a spurious date or version labeling issue, like the one I describe in the previous section, or indicate that perhaps the installer didn’t actually install your new driver. You can confirm this independently using Device Manager in Control Panel to check the date and version number for the driver that’s currently installed and comparing it to the information in the Details section on the DriverAgent (or other driver scanner) download page.

Beware the Occasional Driver Gotcha

Whether you’re working on one-off machines, or on widely deployed reference hardware configurations, you want to double-check your driver updates, and then test new driver configurations before pushing them out to end users. If possible, either work on an updated computer yourself for a week or so (if that makes sense) or deploy a limited pilot test to one or more power users so they can let you know if the change causes any problems. This is probably the best way to avoid pushing out updates that might turn around to bite you on the hindquarters when unexpected issues crop up, as they sometimes do.

In working with some driver installers, I’ve also observed that even when an installer program reports that it’s updated specific drivers, the installation is not always confirmed by subsequent driver scans or manual checks using Device Manager. For some reason, I’ve encountered this issue most frequently with Intel chipset update programs (infinst911autol.exe is a common filename for various ICH7-10 chipsets, for example), where various PCI devices under the System Devices heading don’t get updated. Should that happen, use Device Manager to select the specific devices in need of update and use the right-click “Update driver software…” entry to force it to search the directory where you unzipped the driver files. In most cases, this does the trick.

On the other hand, if the installer leaves no files behind for Device Manager to try, you may need to use another technique instead. Download Legroom Software’s Universal Extractor and let it unpack the files it finds inside the driver installer (if it can, and in most cases it will happily do so for .exe, .msi, and typical compressed archive formats) into a target directory for you. Then you can point the “Browse my computer manually” driver update function in Device Manager to that directory and complete the driver update process. If it works for me (and it often does), it should work for you, too!

Check for Driver Updates Regularly and Religiously

I run my driver scanner about once a month on my various systems, and seldom does a month go by when I don’t need to update at least one or two drivers. But by keeping up with what’s current, and making sure changes don’t cause more problems than they solve, you can do the driver dance with the best of them. Enjoy!

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

For some reason, we still don’t know why, some Windows 7 installations are deleting Windows 7 Restore Points. Here’s what we know and what you can do about it.

One of the few original contributions to operating systems that Microsoft can claim is its Restore Points feature. First included with Windows XP and the now-forgotten Windows ME, Windows automatically creates copies of system and application files, at stated intervals or before changes are made. If a new program installation or other “learning experience” wrecked the user’s system, these backed-up file collection and system settings, called Restore Points, could be used to restore a PC to a working state. What makes Restore Points different from a mere automatic back-up system is that it doesn’t touch documents and other user work files. To say, “This was much appreciated” is an understatement, especially when it’s your work that was saved.

Restore Points — and System Restore, the program behind them — worked well… until it didn’t. It turns out that many users are having serious trouble with Restore Points in Windows 7 . Whether the Restore Points are made manually, automatically by the system timer, or invoked by installing new software, they may vanish after any system reboot like morning dew on a sunny day.

The Easy Fix

If you’re lucky, it may just be that you don’t have System Restore set up correctly. To check on that status, see if Volume Shadow Copy (VSS) and Windows Backup Services are running and set to automatic in Services Console.

To do this, take the following steps.

• Click on Start, type Services in Start Search. When the Services page is open, scroll the page to find Volume Shadow Copy and Backup Service.
• Right click on them and check if they are started.
• If the services are disabled, click to start the services and set them to Automatic.

By default, both services should already be on and set to Automatic for your primary partition, but I’ve seen incidents where they haven’t been. I suspect, but haven’t been able to prove, that the services have been turned off by malware. You should also keep in mind that VSS won’t work on FAT32 formatted partitions.

First things first, make sure that you've been making Restore Points all along by having System Protection on.

Once you’ve done that, force the system to make a Restore Point. To do that, do the following:

• Open the Start Menu, Right click on the Computer button, and click on System Properties.
• Click on the System Protection link. At this point, the Protection Settings should be on. If they’re not, re-check your services as I described above.
• Click on Create.
• After the Restore Point has been created, reboot your system.
• Head back to System Protection, and click System Restore.
• Click Next at the information window and you should see a display of available System Restore Points with your manually created Restore Point at the top.

This is what you should see if your Restore Points are both being made and not being automatically deleted.

If that all works well, congratulations. You really didn’t have a problem. But what if you discover that there’s not a Restore Point to be seen? Then you have trouble.

The Not-So-Easy Solution

At this point, take a closer look at the problem using System Viewer. To do so, click the Start button, click Control Panel, choose System and Maintenance, choose Administrative Tools. Then double-click on Event Viewer. You need to login with your administrator password to do this.

While there are several potential problems, the most common symptoms seems to be the following Volume Shadow Copy errors: Event IDs 22 and/or 8193. Event 22 is “Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered].” And Error 8193 is “Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0×80040154, Class not registered.”

Either way, it’s pretty cryptic, but we can leave that to Microsoft’s engineers. What we’re concerned with is getting System Protection back into gear.

The “easy” way to fix this is:

1. Open an Elevated Command Prompt
2. Change the VSS allocation by using the Vssadmin command. For example, with the C drive partition you’d enter vssadmin resize shadowstorage /On=C: /For=C: /Maxsize=20G. Maxsize is how much disk space you want to allocate to System Restore points. I typically use 5% of a partition, which I’ve found to be quite ample.
3. Repeat the steps for manually creating a Restore Point.

Reboot, and check again to see if you now have a Restore Point. If you do, your problems are over. (Well, your Windows 7 Restore Point problems anyway. We can’t do anything about the CFO cutting back IT funding.)

Alas, if you don’t get joy from that process, things get more complicated.

Microsoft recommends you do this for an Event 22:

1. Look for Event ID 22, and use the event text to identify the name of the application or service that caused the error condition.
   • If the event was caused by the COM+ event system, see the “Check that the COM+ Event System service is started” section.
   • If the event was not caused by the COM+ event system, see the “Use System Restore to create a manual restore point” section if your computer is running Windows 7.
2. Check that the COM+ Event System service is started. To do so:
   • Click Start, click Administrative Tools, and then click Services.
   • In the results pane, double-click COM+ Event System.
   • In Service status, make sure that the status is Started. If the status is not Started, click Start.
   • Ensure that Startup type is set to Automatic.
   • Click OK.
3. For an Event ID 8193 (Why can’t Microsoft just say error, rather than event?):
   • Go to Start\Run and type devmgmt.msc
   • Click on View and choose to Show Hidden Devices.
   • Now click the plus (+) next to Non-Plug and Play Drivers.

   Do you now see an items listed as DGIVecp? If not, we have to see what this is associated with by going to the registry.

   Needless to say, you should create a backup of the registry before you edit it, since you’re going to doing the Windows’ equivalent of brain surgery. To do that, you should create a Restore Point… oh wait, that’s the root problem isn’t it!?

   Instead, open the Start menu and type regedit in the search line. Once you have regedit up, click on File on the menu bar, then click on Export. Select where you want to save the exported .reg file, choose the All option under Export range, give the .reg file a name, and click on the Save button.

   With that done, take these steps in regedit:

   • Navigate to the following key: L HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
   • Look for an entry listed as DgiVecp.
   • If you find this, then change the Start data value to 4.
   • Reboot the system and see if the message is gone.
   • If it is, once more create a manual Restore Point, and see if it survives a reboot.

   What If It Still Doesn’t Work?

   Now, let’s be pessimistic, and presume it still fails. Okay, step away from the computer, get a cup of coffee, take a walk, scream a little bit if you think that will help, and let’s try something else.

   

   Your problem may hide within an improperly set-up paging file.

   One suggestion that has worked for some people is to check out your system for other problems. If you’re a PC tech, you know the drill: Scan for viruses, run chkdsk /r on all the volumes; run System File Checker) in scannow mode, make sure you have lots of free disk space; and disable disk defragmentation in case the disk defragger is destroying the shadow files. (Also see the several troubleshooting articles we have here at IT Expert Voice, such as Rescue Windows 7 in Five Minutes or Less.)

   Once that’s done, and you’ve killed off any viruses or repaired your hard drive, try again to create a manual Restore Point.

   Still having trouble? Okay, here’s one last thing you can try. Your paging file, pagefile.sys, might have the wrong Access Control List (ACL) settings. In this case, you’re probably also seeing long boot-up times with a lot of hard disk activity. If that sounds familiar, try this:

   1. Open the Start Menu, right click on the Computer button and click on System Properties.
   2. Click on Advanced and then click on Setting.
   3. This brings you to the Performance Options display. Here, click on Advanced, then Change.
   4. At the new display, uncheck the Automatically Manage Paging Files for all drives. Click and set the option for No paging file.
   5. OK your way back out to the main desktop and reboot.
   6. Once rebooted, try to make a Restore Point again and see if it will survive a reboot.

   Hopefully, one of these approaches works. If not, well, you won’t be the only one. In that case, the only “solution” is to rely upon conventional back-ups until Microsoft gets to the bottom of why System Protection fails on some systems. May that day come quickly!

   Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

According to analysts at Gartner, it takes 12–18 months to prep for a client operating system change. That’s a year to a year and a half of application testing, dealing with issues the tests reveal, and overall planning. Then there’s the actual migration which, as administrators know only too well, can take a significant chunk of time in itself.

Plus, since support for Windows Vista RTM (the original release with no service packs applied) has ceased, Windows XP SP2 support will stop in July 2010, and even extended support for Windows XP SP3 will end in April of 2014, the experts agree that the time to move is sooner rather than later.

Mark Tauschek, research director at Info-Tech Research, thinks that Windows XP shops are most at risk. For organizations running Windows Vista (admittedly, he says, a very small percentage) with Service Pack 2, there’s no pressing need to move, and a Windows 7 upgrade could get expensive for them unless they have Enterprise Agreements or Software Assurance that allow them to upgrade for free. However, he says, for Windows XP shops, “While formal end of life (for XP) is April 2014, by 2012 they will run into situations where they can’t find drivers or application updates. They have to think about migrating to Windows 7.”

Independent analyst Carmi Levy agrees. “Latecomers could begin to experience driver incompatibility issues and security lapses, as Microsoft and third-party vendors gradually shift their attention away from Windows XP,” he says. “There’s a cost associated with holding on to any technology for too long, and we now have a bubble of enterprises at risk of sticking with the XP horse well past its due date. This makes Windows 7 an even more critical migration target than would otherwise be the case.”

Expeditious migration planning becomes even more critical if you look at Microsoft’s support lifecycle matrix. Once a product is out of mainstream support, only security-related patches are produced for it, and even those are only for supported service pack levels (which means, for Windows XP, SP3). If a non-security issue that needs patching arises, you’re on your own; and if you’re looking for answers to questions, break out a credit card because those answers now come at a price.

Another price of clinging to Windows XP is beginning to reveal itself as well; new versions of software (both applications and device drivers) may not run on it. For example, Microsoft has already announced that its upcoming Internet Explorer 9 will only work on Windows Vista or higher. This is not an arbitrary decision; architectural components for graphics and security required by IE9 didn’t even exist in Windows XP’s heyday.

On the other hand, some organizations find themselves trapped by older mission-critical applications that don’t run on newer OSes. “This happens a lot with ERP installations where there was a fair bit of customization,” says Tauschek. “Customers can’t upgrade [the ERP software] because it would break their customizations.”

This points to the need to look at applications now. Tauschek adds, “Regression testing of applications working together under Windows 7 is the biggest planning point, especially with home grown applications.” He recommends that companies both use Microsoft’s compatibility testing guidance and devise their own tests.

Microsoft is, of course, anxious to help customers move to Windows 7, for many of the same reasons cited by the analysts. Says Elliot Katz, senior product manager for Windows Client at Microsoft Canada, “It is important for companies to have begun their migration process so they can gain the benefits of all the advances in Window 7 sooner rather than later. For companies migrating from Windows XP, it’s also important to be fully deployed before application vendors stop supporting their Windows XP applications.”

The other half of the equation is hardware. Microsoft offers assistance in assessing hardware compatibility as well. And, Tauschek points out, Vista-compatible hardware will likely run Windows 7, so newer computers should be fine, even if they were downgraded to XP. “The bigger issue is with drivers for older printers, plotters, scanners, and so forth,” he explains. “You might find that some devices don’t have Windows 7 drivers.” Though, he adds, it may be possible to use those devices in Windows 7’s virtualized XP Mode, which is also a potential solution for issues around incompatible application software.

“Ideally, OS migration should be tied to hardware migration,” Levy notes. “This strategy minimizes the disruption to end-user productivity because it combines both upgrades – OS and PC – into one event. Upgrading the OS on existing PCs leaves open the potential for two disruptive events. Worse, it opens up the potential for incompatibilities between the new OS and hardware that was never designed with it in mind.” A lot of companies have adopted this strategy, deploying Windows 7 over a couple of years in conjunction with a hardware refresh, according to Tauschek.

However an organization does it, the analysts agree that the migration to Windows 7 should be completed in 2012, and planning should be underway now. “Some companies say that they won’t move until something compels them to,” Tauschek says, “but when something compels them, it’ll likely be too late and they won’t have time to prepare.”

“It’s kind of a world of hurt,” he adds.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

The new version of Microsoft SharePoint has a lot of new capabilities that make it appealing to businesses and developers. Ed Bott shows four of them that should pique your interest.

Over the years, Microsoft SharePoint has earned a reputation as a top-shelf, top-dollar, top-down working environment for Really Big Corporations. Companies that are big enough to hire small armies of custom developers and pay big bucks to integrators who can spend months putting together a SharePoint site. I’ve used a couple of those sites in the past, and they worked just fine. But I’m glad I wasn’t the one who had to set them up or keep them running.

Which is why I was pleasantly surprised when I installed a beta copy of SharePoint 2010 last fall on a test server here. Compared to my experiences of three years ago, the experience was vastly improved. I found it remarkably easy to set up. More importantly, I found SharePoint 2010 equally simple to use, right out of the box. There’s still plenty of room for developers and integrators to get involved, but this time around they should be able to spend their time building interesting applications instead of tinkering with plumbing.

Last week I rebuilt a couple of servers using the final SharePoint 2010 code, which was released to manufacturing at the same time as Office 2010. If you have an MSDN or TechNet subscription, you already have access to everything you need; that was my starting point. A lot of SharePoint features don’t make sense until you begin using them, which is why I recommend setting up a small pilot site (use a virtual machine and it’s even easier). That way, you can quickly see whether SharePoint makes sense in your organization.

In this post, I’ll show you four areas worth paying close attention to.

Straightforward Setup

I was able to get a SharePoint 2010 site up and running very quickly on a server in a virtual machine with Windows Server 2008 R2 installed. For a pilot project, you definitely want to use the smaller, lighter (and free) SharePoint Foundation 2010 rather than the full-blown SharePoint Server 2010. Large organizations will need the full-strength server product, but smaller companies and autonomous workgroups or satellite offices inside of an enterprise will probably find SharePoint Foundation suitable for production use.

One thing I especially liked about the setup was its step-by-step installer, which actually took care of the scut work of installing prerequisites and enabling Server roles and features.

Yes, I still had to RTFM to get past a couple of small sticking points, but from start to finished site it took only a couple of hours.

The Ribbon Meets the Web

SharePoint 2010 looks different. It really does look and feel a lot like Office now, with the Office ribbon neatly integrated throughout the SharePoint environment. That’s a big (and welcome) change visually, and there are similarly dramatic improvements in usability. Many of the functions available in this Library Tools tab were also in SharePoint 2007, but good luck finding them.

One interesting feature showed up only when I upgraded an existing SharePoint 2007 site to SharePoint 2010. I was given the choice of sticking with the old interface or choosing a Visual Upgrade option to apply the Ribbon and other interface elements. In practice, that means you can get the benefits of the newer software and delay the Visual Upgrade until you’re ready to train users on it.

Oh, and in case you didn’t notice—that management screen I just showed wasn’t running in a Microsoft browser. SharePoint 2010 is surprisingly browser-agnostic, officially supporting Internet Explorer 7 and 8; Firefox 3.5 on Windows, Mac, and Linux; and Safari 4 on Mac. And as that screenshot shows, SharePoint 2010 also works well in Google Chrome.

No Code Required

From an end user’s point of view, it’s easy to create new sites using the built-in templates. You probably will still want some custom code, but the building blocks are much, much better now than before. The “canned” sites are slick and full featured enough, in fact, that you can basically create a simple departmental site, turn it over to a power user within that department, and let the team begin building document and meeting workspaces, blogs, wikis, issue-tracking databases, and other collaborative sites without having to write any custom code.

The tools for sharing documents in Word and other Office programs are worth exploring. Even more impressive is the ability to connect SharePoint lists and libraries to Outlook, where they remain in sync and even allow previewing without requiring any visits to a browser.

Office Web Apps

Once you have SharePoint 2010 installed, you can add the Office Web Apps fairly quickly. They’re currently in beta, but should be ready for release within a matter of weeks. Unlike the public, ad-supported Web Apps on Windows Live SkyDrive, the SharePoint version offers complete support for viewing and editing Word documents, Excel workbooks, PowerPoint presentations, and OneNote notebooks.

Again, the experience doesn’t require Internet Explorer, as the below screen shows.

As the screen shot above makes abundantly clear, the Office Web Apps offer a stripped-down set of features compared to the standalone alternatives. You’re not going to create any charts or PivotTables in the Excel Web App, for example. But being able to view and do light edits is good enough for many business scenarios, especially if you know that every user on the team has a full copy of Office installed on the PCs they use most often.

SharePoint 2010 is a big release, well worth looking at it if you already have a SharePoint infrastructure and you’re planning to migrate to Office 2010. And if you don’t? Well, the entire package should be available from Microsoft and its partners as a hosted service later this year. If our experience is any guide, that will be a winning combination.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Usually, tuning up a PC requires a lot of work, spending much money on new components, or both. ReadyBoost can speed up slow or overwhelmed PCs without either one.

There’s no such thing as a fast-enough computer. No matter how hot your CPU runs or how much RAM you have, eventually you’ll run out of performance — usually, just when you need it most. Fortunately, Windows 7 comes with a cheap and easy way of improving system performance: ReadyBoost.

Windows 7’s ReadyBoost is Microsoft’s latest take on a very old idea for improving computer performance: caching. With a cache, you gain speed by keeping frequently accessed data as close as possible to the CPU cores. The faster the cache, the closer it should be to cores. That’s why high-end processors, like the Intel i7 quad-core CPU, have their own on-board cache.

Caching used to be easy. You used caching on uniprocessor, single user systems to free yourself from the slow I/O jail, whether that I/O was from the system bus to the processor or from the hard drive to the bus. As multiple-CPU and core systems became more common, simply placing fast RAM between system components with varying I/O throughputs was no longer enough. System designers had to contend with making sure that the available data to the processor was the real, newest data.

In ReadyBoost, cached data is stored in a Flash memory drive (usually a USB stick, but Secure Digital (SD) and Compact Flash (CF) cards are also supported). When data is read at random rather than in large blocks of data, ReadyBoost can improve file and data read input/output (I/O) by several times over traditional hard drives. You also get a performance boost from random writes, but it won’t be as significant.

In Windows 7, caching is usually done with SuperFetch and ReadyBoost working hand in glove. That’s setting aside such specialized caches as DNS cache (for Domain Name Service Internet addressing), Thumbnails cache (which contains downloaded ActiveX and JavaScript programs), and network file caching programs (such as BranchCache).

SuperFetch watches for which applications, documents, and system programs you use the most often and pre-loads them into your system memory. This way they’re ready to spring into action when you call on them. Of course, you could be using that RAM for other, potentially more useful work like running memory-hungry programs such as Adobe Photoshop or InDesign. In short, if you have relatively little RAM, or you’re using most of it, you should see some benefits from using ReadyBoost.

The other situation where you’ll see some performance improvements from ReadyBoost is when the computer has a slow hard disk drive. Computers with a hard disk Windows Experience Index (WEI) sub-score lower than 4.0 should see the most significant improvements. Conversely, if you have a very fast hard drive, such as a solid state drive (SSD), you won’t see any benefit from a USB 2.0 drive. Indeed, by default, Windows 7 disables ReadyBoost if you’re using an SSD drive.

Unfortunately, not all SD and CF cards, or even USB flash drives, work with ReadyBoost. While some storage media advertise that they’re “enhanced for Windows ReadyBoost,” they may not actually be ReadyBoost worthy. For a device to be ReadyBoost capable, it has to be able to handle 2.5 MBps throughout for 4 KB random reads and 1.75 MBps throughout for 512 KB random writes. In addition, the device must have at least 235 MB of available storage.

To my surprise, I’ve found that some ancient, tiny USB drives were ReadyBoost ready while other, brand-new drives failed. If you’d rather not waste time buying and trying USB drives, there’s a useful ReadyBoost Compatibility List based on real-world testing.

When you first attach a flash drive that ready for ReadyBoost, AutoPlay should provide ReadyBoost as an option. Even if you don’t see that as an option, you may still be in luck.

Is your USB drive ReadyBoost worthy? Just plug it in; AutoPlay gives you the verdict.

Try configuring ReadyBoost by right-clicking the device in Windows Explorer, clicking Properties, and then clicking the ReadyBoost tab. The only configuration option is to configure the space reserved for the cache. You must reserve at least 256 MB. Larger caches can improve performance, but the ReadyBoost cache cannot be greater than 4 GB on a FAT32 file system or greater than 32 GB on an NTFS file system.

If AutoPlay doesn't reply, you can still try to set the drive to work with ReadyBoost manually. If it doesn't fly here though, find another drive. The one in hand is too slow for ReadyBoost.

So how much should you use? Microsoft recommends, “a 1:1 ratio of Flash to system memory at the low end and as high as 2.5:1 flash to system memory.” So if you have 4GB of RAM, you should pair it with at least a 4GB USB drive, but a 16GB USB stick would be overkill. With Windows Vista you could only use one drive at a time for ReadyBoost, but you can now use multiple drives. For example, on my Windows 7 test system with 6GB of RAM, I use a pair of inexpensive 4GB USB drives to provide the system with an 8GB ReadyBoost.

Worried about someone pulling out your USB stick and walking away with the files you’ve been working on for months? Don’t be. Information on ReadyBoost drives or disks is safe from casual hackers. All files on removable drives are encrypted with Advanced Encryption Standard (AES) 128.  In any case, while ReadyBoost stores data and programs as files, and not as raw data, you can’t access these files as if the USB stick was a normal drive. They can only be used by ReadyBoost.

So, is it worth it? In my informal tests, when I pushed my Window 7 system by running PhotoShop and InDesign on a large publishing project with multiple small files, I saw an overall performance benefit of about 10%. When I wasn’t pushing my system, however, I saw no improvement. If you want to drill down into what ReadyBoost is, or isn’t, doing for you I recommend using Performance Monitor, as described in this excellent and detailed article.

That said,  if your workers have slower systems or large computing workloads I have no doubt that ReadyBoost, with its minimal requirements, is an easy way to get more productivity out of your systems. Sure, you could do more (say, adding a faster hard drive or adding more RAM), but when you consider that ReadyBoost only costs a few dollars for USB drives and a minute to activate, ReadyBoost is a clear winner when it comes to a cheap, easy way to get more out of your PCs.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

If you believe that a scalable architecture for an information system, by definition, gives you more output in proportion to the resources you throw at it, then you may be thinking a cloud-based deployment could give your existing system “infinite scalability.”  Companies that are trying out that theory for the first time are discovering not just that the theory is flawed, but that their systems are flawed… and now they’re calling out for help.

“Tell you what,” the development tools vendor told me on the day Microsoft officially launched Windows Azure, “This solves the whole scalability problem forever, doesn’t it? Just stick your application in the cloud. Infinite scalability!”

Scalability, we’re told, is the inherent ability of an information system to acquire more resources and continue to perform normally. But before a business invests in any bigger or better resource, such as Microsoft Exchange, SharePoint, or Windows Server, it’s sold on the premise that the resource can grow as the business gets bigger. The system will be just as affordable, efficient, and practical in five years’ time as it is today. For years, that premise seemed reasonable enough.

But fundamental presumptions implicit in that notion no longer truly apply. It’s as though four cosmic forces converged at the same moment: the availability of cloud computing, the versatility of virtualized processing, the global accessibility of the Internet, and the commoditization of processors and storage. As a result, the capacity of a company’s information systems is no longer directly proportional to its mass. For segments of the economy where information itself is the key product, the very meanings of “big” and “small” have become skewed.  So now that formerly “big” businesses look over their shoulder, and see arguably “small” ones deploying what appear to be truly scalable, efficient, practical architectures on a fraction of their budgets, the need to stay competitive is finally forcing companies to stop postponing the inevitable.

For certain businesspeople, scalability has become as important and fundamental a principle as democracy, capitalism, or derivatives. A universe where businesses fail to scale up, and computing resources fail to stretch like a tube sock to meet their needs, is uncomfortable, daunting, scary. Now, “the cloud” — once the penultimate solution to scalability in engineering — confronts both system architects and software developers with a harsh and painful reality: To do business in this universe, we have to start completely over.

The Re-architects

“With the people we’re talking to, the first step is helping them come to the conclusion that whatever they have isn’t working,” says Bradford Stephens. He’s a software engineer whose startup firm, Drawn to Scale, is working with companies to develop an entirely new data platform for this foreign universe. “They come to it the hard way. Either they’ve lost data or they’ve had to change their business model, which is surprisingly common. So once they make that realization, it’s more like, ‘Okay, how do you translate from talking about this relational world to talking about this scalable, [Google] BigTable world?’”

Stephens is among the first of a new breed of system architects and developers (and, more frequently, both) who were the first to realize, in all the literal senses this implies, the scale of the problem at hand. He is also the first to admit there are no set solutions, no best practices, no templates — at least not yet — for remodeling business applications. There are simply too many unique factors. Businesses shrink, they merge, they are acquired, they shed departments, they absorb other departments, they outsource various tasks (sometimes seemingly at random), they cease to exist for certain intervals and are resurrected under new names.

“What we’ve found is, these companies who are experiencing these big data scalability pain points, of course, wish they had tackled the problem earlier,” says Stephens, “But these sorts of problems you don’t realize you have until you try to solve them.”

Cloud computing enabled workshop-sized companies — many of them fresh startups — to deploy within months, and in some cases weeks, service-oriented architectures, using lightweight and often open-source frameworks, establishing instant information services for clients on an Internet scale. No less importantly, virtualization brought forth a radical reorganization of the fundamentals of system architecture, such that the resources any company has at hand at any one time to process a job switched from a constant to a variable. Suddenly, someone’s basement business could have enough processing power to address as many customers as a multi-billion-dollar enterprise, for just the few days or hours it needed that power. But unlike the enterprise, it could drop that power when it no longer required it.

Notes Stephens: “FlightCaster, a little four-person startup, trolls through dozens of gigabytes of data a day to predict if your flight is going to be late. Not that long ago, information on that scale was only generated by really big businesses, because only they had the ability to generate it.” I know what you’re thinking: Isn’t that supposed to be a good thing? For FlightCaster, yes, but not for the enterprises like Sabre Travel — the modern culmination of American Airlines’ multi-billion-dollar Sabre network — that depend on the information services that FlightCaster’s iPhone app just outmoded. The problem with “disruptive technologies,” to borrow a phrase from Microsoft chief software architect Ray Ozzie, is that they’re so damn disruptive.

The sudden (and occasionally catastrophic) impact of disruptions such as this on businesses and the economy in which they function has swept Microsoft itself into a role it never expected to play: counseling.

“The first thing every architect needs to know is, ‘You are not alone,’” reassures Justin Graham, Microsoft’s senior technical product manager for Windows Server. “Seek help from a Microsoft partner and/or Microsoft Services to get on the right track. In the current environment, we understand budgets are tight, which is why Microsoft TechNet, MSDN, and User Group Communities are available to share information and assist. From a process perspective, make sure to not overlook the opportunity a re-architect provides to optimize the infrastructure. Thinking about it solely as, ‘How do I merge these technologies?’ [may not be as helpful as] ‘What is the best and most optimized infrastructure that can make the new organization successful?’”

For more and more businesses, the re-architect is the counterpart of the clinical psychologist. Whether hired as a consultant or full-time, he enters the situation knowing that the only way to find a path toward a solution — the only way he can “optimize the infrastructure” — is by divorcing the business from its own false perceptions and bad habits.

One of those habits is throwing new hardware at the problem: the traditional route for “scaling up.” “People need to change their mindsets from buying hardware by default, to that of a small company where they can’t afford to buy hardware, back in the day,” remarks Sean Leach. Newly installed as the CTO of domain registrar Name.com, Leach has recent experience as architect for what might be the ultimate high-scale application: UltraDNS, a real-time, high-security extension to the Internet’s Domain Name System, providing a constantly updated directory of verified DNS addresses to which businesses subscribe. As far as scaling up is concerned, Leach has been to the mountaintop.

“Cloud computing is actually making this problem a little bit worse,” states Leach, “because it is so easy just to throw hardware at the problem. But at the end of the day, you’ve still got to figure, ‘I shouldn’t have to have all this hardware when my site doesn’t get that much traffic.’”

Failure of Scale

The core of the problem — which Stephens, Graham, and Leach all address in their own ways — is that existing business applications were not designed to scale, or mutate, or metamorphose as they’re pressured to do. In an older world, a business would invest in more horsepower, buy new hardware, scale up. But that presumed that the organizational structure of the business was its constitution, and that as it grew — as all things seem to grow, linearly — the structure would simply magnify.

“Traditionally, not only do companies think about databases, but also their silos,” notes Bradford Stephens. “You’ve got your customer transaction database, your business intelligence (BI) database, your HR database, and the database that powers your Web sites. And this data is copied and replicated so that you’ve got a customer in your billing system and one in your CRM. So people think about data not as data, but like vertical units. This is my BI data, my data warehouse data, my transaction data.” Regardless of the inefficiencies and redundancies introduced when relational databases aren’t used for the job they’re designed for — relating — each department’s ownership of its own pocket of data is respected at all costs. Scalability breaks here.

In a way, it was inevitable for this way of thinking to become ingrained into companies’ operations, because of the way they manage budgets. Each department, like a rival sibling, scuffles with all the others for bigger outlays. So to demonstrate to the CFO that it deserves more, the department consumes more… more bandwidth, more gigabytes, more processors. “Years ago, if you were the only guy in an enterprise with lots of data, the ability to spend money was proportional to how much data you generated. It was linear,” says Stephens. As a result of this thinking, Microsoft, IBM, and Oracle historically were only too happy to oblige.

Within a few years’ time, the rise of high-bandwidth media via the Internet has enabled one person, or small groups, to consume colossal amounts of data — terabytes per person — so that consumption rate no longer implies either relative size or worth.

It’s here, Stephens says, where scalability shows up where businesses want it least. When businesses simply relocate their existing information systems model to the cloud, its problems become magnified at Internet scale. “Twice as many connections generate four times as much data, and 10 times as many connections generate 100 times as much data… Little mistakes can have exponential impact. When you run up really large scales — for example, if your code isn’t efficient and you’ve got a wrong loop somewhere — not only are you increasing network traffic 200% across your little, tiny network of two machines… but you’re going to be increasing network 500% across [all these cloud] machines that you’ve rented. That’s an extremely costly mistake. So in a distributed, scalable world, you have to have metrics and you have to have cost analysis. You have to plan for that from the beginning.”

So Microsoft is advising these re-architects to turn an introspective mirror toward their own businesses. “A best practice of focusing on management will serve a system re-architect very well,” advises Justin Graham. “If the architect is trying to merge two organizations, or re-architect to meet the changed priorities of the business, any problems that existed in the past will exist in the future if a straight migration approach is taken. Think about how management and an optimized process can help you re-architect the infrastructure to be agile and scalable.”

Bradford Stephens agrees: “Scalability does not imply efficiency. You may have a million boxes doing something, and not doing it particularly well. When you build architectures, the first thing you have to worry about is scalability, because you can’t back-fill it. It’s nearly impossible.

“Efficiency is incredibly important because it saves you money; and in this cloud world, in fact, it’s actually more important to be efficient because the impact of inefficient code is so much greater, and it can be measured. If it takes me five boxes to handle 20 transactions per second, and then I can make it so I can handle 40 transactions per second, that’s something you can measure and you can justify spending engineering output on. In sort of a cloud-ish or scalable world, that translates directly into saved money and saved time.”

Sean Leach is happy with the notion of turning that mirror even closer towards oneself. “Ninety-nine percent of the time that I’ve seen performance problems that are blamed on the database, it’s actually the person who wrote the queries or [who wrote] the application on top of the database. So there’s no magic ‘fast = true’ flag you can set; every database is very similar. Some of them scale better with a lot of records… But at the end of the day, it’s the person who writes the application that will be the reason for it being slow, not the software itself.”

It’s not that scalability does not, or should not, exist. It’s that we should divorce the business’ growth pattern from that of its information systems. Rather than use tools such as Windows Workflow Foundation to model application tasks around what people do (especially if their departments may cease to exist in a few years), instead model the application around what the information systems should do. Let the cloud disrupt the way of thinking that binds users, and departments of users, to computers rather than resources. Then build front ends to model how people should use those systems. If a company’s information systems are designed well from the outset, our experts tell us, with a loosely coupled approach between processors and business methods, then the company could completely mutate to unrecognizable proportions, and yet its systems’ logic may remain sound.

However, Sean Leach does allow us some breathing room. “Sometimes you have to use hardware. But what you generally find is, the people up front don’t take the time to plan ahead. There’s two trains of thought: There’s just ‘Get it out there,’ and if you have to scale, then that’s a good problem to have, worry about it later. Ninety-nine percent of applications never get any traffic, so they don’t have to scale, right? That’s one train of thought. The other one is, you can spend six months trying to figure out, ‘How am I going to scale this properly?’ You design it from the beginning… and then you don’t actually ever launch something.”

For Leach, the trickiest part is finding a happy medium where developers can design these systems so that it’s not a complete rewrite when the software becomes popular. “Design it up front so you don’t have to throw the hardware at it so early in the game. If there comes a time where you really do need to throw the hardware at it, then fine, make sure that your system can support it. But the goal should be that you shouldn’t have to throw that extra hardware at it until you really need it.”

Data Scales By Itself

Depending on the business growth pattern, conceivably its logic may never have to scale. What will scale is its data. Thus, suggests Stephens, businesses should design applications that don’t require incremental rescaling just to account for periodic explosions in data consumption.

“Just because your application scales doesn’t mean your data does. Data is what drives businesses; data is the important part,” says Stephens. “You have to rethink everything you do with data from the bottom up… If your application is well-designed, you should only have to change your data layer. Your front end should be totally independent. But you’re going to have to go in and write queries, or make certain assumptions that you’re talking to a distributed cluster, and you’re going to re-architect your data layer — not your whole application. Re-architect your data layer for that new reality.”

Among the tools Microsoft has developed to that end is one that recognizes that these terabytes per person aren’t really relational databases at all, but rather documents tagged by records that clog those databases. So in Windows Server 2008 R2, Justin Graham tells us, the company implemented File Classification Infrastructure as a way for data layers based on document retention to evolve sensibly.

“FCI allows administrators to apply classification rules to documents on file servers,” said Graham. “These classified files can then have actions taken against them based on their classification. The best part, these classifications are carried to SharePoint if the file moves.”

Some of the alternative approaches Stephens suggests are indeed quite radical, including a frame of mind he calls “NoSQL” — avoiding the use of a relational database in circumstances where tabular frameworks (employee ID / e-mail sent to customer / customer ID / document filename / document ID, send date…) are too binding. Just as inflexible business models stifle application scalability, Stephens believes unfathomable schemas stifle the scalability of data. And as big as data is becoming, moving it to the cloud becomes nothing more than relocation.

Leach points to the rise of new, relatively simplistic, non-relational, yet highly scalable database systems, such as Apache’s Cassandra project, and the open source Redis project, as enabling business to deploy associative databases using simple key/value pairs (document ID -> document location). Both, he says, enable you to mix and match technologies so you don’t have to rely on a relational database. “Relational databases are very good at certain things,” Leach says, “But some things might be overkill, where you might need a simple key/value pair.”

Scale by Leaps and Bounds

One of the most frequently cited, modern scalability case studies involves the global messaging service Twitter. Twitter underwent at least four complete architectural overhauls just since its launch a few years ago, as systems designed for a few thousand simultaneous users suddenly found themselves servicing 350,000. Each of Twitter’s foundational components (especially the database framework Ruby on Rails) was blamed for what appeared at first to be scalability roadblocks.

However, in retrospect, it’s entirely feasible that if Twitter’s architects had designed its system from the beginning to undergo these same changes — if they were planned rather than unanticipated — they may very well have made the exact same architectural choices. Each choice may have been the right one, if only for a few months.

Perhaps, as Name.com’s Sean Leach advises, there’s a lesson to be learned from Twitter: Rather than planning to scale incrementally — which, if a business finds or regains success, may now be impossible — it should plan to rework its fundamental architecture as needed, in phases, as old architectures that met earlier requirements are no longer applicable.

The coefficients of Leach’s formula may sound a bit obtuse, but in light of Twitter, perhaps the sky’s the limit. “Let’s say, the biggest you’re ever going to get is a trillion customers. But instead of designing for a trillion customers, design to a million customers so that when you get halfway there, you can redesign the system over time to be able to support a billion customers. Then when you get to almost a billion… just build it and get it out there, and then you spend your time up front and don’t worry about scaling. Plan in phases where you scale to X, and then when you get close to X, you start thinking about Y…as opposed to waiting until X happens before you worry about scaling,” he says.

Leach suggests this instead: “Take the time to sit down up front and ask, ‘What would we look like if we got really busy?’ and then plan to that. That’s Application Design 101: What should our hardware look like today, what will it look like in two years, and then what would we need to do to be able to make the system support what we look like in two years? That’s simple. You’d think that would be something everybody did, no matter what. But it’s not always the case.”

In light of the often daunting tasks that system re-architects face today, Bradford Stephens offers a frame of mind that he calls, “How to Make Life Suck Less.” It’s based on a simple concept: Failure will happen. Thus, plan for redundancy such that when components do fail, they get disconnected and maybe replaced, maybe not. But you still get some sleep. While that sounds like a dangerous camouflage for throwing hardware at the problem, at one level, it’s really not: Virtualization and the cloud make it feasible, and even affordable, to follow Leach’s milestones: to rescale by powers of ten rather than multiples of two.

“We can sort of see the destination in the distance, and we see what we think the path is, but it may be kind of curvy,” Stephens warns. “We may not know what’s right around the bend… If you do it right, you’ll know because you won’t be getting the 2 a.m. phone calls, and deploying some buggy code won’t bring down your entire network. There will be a lot of roadblocks in the way, and there’s going to be a lot of emerging best practices. But there’s no set process that people go through when they say, ‘I need to scale my data infrastructure,’ or, ‘I need to evaluate a scalable data platform.’ We’re not there yet; and of course, we will be, because many, many people will have to tackle this problem. But it’s a transitional period.”

We end with the one conclusion that articles on topics of this scale should perhaps never leave the reader with: We don’t know the next steps on this road. This is uncharted territory. What we do know is that businesses can no longer afford to develop solutions around the edges of the core problem. They can’t just point to the symbols for their systems’ various ills (latency, load imbalance) and invest in the symbols that represent their solutions (scalability, the cloud, CMS platforms, social network platforms) as tools for postponing the inevitable rethinking of their business models. Throwing your business model at the cloud doesn’t make the symptoms go away; indeed, it magnifies them. Symbols aren’t solutions.

I’m reminded of when Charlie Brown’s friend Lucy famously found her first political cartoon, where she had meticulously devised an appropriate symbol for every one of the world’s problems, printed in the newspaper. When she asked — hoping for some praise and admiration — whether he thought this cartoon would solve the world’s problems as she so earnestly intended, Charlie Brown responded, “No, I think it will add a few more to it.”

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Windows Server 2008 introduced a series of programs called RemoteApp that appear as if they are running on a local computer, even though they are accessed remotely. With Windows Server 2008 R2 and Windows 7, these programs can be grouped along with entire virtual desktop sessions, and both can appear in the local Start menu of your desktops. It is a pretty neat trick.

The result is that it’s easier for IT administrators to deploy and maintain remote apps. You can make changes to the apps in one place and the changes are transmitted to the various end-user desktops that are allowed to see them. RemoteApp also makes managing software licenses more cost effective, since you can have tighter control over who uses what software programs when. Finally, it makes it a more natural experience for end users; they can use the Windows search to find these remote apps, and they don’t have to do anything different to launch them compared to their locally-installed apps that are on their desktops.

RemoteApp isn’t unique: Citrix has been selling something similar for years. What is unique, though, is RemoteApp’s level of integration with the underlying Windows 7 OS, and how it can offer something similar for relatively low cost, too. (We’ll get to the licensing issues in a moment.)

To pull this off, you first need to update your Windows 2008 Server to the R2 version, which really means doing a re-install of a new server OS. Then you need to add some additional Microsoft software to your R2 Server, which will look like the following when you have everything set up.

The best place to gain an understanding what is involved is to look over the Remote Desktop Services section of Microsoft’s Technet Web site, which shows sample step-by-step installation and deployment instructions for a four-PC test network, as well as more complete information about what is involved with the other Remote Desktop services offered by Microsoft. Why four PCs? We’ll get to that in a moment.

What is New?

RemoteApp is an update of Terminal Services RemoteApp in prior Windows versions. In Remote Desktop Services in Windows Server R2, you can filter the list of RemoteApp programs that are available to a user account when logged on to RD Web Access. Prior to Windows Server R2, all RemoteApp programs were shown to every user that logged on to RD Web Access, regardless of whether they had permission to run the program.

With the R2 version, user accounts can be assigned to a unique personal virtual desktop or they can be redirected to a pool of virtual desktops and bring up one that is dynamically assigned. That wasn’t possible with the earlier Windows Server 2008 version.

Prior to R2, when a user connected to a RemoteApp program by using RD Web Access, the user was prompted for their login credentials twice — one to authenticate the user to the RD Web Access server and the other to authenticate the user to the RD Session Host server hosting the RemoteApp program. With R2, you only have to login once to establish the connection, provided that you are using the v7 version of Remote Desktop Connection, the version that ships with Windows 7.

Finally, the Web Access portion has been redesigned for Windows Server R2 as well. Instead of presenting RemoteApp programs in the form of a Web page, this feed presents them as XML documents that can be manipulated with software, making this feature more flexible and programmable. You can even set up remote apps via Group Policy objects on fully managed PCs.

The Parts List

All this remote goodness requires that your company get and set up several Microsoft technologies.

If you don’t have a working version of at least one Windows Server 2008 R2 (Enterprise, Standard or Datacenter editions), download a 180-day trial version here. Don’t use the Itanium version; it won’t support these features.

Next, you have to install Remote Desktop Session Host, formerly the Terminal Server role service, along with some other services. This sets up your R2 server to host the applications that you want to share across your network. A number of additional pieces of software are required to support RemoteApp, and are described in this document linked above.

There are a few security issues. Because of the way the remote services works, Microsoft recommends that you install RemoteApp on a separate R2 Server from your domain controller; otherwise you are granting remote access to outsiders that can then take control over your domain. You also need to ensure that your SSL certificate for your R2 servers are installed correctly, since the Remote Desktop Connection connects via https protocols.

In order to get this working properly, you must purchase valid licenses for all of your remote desktops and install a Remote Desktop license server to keep track of them. You have a three-month grace period for testing purposes to try things out.

When you are done with all the bits and pieces on the server side, you will see something like the screenshot below, taken from the R2 Server manager, indicating the various roles and services involved:

Once you get all this running, of course the final piece of the puzzle is to try this out on one or more Windows 7 computers using Remote Desktop Connection. While some things work with earlier versions of Windows or RDC, having apps installed on the Start menu isn’t one of them. This is the easy part of the setup, and once you get connected you will see your remote apps listed in a separate program group in the Start menu, as promised.

Expect that getting all the parts assembled together will take several days, depending on your familiarity with the older versions of Terminal Services and the current state of your test systems. Microsoft recommends four separate PCs for the exercise: one R2 server running Active Directory and managing the domain, one R2 server running various remote desktop services, one R2 licensing server, and one Windows 7 test client system.

If you are looking to tighten your control over your applications software licensing, or for ways to distribute your apps to a wide desktop audience of Windows 7 users without having to install them on individual PCs, then consider RemoteApp.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

The idea is that you don’t have to worry about your users forgetting to install the latest virus signatures or turning the protection off, or, as in the case of the recent McAfee fiasco, incorrectly tagging  a legitimate file as malware. The cloud gives you the opportunity to instantly see what is happening across your network and find out which PCs are protected.

Cloud-based AV simplifies deploying new PCs, too, because there is less software to install on each one. AV scans happen more regularly, since they are initiated by the cloud service and (again) they don’t depend on individual user behavior. Cloud AV solutions cost about the same or in some cases less than the traditional desktop AV software.

The cloud AV services all operate the same way: A small agent or client piece of software runs on each desktop, and makes a connection to the central monitoring server in the cloud. As long as the desktop user has an Internet connection, updates to the virus signatures happen automatically and frequently. The client uses as little memory footprint as possible, since most of the heavy lifting (in terms of protection and processing) happens in the cloud.

There are two types of cloud AV services: those for single PCs that are sold by Microsoft, and services geared towards enterprises that are sold by the major security vendors. The latter typically have a Web-based or some other type of management console to monitor your users’ PCs and see if anything is amiss.

Some of these advantages are not new nor exclusive to cloud-based AV services. For several years, Symantec and others have had client/server AV products which offer many of the same things as a hosted AV service, just with a central server that you have to run on your local area network. The difference with a cloud-based service is that you don’t have to maintain a central server. It also is more useful for those occasionally-connected laptops; most central-server AV products require that the server and the laptop be on the same local area network, or connected via a VPN, to perform the updates. If you have a lot of frequent travelers, this could be an issue.

Here are some of the things you should look for:

• How lightweight is the client, really? Check the running programs in Windows (CTRL-ALT-DEL and choose Task Manager) to see how many executables are installed and how much RAM and system resources each one consumes.
• How much information does the central management console report and is it meaningful to your situation? Trend charges extra for any console users ($8/year per user); the other vendors include their management console as part of the price tag. Not all consoles are created equally; conducting a free trial is worth the trouble to learn how each service is managed. Things to check include what kinds of reports are available, how the central service alerts you to exploits or potential trouble PCs, and how flexible the settings are for these tasks to your particular needs.
• What protective features does the cloud AV software share with the client or client/server solutions from the same vendor? For example, the Trend TRV Protect shares the same software code base with its desktop OfficeScan product line, and the new Microsoft Intune shares its protective code with their Forefront security services. This can be either a blessing or a curse, depending on what you think of the thick client versions.
• Does it work on all Windows versions that you support in your shop, or do you need patches or additional software? Some of the services require Windows XP SP3, for example, or other supporting software from Microsoft, to work. Most products work with both 32-bit and 64-bit Windows versions and some also work with Windows Server, but again this is worth checking. Some solutions want a more recent browser than IE6 to run the central management console, too. Sadly, none of these services work with non-Windows desktops, showing just how far the cloud really covers.
• What happens if your users don’t regularly connect to the Internet? All of these products assume a more or less continuous Internet connection to do their business on the desktop for updates and sending back alerts. Without this, they are pretty useless; a PC could become infected and not let anyone know for some period of time while it is offline. If some end users are infrequently online, you might want to consider a traditional desktop AV solution.
• What else comes with the service besides AV? Some products offer separate add-ons to include e-mail scanning, OS patching, Web site phishing protection, and desktop firewalls. The Microsoft products, for example, are tied into the Windows Update process, as you would expect. Panda has a confusing array of cloud-based service offerings that could be better explained on its Web site.
• Do they really offer zero-day protection? One of the potential benefits of the cloud AV services is that they can get an update out very quickly, in some cases just in time for any new threats that have been observed. It is worth looking at how often they update their protection signatures, too.
• Finally, what does it all cost? Each product has quantity site discounts, but in some cases you can save money over purchasing the desktop versions.

AV= anti-virus, AS=anti-spam

Notes:

(1) Additional $8/yr for a central administrator console

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Cloud buzz aside, virtualization chatter still dominates in IT circles. The primary discussion is two-toned: “Why should we bother?” and “How would we do it?” Among the first of the follow-up questions is “How well will our Microsoft SQL Server databases work with virtualization?” It’s a legitimate, straightforward question that, unfortunately, is often met with an onslaught of contradictory answers.

Varying technical opinions are common among database administrators (DBAs) and software developers. However, in this case the variation in responses is usually determined by the answerers’ perspectives rather than by actual database server performance metrics.

Take DBAs, for example. “DBAs don’t want to change their server environments,” says Brent Ozar, a Microsoft SQL Server expert with Quest Software, and a Microsoft Certified Master for SQL Server 2008. “They’re probably unhappy with their server performance today on physical hardware, and in their minds, things can only get worse.”

“The decision to virtualize a SQL server environment needs to be considered from a big picture perspective,” says Leon Thomas, president of e-commerce service provider Jelecos. “Focusing solely on cost or performance could be somewhat short-sighted.”

Given the pessimism/optimism pendulum swinging between multiple teams, how accurate can any assessment of virtualization actually be? Welcome to one of the biggest obstacles to database virtualization: measurement mania.

Typically, IT teams (whether in development or the data center) stick with familiar and comfortable metrics. They resist measuring performance in terms of a new technology’s actual capabilities.

Remember: Old mindsets and turf protecting can kill any project. Beyond that key realization lays a number of real issues to solve. Here’s what to look out for and what to ignore.

Storage Storms

The most common performance issues with SQL Servers are related to the storage subsystem. “The storage sub-system where the virtualized disk resides will have a profound effect on SQL,” says Brian Capoccia, disaster recovery practice manager at Agile360, the southern California division of Entisys Solutions.

Here are Capoccia’s top tips to help optimize virtualized database systems.

1. Use storage area networks (SANs) to virtualize storage across many spindles (or disks). NetApp, for example, stripes the volume of data across all spindles. A typical disk shelf in a SAN includes 16 spindles; aggregating this into two shelves or more and the volume of spindles rises significantly.

2. Limit the number of virtual disks that share the storage repository.

3. Keep disks with homogeneous storage characteristics together. For example, keep all SQL log files on one set of spindles and all database files on a separate set. Mixed I/O workloads cause contention for the storage system. It is inefficient for the disks to migrate from sequential writes to random reads and writes.

4. Reserve and dedicate memory that is applicable for SQL Server. Don’t let memory sharing occur.

5. Keep tuning the SQL Server according to Microsoft best practices. (For more on that topic, see Optimizing SQL Server for Windows 7.) Also use Capacity Planner and other tools to set a baseline and to right size the servers when migrating them from physical to virtual servers.

Overhead: Not a Big Deal

The tendency is to focus on performance overhead. But this is a non-issue for all practical purposes except when it becomes a distraction to one or more of the IT teams involved in the database virtualization project.

“SQL Server has built-in instrumentation to tell the DBA what the system has been waiting on at the query level and the server level,” says Ozar. “Instead of being concerned about CPU use going up 10%, find out if CPU is even the bottleneck, first. This keeps DBAs focused on what really matters rather than being distracted by virtualization overheads.”

It is important to remember that virtual hardware scales as much as physical hardware. However, virtualization requires more CPU/system horsepower.

“There are no processor or RAM barriers because the pass-through occurs with very slight overhead,” says Capoccia. “Even if the virtualization overhead were as much as 10%, there are still plenty of resources and very little trade-offs when you consider the portability, improved management, availability, and scalability afforded by the virtual server.”

Warning: Metrics Can Lie

Previous argument notwithstanding, avoiding metrics is as much of a mistake as using the wrong metrics. The key lies in understanding what to measure.

“DBAs are accustomed to monitoring performance a certain way, and those methods give inaccurate results for virtual servers,” says Ozar. “For example, avoid gauging processor load with the ‘Percent Used’ counters because they don’t reflect how the server is really behaving.” Instead, he says, monitor counters like Processor Queue Length, to examine the number of tasks currently awaiting CPU power before they can execute. This approach helps DBAs better understand whether the server is correctly utilized or over-utilized.

Monitor I/O Closely

If you have an application that requires heavy disk I/O, proceed with caution.

“There are known issues with how certain virtualization vendor file systems perform under high disk I/O levels,” warns Jelecos’ Thomas. “In most cases, there are workarounds or tweaks to minimize this issue such as placing less virtual devices on a physical device, but these often further reduce the benefits of virtualization.”

When weighing a virtual machine (VM) versus a physical server, take into account how much I/O your application will be throwing at the VM.

“We mainly use VM for development systems because of the low volume of transactions,” says Anthony Biondo Jr., CEO of Biondo Communications. “For production systems, we almost always use a clustered SQL Server on physical hardware due to the high volume of transactions and the need for the extra horsepower.”

Which SQL Servers to Virtualize First

One of the best ways to leverage the power of virtualization, says Ozar, is to start with your oldest unsupported applications.

“Take those old boat anchors running SQL Server 2000 on Windows 2000, the ones on out-of-support hardware, and virtualize them,” he says.

It’s possible to get better performance due to today’s processors, memory, and storage on these antiquated relics, but virtualization has a much bigger advantage. “These old machines don’t have high availability solutions, and we’re afraid to touch them lest we break them,” says Ozar. “By virtualizing these old servers, they immediately get the high availability and disaster recovery benefits of today’s virtualization technologies.”

In essence, virtualization lessens the pain of running old, unsupported applications and OSs.

The Sticky, Tricky Parts

Avoid virtualizing database servers with active/active SAN multipathing, at least for now, says Ozar. If the servers currently use more than two connections to your SAN, they may suffer from I/O throughput loss. Symptoms include slower backups and slower queries.

“Multipathing is improving with each new hypervisor version, but they’re still not quite to the point of physical boxes,” says Ozar. “That’s not to say you should avoid virtualizing every SQL Server; but just hold off on the multipathed ones until you’ve demonstrated success with the rest of the servers.”

When it comes to SQL virtualization, Ozar advises you “Stop looking at metrics and start looking for bottlenecks.”

If you encounter resistance, try changing minds by presenting key benefits that appeal to each team’s unique woes. “If the DBAs have been burned by bad clustering setups, for example, they might be excited about the vMotion and Live Migration tools in virtualization that can help them avoid downtime due to firmware upgrades or hardware changes,” says Ozar. “Educating the DBA staff and getting them to talk to shops that have successfully virtualized database servers makes a world of difference.”

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Many companies are offering video-based training to bring Windows 7 users up to speed. We compared several of the options — from free videos to corporate training tools — to find out whether you really can learn it all by watching.

While Windows 7 offers many improvements and new features (along with some things that not everybody may like), some things about Windows 7 are new and different.  For example, as a Windows XP user I have to come up to speed with jump lists, pin lists, sticky notes, the screen-capture “Snipping Tool,” and Aero Shake. Nor am I the only one who needs to come up to speed quickly with new features in order to become productive. The computer users that your IT staff supports have the same challenge.

At minimum, users want to avoid losing productivity by fighting and cussing at things that no longer work as they used to, and the IT Help Desk would prefer users to get up to speed on their own. (Which is why IT Expert Voice has an entire screencast series called, “I know it’s in here somewhere.”)

There’s no shortage of training materials, ranging from books (some written by IT Expert Voice authors) to in-person classes. Microsoft has plenty of information within Windows 7, as well as on the Microsoft web site. There are thousands of magazine articles, and, no doubt, tens-to-hundreds of thousands of blog postings.

And then there are videos, available online either as click-and-watch or to download, and on computer CD or DVD. In this article, I give you a quick look at some of what’s available, for fee or free, as well as my thoughts about what to look for in a technology training video.

All the training video courses I looked at broke up their content into short, topical segments. Most topics were covered in two to three minutes, with some running five to eight minutes, or done as a series of segments. I watched several segments from each video, focusing on basic user interface (e.g. Jump and Pin Lists and Aero Shake), and drilled in on some other topics, like BitLocker, the screen Snipping Tool, MSIE InPrivate browsing mode, and Sticky Notes.  I also tried to follow along and use the features. I watched each video on a Lenovo ThinkPad Edge notebook running 64-bit Windows 7 Professional (and an external DVD player, since the Edge doesn’t have one built in), sometimes connected to a 28″ LCD monitor.

I give the single-user prices, but most companies also offer enterprise licensing or per-month catalog access.

Technically speaking, the information was, unsurprisingly, identical, since the features work the way they work, and comprehensive information was readily available to work from. Of course, the various training sessions were phrased differently, spoken by different people, and given in a variety of orders. The turf covered — Windows 7 topics — did vary. Every video covered the same basics, of course, but not everybody covered all the more advanced aspects of Windows 7. For example, not all the training videos covered Windows Defender, BitLocker, or Encrypting File System (EFS).  So you need to start by putting together the list of the features you want your users to learn, and either ensure that a potential video covers the list, or be prepared to mix-and-match.

What follows is a comparison of features and usability, not of content accuracy or clarity. I looked at:

• Windows 7 videos from Microsoft
• Dream Force’s “Windows 7 Levels 1 & 2″
• Infinite Skills’ “Microsoft Windows 7 Training”
• Lynda.com’s “Windows 7 Essential Training”
• ShoresMedia CBT CLIPS’ “Power Up to Windows 7″
• Train Signal’s Windows 7 training videos
• Windows 7 For Dummies (from the book/DVD bundle).

Each video training course had its good and bad points. But at the end of the day, Infinite Skills and Lynda.com each had one unique feature that made their videos significantly more helpful, tying for first place in my estimation.

Looking At Windows 7 Training Videos

Microsoft bundles a fair amount of non-video information right into Windows 7, and the company has nearly two dozen or so free videos online, scattered across various pages, including:

• Windows 7: Videos & Tours
• Windows 7 How-to Videos
• Windows for Small Business
• Getting Around The Desktop. This series in particular has good demos and explanations of moving things to the Taskbar, JumpList, Pin list, and other end-user features.

Microsoft’s videos are a mix of “talking head,” illustration, and screen session. They’re well-labeled, straightforward and clear. They’ve got starter title slides…

and often show keywords in both “talking head” mode

…and screen session mode.

Microsoft also shows real hardware where it’s relevant, e.g., in parts of the video on Remote Desktop Connections, along with the screen sessions.

You won’t find video explanations for everything.  However, there are links to non-video explanations, which might be enough for most users.

But the price is right. Even the most budget-squeezed IT or HR department could easily assemble a good “Welcome to Windows 7 and changes to the UI” starter package using Microsoft’s free videos.

Dream Force Video Training Pro

Dream Force offers 11 hours of video in its Windows 7 Levels 1 & 2 Training Video , as downloads ($14.95 for each level), or on DVD ($39.95). One or two sessions for each level are available free. Topics include enterprise topics such as Bitlocker and the Problem Steps Recorder.

Dream Force’s videos are offered as Flash (viewed via web browser) and as WMV files for Windows Media Player.
What’s good: Dream Force’s screen sessions highlight the cursor with a dime-sized color circle, making it easier to follow the action.

Dream Force was the only vendor of the ones I looked at to do this.  And they topic-tag each video while it’s playing, in the upper left.

What could use improvement:

• The Flash videos expected a screen size or resolution other than what my notebook was set at, with no obvious way to reset the size.  This would be a showstopper problem except the WMV sessions auto-fit within Windows Media Player.
• The individual segments don’t have a large start title tag. So, for example, the “preview pane” in Windows Explorer just shows “Dream Force” … not a big deal, but a minor nuisance in navigating.



• Also, the WMV files don’t have any master Table of Contents. The file names, like the ones on many CDs, start with a number followed by text, so looking at the directory, e.g., with Windows Explorer, the listing acts as an automatic Table of Contents.

Infinite Skills

Infinite Skills’s Microsoft Windows 7 Training, by Tony Northrup, has 6.5 hours of lessons, and is available on DVD or as a download for $99.95.  The first three “chapters” or sections, about 15 of the 91 lessons, are available as free samples. For example, check out “Using the Taskbar,” which includes an explanation of pinning items.

Some of the tutorials would benefit from illustration other than just a screen session. For example, the Infinite Skills discussion of ReadyBoost talks about USB flash drives but doesn’t show, say, a photo, video, or illustration of a user inserting a USB flash drive (or a Secure Digital card), followed by a screen session of Windows 7 offering to utilize it for ReadyBoost. It would have been easy to do. Failing that, the video should at least display keywords to make the learner more familiar with the term; for example, in the discussions of Encryption File System and BitLocker, display those words.

What’s good: The user interface has some useful features. Infinite Skill’s video player lets you show or hide the menu for the chapter’s worth of segments, and lets you select and jump among them, rather than requiring the learner to go back to a web page, Windows Explorer, or a DVD menu.

What could use improvement: The video player controls don’t easily let you back up (or “rewind”) within a video.  You can do it, but the video-position marker doesn’t move smoothly.  And again, it has no cursor highlighting.

Lynda.com

Lynda.com offers over 40,000 training videos on a wide range of technologies and vendors. According to the company’s website, about 10% of their content (i.e., about 10% of each video, not 10% of the courses) is available for free. Currently, two Windows 7 courses are available:

• Migrating from Windows XP to Windows 7 (slightly over an hour)

• Windows 7 Essential Training (six and a half hours).

You can all of access Lynda.com’s video content with a monthly pass, which starts at $25 per month (or $37.50 if you also want access to the exercises).  Or you can buy Windows 7 Essential Training as a $49.95 DVD.

What’s good: Each segment is labeled at the top, and vendor-tagged at the bottom right.  The tutorials are well paced, saying what the instructor is  about to explain or do, and then following through. If you drag the “time” marker, there’s no “rewind/fast-forward” delay, the tutorial shifts to that point in the tutorial instantly. Lynda.com has toggle-able Closed Captioning, which makes it easier to follow along, and learn any new vocabulary.

What could use improvement: Highlighting the cursor, and/or otherwise flagging the action, like CBT Clips does, would make it easier to follow the action.

ShoresMedia CBT Clips

ShoresMedia’s CBT CLIPS offers  Power Up to Windows 7, a set of 60 Flash videos, CD/DVD or online, for $125. A free 30-day demo is available.

What’s good: CBT Clips highlights key parts of screen activity with graphics, such as a large red arrow, colored outlines, or an animated circle. This makes it much easier to follow what’s happening.

I like these videos. The instructions on Sticky Notes has convinced me to start using that particular feature.  I’m not sure if I’ll ever have to write a math expression, but it’s interesting that there’s a tool for it, and now I know how it works.

What could use improvement: CBT Clips doesn’t include security topics like BitLocker, encryption, or Windows Defender.  It does, on the other hand, include laptop/tablet topics like “Writing Math Expressions” and “Handwriting with a Pen.”

Train Signal

Train Signal offers free online training videos. At this writing, there are about half a dozen for Windows 7 in the company’s Free Windows 7 Training Videos as well as more information under its Archives section (see the “Previous Entries” at the bottom).

What’s good: In the main group, Train Signal provides not only a mug shot of the trainer, but also short text summary of the subject and what you’ll learn from the video, e.g. for Aero Shake. And each video begins with a subject slide. Sensibly, for some topics, Train Signal uses PowerPoint-type slide shows (for instance, ”How does System Restore Help Me?”), to present key information, before switching over to a screen session. I like this mix a lot; I didn’t see any other training company doing it.  And you can’t beat the price.  The only thing missing is cursor highlighting. Also nice, in the archives (not the current listings) are the “Related Posts,” suggesting other videos, including non-Windows-7 courses.

What could use improvement: There’s no at-a-glance table of contents in the main group; the photo-and-summary, while useful, makes it hard to do an at-a-glance scan to see what’s there. A clickable “collapse” this view would help. The archive lists don’t include the photo-and-text, instead pushing that to the individual pages for each archive video.

Windows 7 For Dummies (Book/DVD bundle)

Andy Rathbone’s Windows 7 For Dummies is available not just as a book, but also as a book-and-DVD bundle, for $27.99.  The entire DVD is only two hours long, so it’s not as comprehensive as the videos with no books. Plus much of the DVD, like the book, is more of a general “Windows, UIs, and Operating Systems” intro than “What’s new in Windows 7.” On the other hand, the book is 400 pages. I include this book/DVD set in this review  because it straddles the line between video and book, and Rathbone’s videos have one or two features the others lack.

The Dummies DVD mixes some “talking head” shots of Andy and some hardware shots, like, for turning the computer on. But it is mostly screen sessions.

What’s good: Each training segment starts with a “what it is,” and pans and zooms to focus on the relevant part of the screen.

What could use improvement: I initially had a lot of trouble selecting the video segments to play from the DVD menu.  Basically, it takes patience, and possibly clicking several times on a segment. It shouldn’t be this hard.

Also, in Windows Explorer’s view of the contents, the DVD appears to be “Windows Power Point 2003,” with files labeled “Title1,” “Title2,” etc.; you can only navigate meaningfully via the DVD’s cumbersome menu. Tsk.

Don’t buy this bundle primarily for the DVD, there’s only two hours of material here, and much of it is general-Windows stuff.  I got it mostly for comparison.  But if you’re looking for a reference book for new Windows 7 users, this is a good choice.

What To Look For in Video Training

After viewing several dozen video segments from several  vendors’ videos, I’ve come up with a general shopping list of what to look for in training videos, aside from the specific content.

First, the package as a whole needs to be navigable. This makes it easier for a user to get to a specific task or piece, and also helps the learner to see what’s available, and get there. Some training videos did this well, some not so well.  Only one, Infinite Skills, lets you show/hide a chapter/segment menu at the upper left of the video player window.

In addition, the individual video segments need to be as usable as possible:

• “Don’t overflow my screen!”

Some videos want more screen turf than is available. For example, they act as though your display should be half again as big (or perhaps set to a much higher resolution) — with no way (or at least no obvious way) to resize the window. At least one of the web-based Flash videos started “oversized” at about 150% of my screen size, and opened an MSIE window without  a Zoom control in the bottom right. Using the Menu bar’s Zoom solved this… once it occurred to me to try it.

Look for video windows that can be resized, even just by an inch of so. Sometimes a user  needs to reclaim screen turf while learning. Some, like Infinite Skills, don’t allow this.

• “Whose Is This, and What’s the Subject?”

Some vendors display their name in the “session screen.” Others don’t. Some, like Infinite Skills, show their logo, which I found was not helpful enough.. This may seem to be a minor point, but it never hurts to have an as-you-watch reminder of what you’re supposed to be learning.  Some videos displayed the segment title continuously (albeit usually in a too-small font) while others didn’t. If you lose track what you’ve selected, it would be nice to see, in a reasonably-sized font, the title of the currently selected segment.

Some vendors’ segments begin with a “title slide” for a second or two. That’s a good way to reinforce what you’re about to learn.  For videos that on DVD or on your hard drive, it also helps in selecting files through Windows Explorer, since for videos, Windows Explorer’s preview pane (on the right-hand side, showing the beginning of the file) shows the first “frame” (the starting image). Here’s a good example of a video with a starter title:



And here’s a good pan-and-zoom-to-the-action:


• Where’s the action?

A training video about using Windows is mostly screen sessions, of course. However, it helps to focus the learner’s attention when the video pans and zooms to show the portion of the screen under discussion, like the Task Bar or drop-down menus. Highlighting the cursor and areas on the Windows 7 desktop being explained, with colored areas or borders, like Dream Force does, helps even more.

• Not everything is a screen session.

Screen sessions are the sine qua non for much of Windows 7 (and other) learning — but not all of it. In a lot of Windows 7 explanations, screen sessions don’t contribute anything, particularly when nothing is happening. Watching Windows 7 “desktop wallpaper” gets old quick. Instead, there are lots of places where a photo or illustration would be helpful, like ReadyBoost, Windows Defender, and encryption. Even a simple illustration or two per topic would make this more than an audio session.

• Stop! Go Back! Go Forward!

Sometimes you want to back up, or skip ahead within a given segment. Not all the players/vendors support this. For example, Infinite Skills doesn’t.

• Walk the Windows 7 Walk

Oddly, some display windows don’t support all the Windows 7 UI features. Infinite Skills’ training, for example, doesn’t “Aero Shake.”  (The feature lets you hide or reveal all other windows when you “shake” theirs using the mouse.)

Thoughts and Recommendations

None of the videos I watched did everything well. Lynda.com gets points for its closed captioning; Dream Force for the highlit cursor.  And of course, you need to make sure the package covers all the topics you need.

The “Windows 7 For Dummies Book” made it clear how much better computer videos are than books in terms of screen shots. The videos are in color, already large, and zoomable… and they are session movies, not static screen snapshots.

As I said earlier, I like CBT Clips and Lynda.com’s videos best in terms of usability, and I recommend both of these training courses for a general overview of Windows 7 and its new features. Your choice will be driven, of course, by the videos that cover the features that are most relevant to your users. Be sure to look at the topics they cover, because you should not assume that all vendors cover everything, especially for corporate use.

Even if IT simply puts together a page going to the freely available videos, from one or multiple sources, you’ll already be making your users — and the IT Help Desk staff — more competent and confident, and thereby less techno-stressed and more productive.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

“Before virtualization, disaster recovery was so expensive to implement that organizations had to choose only the most critical applications to protect and hope for the best for the rest,” says Jeff Nessen, practice director of platform virtualization for Logicalis. “With a carefully planned virtualization strategy, disaster recovery can now be provided for a much broader range of applications and data.”

However, if virtualization isn’t executed with thoughtful precision, the whole virtual mess can tumble even the mightiest of corporate recovery plans.

“When implemented and designed correctly, a virtual environment is an armored bunker 200 feet below the surface where all your eggs are stored; incorrectly, it is a basket on the edge of a wall with very high crosswinds that may cause the basket to tip over at any time,” says Gregory L. Smith, senior product architect at SunGard Availability Services.

The Virtual Fault Line

When virtualization does foul disaster recovery plans, the problem usually stems from human error and lack of foresight rather than a glitch in the technology.

“Unfortunately, many people implement virtualization without any thought of a strategy,” says Daryl Beeson, vice president of sales at Abtech Systems. “If you want to use virtualization for something other than a way to reduce the number of servers in your environment, you have to have a plan.”

But like everything else in the way of IT, plans come and go on the budget winds.

“A successful strategy requires thought. and not many IT departments are staffed to think anymore. It is a real challenge when companies cut staff to a bare minimum so the only option is to react — and not think through how to solve global problems,” says Beeson. “Those that are staffed to think are confronted with the other challenge — and that is budget.”

The Costs of a Virtual Recovery

Beeson says the cost of virtualization, as a capital expense starting out, is not a 1:1 cost in the first year. “There is a price to pay for virtualization and that might be as much as 1:1.5,” he says. “The great news is [in] years two through five, when you start to recognize the savings. But finding the spare cash needed for the initial buy-in stops many people from implementing a simple plan.”

That penny-pinching rationale can lead to a hemorrhage of cash and a bucketful of troubles later when disaster strikes and data is permanently lost or retrieval is delayed too long.

“Traditional disaster recovery plans easily, or painfully I should say, means about five weeks of downtime,” says Beeson.

Contrast that scenario with the typical scenario using virtualization: “If used correctly, IT managers can have a working environment in less time than it takes to brew a pot of coffee,” says Koka Sexton, business development manager at Paragon Software Group.

The greater savings, then, come from weighing total costs against initial costs.

“Disaster recovery has historically been oriented around copying critical data to a secure location for storage or maintaining a separate set of hardware and a remote location for use during an event,” says Chris Patterson, product manager at NaviSite. “The first solution is comparatively low cost, but does not provide end users with a means of quickly accessing remote data, while the second is a very costly means of protection against an event that may or may not occur.”

“Virtualization provides a middle ground in terms of both pricing and functionality,” he adds.

The Bumps, Bruises, and Painful Parts

But building virtualization into your disaster recovery plans is not without its obstacles and worries.

“The concerns that need to be addressed by IT are the additional loads on servers running these virtual machines,” says Sexton. “IT managers will need to make sure there is ample storage for the VMs and provision sufficient resources such as memory, CPU, and bandwidth.”

“Make sure you build virtualization into your disaster recovery plan with regular backups and redundancy as you would with any other disaster recovery plan used,” adds Sexton.

Another sore point: narrow hosting. “If many critical virtual machines reside on one host that fails – that could be considered a single point of failure,” warns Venyu’s product manager, Patrick Tansey.

There are also a few compatibility and integration issues to wrangle.

“Server virtualization introduces new operating paradigms and traditional disaster recovery solutions don’t offer the level of granularity and flexibility that these new virtualized environments demand,” explains Vish Mulchand, director of software product marketing at 3PAR.

Beyond the concerns specific to virtualization are the shared worries with disaster recovery in general.

“There are as many levels of disaster recovery as there are IT infrastructures,” says Logicalis’ Nessen, “Determining the appropriate technology is actually the easy part.” Often, he said, the more difficult challenge is negotiating internally how much risk an organization’s different departments are willing to accept for their applications and data.

“Once realistic recovery parameters are identified, developing a tiered strategy that meets the specific requirements and budgetary constraints of your organization is relatively straightforward, and virtualization most certainly can be the key to an easier and more cost-effective disaster recovery strategy than many companies have had in the past,” Nessen added.

Sweet Spots and Right Moves

Server virtualization forces both end users and vendors to re-evaluate their deployments and offerings. Good visibility and communication across the different layers — such as the application, operating system, hypervisor, fabric connectivity, and storage abstraction layers — is essential.

“End users will need to evaluate offerings that provide this level of visibility and integration,” says Mulchand. “On the virtual server side, the more the virtual server environment can take advantage of existing infrastructure, the easier it will be for end users to deploy.”

Virtualization on the x86 platform has had a profound impact on IT and specifically in disaster recovery. “Initially, virtualization was able to act as a hardware abstraction layer, making the requirements for mirrored hardware or complex procedures to account for dissimilar hardware unnecessary,” says SunGard’s Smith. “The paradigm shift initiated by virtualization has also enabled disaster recovery capabilities that were once unheard of for the general x86 based environment.”

“Through the introduction of SAN-based or shared storage for the data center server population, virtualization has enabled advanced recovery solutions without introducing the complexity of transaction-based replication, advanced shared disk cluster services, and application or OS specific replication,” he added.

“At its core, virtualization has reduced the complexity at time of recovery and enabled advanced recovery solutions that are designed once and implemented uniformly across the x86 based data center environment,” says Smith.

Desktop Virtualization Brings It Home

Coupling desktop and server virtualization greatly increases the effectiveness of a disaster recovery strategy. Desktop virtualization is a newer concept than server virtualization. It was recently brought to the forefront with the rollout of Windows 7.

“For some. this centralization will deliver all that they need,” says Martin Ingram, vice president of strategy at AppSense. “Other organizations will look to use virtualization on the client platform for some users.”

The Microsoft Desktop Optimization Pack (MDOP) includes capabilities that allow organizations to distribute virtual machines that can run on user’s home machines if necessary. “This is a possible way to manage disaster recovery but it comes with added complications in ensuring the VMs are available and up-to-date,” says Ingram.

But that is not to say that desktop virtualization through Windows 7 does not have its own distinct advantages in several possible scenarios.

“Many companies have access to SunGard stations, but without virtualization, the employees just have a computer to work on,” says Mike Strohl, president of Entisys Solutions, a virtualization solutions consultancy and integration firm. “With virtualization of their Windows 7 desktop, they will be up and running within minutes, using their personalized desktop and applications, in the same operating environment as they are accustomed to, from the SunGard, or whatever workstation they have chosen.”

However, Windows 7 is not the only option in desktop virtualization strategies.

“I would expect that desktop virtualization delivered from an organization’s data centers will be a more popular choice than virtualization within Windows 7 itself,” says Ingram.

The reasons for using virtualization may vary from one company to the next, but the bottom line remains the same for them all.

“There is no difference in the user experience from the normal operating environment to the disaster recovery operating environment,” explains Strohl. “Users can do everything within the virtual infrastructure as they were doing in their normal infrastructure with little disruption.”

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

It’s not especially easy to deploy, but Windows 7 supports simple software RAID. Here’s how to do it, using low-cost storage you already own: a bunch of USB flash drives. (I’d say I created a RAID array of USB drives simply to demonstrate the technique, but really… one reason to do this is because, well, I could. We techies can be so easily amused.)

There’s no such thing as enough disk room or a safe-enough hard drive. The moment you think you have enough hard disk space, you find yourself collecting high-definition videos or your hard disk starts whining and clicking. One solution to both problems is to use an ancient computing technique that dates back to when a big hard drive was 5 MBs and came in a casing as large as a washing machine: redundant arrays of inexpensive disks (RAID).

RAID has several benefits. The first is that RAID has the potential to deliver vastly increased data transfer rates. In theory, the input/output transmission rate of a RAID system can be more than ten times greater than a ordinary hard drive.

RAID pulls this trick off by “striping” data across the array’s disks. In English, this means that a file can be distributed across the array so that it can be read or written much more quickly. For example, With RAID, the system will place a file on the media so that while the first part of the file is being read from disk on one array, the second portion is already being picked up from disk two.

By enabling parallel data transfers, data throughput can be multiplied by the number of drives in the array. For example, a four disk RAID could have four times the throughput of an equal-sized single drive. A RAID that’s designed for speed and nothing but speed is called RAID Level 0.

The other major advantage of RAID is that you can mirror data from one drive to another, the most immediate form of backup one could imagine. Its disadvantage is that on RAID Level 1 you can use half a RAID’s maximum drive space for data storage. You also don’t gain the speed boost you get from RAID 0. Advanced versions of RAID let you retain more of the drive room while maintaining your data security. Unfortunately, in Windows 7, you can have one or the other, but you can’t have both.

Not for Most Users

You could, of course, buy a RAID hard drive controller or a full-scale storage area network (SAN) setup such as the Dell/EMC CX4-120. But, if all you need is to get more speed or more data security from existing Windows 7 PCs with multiple hard drives, why not use the tools that Microsoft has already put in the box?

If you opt for this path, you should keep in mind that this is not something you should trust even power users to do on their own. There are several ways to blow a RAID installation in Windows 7, and the worst of them will leave you with a drive that needs a visit to a repair shop, and possibly a user who needs therapy.

Also keep in mind that only Windows 7 Professional, Enterprise, and Ultimate support software RAID. If you’re going to try this, be sure that the PC doesn’t already support hardware RAID in its BIOS. If it does, you’re almost certainly better off using the built-in RAID since it’s very likely to provide much faster performance.

Setting Up RAID in Windows 7

With that in mind, let’s go over the basics. First, to set up a RAID using Windows 7′s built-in tools, you need to be logged in as the administrator. Your drives, or those portions you’ll be using for your RAID, must be the same size. In my case, I used a pair of inexpensive Best Buy 4GB USB Flash drives. A RAID of this size isn’t terribly useful, but I thought it would be interesting to use Flash drives in this way. Also, I couldn’t resist the temptation.

Once the drives (USB or otherwise) are installed and working properly, you’re going to end up blasting every last bit of data off them. That’s because normal, a.k.a. basic, drives with normal partition tables can’t be used in RAIDs. Instead, you need the drives to be set for dynamic storage. A “dynamic” disk can handle the spanned, striped, and mirrored volumes required for RAID. During this transformation, you delete the volumes on the drives and all the data therein.

First, you find the drives you want to devote to your RAID.

To do this, head to Administrative Tools and Computer Management. Once there, under Storage, click on Disk Management. Pick the first drive for the RAID, and after making darn sure it’s the drive you really want, click on “Delete Volume.” Then pick out the next drive (you’re sure it’s that one, right?) repeat the “Delete Volume” until you’ve blasted all of them.

Then you move over to disk management to turn the drives into active disks and get rid of any pre-existing volumes.

If for some reason, this isn’t working for you, you can also accomplish the same thing from an enhanced command prompt; follow these instructions.

That destruction done, it’s time to create the RAID. Select the unallocated space in the first drive and right click on it. You are presented with four choices. You can skip the first one, simple (which, for all practical purposes treats as the drive as if were a basic drive). The next choice, New Spanned Volume, lets you treat multiple hard drives just as if they were one large drive. This technique, known by the name Just a bunch of disks (JBOD), can be useful at times, but since it’s not a RAID technology I won’t bother with it here.

Pick the type of RAID you want to use. Your primary choices are the third and fourth choices on the list.

The next choice, New Striped Volume, is where things gets interesting. If you elect to turn your drive (and its twin of course) into this kind of volume, you’ll end up with a RAID 0. In my informal testing, using my Mark 1 eyeball and PassMark PerformanceTest 7, I saw the average transfer rate increase by an average of 75%. Usually RAID 0 will produce a speed boost of about 100%, but I suspect what I was seeing was the result of an overworked USB controller rather than what you’d expect from Windows 7 RAID 0 with a more conventional setup.

Of course, the downside of creating an array of USB drives using RAID 0 was that my data wasn’t one bit more secure than it ever was. For better security, I needed the last available choice on the menu: New Mirrored Volume. With this, I created a RAID 1 drive. My two 4GB drives now gave me the equivalent of a single 4GB drive. In addition, my USB drives’ performance dropped by about 20%.

On the other hand, when I finally mangled the data of one of the USB drives — by repeatedly jerking one drive out of its socket with the fervor of a mischievous teething puppy let loose in a data center — I still had the data untouched and ready to go on its mirrored twin. As someone’s who dropped more than his fair share of laptops over the years, I can see how having an on-board mirror or an attached USB hard drive would be very useful at critical times.

Finally, I should note that during my week-plus of abusing and beating on these two generic USB drives to the tune of several thousand reads and writes, the drives held up remarkably well. While it’s commonplace to claim that a USB Flash drive can handle up to a million read and writes, I’m not sure I buy that. I am sure now, however, that even ordinary USB Flash drives, so long as they don’t end up in the washing machine, are likely to be good for years and years of ordinary use.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

In some cases, Windows 7 BitLocker aids your capacity to encrypt removable and backup media, depending on the media involved.

Portable Hard Drives

Ranging in size from small to huge, portable hard drives are a fairly easy way to keep backups in order—especially backups consisting of just data. Windows 7, as in prior Windows editions, contains the infamous Backup.exe software in Professional+ editions. Backup.EXE allows compressed and regularly scheduled backups (so long as you remember to plug in the drive); drives can also be BitLocker-managed and encrypted. You can do a quick backup of just data files (example, your /user directory), or mixtures of the whole enchilada and all the data, or just those files that have changed, in your favorite backup combo.

The pressure is on time: a full backup takes a while, so people are tempted to just back up data. That’s okay, but with patches coming every Tuesday, capturing a mobile PC’s entire state weekly is recommended. Otherwise, patch-catch-up becomes a huge problem when restoring data to a fresh computer.

The downside to portable hard drives can be formidable. If you lose the notebook or leave it to be found on the next flight to somewhere, it’s likely that your backup portable hard drive is in the same location. Both copies are now buh-bye. Sometimes portable hard drives are lost independently, as they’re not only small (that makes them handy) but they’re also part of the daily use “kit” people associate with their notebook or netbook. To summarize, portable hard drives are an inexpensive method of replicating information, but are vulnerable to the same disaster that befalls a notebook/netbook — and are often lost in the same way.

Burning Your Own

If your notebook/netbook has an internal DVD drive, it’s easy to take advantage of the DVD’s large storage capacity and burn your own data to disk. You generally have two choices, DVD-RW or DVD-R/DVD+R media. The RW media can be reused numerous times, although disks tend to get smudged or dirty easily and must be handled very carefully. Small scratches may kill the entire dataset on them in a way that cannot be recovered from. (Note that BitLocker doesn’t cover DVD writables, only DVD re-writeables.)

The same goes for DVDs that are used for single-burns, like DVD-R/DVD+R media. The upshot is that these are far less expensive, and are easily mailed to someone far away from you, so that a loss of your computer won’t kill both the original and backup of the data.  Backup.EXE lets you burn to a DVD easily, and with up to 5.4GB of data, it’s not tough to get a significant amount of documents and data onto a DVD quickly. People who think in advance have a mailer to send the items (encrypted and compressed, of course) to themselves at home (organizational policies and legal rights permitting) or to another spot, so as to separate the data stores physically.

The items that need storage aren’t quite obvious, but usually the /user directory for each individual needs to be stored (after all applications are closed so that no data files are open). Some applications keep data in other places, and need to be included as well.

Portable Flash Drives

Flash drives represent an increasingly favorite mechanism to store data, and their capacity has climbed to as high as 64GB. Although not an especially fast data storage medium, the flash drive (or USB drive) has become popular for its ability to be rapidly erased and its small size makes it handy to carry elsewhere — again, separately from the system whose data it backs up.

Drag and drop is the rule for backup on a USB drive. To perform a backup, bits or all of the /user directory (and related data stores where applicable) are simply copied onto the flash drive periodically. Some users rotate the drives; others over-write drive data so that only the freshest datasets are stored. Some people add personal content like music, videos, and other media to the mix, not just work product.

The upside to flash drives is their ease of re-use. We’ve tested large capacity drives to past 12,000 rewrites without error. They’re impervious to temperature (except extremes), and their expense has been dropping significantly and steadily.

The downsides to flash drives are similar to those of portable hard drives. Easy to lose, flash drives also run slowly — especially on USB 1.1 jacks. You also need to use your own archiving arrangement unless you use the same group of removable drives with Backup.exe. Worse, they’re easily stolen. But if they are, at least BitLocker usually works well with removable flash drives.

Online Services

There are specific sites for multimedia storage, like Flikr, Picassa, Fotki, and others. Some of them allow up to a gig or two per month of file storage, and they don’t necessarily have to be movies, photos, or audio.  In fact, one fellow we know renames all of his doc files to jpg so that he can upload them. They look strange in a photo viewer.

These services don’t encrypt files, and their user agreements may restrict how things are done, in terms of whom gets to view what, the availability of the site, and so on.

Other sites, like Mozy.com, have a teaser of a free 2GB of storage essentially forever. Unlimited data storage, encrypted, at Mozy.com costs $4.95 for all you can upload. Mozy, like competitor Carbonite, use a downloadable application that you can use to set what gets backed up, and when. This presumes that you’ll be online at the appropriate backup time, although ad hoc, unscheduled backups are available, too—as is access to the stored encrypted data.

Mozy’s personal application also knows the “normal” location for most user data files, although an administrator can (and probably should) ignore Mozy’s default settings and create a list as to what ought to actually be backed up. Then you get one system, fixed or mobile, for as much data as you can upload.

Therein lays a catch: Some connections simply are vastly slower at uploading data than downloading it. Some WiFi connections, like those typically found via AT&T at Starbucks, are quite slow at uploads. Hotel/Motel WiFi networks vary widely in their upload capabilities. My own recent tests with Mozy showed that one Marriott location near the St Louis Airport was blazing fast, while another location in Indiana was so slow as to be essentially useless. They all depend on whatever the backhaul speed behind the WiFi system is capable of.

While Mozy.Com is good for basic users, I’ve also found that it does a good job of getting the whole enchilada. There is no limit to your storage at $4.95 per month. They also have strategies for online server backups in business plans that are much stiffer in cost, usually because speed and dataset sizes on servers can be far more demanding than today’s end-user systems—where personal storage above a terabyte is unusual.

The Good, Better, Best

In an ideal world, we’d have tiny flash drives with capacity as large as the fattest notebook hard drive, and with backup speeds of just a few seconds. It’s not an ideal world.

Incrementally, you can use personal external hard drives, or handfuls of DVDs. Personal flash drives are also incredibly convenient—if really easy to lose. But if you have persistent or decent occasional online connections, online services like Mozy can be incredibly convenient, encrypted (albeit not with BitLocker) for a toll charge.  But don’t wait for the disaster. Use something, and make sure it’s working.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

One of the benefits of the Software Inventory Analyzer, as you’ll learn in the screencast, is its price: It’s a free download. The tool only looks for Microsoft applications. There are dozens of other inventory tools which may or may not be better suited to your needs.

Also, be sure to read our article that goes into more depth on doing software inventories, Retain, Retire, Rewrite: Performing Application Triage in Your Windows 7 Migration.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Though Windows 7 is still pretty much a newcomer to the desktop operating system scene, it’s been around long enough that IT pros will encounter the occasional circumstance that demands — or at least calls out loudly for — a complete reinstall of this much-touted OS. In the sections that follow, I lead you through some cases where a reinstall is highly recommended (if not absolutely required) to make a PC work properly.

Windows 7 has been around in full commercial use for several months, depending on how you count: since August 2009 (MSDN release) or October 2009 (commercial release). Though it may seem that reinstalling Windows is unnecessary, in some cases such a maneuver makes good sense. These include a switch from 32- to 64-bit environments, changing your BIOS hard disk access mode, and for classic Windows degunking maneuvers.

Making the 32- to 64-bit Switch

The decision to switch from some 32-bit Windows 7 version to an equivalent 64-bit version absolutely, positively means that you must perform a custom install on your target PC. The 32-bit version is called x86 in Microsoft parlance and included in ISO filenames such as en_windows_7_professional_x86_dvd_x15-65804.iso, but the 64-bit version is called x64 as in en_windows_7_professional_x64_dvd_x15-65805.iso. There is no upgrade path from 32- to 64-bit Windows, so making this switch involves blowing away the old install and replacing it with an entirely new one.

If you find yourself facing this switchover, here’s a list of handy tools and activities you should undertake before actually firing up a Windows 7 reinstall:

1. Use the Windows 7 Upgrade Advisor’s 64-bit report to look for potential driver or software incompatibility issues. Fix anything that might appear herein, and you’re more or less guaranteed a smooth install when the time comes.


Figure 1: The Windows 7 Upgrade Advisor proffers a detailed 64-bit report when its analysis completes.

2. Download and use the Windows 7 USB/DVD Download Tool for your reinstall. This free, nifty download from the Microsoft Store lets you turn a 2GB or bigger USB Flash drive (UFD in Microsoft-speak) into a bootable installer for your chosen Windows 7 ISO file. It’s not only much faster than a DVD (which this program will also burn for you, if you like) it’s also much handier if and when you need a bootable Windows 7 repair toolkit as well.
3. Make two complete backups of your 32-bit environment before you fire off the installer: one image backup and one conventional backup. You can use the Windows 7 Backup and Restore utility for these purposes, or a third-party product of your choosing. (I like Acronis True Image Home because it lets me restore an image to the drive of my choosing, whereas the built-in Windows software only writes to the system drive on the target machine.)

With these items at hand or completed, you can blow away a 32-bit system secure in the knowledge that you can get back to that system by restoring one of your backups, if something unexpected pops up and prevents you from achieving a successful 64-bit Windows 7 install instead.

Switching SATA Drives from IDE Emulation to AHCI or RAID Mode

Those PC systems that include an Intel I/O controller hub (ICH5, ICH6, …, ICH10) to which an SSD is added after Windows 7 is already installed (probably as a system drive), or whose users simply want to squeeze the best performance possible from their SATA drives, may wish to switch their BIOS settings from IDE emulation to support AHCI (the Advanced Host Controller Interface) or RAID (Redundant Array of Inexpensive Disks). These settings permit PCs to exploit advanced SATA features that include native command queuing (NCQ) plus hot plug or power management for hard drives.

Here’s what Intel has to say about turning these features on in a PC’s BIOS:

Figure 2: You might want to read the whole Intel Raid Storage Technology (Intel RST) file.

I don’t know how seriously readers may be inclined to take such a warning from Intel, but to me the prospect of an unbootable system is not terribly encouraging. That said, I have tried other methods to switch from IDE emulation to AHCI or RAID mode on a system with Windows 7 already installed, and I have never experienced this kind of crash myself on ICH9 or ICH10 based systems (but you need to go into “Dirty Harry mode” and ask yourself if you’re feeling lucky today before you try this maneuver). Whether you jump straight into a reinstall at Intel’s urging or try the workaround, be sure to make the requisite dual backups so you can rebuild the system from “bare metal” should circumstances make that necessary.

The workaround basically consists of finding and copying the necessary iastor.sys driver file into C:\Windows\System32 (for x86 Windows 7 systems) or C:\Windows\System32\DRIVERS (for x64 Windows 7 systems). You can search the Intel site for the latest chipset drivers and downloads pretty easily to locate the necessary files. (You can usually find F6 standalone download files for use during Windows installation, which works equally well post installation for those willing to shoulder the related risks.)

The Ultimate Windows 7 Degunking Technique?

With my hat off and my fervent thanks to Jeff Duntemann, inventor of this term and co-author (with Joli Ballew) of the excellent book Degunking Windows, 2e, I submit that those who install and uninstall lots of software on their PCs, or whose machines go through lots of change and ferment, may decide from time to time that blowing away the current Windows install and restarting afresh is the right thing to do.

On my heavily used-and-abused test machines, in fact, that happens at least once every six months, if not more frequently than that. The book lists reinstalling Windows as one of its “Last Resort Degunking Techniques,” but in fact if you don’t have too many applications to reinstall after reinstalling the OS and all its many updates and patches, this can actually go faster than serial application of all the other, more detailed and focused degunking techniques instead (file cleanup, desktop cleanup, drive defragmentation, removal of unused or unwanted applications, and so on and so forth).

If you find yourself dealing with ever-slower bootup and shutdown, lengthy pauses when accessing the file system, slow application launches, and other signs of lagging performance, some kind of degunking is usually called for. Being something of a “cut to the chase” guy myself, I’ve learned that a clean reinstall is often the best and fastest path to a better behaved Windows desktop, for as many Windows versions back as I can remember (3.0 or 3.1, if memory serves). As a last resort technique, it will probably also work for your users, too — especially those who are allowed to install programs or browser add-ons of their choosing.

If You’re Going to Reinstall, Please Do It Right

Just remember my earlier advice in the story. Get your tools together, and go ahead and build yourself a bootable UFD with the Windows 7 ISO file of your choosing (3-4 GB is needed for x64, and 2-3 GB for x86 versions, if my adventures with Windows 7 Starter, Professional, and Ultimate can be a guide). Make sure you’ve got a readable file-by-file backup of your original install (in case you need to go back and grab something later) as well as an image backup (in case you want to restore the drive to its original condition later), and you’ll be good to go. Have fun, but stay safe!

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Even though Microsoft shifted to a common core technology for both its client and server Windows software a decade ago, the two development teams were never quite in sync when it came to releases, and therefore, it was difficult to coordinate special features that tied the desktop OS to the server.

But with Windows 7 and Windows Server 2008 R2, Microsoft finally got the two on a very close release schedule. Both entered beta in late 2008 and were commercially available in October 2009. They share quite a few common technologies, including:

• Scaling to 256 cores
• Fewer hardware locks and improved parallelism
• Timer coalescing, where multiple tasks can be executed at once, rather than one at a time, so the processor can go into a low power mode
• Windows Installer 5.0 supports installing and configuring Windows Services and provides developers with more control over setting permissions during software installation
• Usually the kernel handles all thread scheduling, but 64-bit Windows 7 and Windows Server 2008 R2 only allow for applications with large concurrent threading requirements, such as a database to do its own scheduling.

That’s just scraping the surface. Let’s dive into some of the major features wherein Windows 7 takes advantage of the server OS, and ways in which Windows Server turns on new functionality in the client OS.

Knowing and Trust

Microsoft has put a lot of emphasis on securing both the client and server, which in turn results in Windows 7 clients trusting Windows Server 2008 R2 servers and vice versa. In developing these two operating systems in concert, Microsoft built in a lot of trusted and security-related technologies.

For example, DirectAccess technology permits much more secure connections than the old remote access option, virtual private networks (VPNs). Let’s face it: for most of us, our VPN experience at best has been a hassle, at worst spawning words unprintable here. DirectAccess provides remote users with the same access to the network they would have if they were in the office, and it initiates the connection automatically. No more firing up and fighting with the VPN client.

DirectAccess uses two-factor authentication, so that biometric reader on your laptop is finally useful. It creates two IP Security (IPSec) tunnels. One is for the computer certificate only, which gives the computer access to the DNS server and domain controller so the user can download Group Policies and request user authentication. A second tunnel uses both a computer certificate and user certificate, which gives the user access to internal resources and application servers for which they are authorized.

DirectAccess also allows an IT administrator to manage remote systems even when they aren’t connected to a VPN. You can apply new Group Policy or distribute software updates even if the computer isn’t logged on, because as soon as they connect, those changes will be pushed down.

IT Expert Voice has delved into DirectAccess in greater depth, so consult that story for further examination of its benefits.

RemoteApp

Windows Server 2008 revised and renamed Windows Terminal Services as Remote Desktop Services, and added some new features. Windows 7 is the first to include feeds that support the server-side accessibility.

RemoteApp lets Windows users enjoy remote applications with the same look and feel as local applications. With RemoteApp and Desktop Connections in Windows 7, applications can be installed in the Start menu, so an application being run off a server is started just like an application installed on the computer’s hard drive.

The Windows 7 client can subscribe to a RemoteApp program by using a URL, just as you run a desktop appliction through a link to an executable stored in a directory. Once the user subscribes to the feed, that connection will always be there, just like an installed application. Users only have to log on once to create the connection. After that, Windows remembers their user credentials. All of this requires a Windows 7 client.

Windows Server 2008 R2 and Windows 7 also come with the latest version of the RDP Protocol (RDP v7), which provides graphics rendering and multimedia enhancements for remote desktop users, so you don’t need to use a primitive, basic interface like with previous terminal services. Windows 7′s Aero glass effect is now supported, multi-monitor support is improved and overall performance better.

AppLocker

Prior attempts to provide software control and restriction on a Windows desktop were rather lacking in options and flexibility and often easy to get around. AppLocker is a new feature in Windows 7 and Server 2008 R2 that replaces the old Software Restriction Policies with more flexibility and stronger rules.

AppLocker allows you to create rules to control which files can be run on the desktop and assign those rules to specific users or groups. You can allow application access from certain publishers, the product name, the file name or the file version, or those with a digital signature. Conversely, you can exclude applications based on the same criteria, or restrict programs based on the directory path. You can create hash tags for specific software whose access you want to allow or deny.

AppLocker has publisher rules based upon an application digital signatures. A publisher’s rules can be passed on through future upgrades because it’s possible to say “a certain version and up.” For example, you could create a rule that allows user to run all versions of Firefox 3.5 and higher; when version 4.0 comes out, the end user can download, install, and upgrade her browser because its version number is greater than 3.5.

For more on AppLocker, see I Know I Can Find It In Here Somewhere: Using Windows 7 Applocker.

BranchCache

BranchCache is more of a Windows Server 2008 R2 feature than a Windows 7 feature, but Windows 7 does benefit from it. With BranchCache, remote offices can locally cache files that they frequently access, rather than having to repeatedly request them from the central servers, at the cost of time and bandwidth. Windows 7 is the only client that supports caching on the client.

In addition to the caching, Windows Server 2008 R2 and Windows 7 support a read-only Distributed File System (DFS), again designed to minimize network traffic and congestion, by putting read-only files in a local network so they don’t have to be fetched from the central server.

While not related to BranchCache, Windows 7 has a new feature called “transparent caching,” sometimes referred to “Offline Files & Folders.” Transparent caching stores network files on the local computer the first time you access them, so when you revisit a file, it’s on your computer rather than on the network. So like BranchCache, it can minimize network traffic for file retrieval. Windows 7 checks the local file against the one on the network to ensure you have the latest copy; if yours is older, the new one is retrieved. The cached copy is not accessed if the server is unavailable and updates to the file are always written directly to the server.

More on BranchCache: See BranchCache Basics: Moving the Central Office Closer.

BitLocker

BitLocker drive encryption was introduced with Windows Vista, but it was limited to only encrypting the system partition. In Windows Server 2008 and Windows Vista SP1, BitLocker was enhanced to encrypt additional (non-system) partitions. With Server 2008 R2 and Windows 7, BitLocker can also encrypt removable drives, such as USB drives, which have been widely recognized as a security threat because they can hold sensitive data and be easily removed from the office.

The BitLocker To Go feature in Windows Server 2008 R2 and Windows 7 allows administrators to use Group Policy to force users to enable BitLocker on removable drives before they can write anything to the drives, making them (the drives, that is, not the administrators!) much more secure. The recovery key can be stored in the Active Directory.

To learn more about BitLocker in action, watch the screencast, I Know I Can Find It In Here Somewhere: Using Windows 7 Bitlocker.

Playing Nice Together

These examples show how Microsoft is tying its client and server together for improved performance, something it probably couldn’t do ten years ago for two reasons: one, monopoly accusations, and two, its two development teams were out of sync. With Linux so strong on the server market — Linux now accounts for 14.8% of server revenue as of the third quarter 2009, according to IDC, while Windows has 43% of server revenue — it’s hard to make the case that Microsoft is in a monopoly position. So some heat is off the company.

At the same time, Microsoft has finally gotten the releases of the two operating systems in sync, and it plans to keep it that way. It’s rumored (and impossible to prove at this point) that Microsoft plans to release the successors to Windows 7 and Server 2008 in 2012.

But that’s in the future. For now, it’s clear there are definite benefits to having the two operating systems working in concert and should be taken into consideration when debating a migration, upgrade or rollout.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

I’m going to go out on a limb: Your IT department is understaffed and overworked, and you don’t have enough money in the budget to cover all the things you need. As a result, there’s a good chance that your end user computing hardware (for example, PCs, laptops, netbooks) and their associated applications, connectivity, and data on which employees depend on to do their work — also known as “endpoints” — can get  lost in the shuffle. Employees leave for another job, they get laid off, they move to another department, and so on. What with all the work to do, it’s fairly low priority (not to mention difficult) to keep track of where all those laptops and applications end up.

But that lack of awareness is dangerous. Security may be tough to justify. It costs a lot to prevent something that only might happen. However, IT administrators need to consider the many recent well-publicized and costly data breaches to realize some of the reasons ignorance is decidedly not bliss.

Research consultancy Aberdeen Group reports that between January 2003 and December 2009, more than three computer-related loss, theft, or disposal incidents occurred each week (on average) and affected more than 150 million records. And that’s just the public disclosures. The damage such incidents can do are tremendous, both in terms of physical cost (nearly $5 million per year on average), and in terms of data loss or exposure (an average of $640,000 per incident). Then there’s also the not-always-quantifiable inconvenience and loss of productivity surrounding such events.

The odds are that at least some of the laptops or other mobile assets your company issues eventually will be lost or stolen. In Aberdeen’s study of 150 organizations in “Laptop Lost or Stolen? Five Questions to Ask and Answer,” [free download, registration required] for every 100 endpoints, only 85 came back. The rest were lost or stolen (with only one being successfully recovered) or simply were listed as “missing and unaccounted for.”

To dig deeper into the report’s findings and what you should learn from it, I talked with Aberdeen research associate Nathaniel Rowe, who collaborated on the report.

IT Expert Voice: With all the breaches in the news, do companies really need a report to remind them that asset management strategies and proactive security are important?

Nathaniel Rowe: They realize there are risks without security in place, but with budgets being tight and the economy being what it is they don’t have the budget. Preventing risk costs a lot of money and the benefits aren’t always obvious, so we’re attempting to put some hard numbers to what happens when you don’t protect your assets.

Best in class companies — those with advanced strategies around tracking, recovery, and deterrence — saved an average of $44 per endpoint. For the companies in this study, that translated to a cost savings of about $800,000. Those are hard numbers that these companies can look at to justify investing in technologies that help them track inventory, recover laptops, and so on.

IT Expert Voice: Which investments should companies begin with to improve their endpoint protection strategy?

Rowe: Start with protecting against data loss or exposure. Full disk encryption is a great way to start. We also recommend remote deletion or being able to remotely disable a device; these haven’t seen as much adoption in the market as perhaps we would like to see, and that’s probably because these are relatively new solutions.

However, there is a serious differential between the best in class and the laggards [companies with the most security incidences and least strategy]. The best in class are investing in these more advanced forms of security.

IT Expert Voice: You mentioned the missing and unaccounted for, but doesn’t a company need a certain amount of asset management and know where its laptops are before it can know if something is stolen?

Rowe: Absolutely. That starts on a policy level, with having the right kinds of policies and procedures in place on an organizational level. You don’t want to provision too many of them and have them underused or not used at all.

Maybe the company has downsized and you have a couple hundred laptops sitting on the shelf and by the time you get around to increasing your headcount those laptops might be obsolete. So you need to have strategies in place to track your assets all the way through the end of the lifecycle.

IT Expert Voice: How are the best-in-class enterprises doing this?

Rowe:  There are a number of different solutions. For example, software portals that you can load onto your laptop or whatever endpoint you have and push out updates centrally so one guy isn’t taking a bundle of disks to every single workstation. Such solutions enable IT to look out and see the status of all the workstations — are they updated?

And that’s one window into asset management that helps you with tracking. Other solutions might deal with other aspects of the asset lifecycle.

But the more you automate solutions and reduce manual interactions with the devices, the fewer chances there are for human error, and the more you can do with the IT staff you do have. I was doing a report recently on the automation of backup and recovery of files; if something happens can you get that information back? Automated solutions do cost more, but they had the better ROI in terms of keeping the data secure and the amount of time spent managing each endpoint.

IT Expert Voice: Speaking of ROI, spending money on what might happen — especially in this economy — that’s a tough sell.

Rowe: Larger enterprises are often willing to swallow the couple thousand dollars for the physical devices as long as they know their intellectual property is secure, but it’s important to realize that those costs for the physical device add up. Best in class companies were much more likely to be able to successfully recover devices after they were stolen, by being able to track it—for example, if a lost of stolen laptop is logged into the Internet you can track the IP address the lost/stolen laptop is logged into.  By tracking that, a company can get an approximate location and better assist law enforcement in arresting the suspect and recovering the device.

Some companies are far enough along in strategy that they can actually use the web cameras to take pictures of who’s using the laptops and report that, and some of the endpoints can be tracked through GPS… so there are several different solutions here, but if you’re able to track it you’re much more likely to be able to recover it.

Best in class companies also have better internal controls. So using these better internal and external tracking mechanisms, they’re able to recover more of their assets and lose fewer in the first place. So that $2,000 or $3,000 here and there [for a lost or stolen laptop or other endpoint] can really add up, especially for these larger enterprises, to an average of $800,000. That’s the difference between best in class and laggards, which is an indication of the money you could be saving by investing in some of these solutions.

The second kind of cost involved in this scenario is the potential loss of intellectual property itself. The information from our survey is several months old so it’s not as high as some of the other security estimates out there, but Aberdeen has calculated that the average cost of one of these data loss incidents is about $640,000 per incident. A single incident where you lose Social Security numbers of your clients or credit card numbers will not only damage your immediate business; you’re going to have to spend a lot of money trying to clean up the mess. And the damage to your reputation can be crippling.

IT Expert Voice: But not every company deals with sensitive information. What would you say to companies that think, “Oh, well we don’t have to worry.”

Rowe: If you haven’t successfully locked down a laptop or other endpoint, with today’s focus on people working from home and accessing files from outside the company networks, through VPNs, getting access to companies’ databases through wireless networks… If your assets are not sufficiently protected, that’s an open portal to whatever information you have and it’s also an open portal to malware, viruses, and attacks against the companies infrastructure. If that gets into the wrong hands, they can do anything they want.

IT Expert Voice: The report talks about five questions. Can you discuss those?

If a laptop goes missing, you should be able to answer: What happened, i.e., why is it missing? What assets are at risk? What protections were in place? Where is it now? Can we prevent it from happening again?

You don’t want to be the guy that says, “I don’t know.” But too often, companies will say, “I don’t have a response to these questions.” If you’re the guy who has to report the incident but say we don’t know what’s at risk, we don’t know if there’s credit card or personal information on the laptop, we don’t know if there are any protections or the data is easily accessible… That’s not good.

The most troubling thing to me is the 11 percent of assets that are missing and unaccounted for. It could be that it’s just sitting on a shelf. Or it could be in the hands of a disgruntled employee. Ignorance is not bliss in these instances. Having the information allows you to at least start the process of inquiry and protection.

Where to start? Endpoint management investment priorities

1. Protect against data loss
2. Create consistency end user policies
3. Maintain accurate information on laptops and other mobile assets

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

As a result of new developments emerging on the scene, storage, quite unexpectedly, has become cool again. Here is the scoop on what’s happening now (in no particular order on the coolness scale):

Trend 1: Standard Mechanisms to Manage Storage Arrive

This quickly developing trend puts some real organizational muscle behind storage management. The driver, and underlying mechanism, is Representational State Transfer (REST), a familiar technique (in other technologies, although never before used in storage) that uses HTML.

“Now, we are using [REST] for storage, and it is proving to be a clear winner, as evidenced by its use in the new cloud storage standard, CDMI,” says Rob Peglar, vice president of Technology and senior fellow at Xiotech Corporation.

“There is really no downside to this approach, with huge upside in terms of saving time and reducing the complexity to manage units of storage, in particular storage blades.”

Trend 2: The Rise of Storage Blades

Storage blades are much like the familiar blade server in terms of the ability to scale, manage, and deliver high performance. They have been on the market now for a little less than two years but storage blades are just beginning to truly excite the market.

“While the form factors differ — blade servers are thin, blade storage occupies 3U in a rack — both are predictable, in terms of their ability to deliver application workloads, and also in terms of the ability for a business to predict cost over time,” says Peglar.  Xiotech combined its Intelligent Storage Element (ISE) storage blades with Dell servers and Symantec’s Filestore software this week to create a scalable network addressable storage (NAS) solution. The turnkey package is expected to start shipping in May.

“Like the RESTful approach to storage management, the blade approach to storage hardware and design has very little downside and tremendous upside, to improve performance per unit of input — e.g. cost, watts, BTUs, rackspace — relative to traditional storage arrays,” he says.

Trend 3: A Shift Away from Storage Controllers

Another significant development is the trend by application, hypervisor, and operating systems to embed high-level functionality which previously was only possible in storage controllers, says Peglar.  “Functions such as compression, sparse allocation, a.k.a. thin provisioning, deduplication, snapshot, mirroring, etc. are all ‘moving up’ the stack, away from storage controllers and into higher-level software that runs on servers.”

“While there are pros and cons to this approach to be sure — mostly deciding where to perform the processing necessary — in the overall balance, it is a very positive trend due to the massive increase in CPU power available in servers now, and the virtualization of servers and desktops,” he explains.

Applications are also becoming much “smarter” about storage than in years past, and this trend inhibits storage vendor lock-in.

Trend 4: But Cloud Storage Shifts to Controllers

While the idea of renting space on storage hardware is attractive (particularly in terms of the low costs), cloud storage “simply doesn’t yet work like local storage, which is keeping may corporate users from seriously considering it,” says  Josh Goldstein, vice president of marketing at Cirtas Systems. Never fear; changes are already underway to address that.

“Big innovations are happening in the form of cloud storage controllers — on-premise gateways to the public cloud that make it function and perform like local storage, while enabling capabilities that neither local storage nor cloud storage could provide on their own,” Goldstein says.

There is also an important paradigm shift for cloud storage: bringing processing to the data. “With extremely large data sets, it is far more efficient to perform specialized application services on the data locally,” says Cameron Bahar, founder and CTO of ParaScale. “The next generation eliminates specialized storage networks; it’s about specialized storage services running directly on storage nodes.”

Trend 4: Storage Goes Virtual

Many of the most significant changes have occurred in the capabilities of storage software. “Virtualization products are now available that enable customers to create a single pool of storage that is flexible, easy to manage, recoverable, and scalable by leveraging existing heterogeneous storage arrays,” explains Joe Long, director of Storage Solutions at Logicalis. A well-planned storage virtualization architecture enables corporations to support traditional virtualized server environments and cloud environments.

“The downside to storage virtualization is the entry costs to take storage you already own and add the virtualization layer on top of it,” he says. “The immediate advantage of storage virtualization is it turns disk storage into a commodity product which will drive their costs down.”

“Add the value of efficiency of allocating storage resources and you may even find you have more storage than you really need and can delay current plans to purchase more storage,” he concludes.

Trend 5: The Advent of RAMClouds — Storage Entirely in DRAM

As long as anything labeled “cloud” is hailed wildly by the industry crowd, vendors will hawk their goods as cloud-related or cloud-approved. That is merely natural commerce. It is, however, a mistake to ditch the idea as mere buzz, pomp, and circumstance. Experts are pointing out distinct advantages to innovative uses of the cloud in terms of storage.

Stanford University, for example, recently published a report [PDF] building the case for RAMClouds. The approach advocates information be kept entirely in DRAM on large-scale systems created by the aggregation of the main memories of thousands of servers, hence the name RAMClouds. It is a promising idea given the combination of low latency and seemingly limitless scale, thus overcoming two of the largest obstacles in storage and access particularly in terms of large-scale Web applications.

However, like all new developments, tread carefully until all the bugs are worked out. RAMClouds could also cloud legal issues from data ownership to liability to regulatory compliance issues.

One thing is for certain: Storage is no longer a stuff-‘n-forget exercise. Look for new data-rich applications to pop onto the scene as stored data becomes more accessible and user-friendly.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Several factors came together to bomb the commercial real estate market, effectively and forever reducing the notion of “corporate headquarters” to a fraction of the space it once commanded.  “It was a perfect storm of [changes in] real estate, human resources, and information technology,” says David Rush, vice president of Interior Design for HOK, a global architectural firm. Indeed, first outsourcing and then the recession shrank workforces to minimal levels. Legions more were unshackled by technologies from cloud computing and software as a service (SaaS) to laptops and smartphones. Now, savvy companies are dumping behemoth-sized facilities in favor of smaller workplaces peppered around the globe.

“Companies are moving from sprawling suburban corporate campuses to smaller scale headquarters — a hub and spoke model — as they represent much more efficient operations,” says Rush.

The new reality finds a glut of open office space, deserted and cavernous, where a sea of cubicles once washed through. Huge data centers have shrunk to mere skeletons in tiny closets, as workloads ascend to the cloud. Many a company’s sense of place has thus faded into a sense of wasted space.

“Due to the technology advancements, changes to the workforce, and cultural impacts in many companies, there is tremendous opportunity for facilities and workspace planning in corporate America,” says Scott Archibald, managing director for Bender Consulting.

As Archibald points out, many workers no longer need a dedicated cube or office, and younger workers are more interested in working in social environments with couches, easy chairs, and lounges. “Replacing dedicated cubicles with shared cube space and more multi-use areas are likely changes,” he says. “Quiet work areas may also be needed for those sensitive calls or management activities.”

“Investments will be required to make these and other facility changes; however, afterwards companies should be able to lower a building’s footprint and associated energy costs,” he adds. After these sea changes, profits are predicted to soon rise above pre-recession levels for many companies.

However, the initial investments needed often includes buying more technology – not less – in order to glue together a diverse workforce that now has no geographic boundaries.

Head Counts and Tech Beats

This new change in place and pace is not without its challenges. Topping the list is getting an accurate headcount of workers and the technologies they need to function. Given that outsourced, remote, and mobile workers are hardly new concepts, one would think corporations already have at least part of this problem already under control.

“Our survey results indicate that many companies don’t have control over employee mobility costs or benefits,” says Kathy Sharo, director of marketing for Runzheimer International. Runzheimer provides products and services to government agencies and 60% of the Fortune 500 in support of the growing mobile workforce.

“Seventy-three percent (73%), for example, have no policies in place for virtual office programs, which includes mobile device management, and 56% are unaware if the programs are productive,” she adds. “The point then becomes not just about buying or optimizing technology, but about adopting a more structured approach, complete with methods for measuring success.”

Runaheimer’s fifth annual survey of mobile workforce trends indicates that over 51% of a typical corporation’s workforce is mobile on any given day, and that number has increased by 31% since 2006.

“The total investment in workforce mobility per employee has increased significantly in the past four years and currently stands at $7,426 — a cost comparable to corporate health care costs,’ says Sharo. “Clearly, it’s a trend that will continue as new technologies proliferate and companies experience the service and growth benefits of allowing their employees to define their own office spaces.”

Time alone does not address the problems, certainly not in a world where change is measured in Internet speeds. “The evolution of the workplace is a process that has been underway for the past 15 years; however that period of transition is far from over with employees continuing to find themselves facing new dynamics, largely by circumstance,” says HOK’s Rush. “You don’t just make a choice to be highly mobile.”

Technology as Workforce Glue

The challenges deepen when corporations begin to add the intricacies of remote workers permanently stationed somewhere beyond the firewall.

“Without question, technology is at the forefront of the age of ‘working anywhere, anytime on any device,’ and this mindset is here to stay,” Rush says.

This flexibility is not a matter of convenience but a business case for more efficient and profitable operations.

“We believe that virtual work environments, like using remote offices and virtual work spaces, are critical to our business success,” says Jean Cholka, CEO of Freeborders, a provider of technology solutions and outsourcing from China that counts such industry giants as DuPont, Citigroup, Expedia, GE, and MorganStanley among its customers.

“As a global IT consultancy about 80% of our U.S.-based work force works remotely, at a client’s office, or at home,” explains Cholka. “Not only does a flexible work environment reduce the costs of a physical office space, it also helps employees achieve a better work-lifestyle balance.”

“For example, our work requires a close collaboration with colleagues in other time zones and frequent client visits,” she explains. “Working remotely provides the flexibility to better connect with colleagues in Europe or Asia.”

Such working conditions call for more than standard technology fare. It calls for technologies designed to be mixed and fixed into a fluid glue that holds the organization together. Cloud computing and Software as a Service (SaaS) are certainly mainstays of this formula.

“Cloud hosting means that IT can now be used more like a utility, and the anywhere, anytime access increases worker mobility, provides greater information security, and makes the workforce infinitely more flexible,” says Byron Attridge, executive vice president for ClubDrive Systems, a cloud computing provider based in Atlanta, Georgia. “It also makes fixed office space much less relevant.”

Smartphones and laptops are also central to leveraging the new workforce. Those corporations that use operating systems such as Windows 7 that unifies the remote and mobile workers with the overall organization are particularly well positioned to handle this change. However, these technologies alone are often not enough.

The Office Follows the Worker

“We use teleconferences and video-conferencing in our daily work,” says Cholka. These technologies are not so much for communications with clients and customers, she says, but with co-workers in the same organization or with collaborative partners.

The point is that the office now goes to the worker rather than the worker goes to the office. That calls for a technological shift across the entire organization.

“The way that people do business is changing. That’s undeniable,” says Dave Heimbach, vice president of Evolve Business Solutions by CBTS (a Cincinnati Bell company). Evolve Business Solutions is a VoIP, cloud-based technology that enables the traditional office to follow a worker by routing business calls to any number in the world. It also allows employees to dial in through their business line no matter what number they call from.

“Yet we’re seeing this interesting dichotomy between how people want and need to work in the digital age and the technology that is available to assist them with this,” he added, “ROWE, for example, is a revolutionary new management strategy that allows employees to work whenever, wherever they want to — there’s absolutely no requirement to go to an office or give face time to an employer.”

ROWE stands for Results-Only Work Environment and is a human resource management strategy wherein employees are “evaluated on performance rather than presence.” ROWE was co-created by Jody Thompson and Cali Ressler, former executives at Best Buy, who now own a consulting group called CultureRx. The concept is widely reported as being  originally piloted at Best Buy; employees were paid for results (output) rather than the number of hours worked.

Business basics, from management strategies to the traditional copy room,   are changing. For example,  standard office equipment (from fax machines to industrial strength copiers and printers) can become obsolete as work shifts to online and outsourced alternatives. Faxes can be sent and received online, and copying and printing can be outsourced online from anywhere to third parties such as Fed Ex Kinko’s. As adoption of these alternatives increase, the resulting shift in operations radically alters what a corporate office should look like and contain.

“Technology has freed workers from cubicles and employers from huge facility costs,” says Filip Tack, CEO at Nomadesk. “There is a complete surge in the Digital Nomad, [an] independent location worker who can be more productive outside of the corporate office and extremely effective in working remotely.”

“With Cloud computing quickly coming into the fold, companies don’t have to spend a hefty sum of money on custom solutions to enable a geographic spread in the workforce, and they can save tremendously on real estate,” he adds.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Indeed, the green movement has overgrown the IT industry to such a degree that a corporation can, in fact, become significantly greener without making a specific effort to do so. This is good news for corporate leaders who face ever-tightening regulatory requirements while also grappling with still-too-tight budget constraints.

Going Green (even if you don’t call it that) has other benefits to corporations. Because far from being just a warm and fuzzy PR move, the benefits of going green are tangible and bankable.

“At a high level, going green can (1) improve the bottom line; (2) help a business earn new contracts, especially since Fortune 500 and government institutions are providing preferential treatment; (3) increase revenue by accessing a new customer demographic; (4) compliance with environmental law and ability to get rebates; (5) hire the best talent — more and more of the young, smart graduates want to work at a company with adequate corporate responsibility culture; and, of course (6) it’s the right thing to do,” says Marcos Cordero, chief executive officer and co-founder of Green Business Bureau.

It makes sense, then, for your governance and regulatory compliance, facility management, and public relations departments (among others) to start ticking off line items on the Must-be-Green list as the IT department goes about its daily business. To get you started, here are a few areas where you can expect to reap green points on almost immediately (and without even really trying).

Refresh Cycles: Green, Mean, and Lean

Most corporations postponed regularly-scheduled hardware refresh cycles during the global recession. Aging equipment and software are now wheezing their last and upgrades are imminent. The good news: Practically any hardware you buy is significantly greener than anything currently in use.

“Energy efficiency of hardware has improved over the last few years, with the ratcheting up of Energy Star standards and the introduction of new rules,” explains Iza Kruszewska, toxics campaigner at Greenpeace International.

Kruszewska covers environmental issues in the European Union (EU), but many Greenpeace members report similar situations in other areas of the developed world.

“Electronic equipment made by all the global brands is now free of four types of heavy metals — lead, mercury, cadmium and hexavalent chromium — as well as two types of brominated flame retardants, thanks to the EU’s Restriction of Hazardous Substances in Electronics (RoHS) directive, which came into force in 2006,”  Kruszewska explains.

Some companies introduced PCs that far exceed the Energy Star and other energy efficiency standards, adds Kruszewska.  “Some brands now have models of PCs and monitors free of PVC (vinyl plastic) and all brominated flame retardants — not just the two types banned by RoHS.”

Thus, the simple act of purchasing new hardware for data centers and  international offices will rack up significant green benefits, from energy savings (that is, lower electric utility costs) to regulatory compliance.

Hardware Recycling Can Net Free Servers or Cash Rewards

Recycling efforts have become more sophisticated in recent years. Some programs actually give you new equipment to replace old, less environmentally-friendly gear.

“Many PC companies now offer comprehensive take-back and recycling programs, not only for business customers but also for individuals, and these programs are available virtually worldwide,” says Greenpeace’s Kruszewska.

One example: KOM Networks’ Junk-A-Juke program which aims to enable businesses to upgrade their older storage systems for free and feed over one million starving kids.

“Businesses of any size can take advantage of the program and get rid of any older computer equipment currently taking up space in closets, server rooms, data centers, etc,” says KOM Networks’ CTO, Kamel Shaath.

“KOM arranges the pickup, recycling, and installation of a brand new Dell powered storage/archive solution,” explains Shaath.

KOM Networks, and its recycling partner Technology Conservation Group (TCG), will remove your old system free-of-charge. The companies then dismantle and recycle the obsolete storage systems; they sell off the parts for other uses or sell the raw materials. There is a cost to participating corporations in the form of a new KOM archiving solution and a three year maintenance commitment, but this can be financed through Dell (OAC), according to KOM Networks’ website program description.

Corporations can also write off the recycled costs as charitable giving, says Shaath, since KOM Networks donates the money collected from the sale of the system components and raw materials to Feed The Children. KOM also matches the funds generated by the recycled hardware and donates it to Feed the Children, an international, nonprofit relief organization that works to save the 15 million children that otherwise starve to death each year.

There are other programs available that help with e-waste and can even generate cash either for your corporation or for a charity. You can identify many of these programs through e-Stewards, the organization that sets international standards for the disposal of e-waste.

Reused components find new and interesting uses through e-Steward recyclers. One example: “Best Buys’ new NYC billboard in Times Square is made from Electronic Recycling International’s recycled electronics,” says John Shegarianm, founder of Electronic Recycling International (ERI). ERI has a long-standing partnership with Best Buy. As an interesting aside, Shegarianm says the Olympic medals this year were also made from recycled e-waste.

The Cloud is Green and Raining Cash Benefits

Cloud adoption has gained momentum and it’s picking up speed, primarily because the new architecture promises huge savings over traditional data center systems and software licensing. However, cloud computing is also a major green initiative.

“Those companies which were unaware, or semi-aware of the cloud can no longer ignore the strong green IT value proposition of access to previously inaccessible productivity tools; the ability to collaborate with teams, partners and customers; shifting focus from IT to business; and improving speed to market through instantly set up solutions,” says Servoy’s CEO, Jan Aleman, who also serves as secretary of EuroCloud compendium and is on the steering committee of the ICT Office SaaS/Cloud Group.

New operating systems and software frequently comes along with a hardware refresh cycle. Windows 7, for example, contains many advantages but among those are features designed to aid cloud efforts, primarily via virtualization. Chief among them:

• Microsoft Application Virtualization (called APP-V), which lets IT managers stream applications to PCs from a server so they can be run without local installations.

• Microsoft Enterprise Desktop Virtualization (MED-V), a desktop virtualization tool that allows policy-based broadcasting of virtualized applications on demand.

Cloud trends are shifting quickly to hybrid models, which means some computing will be in the cloud and some on-premise in systems ultimately designed to deliver the best features of both models. The green effects of hybrids evolve naturally, effortlessly, and almost as an afterthought.

“Users no longer have to decide between the cloud or on-premise — not with green hybrid applications,” says Aleman. “The new green hybrid platform gives users the option of running their applications hosted online — on dedicated servers, virtual servers, or any form of cloud computing – or on-premises for anywhere access. These hybrid applications can be deployed as Software as a Service (SaaS) or on-premises through a browser and a native client.”

“By redesigning applications to fit these modern architectures, total carbon footprints can be reduced by 90 percent, ” he says.

It is important to consciously go back and account for these “accidental” green benefits in your company’s regulatory compliance filings. Otherwise, these advantages can be lost to further, more costly efforts in your organization’s labors to comply. That isn’t to say that any effort is fruitless, but it is wise to get all credits anywhere credit is due.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

Are some of your directories showing up as read-only? Join the crowd. It’s a common problem in Windows 7, but there are a few ways to address it.

Recently, a friend reported that since the April 13th Windows security patch, her copy of 64-bit Windows 7 is marking all folders as “read only” and she couldn’t find an easy way to fix it. She’s not alone. But this isn’t a problem that’s unique to either 64-bit Windows 7 or this particular set of patches. Instead, it seems to be an endemic problem with Windows 7 and Windows Vista.

It seems that several things can cause this problem. Among the causes: patching the system, upgrading from one version of Windows to another, and saving files to the top-level directory (C:\). Microsoft knows this is an issue, but for some reason the company doesn’t call it a bug.

According to Microsoft Support’s most relevant support document, “You cannot view or change the Read-only or the System attributes of folders in Windows Server 2003, in Windows XP, in Windows Vista or in Windows 7,” that’s probably because:

“The Read-only attribute for a folder is typically ignored (!) by Windows, Windows components and accessories, and other programs. For example, you can delete, rename, and change a folder with the Read-only attribute by using Windows Explorer. The Read-only and System attributes is only used by Windows Explorer to determine whether the folder is a special folder, such as a system folder that has its view customized by Windows (for example, My Documents, Favorites, Fonts, Downloaded Program Files), or a folder that you customized by using the Customize tab of the folder’s Properties dialog box.”

So, since the folder’s permission setting is usually ignored, can you ignore it? No, you can’t.

The read-only setting will get in the way of writing some files and, as Microsoft admits, “If a network share that has a large amount of folders set to Read-only, it can cause Explorer to take longer then what is expected to render the contents of that share while it waits on the retrieval of the Desktop.ini files. The slower the network connectivity to the share the longer this process can take to the point where Explorer may timeout waiting for the data and render nothing or appear to hang.”

Thus, if you’re using Libraries and HomeGroups to share files in a branch office or a Windows 7 system as a BranchCache server, this issue could lead to serious network performance problems. Adding insult to injury, you can’t address this issue using Windows Explorer because, according to Microsoft, “Windows Explorer does not allow you to view or change the Read-only or System attributes of folders.”

Fixing and Side-Stepping the Problem

I wish I could say that there’s a perfect solution to this problem. There’s not. Some methods work for some users and some don’t. I really wish that Microsoft would address this problem since it does show up fairly often, it’s been showing up since Windows XP, and it can prove extremely troublesome in small networks. I mean, come on, this is file permissions. How hard can it be?

That said, here are some of the ways you can try to address it. The “official” Microsoft way is to change the folders’ permissions using the venerable MS-DOS attrib command.

In short, you use Attrib at a command prompt (Cmd.exe) to view or to remove the Read-only or the System attributes of folders. You do this by logging in as the Admin user and then following these steps:

1. Click Start, click Run, type cmd, and then press Enter. (If the Run command is not listed on the Start menu, Click Start, click All Programs, click Accessories, and then click Run.)
2. To remove the Read-only attribute, at the command prompt type the following command:

attrib -r drive:\<path>\<foldername>

3. You may also need to remove the System attribute. In that case, use the command:

attrib -r -s drive:\<path>\<foldername>

If this works, you can now bore yourself to tears by running it as needed on other folders.

If you have multiple folders (or even systems) with file permission problems like this, you might think that it would be easier by far to use a PowerShell script to clean up the trouble automatically. You’d be wrong.

As Don Jones, a PowerShell expert, explained in a TechNet article, “Now, please don’t get mad, but I have to say that this is not a task for which Windows PowerShell is currently well-suited. I know, I’m sorry. It’s just that Windows file permissions are terrifically complicated little beasts.” (I can only add that is one situation where Linux, and the rest of the Unix family, does the job far better.)

That Didn’t Work. Now What?

What should you do if the command-line method doesn’t work? You can always try turning off the UAC (User Account Control). Unlike Windows Vista, where doing so was a binary choice, Windows 7 lets you choose different levels of UAC. Unfortunately for your system security, turning it all the way off seems to offer the best chance of eliminating the problem.

To do this, once more Click Start and click Run. This time enter UAC and then pull the slider to the bottom, as you see here:

Now, reboot. And, if the stars are in the right position, the problem should have disappeared.

No such luck? Well, Microsoft suggests, you might have a corrupted user profile. To see if that’s the problem, Microsoft suggests creating a new user profile. You do this by following these steps:

1. Open User Accounts. Do so by clicking the Start button, clicking Control Panel, clicking User Accounts and Family Safety (or clicking User Accounts, if you are connected to a network domain), and then clicking User Accounts.
2. Click on Manage another account. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Click Create a new account.
4. Type the name to give the user account, click an account type, and then click Create Account.

If you can now create folders without having them automatically turn into read-only folders, your next move is to try to repair the corrupted user account using the steps described in Fix a corrupted user profile. This is a rather complicated affair; I highly recommend backing up any system before trying to tackle it.

Still in trouble? Well, besides letting Microsoft know that this isn’t just an “issue” to you but a “bug, you can try to work around it by only using Windows 7′s Public Folders. Of course, this comes with the wee problem that any sub-directories and files in these folders will be available to anyone with a user account and password on the computer. Since this problem is most troublesome when a Windows 7 system is sharing files with other users, this can be a real security annoyance even if multiple users aren’t sharing a single PC.

Unfortunately, if this file permission foul-up is giving your users real problems, this may be your only practical solution. Still, I’d make this attempt to get around the read-only bug my last resource. If I tried everything else, and it still didn’t work, I think I’d try reorganizing the branch’s file-sharing arrangements by adding another server before resorting to this measure. Your usage may vary. Good luck.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

While Windows 7 is getting all the attention, especially here at ITExpertVoice, Microsoft has a few other irons in the fire. The company has been hard at work updating its rather extensive server line. Some of the new technologies in its latest desktop OS are slowly finding their way into its Windows Servers series of products. In this article, I give you a roadmap to show what is new in the Windows server side of things, how they all fit together, and how the server versions make use of Windows 7.

Microsoft provides five dizzying ways that you can take a closer look at their servers. Many of these products have free trial versions that you can download, some for 30, 120, or even 180 days before you have to purchase a real license. Other products are set up on Microsoft-hosted websites, so you can experiment  using your Web browser. And some have Virtual Hard Disk images (VHDs) that you can download and then run on a HyperV server to set up your own test network of virtual machines. Also, a series of “Virtual Labs” lets you watch videos and be guided through the product on MSDN. No membership is required, but you need Internet Explorer and Windows XP to run the lab software. Finally, Microsoft is also beginning to make Amazon Machine images available on Amazon’s cloud-based services so you can set up your own test networks there.

Microsoft splits its server line into six broad pieces, as shown in the summary table below. These are somewhat arbitrary, and inconsistently applied across their various websites. The table is packed with URL links that take you to the trial software, or in some cases to the real McCoy, which you can download or experiment with.

Microsoft Server Roadmap

As you can see, this is a huge landscape. Many of these servers are several years old, while others are being constantly updated, such as the online versions.

On the line in our chart for Internet Information Server (IIS), Microsoft’s Web server is a link to Web Platform Installer (WPI). This is a noteworthy update to something that has long bothered me when I try to install various Windows servers. With the WPI, Microsoft is doing its best to consolidate the installation of a Web services delivery platform in one easy place. If you haven’t upgraded your .Net framework or Visual Web Developer, for example, this little app will help you gather and connect to the right updates and make sure all the bits are delivered to your server so you can support Web-based apps.

WPI is a new way to update all the various Web-related services on your Windows servers.

A Note about 32- or 64-Bit Versions

For several years now, Microsoft has packaged both 32- and 64-bit versions of its desktop and server operating systems. We are beginning to see the tide turn towards 64-bit, and if you are serious about trying many of these products, you probably want to install the 64-bit version Windows Server 2008 and its companions. (Read this article about moving to 64-bit OSs here on ITEV for more perspective, too.) For example, any real exploration of SharePoint requires numerous 64-bit servers to showcase its newest features. And HyperV requires a 64-bit Windows Server 2008 version to run at all.

This Technet link on SharePoint, by the way, is also a great one-stop shopping place to download the latest tools and other bits and pieces that you need.

A Note about Windows Server 2008 R2

Now, what does this all have to do with Windows 7? The first step is upgrading to Windows Server 2008 R2. R2 came out last fall and contains updates for major security, virtualization, Web and applications. If you expect to deploy anything involving Microsoft’s Network Access Protection on your Windows 7 endpoints, you will need this upgrade, along with upgrades to Microsoft’s Forefront Unified Access Gateway 2010 (part of its Forefront family of security products).

R2 has some significant improvements in security policies. Earlier Server 2008 versions were more difficult to validate  how healthy (meaning virus-free) any particular endpoint was, requiring separate health policy servers for different health validation configurations. Now a single server can specify multiple configurations to match particular circumstances. For instance, you can set PCs on your LAN so that they must match criteria [that are different for users connecting via remote access compared to occasional laptops that consultants bring in. Health checks can test to see if the firewall is enabled, look for current anti-virus and anti-spyware signatures, and determine whether automatic updates are enabled.

Windows Server 2008 R2 also has a better built-in firewall. Earlier Windows Server versions could only have a single firewall policy active at any given time. If you had a server with multiple network adapters installed, this made for awkward configurations. In R2, you can have a different firewall policy mapped to each adapter.

Plus, R2 looks a like lot Windows 7 user interface, with similar taskbars and menu styles. Consistent interfaces are good.

Speaking of looking a lot like Windows 7 interfaces: You’ll want to upgrade your Visual Studio software to the latest 2010 version if you want to create the new Windows 7 ribbons and icons and make use of multi-touch keypads in your apps.

Another place where Windows 7 is being seen is with Microsoft’s App-V services, which is its line of applications virtualization tools that it bought from Softricity several years ago. If you ever wanted to run two different versions of Office, or IE 7 and IE 8 browsers on the same desktop, then these tools will enable this and protect one application from running into another. Version 4.6 adds support for running on Windows 7. This is an area that is seeing a lot of innovation; Symantec and VMware are other major players in this space.

Finally, there are some other noteworthy servers to mention. These include Microsoft’s Storage Server, which forms the basis of a storage network with the right combination of hardware. You can’t buy it directly, but it does form the core of numerous OEM storage products. And no surprise, Dell is one of the OEMs with its PowerVault NX3000 NAS storage system. And we have already written about Microsoft’s free cloud-based storage system called Skydrive here. While these don’t have anything to do specifically with Windows 7, they are pretty cool things to keep in mind.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

No doubt you’ve standardized on many applications, from spreadsheets and presentation tools to word processors and customer relationship management. But how many IT executives can guarantee that end users are running only corporate-approved tools? Who truly knows how many user-downloaded tools, orphan applications, and customized programs lurk throughout your network? The only way to be certain, then, is a PC to laptop treasure hunt to locate all applications and test their compatibility with Windows 7 before entering the migration fray.

After all, 54% of IT executives cite application-testing as the most successful way to mitigate deployment problems, according to a March 2010 report by Info-Tech.  While smaller businesses may solely depend on off-the-shelf software, larger companies’ software mix also often includes proprietary, customized, and non-IT installed applications, says Mark Tauschek, director of research at the London, Ontario research firm.

“Certainly, for large enterprises the biggest pitfall is application compatibility,” Tauchek says. “Custom-built or customized software could be kind of a showstopper.”

While upfront testing make seem a time-consuming pain, not testing applications for compatibility could well result in lost productivity for end-users, increased stress on IT personnel, unacceptable system down-time, the potential for lost revenue, and overall disillusionment with Windows 7. The last thing you want to hear is, “This used to work when we were on the old system.”

“This is an ongoing process and procedure that is monitored continuously. IT is viewed by many business users as a commodity and something that can be self-service,” says Mark Buechler, principal and CTO at m.b.consulting.

PC by PC

In addition to using third-party applications and Microsoft offerings, such as its Application Compatibility Toolkit 5.5 and Microsoft Assessment and Planning (MAP) Toolkit, IT professionals should conduct time-intensive and accurate manual software audits, recommends Tauschek. While this may elicit groans, it is the only way to ensure no orphan application or department-installed favorite is overlooked. Unlike tools that accurately detect and test network-attached hardware, no automated solution delivers a 100% guarantee of accuracy and completeness, he says.

“I can inventory my hardware with a free tool and see if my hardware will be compatible with Windows 7. The challenge with automated application compatibility tools is they will go out, inventory, and check for compatibility with known apps but a lot of companies have tools built in-house within business units that have become business-critical applications,” says Tauschek. “They’re not necessarily on the radar of IT from an application inventory perspective, and might get missed by that tool.”

Often these non-standard or custom applications power-up the heart of a company or department, agrees Rudy van Dalen, technical consultant at Platani Nederland B.V., a Dutch consulting and integration firm with many clients that plan to migrate to Windows 7 in the near future.

“A lot of companies have customized or proprietary software that is many times more important for business continuity,” van Dalen says. “In my opinion, you cannot skip this part. Depending on the IT infrastructure and how many rights users have on their workstations, you really need to  do this.”

Even standard applications may not have a Windows 7 migration path. “At my Life Science industry clients, Windows 7 (and Vista) are currently incompatible with their Quality Management Systems,” says Buechler. “The vendor of the QMS does not yet plan to port to Vista or 7, so, much testing would be required.”

Some businesses may have a less onerous challenge. Armada Services, an Australian IT service provider, prevents end-users from downloading software, preventing the use of non-standard applications on company-owned PCs and notebooks, says Phillip McSherry, senior technical engineer and Windows 7 SOE project manager, who oversees the firm’s migration from Windows XP SP3.  ”SOE is managed via Altiris Deployment Solutions so users cannot install applications on workstations,” he says.

Through the Obstacle Course

IT departments are not facing this challenge alone. Many well-established consulting firms offer application-testing services, including the all-too-tedious task of inventorying each and every piece of software in-use. On the other hand, Platani clients generally use internal staff for application inventorying and testing, and turn to the consulting firm for guidance and problem-resolution recommendations, says van Dalen.

“It’s really about the internal capabilities. I think there’s certainly a place for many organizations to outsource that activity,” says Tauscher.

Businesses also may opt for application virtualization, which abstracts users’ applications from their systems. Virtual applications — including updates, add-ons and settings — can then run on any operating system.  This creates a consistent user experience, regardless of OS, and was designed in part to reduce incompatibilities and the costs associated with regression testing and upgrades.

Armada Services hosts all proprietary software off-site using Citrix, says McSheery. “A pilot group did test the functionality of Citrix-based apps,” he says. “The main issue uncovered with app testing was 64-bit compatibility. This forced us to revert to a 32-bit SOE as opposed to the originally-planned 64-bit SOE.”

While you’re testing your internal applications, independent software developers are scurrying to ensure Windows 7 compatibility. The Microsoft Compatibility Center features a growing list of applications that work well with Windows 7 in 32- or 64-bit. Another list offers a summary of those that have pledged to support the new OS.

“I think the first step to take is to ask the software vendor is there is a version that is compatible with Windows. Second option would be to test if the software would run in Compatibility Mode,” says van Dalen. “If not, maybe Application Virtualization will do the trick. The last and least preferable option would be to look at MED-V.”

For its part, m.b.consulting now runs 32-bit Windows 7 on mobile devices and 64-bit Windows on PCs. “We all have XP and Vista Virtual machines on Sun’s VirtualBox for incompatible apps and testing,” Buehler says. “Windows 7 has operated well.”

Sure, spending time and money inventorying software and testing them for compatibility may be time-consuming and onerous; but it is far less painful than rushing into an implementation, only to slam into the even more costly and disruptive problems untested, unknown applications can create.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

The era of mechanical hard disks lasted for decades. Now it’s over. Extremely fast and energy-saving solid state disks are entering the stage. But the ‘90s rules of storage maintenance, like a casual round of Defrag, don’t apply anymore. In fact, treating an SSD as a regular hard disk might be potentially harmful. Learn how Windows 7 treats these new storage devices and what common SSD myths you need to avoid.

They’re silent, contain no moving parts, consume less energy, and everyone who has installed one of the recently released Solid State Drives (SSDs) notices dramatic speed improvements.

SSDs are a major advance in technology; how they work and if they’re useful in your infrastructure is greatly explained in the article, Switch from a Hard Disk to an SSD with Little Fuss and Bother. A look at today’s segmentation in the SSD market is found over at Anandtech. Study these guides carefully to see if solid state technology is a feasible solution for your enterprise environment.

Whether you upgraded all PCs (or servers) to SSD or just deployed computers with SSDs preinstalled, there are a couple of new house rules to consider. And there’s tons of bad advice floating around that you need to avoid, as well. In this guide, I show you how to set Windows 7 for SSD and what settings you should stay far away from.

SSD Rule #1: Don’t Defrag Your Hard Disk

Ever since the golden age of DOS, defragmenting the disk was essential for peak performance. Nowadays, Windows 7 automatically turns off Disk Defragmenter on an SSD drive. And it does so for a good reason: Read operations are performed extremely fast on all modern solid state drives. Accessing data that is spread across the drive happens so fast that defragmentation wouldn’t improve anything. In fact, Disk Defragmenter would add unnecessary write operations which in turn could potentially reduce the lifespan of your SSD disk.

The test: To be sure, this theory needs to be proven with a couple of real-world scenario benchmarks.  I measured the performance of a heavily used workstation in our infrastructure; the built-in 256 GB SSD has been running for months, 24/7. It’s safe to say that a couple of terabytes have shuffled around over its lifespan. I benchmarked the performance before and after using Windows Disk Defragmenter, to see if it brought any speed gain:

No! As you can see, performance did not improve at all; in some cases it just got a bit worse, in fact. I performed each benchmark three times to get exact results.

Make sure Defragmentation is turned off. Windows 7 uses two techniques to determine if the disk is an SSD drive. First, it checks a couple of device IDs and finds out if the device categorized itself as a solid state disk. If the drive keeps this information hidden, Windows 7 performs a simple benchmark and determines if the read performance is on a typical SSD level. If it confirms that, it should turn off Disk Defragmenter. However, as mentioned in many technical forums, for example on TechNet Social, Windows 7 doesn’t do that.

To be on the safe side, you need to make sure that Windows Disk Defragmenter doesn’t automatically run on a schedule. Here’s how:

1. Launch Disk Defragmenter: Click on the Start orb, type in “Defragmenter” and hit Enter.

2. Make sure that your system drive is not included in the regular defragmentation schedule. Click on “Configure schedule” and then “Select disks.” Confirm that the Windows 7 partition (marked with a little Windows icon) is unchecked:

SSD Rule #2: Understand Superfetch, ReadyBoost, and Prefetch

By default, Windows 7 is supposed to disable its three performance boosters, SuperFetch, ReadyBoost, and Prefetch. These features are designed to cache as much data as possible into RAM and to help Windows 7 pre-load files. This results in programs launching faster; Windows boots quicker.

However, on SSDs, performance while reading files is generally excellent. Which is why on all recently sold solid state drives, these Windows 7 performance features are all disabled by default. Digging deeper into this, I figured out that SuperFetch, Prefetch, and ReadyBoost apparently weren’t disabled on our system with a pretty fast SSD. See for yourself:

The Superfetch service was running…

Prefetch and Superfetch settings in Windows 7’s registry were set to “3” — in other words, “Enabled”…

…and both Prefetch and ReadyBoost folders were filled with files and updates regularly. These folders contain all pre-load data that Windows 7 uses to launch applications faster.

I wasn’t the only one surprised by this behavior. In fact, there is a huge discussion going on at Microsofts TechNet forums about this. So what is going on here? Can’t Windows 7 recognize the SSD successfully? Why aren’t these features disabled?

My theory and tests: I believe that Windows 7 successfully disabled all these features and doesn’t use them, despite the fact that they are “enabled” in the registry and as services. Here’s why: Even when I disabled Superfetch, ReadyBoost, and Prefetch manually and deleted the content of the “Prefetch” folder, performance did not change much. Here are the test results:

I performed each of the tests above exactly three times, in total 54 individual tests, and noticed next to no differences in performance – no matter if Superfetch and Prefetch were both disabled or not. Disabling those on a Windows 7 PC with an old-school hard drive would have resulted in a terrible slow-down, with longer boot-up and start times taking twice as long.

I can only draw one conclusion: Superfetch, ReadyBoost, and Prefetch might be running in the background, but they are not actively enhancing performance on your PC. As Microsoft stated in its own Engineering Windows 7 blog:

“If the system disk is an SSD, and the SSD performs adequately on random reads and doesn’t have glaring performance issues with random writes or flushes, then Superfetch, boot prefetching, application launch prefetching, ReadyBoost and ReadDrive will all be disabled.”

My advice: If you don’t use a first generation SSD in your infrastructure, you can safely assume that Windows 7 disables these features automatically. Disabling these features doesn’t make a difference. In fact, on a very old SSD, it might cause problems, as Microsoft stated:

“Initially, we had configured all of these features to be off on all SSDs, but we encountered sizable performance regressions on some systems. In root causing those regressions, we found that some first generation SSDs had severe enough random write and flush problems that ultimately lead to disk reads being blocked for long periods of time. With Superfetch and other prefetching re-enabled, performance on key scenarios was markedly improved.”

SSD Rule #3: Leave Pagefile.sys on Your SSD

I hate when websites, magazines, and technical books spread Windows myths. This one’s pretty popular: Some sources claim that moving the page file (pagefile.sys) off of your SSD and onto a mechanical hard disk improves performance. Wrong! Never follow this advice! Windows 7 performs mostly smaller read operations on Pagefile.sys, which is where an SSD shines. Smaller random reads are, in fact, an SSD specialty. Leaving pagefile.sys on the main system drive actually guarantees maximum speed.

SSD Rule #4: Don’t Disable the Windows Search Index

Another rumor I hear and frown upon very often goes like this: “Disable Windows Search index on a Solid State drive. This will prolong the life of your hard disk as indexing causes a lot of hard disk activity.” I couldn’t disagree more.

In fact, Windows Search is a very beneficial feature for SSDs. Yes, on its initial run, Windows Search Index causes a lot of read activity as it indexes tens of thousands of files and e-mail messages. But as soon as that’s done with, the index stays in the main memory of your machine. As soon as you perform a search query, Windows 7 only browses through the index instead of looking for files on your hard disk. Only if you actually open a file is the SSD accessed.

I hope I helped you figure out the right settings for your SSD and don’t fall into common myths and mis-information thrown around on the Internet.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

What can you do to ease the change when there’s a mandate to migrate to new software? You should involve people in planning, mitigate time spend fooling around with the tool, and make it as easy as you can to get people back to being productive at work.

But that’s not as easy as it sounds, especially since the people who are receiving this wonderful new software are not like you (and me). Most people who have self-selected into technology careers — the ones writing and rolling out new software — don’t mind playing around to learn new software.  In fact, we rather enjoy it.

The rest of the world ain’t like that.

To most of the world, software is a tool, a means to an end. Anything that forces someone to pay attention to the tool rather than their goal is fodder for frustration. If you’re leading a migration project, keep these points in mind:

• Futzing: Poking around and figuring out by trial and error is only fun when it’s a choice. Leaving people to learn new software by trial and error experimentation is inefficient and ineffective.  Beyond that, it’s a pain in the tush.
• Fiddling: Trying out new settings to see how they work is fun, right? Not so much. Suppose you don’t know the meaning of all the settings and options, you forgot what you learned last time you had to set up a computer, or you frankly don’t care because you just want the dang thing to work. Then fiddling with software settings so it works the way you want feels like being lost in a maze.
• Finding: Where the heck to things go, between one major release and another?  Why does new navigation make it impossible to find stuff?  I don’t know; I do know that the time spent finding items that used to be under one menu and is now three levels down in another is a pain.

Any of these — futzing, fiddling, finding — is enough to cause Frustration.  Pile them on, and you have one big #FAIL.

Beyond getting new software on to the computer, we need to focus on ways to minimize tool time and get people comfortable and capable with the new software.

Experiment First

One of the most successful e-commerce sites in the world rolls out new features to their least valuable customers first. That may seem backward, initially; but when you think about it, the decision makes perfect sense.

Each new feature makes it debut where there is least risk of depressing revenue. Engineers study the crap out of each small experiment so they understand the positive, negative, and utterly unintended effects.  Then they make refinements until they have the feature ready for prime time. For example, they know that the people who are least likely to spend much money are people who don’t have a web cookie on their browser.  But they don’t try with all the cookie-less people who visit the site. Their first experiments are with fewer than 1% of their least valuable customers.

And you should follow this philosophy in your Windows 7 migration.

Start your roll out with an area that doesn’t have first-line contact with customers, high-finance, critical deals, or operations. I do not want to imply that any group is unimportant to a company’s viability — but will revenue plummet if human resources, legal, or accounts payable slows down for a few days to learn new software?  (You may choose differently if your company is in the middle of a lawsuit or due diligence for a merger. But then, both of those count as critical deals.)

When you do your early experiments, notice what people struggle with, where they get stuck, and what they take to like a duck to water.  Notice responses that are unexpected and surprising. Fold all that information into the next rollout round.

Plan Collaboratively

Once you’ve done a few experiments, you will know more about the problems people are likely to encounter.  And you’ll have some success stories to share.  Now is the time to plan for the big rollout.

Chances are that the demands of the business will not slow down while people learn the new software. New software isn’t an exciting new opportunity; it is a stressor. There is no perfect time to transition to new software — but there are worse ones, and those are the ones you want to avoid.

Involve the people who are affected in identifying the least bad times, and schedule installation for least over-lap with periods of high-volume or tight timeframes. People don’t resist change, they resist coercion. So let the people who will feel the pain pick the time. They will be more inclined to make things work when they’ve had a say. Funny that.

Customize and Focus Training

Most people use a fraction of the functions in any piece of software. Some of those functions will be the same across the company.  But some of the frequently used features will be unique to a work group.  Customize the software training to focus on the features that are relevant to each group.  Start with the functions they rely on most, and cover the rest in priority order.

This will help reduce the futzing and finding factor.

Also, tell people what won’t change.  A colleague told me about a major organizational redesign at a chip company.  The lab layout changed, job responsibilities changed, reporting relationships changed.  Everything changed, except the color of the static coats worn in the lab.  That may seem trivial; to the people experiencing the change, it was their one bit of solid ground.

Leave Some Help Behind

A one-hour overview isn’t usually enough to bring people up to speed. Neither is a one-day workshop.  People need time and practice to integrate new learning.  But don’t make them look everything up in the binder, manual, or on-line forum.  That’s tool time that takes people away from their goals.

A custom cue-card that matches each group’s need will reduce futzing and finding.

Better yet, leave a power user behind in the department for a few days to be on-site and available immediately to answer questions, guide, and coach.  A power user is the kind of person who can cut the fiddling factor.

The stay-behind-support person can also create Information Radiators to make it easy for people to find answers to their questions. Information Radiators work on two levels.  First, a question and solution Information Radiator lets people know they aren’t alone in having questions, which makes it easier to speak up rather than struggle on.  Second, when questions get answered quickly, the anxiety level goes down.  It’s even better if someone from within the group can provide the answer.  That expands the pool of knowledge and begins to establish confidence that group members can help each other. It also shows they are building proficiency.

Is this more work for the implementation trainers?  You bet.  But it also means accelerated productivity for the groups who keep the business afloat.  And that’s what it’s all about.

Direct costs of the software conversion are easy to count. Costs of lost productivity are harder to count. The cost of damage to the partnership between business and IT organizations is catastrophic.  You can’t eliminate the pain of a software conversion; however, you can reduce the time people have to spend futzing, fiddling, and finding.  Sure, some people will be frustrated.  That’s inevitable. But when you focus on the people, you’ll avoid the big #FAIL. You may even learn something useful and make some friends along the way.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

We like to imagine that every OS installation will work just as well as the vendor promises. When things don’t work out, identifying and remedying the case of failure can be time consuming and frustrating. This lesson in “how to determine why Windows 7 didn’t install” may help you troubleshoot a problem of your own – and save you from a Lost Weekend.

Over the past 13 months—that is, starting in March, 2009, when I began work on a book entitled Windows 7 in Depth—I’ve worked more or less constantly with Windows 7 across all of its versions. Because my responsibilities on the book included the OS install and configuration chapters, I probably installed Windows 7 over 200 times just for that project alone (it ended in July, and the book appeared in August). Since then, I’ve installed the OS at least another 200 times for other projects and tests, including various netbooks (Asus, Dell, MSI, and so forth), notebooks (Dell, HP, Asus, Acer, MSI, etc.), desktops (Dell, HP, Asus, and Velocity Micro, plus numerous DIY systems put together from components). Until a couple of weeks ago, I never encountered a single problem that stopped me from installing Windows 7 itself.

But when I decided it was time to switch my primary test system over from Windows 7 Ultimate x86 (32-bit) to Windows 7 Professional x64, I ran straight into a brick wall. See Table 1 near the end of this story for a detailed description of its initial and final components, plus other components I tried, as I worked my way through problem diagnosis and repair. In this article, I describe the sequence of events that occurred, explain how I finally diagnosed and fixed my problem, describe the vendor’s response to my problem report, and then meditate on what I learned through sheer dint of effort while working through this incident. My hope is that others can benefit from my experience without necessarily making the same missteps that I made along the path from problem discovery to diagnosis to ultimate solution.

I started my adventure using Microsoft’s excellent Windows 7 USB DVD Download Tool, combined with an ISO for Windows 7 Professional x64 that I downloaded from MSDN thanks to my Premium subscription to that service. This tool can build a bootable DVD or USB Flash Drive (UFD) using its own built-in smarts and the ISO file that you supply for it to use as the target for an install image. Under the hood, the tool uses the Windows Pre-installation Environment, aka WinPE, to build a bootable installer. (It also doubles quite nicely as a repair tool, when you can’t get your hard disk based version of Windows 7 to boot, for whatever reason.) I chose the UFD option because it’s faster than the DVD version, probably because it’s quicker to access flash memory chips than spinning optical media.

Having built the proper UFD, I restarted my test machine, then tweaked the BIOS so I could boot from that device. In under a minute I was into the Windows 7 install process. Alas, in under two minutes that install was dead in the water.

When you start installing Windows 7 you begin by watching the WinPE environment come up. You see a Vista-like progress bar while a stripped down Windows kernel loads, so that it can manage the install process on your PC. Then you work through a couple of initial install screens (the initial screen asks for your language, time and currency format, keyboard or input method, after which you must either click “Install now” or elect the “Repair your computer” option instead—this is all nicely depicted on Sean Sexton’s “Sean’s Stuff” website if you want to follow along as you read this story). After that, you agree to the EULA and specify an upgrade or a Custom (Advanced) installation.

I chose Custom (Advanced) because if you’re switching from 32- to 64-bit Windows, you have to perform what Windows-heads like to call a “clean install,” which basically means replacing whatever Windows installations are present on the drive. In fact, this being a test machine, I also used the advanced drive options on the next screen (“Where do you want to install Windows?”) to delete all partitions on my target system drive, and then built a new set of partitions to house my equally new Windows 7 installation. All this usually takes less than 60 seconds to complete, once the initial select language screen appears. Next up comes a screen that tracks progress for the installation process:

First, Windows 7 copies all the compressed files from the installer onto the target drive, then it begins to decompress (expand) those files so it can use them to perform the installation process. This is where my installation hung every time I tried it. I worked through somewhere between 20 and 40 additional installation attempts on my test machine before achieving a fix. For some reason, the installer couldn’t get past expanding files, and it would hang somewhere between 42% and 62% complete (one time it got as far as 94%, leading to the false hope that “it might just work!”). Obviously, something in my system was causing the installer to hang, but what could that be?

Banging My Head Against the Wall, Because It Feels So Good When I Stop

My initial thought was that some kind of glitch in the ISO image simply hosed the installation. It takes about 15 minutes to rebuild a new UFD from an ISO file using the Microsoft tool mentioned earlier, so that’s what I did. But when I re-ran the installation, it hung during the expanding files phase once again, and I had to decide what to do next. I tried the UFD on a different test machine (one already running Windows 7 Professional x64 successfully) with the simple expedient of slapping in a new drive in place of the existing system drive, and the process completed without a single hitch. Obviously something specific to the “problem PC” was the culprit.

That’s when I started trying BIOS variations, thinking that my recent tinkering might be borking the installation process. I ended up using factory defaults, with only a few minor tweaks to let me use my USB mouse and keyboard during the install process. I repeated that action at least half-a-dozen times, observing that while the install always hung during expanding files, it seldom hung at exactly the same completion percentage value (though 61% and 62% emerged as “favorites” over time). This took me to between 10 and 11 PM on my first day working on this project, at which point fatigue, plus family and work responsibilities for the following day kicked in and I knocked off for the night.

Working Through the Possibilities

After having slept on my situation, I decided it was time to change out some components in the problem PC. Because I’d recently been through some serious BIOS shenanigans on that computer’s Asus P5EQ3 motherboard, I immediately jumped to the conclusion that the motherboard was at fault, and should be replaced. Thereupon, I ordered a replacement—an Asus P5E3 Professional, a somewhat simpler remake of the P5EQ3 already present in the test machine, but with newer chipset and a simpler layout—so that I could rid myself of what I perceived as the obvious culprit.

Three days later, UPS delivered the P5E3 Pro to my door, on a Friday. The next morning, I jumped out of bed at an earlier-than-usual time to give myself the opportunity to tear out the old and insert the new motherboard. This took somewhere between 60 and 90 minutes, after which I inserted the UFD, fired up the computer, and once again resumed the Windows 7 installation process. To my utter astonishment and despair, the installation got to the expanding files phase and hung again. Obviously, my problem was not the motherboard.

That’s when I decided it was time to do some serious and systematic troubleshooting. I thought to test all of the major system components until I finally hit upon the real culprit. I then proceeded to isolate and replace every major system component, to see where the problem originated. Depending on how much rebuilding was involved between components, it took me anywhere from one to three hours between test runs to eliminate possible sources of my troubles. Here’s the order I followed in going through these motions, having unequivocally eliminated the motherboard as the source of the difficulty:

• Memory: a regular culprit when chasing down odd system behavior, I switched the Super Talent DDR3-1600 2 GB modules for some older, and well-tried and trusted Super Talent DDR3-1066 1 GB modules instead. No change.
• Hard disk: I swapped the Seagate 7200.11 320 and 400 GB drives I’d been using for a WD VelociRaptor 300 GB and later, a Samsung Spinpoint 1 TB 7200 RPM drive. Still no alteration in the problem.
• Graphics card: I ditched the Nvidia 8800 GT I’d had installed in the machine for a fanless Nvidia 9600 resident in my other P5K test machine. Nothing doing.
• Cables: I switched out all the removable cables in the system for brand-new cables still in their sealed plastic bags from my box of motherboard spares. Same hang.
• Power Supply: I ran the Newegg PSU calculator: it said I needed 612 Watts for my system as configured. I was using a nice little Antec 400 Earthwatts PSU (oops!), so I ran down to Fry’s and picked up a Thermaltake 650W 80-plus model for about $100. Again, it hung at “expanding files.”
• Case: Reasoning that a short in the case might be causing my problem, I yanked all of the innards out of the Antec Nine Hundred in which they were housed and rebuilt the system on an open bench case (framework, really) I often use when benchmarking components for Tom’s Hardware. Same problem all over again.

The Culprit Finally Apprehended

At this point, there was one and only one component of my system I hadn’t swapped out, mostly because I didn’t have a spare quad-core 775 LGA CPU laying around. So, after researching my options and talking with my good buddy and fellow Tom’s Hardware contributor Tom Soderstrom, I ordered a newer mid-range Q9400 processor. Another three day break from troubleshooting occurred, and I managed to get some other work done, while once again waiting for the UPS guy to ring my doorbell and drop off my latest prize.

It was with fear and trembling that I unpacked the Q9400 from its retail packaging to rip out the QX9650 and replace it with this newest acquisition under the Zalman CNPS9500 I use as the cooler for this build. Fortunately for me, a long-barreled magnetic screwdriver let me gain access to the cooler’s hold-down screws, and its drop-in package made the CPU swap both quick and easy.

Within 40 minutes of receiving the new CPU, I was running the Windows 7 Pro x64 install UFD. The biggest time waster turned out to be cleaning off the Arctic Silver thermal paste I got on my fingers while removing the old QX9650. I watched the percentages climb during the ”expanding files” stage with fingers crossed and hopes high. As the number hit 100% and the install program switched over to the next phase of the process (Installing features), I heaved a huge sigh of relief and readied my license key for the next step of this seemingly interminable adventure in troubleshooting. “I’ve got it fixed!” I announced to my wife, Dina, when I ran into the kitchen to tell her my troubles were behind me.

Table 1: Pieces and Parts in This Tale of Two Systems

The Initial column identifies what was in the system to begin with, the Tried column identifies what other elements were tried as replacements, and the Final column names what is now in the stable current configuration.

I Should Have Known Better…

In switching from the old Asus to the new Asus motherboard, however, I’d neglected to research the BIOS settings thoroughly. Once I got the install completed, I once again found myself the victim of multiple crashes, during the post-installation phase where Windows Update catches the static OS image from the ISO up with all the latest updates and fixes. Alas, when you crash while applying updates, you’re better off blowing away the install and starting over, so I got to go through three more installs that evening before the witching hour brought another troubleshooting marathon to a close. My first panicked diagnosis was “Gremlins!” but of course I knew that couldn’t be the case…

When I got up the next morning, I answered my question “Why is the system so unstable?” when I checked the BIOS settings and found the Asus AI Tweaker turned on by default in the P5E3 Pro. Because I installed DDR3-1600 memory, the tweaker pushed the FSB speed up to 400 MHz to match that speed. The standard 8 multiplier for the CPU clocked a 2.66 GHz part up to 3.2 GHz, and proved to be more than the system could handle. I dropped the FSB rate to 300 MHz and everything worked fine—until I upped the memory from 4 GB to 8 GB. At that point, I had to turn the FSB rate down to 250 MHz to achieve stable operation. That system has been running non-stop for six days with nary a glitch nor fault.

Achieving Plausible Deniability

I contacted Intel to report my findings and got the following response from George Alfs, who covers desktop processors for Intel PR, “Intel modern processors work on both 32- and 64-bit versions of Windows 7.” Despite my contrary experience with this unsupported and unwarranted engineering sample CPU from Intel, I’d agree with that remark. In fact, of the 30-plus Intel processors I’ve installed Windows 7 on, this one is not only the single solitary item I’ve had any problems with at all, it’s also the only freebie engineering sample I used.

Nevertheless, I found it interesting that despite my exhaustive efforts to pinpoint the cause of my trouble, and the fact that only swapping the processor caused my problem to go away, Intel wasn’t willing to consider let alone concede the possibility that one of their CPUs might be the cause, engineering sample or otherwise. I even offered to return the part so they could confirm this for themselves, but that offer was politely declined—again, because it would involve spending time on an unsupported and unwarranted part. I don’t blame them, but I do find it interesting.

Musings on the Nature and Art of Troubleshooting

One of my favorite quotes from the 19th century master sleuth Sherlock Holmes goes like this: “… when you have excluded the impossible, whatever remains, however improbable, must be the truth” (The Adventure of the Beryl Coronet). In retrospect, looking over the progress I made in identifying, diagnosing, and solving this problem, I can’t help but think that my initial unwillingness to consider the CPU as a possible culprit forced me to solve the mystery through the only method guaranteed to eliminate the impossible and highlight the improbable item that turned out to be at fault—pure brute force and process of elimination.

On the other hand, nothing beats a thorough, comprehensive process of elimination when it comes to identifying causes and taking appropriate action. If I hadn’t tackled the systematic examination of every major possible system component, and swapped each and every one of them out with known, good, working replacements, I wouldn’t have been able to pinpoint and replace the problem part. Too bad my biases steered me to swap out the CPU dead last, or I could have short-circuited the process somewhat. But then, I wouldn’t have had the chance to learn as much as I did, and to be reminded of the value of focus and systematic coverage when it comes to effective troubleshooting techniques.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!

It’s going to happen, sooner or later. Your boss will turn a baleful eye at the development and IT staff and say, “I’m sure all our software will run under the new OS. Won’t it?” You’ll be tempted to gulp and stammer out a half-hearted answer that confirms the executive’s preconceptions about IT (oh dear) and leaves them with an opportunity to later wail, “What do you mean, ‘We can’t run payroll’?!” We can’t have that, can we?!

There’s three steps in the process of application migration: information discovery, research and rationalization, and the actual application migration or upgrades. (I leave the how-to on the last item to another discussion, though I like to think that Windows 7 Development Gotchas is a start in that direction.) In this article, I provide you with some guidelines about how to approach the problems of “What do we have, and what are we going to do about it?” courtesy of a conversation I had a few weeks ago with Jefferson Raley, Manager of End User Computing at Dell’s ProConsult (and a presenter in the first IT Expert Voice webinar [free download, registration required]).

Whatcha Got?

The first step in any company trying to assess its inventory of software is to determine exactly what applications are installed and being used, Raley explained to me. There’s several ways to go about this, some of which seem clever but don’t necessarily solve the problem.

For example, you could use various software tools to examine the applications listed in any given PC’s “Add/Remove Programs” – except that lots of applications don’t use the Windows installer routines, especially custom in-house applications. In addition, some items displayed in “Add/Remove Programs” aren’t precisely applications; they’re components and drivers. This discovery method will give you an incomplete list and, probably, a false belief that you know what you have in inventory. The technical term for this situation, methinks, is “tempting fate.”

Another obvious “solution” is to use your favorite scripting language to search PCs for every .exe file. It won’t take long for you to put the kibosh on that idea’s effectiveness, though personally I fear that someone higher-up in your corporate organization chart may not twig to the problem. Any “count the .exe” game will generate, says Raley, “an infinitely long list of garbage,” collections of meaningless file names, and no clue whatsoever about the applications the company actually uses. Microsoft Word alone has about 50 .exe files, for instance. This discovery plan is actually a distraction, because what you really want to do is check a single tick-mark for “Yes, we have Microsoft Word installed on this computer.”

Your real intention is to count applications, not executables, and it can be hard to know when to stop looking. According to Raley, in Dell’s experience a company with 10,000 employees typically has about 800 applications. Moreover, that application-to-employee ratio holds true across industries (at least for medium-to-large firms). That is, a company with 1,000 employees should expect to find that they have about 80 applications, perhaps 100 at the most. A few industries will support more than that 8-10% ratio, particularly any business in the medical field and tech firms (presumably because we geeks love to create applications at the drop of a hat, such as command-line utilities to count how many .exe files there are on a computer). That 8-10% percentage alone should give you a yardstick to work with, anyhow.

Dell approaches the problem with its large enterprise customers by using its Titling Engine service, which runs against client PCs, identifies the executables, massages it with metadata, and creates a report including the type of application. Dell’s isn’t the only solution, of course – Microsoft bought Asset Metrics a few years ago and turned it into a Software Asset Management system, for instance, and there’s also similar functionality promised by Express Metrix. Whichever one you choose, keep in mind that the primary goal for these enterprise applications and services is software license management; they were built to help a business ensure that it isn’t running 100 copies of Whatever Pro but paid for only 50 copies, and vice versa – either of which is a Dire Emergency On The Hoof. However, Raley says, these tools also do an excellent job at this “figure out what apps we really have” task during an OS migration.

I don’t think those solutions have a way to measure the in-house applications your own developers created, though I could be wrong about that. And there’s no way to evaluate whether the old Web applications your company wrote for IE6 necessarily will run on IE8, which is included in Windows 7. But it’s a start.

That’s What We Have. But What Do We Need?

The list of applications-installed is just the start. As individuals, many of us have old applications installed that we haven’t run in years, but are too lazy, unmotivated, or bound-by-IT-policies to uninstall them. Multiply that by a thousand enterprise users, and it’s likely that you’ll find 11 PC backup applications installed across the company, with none of them in use. (What do you mean – I don’t need those backup tapes anymore?!)

The next step, therefore, is to filter your list of corporate applications into three piles:

• What can I get rid of? For example, the company probably can get rid of 10 of those 11 backup utilities. Pick one to be the company standard and chuck the rest.
• Which apps are the no-brainers to keep? To use our original example of an enterprise with 10,000 employees, it’s likely that the IT department already supports 100-200 of the company’s 800 applications.
• Now, deal with everything else.

Naturally, it’s the third category which will take all your time and (I’m sorry to depress you like this:) require a bunch of tedious meetings with the IT staff, development team, and the user community. (At least you can count on plenty of doughnuts during those interminable meetings. Make mine chocolate.)

Of the remainder: On how many seats is that application installed? According to Raley, if an application is installed on 70% of seats, IT probably should be supporting it anyway. Your IT department should be ready to (or at minimum, resigned to) spend money on application testing and possible software upgrade expenses, whether that means upgrading a third-party application, convincing the development department to test the old application for compatibility with Windows 7, or taking the time to consider alternatives (such as, “If we have to change, maybe we should migrate this old ASP.NET site to the cloud”).

Raley cautions: The long tail is very long. You’re sure to find plenty of real, necessary applications that are used by only a handful of users. Deciding what to do with the remaining applications – whether acquired from a third-party or home-grown – may involve quite a bit of user foot-stamping, CFOs carrying on cranky, and other reasons for you to collapse at the end of the week thinking, “Thank God It’s Friday.” Don’t say I didn’t warn you.

For each application, your migration team has to decide whether to retain it, retire it, or rewrite it. From the CIO’s viewpoint, the primary decision criteria are:

• the application’s licensing costs
• for what purpose the business (or department) is using the software and whether they can justify it (i.e. exactly why are we paying for the Accounting team to have PhotoShop installed on all their PCs?)
• support costs (does this application make the Help Desk cry?), and
• the vendor’s roadmap. (This assumes the vendor has a roadmap; if the vendor is out of business, it’s definitely time to move to another, supported application.)

According to Raley, large enterprises rely largely on in-house developed applications; typically, a third to two thirds of the company’s software is custom-written. Still, he says, that leaves hundreds of commercial, off-the-shelf applications, most of which can be checked against Microsoft’s application compatibility charts.

This research-and-rationalization phase doesn’t have to be awful. IT managers may choose to see the Windows 7 migration – and the budget allocated for that transition – as an opportunity to clean up all the “junk” that the company has collected over the years. Think of it as a trigger event, suggests Raley, the way that a house move is a good excuse to clean out the garage. After all, if you deploy one of the software inventory applications and discover that you’re paying for, say, twice the number of Microsoft SQL Server licenses than the company actually uses, you may be able to crow about a significant amount of long-term savings. You might not be able to justify the use of one of these tools on its own, but the Windows 7 migration gives you a good excuse.

Want more like this? Sign up for the weekly IT Expert Voice newsletter so you don’t miss a thing!