Of all the problems with making the twenty or more user identity federation protocols in active use today work together, the most prominent is this: The standards upon which all those protocols are based are themselves moving targets. Thus a fixed solution one month may fail to work next month.

“In order for us to build interconnected systems, we need to have some agreement between all of the people who are going to be using this software and the vendors, on what the standards are for interconnecting identities,” said Stuart Kwan, Identity and Access Group Program Manager for Microsoft. “I don’t know if I would characterize it as any one vendor who is leading here. We all have to work together to make things happen, and Microsoft has been involved with a lot of the standards bodies in this area, in OASIS, in the IETF, and increasingly, other places where these standards have been advancing. . . We’ve been making a pretty major investment in engaging in these conversations, both in the industry and in standards bodies, to help move the ball forward with everyone else.”

Many will recognize OASIS as the standards group behind OpenDocument, the format used in Sun OpenOffice and other Microsoft Office competitors, and Microsoft’s rival for the desktop as recently as 2007. Now Microsoft finds itself working in cooperation with OASIS in the development of Security Assertion Markup Language (SAML), one of the many challengers in the overflowing field of claims-based identity, and the focus of Active Directory Federation Services 2.0, released in May 2010. SAML is also backed (though not always exclusively) by Novell, CA, Siemens, and IBM. SAML now competes in this space with another standard which had been the earlier focus of Microsoft’s expansion into claims-based territory: WS-Trust, one of the WS-* (pronounced “W. S. Star”) specifications that is managed by the OASIS standards group, with the help of IBM, Siemens, and the rest.

In the emerging world of “openness,” entities now openly compete with themselves. Interoperability, as Microsoft has managed to demonstrate in every possible way through its history, bites.

Can a Solution Just Compose Itself?

A glimmer of hope recently manifested itself to Microsoft and all its security identity competitors, in the form of an almost other-worldly new concept. Called composable Web services, it’s the astonishing notion that two endpoints with disparate protocols can actually negotiate new languages between themselves as warranted.

There’s no counterpart for this in reality, so I’ll supply one from fantasy: Suppose peoples living on two separate continents spoke completely different languages. These peoples evolve normally, the exception being that their capacities for language increase at ten thousand times normal speed. One week, a nationality is just learning the basics of Linear-B; the next, it’s using telepathy. Any translator who facilitates a communication between continents one week, won’t be able to translate a discussion between the same parties the next week.

So the translator tries this solution: He devises a process for quizzing parties on both continents about the subject matter of their typical discussions. With results supplied from both parties, he compiles a common taxonomy of concepts between them. He can refresh this taxonomy as warranted, as the two people’s languages evolve, but the taxonomy stays fresh. And how he reads the taxonomy doesn’t have to be translated to anyone else except himself. He can share his methods with others, and those methods may work elsewhere, but the taxonomies they produce are exclusive to them.

In the real world, that taxonomy would be called metadata — in this instance, the basic elements of exchange between Security Token Services (STS) endpoints.

“As we see applications wanting to connect to applications, we’re definitely going to see a need in the identity space for protocols to allow applications to call other applications,” remarked Kwan, “the same way that SAML addressed Web single sign-on.”

Stuart Kwan, Identity and Access Group Program Manager, Microsoft.

You can’t talk to Stuart Kwan for too long without him drawing a diagram of some sort, even if you’re just on the phone with the guy and his diagram is made entirely of words. “Let’s take a more traditional federation case, where say, I have a user who’s in the supply chain for a manufacturing company, and they’re accessing a particular application,” his verbal picture begins. “It’s a hub and spoke, where the manufacturing company is in the hub, and you’ve got all these other companies in the supply chain in the spokes, and there are users who are accessing that federated application in the hub. When the manufacturing company is creating agreements with its supply chain, how much user information should be disclosed make sure it gets the right information about the users, and what kind of information should that be?”

“Today,” says Kwan, “That’s an exercise that is pretty much done on a one-off basis, as people are creating these relationships. I think as cloud services take off, continue to grow in adoption, then we’re going to see more and more of these templatized agreements, such that you don’t need to have a one-on-one conversation with the other side. There will be ways, through things like metadata, we can determine, ‘Here’s the kind of information that you need to send.’”

The “templatized agreements” that Kwan would like to see between federation protocols are, in one sense, patterns: ideals for not only what federated STS endpoints should trade with one another in particular sets of circumstances, but methodologies for how such patterns can be realized and adjusted where necessary. Kwan went on to suggest that the metadata itself may be capable of triggering the generation of scripts whose sole purpose is resolving exchanges between STSes for just this metadata. Since the scripts are not shared entities in themselves, they wouldn’t have to be made interoperable — so for once, Microsoft could make use of PowerShell rather than XML.

“In the metadata today, we don’t talk about the values that are expected to be sent, but instead just the types. So maybe there’s room for us to put encodings on [situations where an STS declares,] ‘I expect this enumerated set of values with this meaning.’ And that’s something we think will happen in various industry verticals, where the information about a person who’s accessing a system has some specific meaning. It might be something in oil and gas versus something different in aerospace, versus something different in financial services, government, etc. In those verticals, they have particular terms and types that they use to describe people, and lists of things that are important for them to be able to agree on. . . within the realms of their [given] industries.”

Composable protocols using negotiated metadata would not, despite the imagery that appears borrowed from the Terminator series, become “self-aware;” instead, it would require constant monitoring, including someone to manage and run those scripts. Without a precise and well-considered plan for how to manage the products of these operations, the results might actually be more comparable to Jurassic Park.

The Role-Playing Game

One factor that could potentially determine whether evolution gets out of hand in the future is the limitation security engineers place today on how much information the metadata is allowed to contain. Here’s where we discover that some engineers became spoiled by the comparably rich contents of FBA’s old security tickets.

In FBA (which was not designed for portability), Microsoft and others designed security tickets (not tokens) which encoded not only the authenticated user, but data on the access privileges which the identity provider granted. In other words, not just who is this guy, but what? Is he a mail admin? A SharePoint admin? A department head? This is critical information to Active Directory.

Keith Brown, co-founder, Pluralsight

Last November, at a Microsoft conference session where the subject of metadata in token negotiation was raised, several developers and admins appeared eager to leverage metadata to resurrect role-based authentication.  In response, Keith Brown, co-founder of .NET training provider and Microsoft partner Pluralsight LLC, suggested it might not be such a good idea: “I don’t know that I would try to use claims for role-level access,” Brown told them. “Your biggest value right now in this space, which is evolving, is the federation capabilities that you’re going to get, to be able to. . . have single sign-on. Let’s solve that problem. Trying to get any finer-grained authorization like that, you’re kind of overloading something that people aren’t really trying to solve right now.”

The alternative Brown suggested involved a kind of “trust topology” (my term, not his) where federated RPs are distributed in such a way that they’re only used by clients with the same general requirements. In other words, make the RPs as vertical as the industries they serve, so they don’t have to educate each other too deeply.

“The challenge with authorization is that every app is different, so it might need to have a different, very specific set of permissions,” said Brown. “When you start factoring that up [into a common list], what you’re doing is losing control of that authorization data, you’re centralizing it, so it may be harder to change. And if that thing is not really shared across multiple apps, then I think you’re just making your life harder. So what you really want to think about is, where should a claim be issued from? It should be issued at the location in the trust chain where people can share it, where multiple things are worried about. If only my app cares about this, then really, only my app should be populating those claims.”

Since that time, however, Microsoft’s Kwan told us, security engineers appear to have warmed up more to the idea of encoding roles and privileges along with metadata. Most metadata, he said, may be comprised of numerous, ordinary switches and “knobs,” settings which may be toggled this way or that way — for example, for supporting the stronger SHA-256 encryption algorithm as opposed to deprecated, but still oft-used, SHA-1. Here’s where yet another open identity protocol — this time, the open source project OAuth — enters the picture. Used now mostly for consumer-grade Web apps, OAuth impressed Microsoft with its ability to delegate levels of responsibility for performing deeper functions within an application —responsibilities that applications would otherwise have had to guess for themselves — without disclosing data in such a way that it violates users’ privacy.

“Say I’m on Facebook and I want to find out what my MSN Buddy List is, so I can find out if any of them are also on Facebook. The old way to do this was, you had to provide your Windows Live username and password directly to Facebook in order for it to be able to go read your Buddy List — and that wasn’t desirable, obviously. So OAuth was invented so that you could delegate access to Facebook, not give them your password — instead, go log onto Windows Live ID and give Facebook directly permission to get some specific thing out of your profile at Windows Live, if only for a specific period of time. I think we’re going to see other scenarios like this, but in the more professional cases, [for example], where I have a Zoho application which wants to put a meeting reminder onto my calendar in Hosted Exchange. How is it going to be able to do that, to get the rights to do that, without really complicating the developer experience, [and] complicating the end user experience?

“As those scenarios come up, we’ll definitely see a need to make further technological advances in identity,” remarked Kwan. “I don’t claim that we’ve got all these things figured out yet, but the cloud, I think, [is going to trigger] another surge in this area, and we’ll all be working together to make those things work.”

In another era, it was often said that one company appeared to be calling most or all of the shots for technological standards. Now that Microsoft is resolved to building on top of platforms constructed by others, and in a more transparent way than ever before, it appears the shots are coming from all directions. Even with the online identity problem now ending its first quarter-century, there appears to be no single “leading candidate,” no “favorite,” not even a “default.” Just several dozen entities swimming in the same sea, each of them learning, as if for the first time, how to trust one another.

Related Information From Dell.com: Create a Network Roadmap.

Now more than 10 years old, the Apache Software Foundation has become a repository of some of the most important open source technologies.

The foundation was created to formalize the organizational structure surrounding its flagship Apache HTTP web server and to apply the same philosophy to shepherding other projects – now, nearly 150 of them.

Open source provides access to technologies to power innovation without software licensing costs, especially valuable in an economic downturn. But to use open source effectively, enterprises need to understand the tradeoffs, such as the need for developers skilled with working with open source projects rather than polished commercial products.

Justin Lundy, a systems integration and information security consultant currently working for a major bank, says every Fortune 500 organization he has worked for took advantage of a couple of core Apache components: the web server and Apache Tomcat,  which is Apache’s Java web servlet engine. “It’s the Fortune 500 companies that are truly interested in innovating that we can see adopting some of the newer projects,” he says, pointing to distributed computing and data analysis technologies like Hadoop, HBase, Cassandra, and CouchDB.

“I think we will begin to see more and more migrations away from expensive commercial data warehousing products, database products, and a growing number of enterprises that embrace open source frameworks for distributed databases and distributed data warehousing and analytics,” Lundy says.

Not that this style of computing is for everyone, given the creative chaos of the open source movement. One CIO surveyed for this story wrote that Apache technologies “are not even on our radar at the moment” because he is focused on simplifying and standardizing the technologies in his environment, rather than experimenting with new ones.

But for those feeling a little more adventurous, here are some things to look at.

Hadoop

The Hadoop project attracts buzz because it mimics the style of distributed computing used internally at Google, using technologies cloned on the basis of academic papers published by Google engineers. Using the MapReduce style of programming, developers write data processing routines that fan out across clusters of computers and feed back their results. This turns out to be an efficient way of performing data intensive tasks on commodity hardware.

Yahoo, a major backer of the Hadoop project, has incorporated the technology into its own web data analysis processes. Cloudera, a company formed to provide commercial distribution and support for Hadoop and related technologies, also claims corporations like Bank of America and Samsung as customers. Proving that Hadoop is not just for web data, Samsung says it is applying the technology to its bioinformatics business — albeit delivered as a cloud service.

HBase

A subproject of Hadoop, HBase is another clone of a Google technology, this one known as BigTable, that is used to manage very large database tables — up to billions of rows, millions of columns — with the data stored on clusters of commodity servers. This is structured data storage and analysis, just not according to relational database rules. HBase provides a BigTable-like solution that runs on top of Hadoop.

Cassandra

Cassandra is Facebook’s contribution to the field of Big Data management and analysis. Originally invented to manage Facebook user account data, the code was contributed to the Apache project in 2008 and is now maintained and refined by participants from many companies. Cassandra adopted some of the concepts from Google’s BigTable as well as published details on Amazon.com’s Dynamo distributed computing technologies.

CouchDB

Another non-relational database, designed for easy replication across many nodes and data access via a REST API, meaning that documents and records are posted to and retrieved from the database over the Web’s HTTP protocol. The BBC is one organization that has talked about using CouchDB in combination with Apache Tomcat to build a cost effective content management system that can be replicated across data centers.

Lucene and Solr

Lucene is an umbrella project for developing open source search software, including the Lucene Java library and the Lucene.NET port to C#. Solr is a high-performance implementation of Lucene Java that has been adopted by organizations such as MTV Networks for search applications on their websites.

Nutch

Lundy points to Nutch as an affordable alternative to purchasing a Google Search Appliance. Originally a sub-project of Lucene (as Solr is now), Nutch was reclassified as an Apache top-level project this year in recognition of its growing maturity. Building on top of Lucene, Nutch adds facilities for crawling, parsing, and indexing web documents.

It can also take advantage of Hadoop clusters. Hadoop actually originated as part of the Nutch project.

Tomcat

A free alternative to Java application servers, particularly for situations where basic Java Servlet and Java Server Pages technologies are required and heavy-duty Java Enterprise Edition technologies would be overkill. Tomcat can also be used as the front end to more sophisticated back-end Java technologies.

Struts

A web application framework that extends the Java Servlet API to support a model view controller (MVC) programming model. In other words, it provides a mechanism for enforcing a clean separation between the presentation of an application (the user interface) and the logic behind the application with the goal of simplifying maintenance of the code.

Several competing open source technologies fill a similar role, such as the Spring Framework.

Geronimo

Apache Geronimo pulls together many open source Java alternatives to produce a fully certified Java Enterprise Edition 5 application server.

Axis2

Axis2 is part of the Apache Web Services project. A Web Services engine for the SOAP and WSDL protocols for distributed invocation of services via XML messaging, as well as REST. The primary implementation is in Java, although a port for C is also available.

Apache HTTP

While perhaps less glamorous than some of its distributed computing brethren, the Apache web server remains the workhorse of the web, powering some 70% of all websites and enabling many applications through its extensions for Perl and PHP programming.

Deepak Agarwal, CIO for the Palm Beach County School District, says that’s still the technology from the Apache family he finds most useful, because “It supports a variety of features, many implemented as compiled modules which extend the core functionality.” He also calls the Apache web server “easy to configure and very stable” – valuable qualities for any enterprise environment.

Related Information From Dell.com: Experience the Advantages of Linux.

How often does your team find, while troubleshooting an issue, that were small warning signs leading up to the incident but no one had noticed, or there had been no context to make it clear that they were seeing a real problem? Hopefully you don’t encounter such situations very often, but it happens. A daily log review policy can help to catch some of these issues earlier before they bog down or, worse, break your servers.

One advantage to allocating time for daily log review into your staff’s routines is that they become more familiar with the day to day workings of your systems. This knowledge in turn makes unusual occurrences stand out even more than they would have before.

In its ideal form, in a daily log review the IT staff look through your infrastructure’s collective logs on a daily basis, building rules to tag events as either harmless or warranting investigation. After looking into suspect events, those system administrators (or whomever is responsible for review) double-check that none of the rules are too broad, generating false matches. Rules that don’t quite hit the mark are adjusted, and then the next day, it starts again.

Given how large an enterprise infrastructure gets, the idea of trying to review everything in a month, let alone a day, might give you hives. It’s up to you to determine how exhaustive or relaxed to approach this process.

Getting Ready

To get the most out of daily log review, it’s best to collect all of your infrastructure’s network, application, and server logs in a single place, or to index them into a tool where they can be processed simultaneously. Pulling everything together allows you to build one set of rules that apply to similar logs across every machine at once and ultimately reduces your workload. Doing so also allows you to troubleshoot issues faster because you can look at all of those logs simultaneously.

Daily Log Review is tool agnostic, but due to the volume of data, software can make the process much more manageable. Depending on your preferences and your staff’s skills, your people might be happiest with shell or Perl scripts. Many aren’t. Solutions such as ArcSight, LogLogic, Splunk, and others allow you to collect or index logs centrally or through a distributed setup. Look for tools that search your logs in real-time, looking for events that match user-created rules and firing off alerts when specific conditions are met. The more flexibility you have to add tags or fields, the better.

Before anyone on your staff gets down to the business of building rules, be sure to set policy on how harmless and problem events will be marked. You might have everyone tag them as ok or not_ok, or harmless and suspicious. Sometimes it’s hard to decide what is really harmless, as some events are perfectly harmless unless they’re in combination with others. For example, one failed SSH login isn’t a big deal, but a large number of them in a short span of time is cause for worry. Consider building a wiki that you and the IT staff can use together to make policy notes as you all grow used to doing review.

Depending on the tool you chose, you can probably build rules to watch for these combined event cases. Even better, if you’re required to do review due to regulations, some tools also offer auditing features so you can prove that your staff is following the necessary protocols.

The Process

Daily Log Review can sound more complicated than it is when spoken about generically, so let us focus on an example. Say that you expect administrators to each spend an hour a day on this process, focusing on the systems for which they’re responsible. The order of tasks should roughly follow this model, adjusting for your preferences on how much time and what level of detail you want to attack the issue.

• Start by searching for the day’s not_ok or suspicious events that are already flagged.

Investigate the suspicious events or call them to the attention of the right person. For example, a message such as this from your web server may warrant investigation into whether upload file sizes through the HTTP POST method need to be increased, with the accompanying rule looking for a collection of terms in a single event such as error PHP POST Content-Length exceeds limit:

[Sat Jul 24 06:08:55 2010] [error] [client ::1] PHP Warning:  POST Content-Length of 20556051 bytes exceeds the limit of 8388608 bytes in Unknown on line 0, referer: http://localhost/wordpress/wp-admin/theme-install.php?tab=upload

If the administrator decides false matches are pulling up events that are harmless, she might adjust the rules to not match the ok events or follow whatever protocol you choose to suggest a rule change. For example, someone might have a rule looking for Python errors but the administrator may feel that the following event really doesn’t merit investigation, as it’s fairly minor:

[Sat Jul 24 06:02:03 2010] [error] python_init: Python version mismatch, expected ‘2.6′, found ‘2.6.4′.

The administrator might suggest adding Python version mismatch as an exclusion to the current rule, and then creating a second rule assigning error python_init version mismatch an ok tag.

• Search for the day’s untagged events (neither ok nor not_ok).

Create rules and tag the untagged events. Here’s where a lot of the heavy lifting occurs in Daily Log Review. This is the spot where you might be most likely to suggest a time limit – or your staff may not get anything else done. Fortunately, since you’re working in a centralized tool across all of your logs at once, each rule created applies across your whole infrastructure.

• Search for the day’s ok events that are already flagged.

Look again for false matches. You don’t want problems slipping by because a rule was too broad and is tagging unforeseen problem events. Either adjust the rules or follow protocol for rule change discussion.

Over time, you and your staff will find a rhythm that works for your organization. Everyone will become more familiar with the daily workings of your infrastructure. People will think to create rules on their own when they see problems so that those problems will flag with an alert or just in the not_ok searches if they recur. There will still be times when you’re trapped in reactive mode, but they’ll be fewer. And you’ll have your handy new tools at your staff’s disposal when the emergencies do occur.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter.

On the one side are seven heavyweight Republican senators and the cable and telecom companies. On the other are myriad net neutrality supporters ranging from the Obama administration and the FCC to Internet-company heavyweights. The latter include all the major search engines and a large group of Internet-only services, ranging from social media giants to VoIP providers.

It’s a huge battle with much at stake.

On the one side, telecom and cable companies have invested heavily in ISP infrastructure. They resent upstarts like Google prospering on their very expensive fiber optics and last mile connections for free. Make no mistake, telecoms and cable companies have invested hundreds of billions of dollars in Internet infrastructure, without which broadband (as we know it) would not be physically possible.

On the other side, Internet companies are keenly aware that cable companies and telecoms could decide to squash competition by blocking subscribers from any sites and services that threaten the ISPs’ revenue. Can you imagine, they say, what damage Verizon Communications could do to the likes of Skype if there are no rules compelling “fair” play? Google has apparently imagined what ISPs could do to Google Voice and search; it has already poured $2.7 million (this year alone) into lobbying activities pushing for federal regulations of Internet providers.

Yet, all the public talk is about consumer access, and precious little about large enterprise impact. Lots of rhetoric is tossed about concerning bridging the digital divide — the gap between the broadband haves and have nots. But the argument is much bigger than that. It all boils down to a jostle for control of the ‘Net and that control or lack thereof will resonate through large enterprises too.

While the outcome is uncertain, the possibilities are pretty clear. The situation could remain unchanged and broadband service would fall under the Communications Act as a Title 1 information service. The situation could pivot to reclassify broadband as a Title II telecommunications service, putting it squarely under the same free and fair access regulations as they currently apply to standard telephone regulations. The third possibility is that a totally different reclassification will occur, one that puts ISPs under a blend of Title 1 and Title II rules.

So what do these three possible outcomes spell for the future of large enterprises operating in the U.S.?

If there’s no change: Broadband speeds in the U.S are unlikely to match speeds widely available in other countries in the near future. The U.S. placed 17^th in a United Nations commissioned study of 154 countries. The report, “Measuring the Information Society –the ICT Development Index,” attributes the U.S.’s steady fall in the rankings to stagnation. This means that ISPs are not investing in new technologies at a sufficient rate. The reason: ISPs are hanging onto legacy networks.

“While Europe and Japan have Fiber to the X (FTTX) services, the U.S. has not rolled out very much,” says Asif Hazarika, senior director of product management at IP Infusion. “There is a great deal of legacy deployment in the U.S. that makes it very costly to match the speeds of GPON or EPON technologies.”

The problem is compounded in mobile broadband. “The U.S. is definitely behind the rest of the world in mobile broadband access, both from pricing and access speeds,” says Hazarika.

Without a change in classification, Internet providers are effectively free of broadband competition so there is little to motivate them to improve speeds, costs or access. Further, they could conceivably limit access to prime Internet services that enterprises use ranging from VoIP to Google search.

Large enterprises will find it increasingly difficult to work in the U.S. with slower broadband speeds. Employee productivity will also be impaired by slow mobile broadband speeds. Remote workers and teleworkers will be similarly shackled. Costs for broadband services, however, will continue to rise and adversely affect enterprise bottom lines.

If broadband is reclassified to Title II: Title II regulations were written to regulate the telephone industry during the monopoly era. The breakup of the original monolith AT&T under this regulation in 1984 paved the way for the advent of cell phones and other mobile and Internet phone innovations. Theoretically, placing broadband under the same fair trade protection will ensure no one entity, ISP or otherwise, can control or restrict access to Internet companies and services or to the Internet itself. This could result in an innovation burst that could be helpful to large enterprise.

Detractors say that the regulations are too arduous and will have the opposite effect. They believe the regulations would stifle broadband improvements and innovations by discouraging ISPs from making large private investments in infrastructure. This is unlikely, however, as free market forces are not currently at play.

“There is not much competition and they are not being forced to improve,” says Hazarika.

While there is some budding competition on the horizon in the form of communications over power lines and the advent of smart grids, these need years to grow to true competitive form. Plus, some of the same telecom players, such as Verizon, are active in this area, effectively containing competition again.

By comparison, the U.S. federal government stands poised to shove broadband innovation and competition forward at near-light speed.

“The U.S. is on the path to become very competitive in the race to deploy broadband services as evidenced by the $7.2 billion Broadband Stimulus initiative, the implementation of the FCC’s National Broadband Plan, the restructuring of the $7.7 billion per year Universal Services Fund to subsidize broadband build-out through a new Connect America initiative, and the FCC’s plan to establish a mobile broadband plan,” explains Gary Bolton, vice president of Global Marketing at Adtran, a manufacturer of datacom and telecom products including DSL. “Federal subsidies, along with private investment, will allow the U.S. to have high-bandwidth competitive broadband services available across the nation.”

This, obviously, would be a good scenario for large enterprises, in terms of speed and access, in the U.S. However, it could also result in increased costs for broadband services above the higher costs already charged in the U.S.

“The verdict is still out on how the stimulus package balances against the burdens of regulation,” says Mike Jude, program manager of Consumer Communications Services at Frost & Sullivan.

If broadband is moved to a new classification: This is the murkiest of the three possibilities. The FCC is currently accepting comments and this scenario is thus still being shaped. Whatever it ends up being, it will be a blend of Title I and Title II rules; the only unknown is how much of each title’s regulations will rule.

Unless large enterprises weigh in on the issue, the odds are roughly 50-50 that rules under a new classification would be advantageous. For now, much of the argument is positioned around the consumer; but in this case the consumer is also the employee for many large companies, so regulations that favor consumers are likely to benefit enterprises. However, that assumption is too broad to calculate actual advantages or disadvantages to the Fortune 500 set.

The only thing that is certain is that this is too important an issue for large enterprises to leave solely at the discretion of the current industry players.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

It’s not always possible to replace critical software with open source, but whenever possible it’s a good practice to invest in open source services to avoid vendor licensing and lock-in. Companies often look to open source offerings like Linux and Apache for infrastructure services, but overlook the availability of open source alternatives for applications higher up the stack.

Only a few years ago, it would have been difficult to find mature open source BI software, but Pentaho and JasperSoft are now established organizations and have become attractive alternatives to proprietary software.

Pentaho

Pentaho has been in development since 2004. As with many business oriented open source projects, Pentaho is offered in a community edition and as enterprise editions.

The Pentaho BI Suite Community Edition components are released under a mixture of licenses, and comprise several components: the data integration component, Kettle; Pentaho Reporting, which includes all of Pentaho’s open source reporting tools, report designer, and libraries; the Mondrian Online Analytical Processing (OLAP) server; Weka data mining component; and several other components.

The open source edition of Pentaho has enough functionality for businesses willing to roll their own BI solutions and deploy them. However the Enterprise Edition has a great deal of functionality not found in the Community Edition. On top of support and service level agreements, Pentaho Enterprise has single sign-on (SSO), clustering, performance monitoring, and integration with Microsoft Active Directory or LDAP services, and many other features.

Configuration of JasperSoft, as evidenced by the number of components, can be complex. The company also offers a hosted “on-demand” subscription for Pentaho which is customized by the company and priced accordingly.

JasperSoft

Another open source contender is JasperSoft. Its BI suite includes the stand-alone JasperServer report server that is at the core of the BI suite; JasperReports and iReport for designing and delivering reports; and JasperETL for data integration. The open source projects are hosted on JasperForge.org and components are licensed under the GPL or LGPLv2.

The community edition may be enough to get started and can be useful in many projects, but may not get you all the way there. The Community Jaspersoft projects don’t include a number of features that large organizations will want, such as the report designer, additional querying and reporting tools, and logging features useful for auditing. And, of course, the Professional and Enterprise editions include support and update features that aren’t included with the community edition.

Organizations looking to deploy or test JasperServer quickly might want to look at the BitNami stacks. BitNami provides installers, virtual machines, and cloud images with popular open source software pre-configured. JasperSoft is the only BI suite currently packaged by the project.

Pentaho and JasperSoft aren’t the only open source offerings, of course, but they are two of the most popular solutions and have been around long enough to mature and to develop a decent community.

Cheaper, But Not Free

While Pentaho and JasperSoft can save on licensing costs, it’s important to note that open source doesn’t equal free. Organizations still need to budget for customization and deployment, and possibly for support or subscription fees. Even if you roll out Pentaho or JasperSoft on your own without any support, deploying one of the solutions is going to take time.

However, BI software is complex enough that those costs will be present even with proprietary solutions. If cost and avoiding lock-in is important to your organization, and it should be, Pentaho and JasperSoft should be two of the first solutions you evaluate.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter.

More than half of US enterprises will use microblogging by 2012, according to Gartner. By 2014 social networking tools will replace e-mail as the primary form of communication for 20 percent of business users, the analyst firm said.

Enterprise social networking has the potential to improve decision-making agility, streamline the flow of communication within an organization, and greatly improve the discoverability of both internal experts and sources of vital information. Unlike consumer social networking services, enterprise offerings promise to provide these benefits with security and policy-based customizability.

Criticized by some as yet another information stream to challenge already-overwhelmed users, enterprise social networking software and services could instead replace existing and less efficient forms of communication, including some in-person meetings and e-mail. For some organizations, they could replace intranets altogether.

Solutions in this category span a very wide range, from minimal microblogging-centric services like Yammer, Microsoft OfficeTalk, and Google Buzz for enterprises to full-blown communication and collaboration suites, including Socialtext, Cisco Quad, and IBM Lotus Connections.

Here’s what you need to know about how these solutions differ, what each offers your company and what you should be thinking about in preparation for the coming new world of enterprise social networking.

Yammer

Yammer is a Twitter-like social micro-blogging service based on the “freemium model,” which means that it’s free at the low end, and costs $3 or $5 per user per month for Silver and Gold packages. Yammer creates separate networks for each organization, and the user’s e-mail address domain determines whether access is allowed to each specific network.

As on Twitter, Yammer users can post short “status updates” with links, and reply to the updates of others. Branding of the user company is displayed prominently on the page. Communities allow limited participation by approved partners and other groups with which a company might want to communicate.

OfficeTalk

Microsoft is testing a social micro-blogging service called OfficeTalk in a closed trial. Functionally, OfficeTalk is similar to Yammer, offering a 140-character post limit, user profiles, and search. Each user has access to two feeds: one for co-worker posts, and the other for official company broadcast messages. Like Twitter, OfficeTalk takes advantage of hashtags, keywords that enable easy searches based on subject.

OfficeTalk is unlikely to ship as a stand-alone product. Microsoft hasn’t announced when or even whether OfficeTalk will be released. But it’s likely to be built into one or more other products, such as SharePoint or Outlook Social Connector or even as a standard part of Outlook.

Buzz

Google Buzz, another popular social micro-blogging environment for consumers, is being re-tooled for enterprise use, according to Google. The company announced in February that it would soon make a special version of the offering available to businesses and schools “with added features for sharing” within an organization.

The current version of Buzz is roughly similar to Twitter, but without the 140-character post limit and with good support for threaded conversations. Google Buzz has an open architecture, so it’s reasonable to assume that data-driven applications could be built into it for enterprise use.

Buzz’s potential to replace meetings, e-mails, blog posts, and intranets is far greater than Yammer’s or OfficeTalk’s, largely due to its ability to handle long posts and threaded messages.

Socialtext

Socialtext, made by a company of the same name, provides cloud-based enterprise social networking. Socialtext offers blogs and micro-blogs, document sharing and collaboration, wikis, and other integrated tools.

Socialtext enables companies to set up “channels,” which are broad topic areas for microblogging. Users can subscribe to various channels, and also tag their own posts to show up in specific channels.

Socialtext Desktop is a PC application that accesses the cloud-based data and services, but the software can also be used in a browser.

Socialtext also has user dashboards made up of OpenSocial widgets. OpenSocial is a set of social networking APIs created by a consortium of companies led by Google.

Cisco Quad

Cisco Quad is an enterprise social networking suite, currently in beta and due on various platforms starting later this year in the U.S., Canada, the U.K., Australia, and New Zealand and elsewhere a year after that. The core social networking features of Quad are roughly similar to Facebook or Twitter, but with strong security and policy control.

Quad enables microblogging that can be posted internally on the Quad system, or externally to Twitter. Companies can enforce external posting policies using rules that automatically filter outgoing posts.

Quad features a wide range of other communications and productivity applications, including a calendar viewer, RSS reader, VoIP application, videoconferencing and instant messaging.

Users can create “communities” — ad-hoc teams — or project-based workspaces where co-workers can collaborate and share documents.

Cisco claims that Quad can be integrated into a wide range of Cisco Unified Communications solutions and with Microsoft Exchange and Sharepoint, as well as other widely used enterprise tools. It can also be integrated into Notes, Sametime, Microsoft Office, Outlook, and SharePoint, RIM Blackberry, and other major business applications.

IBM Lotus Connections

IBM Lotus Connections is one of the few currently shipping enterprise social networking solutions. Like Cisco Quad, Connections seeks to integrate Facebook-like social networking functionality with a wide range of other communications tools, including blogs and wikis.

IBM Lotus Connections enables users to create “Communities” where teams or departments can collaborate on documents. A content library called “Files” enables revision management of documents worked on by multiple users.

Connections supports RSS and ATOM, and provides an API for extending functionality or integrating into existing systems.

IBM is planning a new version of the suite called IBM Lotus Connections Next, which the company claims will bring enterprise social networking to a powerful new level. One touted feature is that the system will automatically recommend both people and content for users based on what they’re working on, and also based on a user ranking system. These features take advantage of “social analytics,” which is business intelligence software for social streams. Connections Next also promises Quad-like content moderation to keep sensitive information off public social networks and blogs.

The suite will eventually evolve into something called Project Vulcan, which IBM believes will be a ground-breaking, comprehensive collaborative social networking platform.

How To Decide

The decision-making process for evaluating, choosing and deploying social networking solutions is complex because several of the strongest contenders are not yet available.

All enterprise social networking products offer microblogging. The first decision is to decide whether you need more than that. Microblogging will likely show up in future upgrades of widely deployed tools like Microsoft Exchange and Office within the next year.

One major consideration is whether your organization is already heavily invested in Microsoft Exchange, IBM Lotus software, or Cisco communications solutions. Embracing the social networking solution of the dominant provider of your communications suite may appeal to decision-makers in your organization.

Regardless of which path your company takes — minimal microblogging or full-blown social communication — and regardless of which company you seek out as the vendor, it makes sense to begin evaluating the move as soon as possible. Enterprise social networking is more than just a buzzword. It’s likely to usher in a new era of business communication that may affect your organization’s business agility, efficiency, and ultimately, its bottom line.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

We all use PHP in our enterprises. It’s become the do-it-all language of choice for Web developers, from the smallest companies to the Fortune 500 and back again. However, PHP — which has been called “the one programming language that makes German look terse” — has problems with scalability. It is all too easy to write sloppy code that never-the-less works well enough to be rolled out.

Of course, as Luke Welling, Web Team Lead at Message Systems, a digital messaging management company and co-author of the “Bible” of commercial PHP/MySQL programming, PHP and MySQL Web Development, pointed out at an OSCON seminar in Portland, OR, that’s true of many corporate programming projects.

So what can you, as IT management, do about this? Well, for starters, Welling suggested that managers fight the attitude that sloppy programming is acceptable because IT can always “throw more and faster processors” at any performance problem. Sometimes, you can’t fix performance problems with hardware. You need to convince developers and their team leaders that writing to the minimum hardware requirements, rather than the maximum, is the smart thing to do.

You also need to fight the common programmer perception that all production code is temporary. This starts with the basics. Welling observed that many developers don’t even believe that the language or dialect they’re writing in is still going to be used in production systems in a few years. Wrong! According to Welling, the idea that “PHP code is going to hang around is not a crazy idea. Programming languages hang around for a very long time, as the COBOL programmers who were pulled out of retirement to deal with the Year 2000 bug found out.”

More specifically, you must convince programmers and their team leads that “No, the code you dash off today won’t be replaced properly next year. Unless the code causes real issues today there will  never be time to replace it in the future.” Welling believes that “Inertia is powerful, platform changes are harder, rewrites are harder still, and people get stuck in their ways.” So encourage developers to get it right, or righter anyway, the first time.

That doesn’t mean that every development environment will be streamlined to make a developer’s life easy. When it comes to Web design, he said, “PHP is still not going to be a pretty language. It never has been and it never will be. Its strength and weakness has been its willingness to adopt features as appropriate.”

PHP is no longer a quick-and-dirty language, however. Or at least not solely. Welling said, “PHP has grown up with the Internet. It’s no longer a place for software tinkerers. People are no longer willing to accept failure since the Internet has become a utility service.” This is an important point to keep in mind. At one time, internal code tended to be inward facing. Now, with enterprise websites, mobile applications, cloud computing, and the programs once behind-the-firewall serving your customers, your in-house programs may be exposed to the external world. Programs that might have passed muster for your own users might not work well at all for the public.

Find a way to encourage developers to write code past what Welling calls the “80% level.” He explained, “Everyone likes writing new code and getting it to the 80% level [when] the features are pretty much done. That leaves the boring, but vital 20% of error handling and proper testing.” Few programmers like doing that last 20% of the work. Welling sarcastically noted, “Getting to 80% takes 100% of the time, and the remaining 20% take the other 100% of the time.” Without providing motivation, getting that last critical 20% done is often a real problem.

Your programming teams also need to be aware that “Today’s bad code often is the same as yesterday’s when spaghetti code was usually the problem,” said Welling. “Today, bad programmers write deeply nested hierarchy structures and Object Role Modeling (ORM) which can be slow and may be almost impossible to debug.”

The solution to such problems is that classic of design: KISS (Keep it simple, stupid). In addition, designers should avoid micro-optimizations. “They’re a waste of time. Your programmers should also avoid ‘cool’ design patterns, obscure performance tweaks, niche language features, new language features (no matter how much they may want to use the nifty new trick), and terseness in coding” that leaves follow-up programmers with no clue as to what the original designer had in mind.

Like any programming project, Web development needs managing and workflow. “It needs a Version Control System (VCS).  It needs a review, build, testing, and release process. And it needs an easy way for developers to set up staging servers,” said Welling. Companies tend to cheap-out on the last matters. In his experience, a business may hire Web developers to create the code but won’t hire quality assurance (QA) specialists. “Someone other than the developers must do the testing,” he asserted, lest your public do the “testing” for you.

For all the problems your company may have with in-house development, remember that performance problems may not have anything to do with code quality, especially when it comes to the Web. Welling commented that “Most people don’t have traffic problems on the Web from their PHP code. The PHP processing time is generally a small part of the experience.” Instead, he said, slow Web load times are more likely to be due to massive third-party JavaScript libraries, large images, or the use of Adobe Flash.

Developers, managers, end-users, and customers want software that gets the job done, can deal with stress and failure, and can automatically recover when something does go wrong. If they can keep that “job one” clearly in mind as the goal and manage to “Write code that is readable and maintainable,” Welling said, Congratulations! Your enterprise will be well ahead of its rivals.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

Canonical, the company behind Ubuntu Linux, has always had many enthusiastic user and developer fans. It’s a different story within the enterprise. Canonical has been trying to improve its business reputation though in both the server and cloud spaces. In particular, according to Neil Levine, Canonical’s VP of Commercial Services, Canonical has been working hard to bring Ubuntu’s well-known ease of use on the desktop to cloud deployments.

The latest example of this was Canonical and IBM’s launch of a virtual appliance of IBM’s DB2 Express-C database management system. This virtual application can run on the Ubuntu cloud computing platform, in private and public cloud configurations.

DB2 Express-C is IBM’s free community edition of DB2 software. Small businesses and multi-branch companies, as well as developers, can use it as their DBMS platform. DB2 Express-C has all of DB2’s core features and can be used to power in-house DBMS applications, Web 2.0, and SOA-based solutions.

How this can work for an enterprise, said Levine, is “to give large companies a way to get a taste of our low-cost way to try Ubuntu and DB2 on public cloud. If you want to try it, you can.” Then, if you like the experience, you can use a more powerful DB2/Ubuntu stack on either a public or private crowd, “using the same tools and architecture that you’re already using. There’s no need to re-architect it.”

This is all part of Canonical’s plan to make Ubuntu just as much of an enterprise business player as Novell or Red Hat. Without much notice, Ubuntu has already “become one of the most popular guest operating systems on cloud services like Rackspace and Amazon EC2,” according to Levine. Increasingly, it is also being deployed as the host cloud infrastructure layer by private organizations and ISPs.

If you don’t trust the public clouds, you can use Ubuntu Enterprise Cloud. This combines Ubuntu 10.04 with the open-source Eucalyptus cloud software so creating your own cloud requires little more than plugging in USB-sticks and running installation routines on your existing servers.

You might say at this point: That that’s all very well and good, but don’t other cloud vendors promise similar services? And, if one really wanted Linux, couldn’t you simply use Red Hat Cloud? Canonical admits that’s all true, but, Levine said, “Canonical is trying to make using Ubuntu and a serious DBMS like DB2 as easy to use on a cloud as using Ubuntu already is on the desktop.”

In addition, like Red Hat before it, Canonical is now offering enterprise-level support for both its server  and cloud-based Linux offerings via its Ubuntu Server Advantage support plan. The Essential edition, which doesn’t include cloud support, includes Landscape Hosted Edition, the equivalent of Red Hat Network.

For cloud users, the Standard edition of the Ubuntu Advantage package for servers adds virtualization and Windows integration support. At this level, cloud support is an option. This edition costs $700 per machine per year and only has 9×5 coverage. The Standard Cloud add-on for Ubuntu Enterprise Cloud costs an additional $350 per year. This brings the total cost to a minimum of $1,350.

Ubuntu Advantage Server Advanced Edition bundles in support for clustering and high availability and the custom package repository that Canonical has set up for Ubuntu; it costs $1,200 per year and has 24×7 coverage. Throwing in the Advanced Cloud add-on for Ubuntu Enterprise runs an extra $600 per year per machine, bringing the total cost for 24×7 support and the cloud to $1,800 a year.

On the other hand, Canonical’s support options is per server, not per core or virtual machine. This makes Canonical’s offering quite attractive.

If Canonical is indeed successful in making its server use as easy on the cloud as it already on the desktop, then even a comparatively minimal support contract might be all your corporation needs to run Ubuntu Linux on the cloud. While it’s still early days in the cloud for all vendors, Canonical’s offerings bears keeping an eye both for its low overall costs and for its ease of installation and maintenance.

Last, but not least, Canonical is forming strong strategic partnerships with such major vendors as Alfresco, Amazon, Ingres, IBM, Rackspace, and VMware. It certainly appears as if Canonical will soon be able to offer not just ease-of-use and low cost, but an excellent selection of both enterprise applications and cloud platforms to business users. When looking at your cloud plans, Canonical deserves to be considered.

Related Information From Dell.com: Dell and Cloud Computing.

While virtual appliance building has never been easier with powerful online tools such as rBuilder or SUSE Studio, there are also advantages to building virtual appliances using local resources that do not rely on the availability of the cloud.

VMware Studio is a tool that enables your team to create a wide variety of simple and complex virtual machines for a very attractive price tag: free.

VMware Studio (VS) differs from the rBuilder and SUSE Studio appliance builders, in that the appliances VS creates are only virtual appliances, built for the VMware platform family. Other virtual platforms, such as Oracle’s Virtualbox, can also be used to run the appliances, or any Open Virtualization Format (OVF)-compatible platform.

Virtual platforms also play a role in actually running VS—the free download is available only as an OVF-ready virtual machine. VMware recommends running VS on one of the following devices:

• VMware ESX/ESXi 4.1 or 4.0 through VMware vCenter Server 4.1 or 4
• VMware ESX/ESXi 3.5 through VMware VirtualCenter 2.5
• VMware ESX/ESXi 4.1 or 4.0
• VMware ESX/ESXi 3.5
• VMware Workstation 7.1, 7.0, or 6.5.1

In testing, VS ran perfectly well in VMware Player, a freely available “lite” version of VMware Workstation, which means that simply for the trouble of registering the Player and Studio products, you can have a free virtual appliance builder on your local system.

VS can build virtual appliances based on both Linux and Windows OS. On the Linux side, Ubuntu, Red Hat Enterprise Linux, SUSE Linux Enterprise Server, and CentOS are available, while Windows 2003 and Windows 2008 (without Hyper-V) are the available Windows options.

One very attractive feature for developers is the ability to directly integrate VS as a plugin to the Eclipse development environment. This makes application building and testing a seamless proposition.

Using VMware Studio

After you download and save the VMware Studio zip file, you need to extract the contents of the archive. Once the files are extracted, open one of the virtual platform applications listed above and open a new virtual machine from the Vmware_Studio-2.0.0…vmx file you just extracted.

When the VS machine is first run, you need to read the initial license agreement, and provide a root UNIX password for the VM. Once this is completed, you see the initial VS screen, shown in Figure 1.

The initial VMware Studio screen.

At this point, you could enter the URL displayed in the [Web] field in your preferred browser, and be on your way to creating a virtual machine. If this is your first time making a VM with VS, you need to acquire an ISO image of the operating system you intend to use. To do so, select Login and press Enter on the initial screen, which brings up a standard UNIX login prompt.

Type root for the login, and the password you previously assigned, which brings you to the command line.

Whatever ISO you use, you need to place it in the /opt/vmware/www/ISV/ISO directory of the VS machine. You can use the available wget utility to bring in the correct file via FTP.

To download an image of Ubuntu 8.04.1, for example, on the command line type:

cd /opt/vmware/www/ISV/ISO
wget http://cdimage.ubuntu.com/releases/8.04.1/release/ubuntu-8.04.1-dvd-i386.iso

The image file downloads to the correct directory. At this point, you can move forward to begin building your template.

Enter the URL from the [Web] field to start the VMware Studio interface. The VS home page opens (see Figure 2).

The VMware Studio home page.

To begin creating a new appliance, click the Create Profile button. The Create a New VM Profile dialog opens, shown in Figure 3.

Base your profile on compatible operating systems.

Give the new profile a name and select the appropriate operating system template. Click Create Profile to display the profile creation workflow (see Figure 4).

You create a profile by stepping through these pages.

To complete the customization of the profile, you visit each one of the pages highlighted in the secondary navigation bar: Description, Hardware, OS, Application, Management, Output, and Build Settings. You can either click on each page’s tab or click the Next button at the bottom of the page to move through this workflow.

The Description page enables you to name and otherwise describe the properties of the VM you’re creating. The key field on this page (other than Name), is the Version field, which is visible in the VM client, and are also used by the VS Update Service to check and install updates for a VM. You can also add your own end-user license agreement and specify the location of the web management console for the VM you’re creating.

The Hardware page (shown in Figure 5) lets you set the kind of hardware you want your virtual machine to access. Much of this is determined by the iron upon which you’re going to install the VM. You can use the virtual hardware version as a hardware meta-setting, since this specifies the virtual hardware interface that is exposed between the guest OS and the virtual hardware. You can also make more granular settings, such as CPUs, memory, and hard drives.

Configuring the hardware for your VM.

In the OS tab, you confirm the connection to the ISO you are using, as well as provide a root password for the new VM. You can also add additional user information for the VM on this screen, as shown in Figure 6.

Get the VM user settings configured.

The Application screen is where you get into the guts of the VM, specifying where the packages and package repositories for the VM are found, and then select the pages to install. Though you have to specify packages down to a very fine level, the VS installation automatically finds all of the relevant dependencies and get those installed, too. You don’t, then, have to specify every package.

Configure the apps you want to run on the VM.

Now that the VM is configured, and has all of the packages ready to go, you just need to polish up the VM settings. In the Management page, define which management services to run in the web management console of your VM. You also need to complete the SSL information, so that security certificates can be generated for each service you make available in the management console.

On the Output page, you define how the finished VM will be deployed. You can use either an OVF package, an OVA package (which is a zipped OVF), or a standard Zip file.

Finally, there is the Build Settings page, which you use to specify the type of platform you’re going to deploy the VM on. If your organization already has one of the VMware server or vSphere products, you can specify the location of the server on your network and pre-configure the VM for that specific platform.

After clicking on Validate to test the new VM, click Save and Build to complete the VM process.

The process is still not complete, despite your expectations. VS is a very robust tool, and allows you to deploy multiple VMs to a given platform using a vApp container. After building the VM, you can click on the vApp tab to step through a similar process to build a vApp with this new VM and any others you might want in your virtual appliance. Once the vApp is built, you can (whew) deploy the virtual appliance.

There is a lot of fine detail involved in the creation of the a virtual appliance with VMware Studio, which has barely been touched on here. Excellent documentation and  a straightforward interface make the learning curve a lot easier.

Related Information From Dell.com: Experience the Advantages of Linux.

Real KVMs cost money, sometimes substantial sums; virtual KVMs are cheaper, if not free. Savvy CIOs and IT professionals find them useful, functional, and affordable.

In most server rooms and in nearly all datacenters, KVMs often are built into one or more server racks. These generally take the form of 1U slide out drawers, with pop-up monitors and slide-out keyboards; they also include wireless or wired mice to support pointing and clicking on GUI interfaces as circumstances so often require when installing, configuring, managing, or troubleshooting servers, routers, switches, and other typical computing gear. For example, Dell offers various 1U KVM consoles that incorporate 17” flat screen monitors, keyboards, and touchpads (in lieu of an actual mouse) that integrate directly and easily into standard 17” racks for just over $1,000.

But if you examine closely how most KVMs are used, you’ll discover only a few compelling reasons to justify the expense (and rack space) that a physical KVM imposes. The vast majority of KVM use comes from routine administrative tasks that involve installation, configuration, updates or patches, and management of servers and other devices (such as routers and switches) that can just as easily be enacted using remote access from an administrator’s desktop or notebook PC.

The basic concept of a virtual KVM, sometimes abbreviated as VKVM or vKVM, involves using some kind of remote access protocol and related software to establish a connection across the network from one computer to another. Perforce, when making such a connection, a login session is created on the remote computer, where a window on the local (or administrator’s) machine reflects the remote desktop, so that what’s displayed inside that window shows what’s happening on the remote system.

Likewise, mouse and keyboard input on the local machine is ferried across the network to the remote machine so that it may be operated, and all responses to such input are then carried the other way back to the local machine to display the ensuing responses and results. Simply put, a vKVM substitutes a PC for a real or physical KVM, and uses the network to create connections that a real or physical KVM might create through a variety of links that also include the network, but might also include serial, USB, VGA or DVI, and other kinds of cables and connections.

Why bother with real, physical KVMs?

Sometimes, the network goes down, or a server or other device might itself lose network connectivity for a variety of reasons (software bugs, failed network interfaces, protocol stack problems, and so forth). In those situations, remote access disappears along with network access because such access depends entirely upon working network links between local and remote machines. KVMs, on the other hand, usually support sideband or different and direct connections to servers that permit access even when the network is down.

In a nutshell, that’s why you can’t simply toss out all your current KVMs and refuse to buy another ever again. But because the vast majority of KVM use occurs when network access is readily available, there’s also no reason to over-spend on KVMs or to insist that administrators use KVMs rather than remote access for tasks that don’t involve troubleshooting network problems of some kind. Remember, then, that KVMs keep working even in the face of network trouble, but that vKVMs work most of the time for most routine tasks, and you’ll have no trouble understanding why KVMs must still play a role, but that vKVMs can do most of the lifting, heavy or otherwise, when it comes to routine network maintenance and administration.

What kinds of vKVM tools and technologies make sense?

For Windows networks, the Remote Desktop Protocol (aka RDP) is included with all Windows Server versions and in all Windows Desktop versions at Professional (Windows XP and Windows 7) or Business (Windows Vista) and better (Ultimate and Enterprise, for both Vista and Windows 7). Using the built-in Remote Desktop Connection facility, administrators can log onto a Windows server (or desktop) of their choosing and perform nearly everything they can do when attached to the same machine directly or via a KVM. They can also cut and paste content from the local desktop to the remote desktop, and vice-versa, in addition to driving a remote interface locally to their heart’s content.

Figure 1: The Windows Remote Desktop Connections lets administrators connect to remote PCs using either computer names or IP addresses.

Of course, many organizations use other operating systems besides (or alongside) Windows, so alternatives to RDP and the Remote Desktop Connection facility are needed. There are lots of commercial and freeware or open source products from which prospective users can choose. On the open source side, the SourceForge “open source kvm and console management site” at okvm.sourceforge.net (click the Virtual KVM tab) points to numerous alternatives that work with many different platforms and OSes, including Windows, MacOS, Linux, and Unix. The Wikipedia KVM_switch article includes a section entitled “Software Alternatives” that lists numerous commercial options available to buyers interested in commercial-grade, supported products. And companies such as Citrix, Symantec, RealVNC, and many others also offer eminently suitable remote access and control packages that can do the job across multiple platforms as well.

In rethinking IT budgets and server room or datacenter planning, it’s often wiser and cheaper to budget for and include administrator desktop or notebook PCs in lieu of KVMs for routine administrative tasks. That doesn’t mean you can do away with KVMs entirely because they will still prove necessary at some times (when the network is down or unavailable to some specific machine or device) and for some tasks (bringing a new server up from bare metal, or restoring a crashed server from the same state). But for most tasks, and at most times, IT professionals will prefer vKVMs because they can use their own, familiar equipment to perform their most routine and regular tasks.

Related Information From Dell.com: Create a Network Roadmap.

“It is gaining momentum at a very deliberate pace,” said John Reed, District President of Robert Half Technology in the Central United States. “I would say it’s continuing to improve every month, every quarter.”

There are a handful of motivations stirring the snail. One is a pent-up itch to dive into projects that got shelved last year, Reed said, including desktop updates. “A lot of companies said, ‛We’re not going to buy hardware, we’re not going to buy software, and we’re not going to kick off projects. We’re just going to maintain, to get through this thing. If it’s not critical to business, we’re going to shelve it.’”

A growing number of companies are now finally moving forward with these projects, Reed said, cognizant of the fact that they have a business to maintain and they’ll lose competitive impetus if their competition moves forward with projects they themselves have neglected.

Dave Willmer, executive director of Robert Half Technology, said you could see an attitudinal shift at Microsoft’s recent Worldwide Partner Conference, which wrapped up on July 15. “Many went into their budget season Q4 [2009], they had a budget set aside, but they … didn’t come out of the gates in January and hire for them. Now, midyear Q3, a lot of companies know where they are in their financials, and they know where they can spend now, and they’re starting to spend more than they were,” he said.

The new-found confidence encompasses Windows 7 upgrades, but Windows 7 is a tiny snippet of the back-on-track scenario.

Here are specifics on how small a snippet and its rate of growth: IT Expert Voice’s Daniel Dern spoke to technology job site Dice.com in January about the worth of Windows certifications. At that time, Tom Silver, senior vice president of North America, reported seeing only a modest demand for Windows 7 skill sets, with a mere 100 job postings requesting this experience on any given day. Seven months later, as the second half of the fiscal year opens up purse strings to a certain extent, the number of requests for Windows 7 skills has tripled. That brings Windows 7 to about 300 job postings on Dice on a daily basis—a drop in the bucket when compared with the site’s 66,000+ total postings.

“So yes, there has been an increase in demand for Windows 7, but only marginally,” Silver said. “As companies continue to migrate towards this operating system, we would expect demand for tech professionals with this skill set to grow.”

Hiring companies are falling into two camps: Those replacing desktops and updating with the most current Windows version, and the type of company that’s biting the bullet and upgrading enterprise-wide. Those diving in whole-hog, updating by hundreds or thousands of PCs, are scheduling the deployment for 30-day stints, Reed said, making it obviously short-term work.

But while RHI is seeing primarily project-based skills demand, Dice is seeing more requests for full-time Windows 7 skills. “About 60% of the Windows 7 job postings are full-time,” Silver said. “There are contract positions as well, but it appears the current job availability is slightly more geared to full-time positions. This is consistent with what we see on the site overall.”

He also said that there are a variety of roles that list Windows 7 as a desired skill, including Systems Administrator, Technical Engineers, and Project Managers, both at the entry level and for seasoned professionals. “So even though it’s early days, there are opportunities,” he said.

So if the hiring recovery is not overwhelmingly fueled by Windows 7, where are the increasing IT jobs? Microsoft’s emphasis on Windows Phone 7 development gives us a clue. As eWEEK reported, Microsoft CEO Steve Ballmer devoted a good chunk of WPC keynote enthusiasm to the next version of the company’s mobile phone operating system.

Microsoft is highly motivated to get a piece of the lucrative smartphone pie now dominated by Google’s Android and Apple’s iPhone. It even went so far as to offer cash to developers who create applications for Windows 7 phones, offering to “co-fund strategic projects” on a limited basis, according to a Microsoft spokesperson quoted on Top Tech Reviews.

Microsoft’s no dummy. That smartphone zest is reflected in hiring trends, with companies snapping up phone developer skill sets, said RHI’s Reed. “That’s definitely a growing area that companies are investing resources in,” he said. “We see that as a place where people are hiring. Everybody does that. Every entity wants their Web presence mobile-friendly. You have more and more applications, with people wanting to access things from their smart phone. To enable that, you’ve got to have people with expertise, people who know how to take those applications and make them mobile-friendly with the user.”

With regards to which segments of the economy are recovering, tech staffing firms report varying results. RHI is seeing growth in healthcare, transportation, some aspects of construction, and education. Sapphire Technologies is seeing feeble recovery from the financial sector, according to recruiter and IT resume expert Shana Westerman, while retail weathered the recession and is still going strong. Yet Dice’s Silver said that the job site hasn’t seen a slowdown in IT growth in technology on Wall Street. As a matter of fact, job listings are up 38% year over year on eFinancialCareers.com, a Dice Holdings service that’s a global career site network for professionals working in the investment banking, asset management, and securities industries.

Related Information From Dell.com: Your Desktop Strategy.

If it is not the first question that’s asked of e-procurement vendors after cloud deployment and features, it’s certainly the next one. How green are you going to help us become?

According to a survey of 230 universities and colleges by the National Association of Educational Procurement, “Thirty percent of those schools have a green-procurement policy, and they are all getting to that point where they can recommend that change in buying behavior,” says Eric Zoetmulder, product marketing manager for SciQuest and coauthor of the survey.

That number is also reflected in the corporate world. According to a 2008 study conducted by AMR Research, 37% of large US companies plan deployment of some type of supporting technology for green procurement, says Zoetmulder.

To support a sustainability plan for your organization, 20% of that sits in buildings and people, 40% sits in operations, and the other 40% is represented in what you buy and how you buy it, he says.

“We actually have a partnership with Dun & Bradstreet to help deliver [sustainability] information about their suppliers as part of analyzing which suppliers they want to work with,” says Henry Hwong, director of Ariba’s Solutions Management Group. “Women- and minority-owned information is important to customers as well. All this information about suppliers is something that our customers have been asking us to help them get.”

E-procurement software is being customized to bring suggested sellers and products to the forefront when a user shops. The customizations can suggest local sellers for reducing carbon footprints, recycled products, sellers that use environment-friendly packaging, and more.

One aspect of green e-procurement is including a good green e-procurement policy in your e-sourcing process, says Zoetmulder, improving the decision making processes as far as contracts. “Most of our schools are getting to the point where they are signing carbon-neutral agreements,” Zoetmulder says.  States and cities and counties are adding sustainability managers, who are closely monitoring their organizations’ sustainability goals.

When you have an environment that people can go to find organization-approved goods, your purchasing process can promote goods that are green and sustainable, Zoetmulder says.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

For IT decision-makers supporting their mobile workforce, understanding the benefits and complexities of the technologies used by their chosen service providers or mobile carriers can make all the difference in delivering a robust mobile implementation at reasonable cost to the enterprise.

This means more than performing quality assurance on the mobile application’s code, and ensuring that the user interface has been designed for a different form factor. Testing mobile solutions involves ensuring your network infrastructure’s performance including availability and quality of service (QoS) is spot on as well as that security policies are in place and that the mobile applications being delivered across the network are threat-free.

Evolving Technology

Transport and delivery technologies have evolved as the demand for mobile support has exploded. Most mobile carriers including Verizon Wireless and AT&T Mobility have chosen to build out their new 4G networks with Long Term Evolution (LTE) technology. LTE is the newest iteration of 3G/WCDMA, GSM, and HSPA radio access technology. It’s very fast and is highly interoperable so any unlocked phone can connect to any company network.

Service providers are moving toward Ethernet backhaul away from T1, which benefits IT managers because Ethernet delivers higher capacity at lower cost. Ethernet services average $40 a month per megabit compared to the average cost of a T1 or E1 link at $200 to $800 per month, per mile. Other strategies include installing microwave backhaul connections instead of leasing backhaul capacity and designing networks for shorter backhaul paths. A recent Infonetics survey shows most operators plan to go with a single IP/Ethernet backhaul, either over microwave, fiber, or copper.

What’s cool about Ethernet backhaul is that the service offering is an extension of the corporate Local Area Network (LAN) with greater flexibility and simplified management in addition to a cost-effective solution.

Testing the Network

Testing Mobile Ethernet backhaul is a must for service providers if they expect to deliver for their corporate accounts. Unfortunately, the amount and granularity of information available directly from most Ethernet switches does not address business critical service level questions. Information provided by the switches is typically limited to aggregated counts of packets into and out of the switch, which doesn’t allow providers to evaluate information from a specific port or network performance in terms of loss, latency, and jitter or traffic frame sizes, protocol distribution, top talkers, top applications, or utilization.

Also critical is specific service analysis for services such as Voice over Internet Protocol (VoIP) or video. On top of those considerations, service providers have to be able to validate end-to-end QoS, identify the offending network segment, have network visibility and validate port/VLAN assignments and configurations, in other words, they must get it right the first time for their corporate customers, to be ready for business primetime.

Testing the Applications

Mobile applications are installed on the phone or device’s file system in much the same way that applications are installed on a desktop or laptop. During installation, new files are added, registry entries are changed, and configuration settings are modified. It’s imperative that pre-installation footprint settings are analyzed and kept on a flash drive prior to any application installation taking place. File system analysis and application reversing are two important tasks that must be done during client side testing.

The chief purposes of performing footprint analysis includes identifying the files created on the device during installation, identifying changes that are made to existing files during multiple application operations, and recording operations that occur during application use. The device file system needs to be closely monitored because developers sometimes take it for granted that the device memory is a safe haven for data storage; they tend to use it to store sensitive information such as passwords, user names, and other similarly private stuff.

After the application has been installed and several tests successfully run, it’s a good idea to reverse engineer the application. This uncovers application logic and code which comes in handy if the code needs to be modified to bring the application in line with security requirements. Sometimes the test process can find a way to bypass security and provide a way into the server. Reverse engineering also has a way of finding design bugs and methods of exploitation.

Ensuring that the mobile applications you allow into your enterprise environment are threat-free and won’t punch holes in your security and that the network you’re trusting your mobile-based business productivity to can deliver on the promise of top shelf QoS are just a couple of the tasks at hand.

Related Information From Dell.com: Your Mobility Strategy.

Software, on the other hand, is more of a challenge. It’s just bits on a hard drive, and without strict controls, it can be hard to keep count of how many copies of a given program are actually installed, and which versions are in use. Especially when, as often happens in an enterprise, the installation media has been copied to a network share for easy deployment.

That can lead to under-licensing, and under-licensing can be a very expensive proposition indeed.

How expensive can it be? Well, as far as software vendors are concerned, under-licensing constitutes piracy, and vendors discovering piracy often demand compensation above the cost of the unpaid licenses.

Consider these examples, all from between March and May of 2010:

• Unlicensed software cost a wireless retail store in Pennsylvania $92,500 in fines paid to industry licensing watchdog the Business Software Alliance (BSA), a group representing 37 major software vendors.
• A Burlington, MA software developer paid $156,002 in damages to BSA to settle claims that it had unlicensed copies of Adobe, Autodesk, Corel, and Microsoft software installed on its computers.
• A Wisconsin steel service company was fined $144,000 for its licensing oversights.

It doesn’t matter whether these infringements were deliberate or accidental; the penalties are the same. It pays to pay attention to licensing!

Overbuying isn’t a good solution either. Having idle assets, either physical or virtual, is bound to garner frowns from the CFO, who has to pay for and depreciate them regardless of whether they’re in use. And they gobble precious capital dollars that could be better used elsewhere.

While a manually maintained Excel spreadsheet of license assets may do the trick in a smaller company, a large enterprise needs a license management program. Often available in conjunction with asset management software, license managers keep track of what licenses have been purchased, which ones are installed and where they are installed. It should log serial numbers and other identifying information, as well as program version and purchase data (such as supplier and invoice number), so should a vendor demanded an audit it’s easy to reconcile in-use licenses with purchases.

That is often easier said than done, however. The problem isn’t a shortage of best practices (there’s even an ISO standard: ISO/IEC 19770) or tools (the BSA has links to several), and most software for managing physical assets also offers some sort of software audit). It’s the fact that installed software can be really hard to automatically identify. There’s no standard way in which vendors indicate program version and so forth within the software and its associated files and Registry settings; plus, vendors sometimes issue upgrades without changing the software’s internal identification. So in many cases software inventory programs can only make best guesses. And without ties to a purchasing system, all the data that proves you did, indeed, buy the licenses you’re using has to be manually associated with the software.

Even with the best tools, however, there’s no escape from some manual data entry. For example, Microsoft’s Client Access Licenses (CALs) have no physical or logical manifestation in most cases, so can’t be automatically audited. But counts of the number purchased, with supporting data, can be entered into a license management program and reconciled with the number of computers needing a CAL to prove you are compliant. Some license managers can import the data from vendors’ volume licensing portals to cut down on the typing, but the initial entry is undeniably a major chore.

That said, once the data is in place, a good license management program can not only report on what is in use: It can help you identify which licenses are un- or under-used, and thus are candidates for reallocation to another user. That can save substantial chunks of cash by eliminating unnecessary purchases.

Not to mention the cash it can save when you ace a vendor audit.

Related Information From Dell.com: Your Desktop Strategy.

According to a recent report from Gartner Research, 2009 saw the most significant drop in server deployments ever. Now this trend is in reversal: In the next few years, server deployments will increase, and the results won’t be pretty. Those data center power, cooling, and space problems you’ve been having? Take a deep breath and start strategizing — because they’re about to get worse.

To help you with that task, IT Expert Voice checked in with Mark Thiele, vice president of Data Center Strategy at cloud computing vendor ServiceMesh, president of the nonprofit organization Data Center Pulse, a member of Green Industry Advisory Board at CSU Fullerton, and strategic advisor at sustainability management software vendor at CSRware. We got his thoughts on the Gartner report and its recommendations, and discussed how companies can cut their data center costs.

IT Expert Voice: Gartner predicts that through 2013, data center power, cooling, and space problems will worsen as a result of new high-density infrastructure deployments. To help control energy consumption and costs, Gartner recommends delaying new high-density hardware procurement where possible. What are your thoughts on the prediction and that recommendation?

Mark Thiele: In effect Gartner is correct, but the problem isn’t just the next couple years. This is partly because cloud computing, combined with higher density computing, will have an interesting effect on the data center market as a whole.

In theory, virtualization, more performance per watt, and cloud computing should drive down the space, power, and cooling requirements for the average data center by 50% or more.

However, what we’ve seen over the last 30 years of semi-modern technology is that IT groups don’t really spend less when solutions become more efficient or cheaper. They instead buy more for the same costs. Think of 1995 when a tower server from Compaq cost $25K. Then in 2000 you could buy a 1RU server for $5K. What do you think people did? They bought four or five servers instead of one.

I believe cloud computing will have a similar effect on the IT world that 1RU servers did (see one of my recent blogs). In effect we’ll be making more technology options available to a much wider audience in much more affordable and digestable sizes. This availability will drive additional use and the generation of new ideas for more IT apps/products.

So in a very small nutshell, what I’m saying is that yes, there will be a crush on data center space, but it won’t be for just two years; it will be until we come up with a quantum leap improvement in how we process and store information.

How might a company delay purchasing new hardware without compromising its growth, uptime, and so on?

There are several options with varying degrees of cost and complexity that can help slow the need for more data center capacity. Here are five:

1. Push the envelope on your virtualization efforts. Regardless of what you hear (myths), virtualization is ready for even the biggest jobs.

2. Move some of your processing out of your data center and into someone else’s (i.e., Amazon, Opsource, Savvis, etc).

3. Ensure you’re effectively using the hardware that you have (i.e., what is the average CPU utilization rate? What is your performance per watt?). This is as much an asset management play as it is cloud and virtualization. Also, don’t be afraid to look at some of the new server options like SeaMicro and Tilera. In the right situation, these new server solutions can dramatically increase your capabilities, while driving down ownership costs.

4. Implement the basic data center improvement options that are widely understood, airflow being a key opportunity area in many data centers that are two or more years old.

5. Don’t assume that delaying hardware purchases is your answer. Your best answer might be to replace some of your power-hungry low-performance older devices so that you can concentrate more performance in a smaller footprint.

Gartner also makes the recommendation to deploy server-based energy management software tools and intelligent power strips on racks to monitor and control energy consumption. Do you agree this is a good strategy?

In general, yes. However, this is not a simple task and it can be very interruptive for the average data center. An intelligent power strip costs upwards of $600 each. If you have 50 cabinets with two strips each and you replace all of them you’re looking at spending $60K. It would take years to make up that cost in the small incremental power savings you’ll get, and that doesn’t even account for the potential interruption to operations and labor or software costs.

In most cases it’s better to put in new solutions like this when you’re doing a major rebuild or doing a greenfield data center.  An alternative that will get you much of what you need is looking for wireless sensing for the environment and branch monitoring for the power.

What are some of those options?

There are many options in the space. Some of the newer players in the wireless solution space are Arch Rock and SynapSense. However, there are also solutions available from some of the bigger players like Eaton and Emerson, among others. APC has a very comprehensive solution, but customers should be cautious about buying a bigger solution than they need. The potential ROI must be considered as there is no guarantee that any of these solutions will cost less than your inefficiency. They must also be considered against the time of ownership expectancy of the space to be monitored.

“Visibility” is important. Just as an example you could put a “monitoring/management” solution from a company like CSRware. It doesn’t actually provide much efficiency on it’s own, but it does give you a low cost, low risk, quick return on investment opportunity to get visibility to your environment relative to power, water and e-waste among other things. Similar to a scale in the bathroom, because it shows you the problem, you’re more likely to act on the information.

What challenges might these solutions pose to an IT department’s usual way of doing things?

The simple answer here is ROI and people/process. No solution will provide you a benefit if the people and process aren’t well defined in advance. Also, if you don’t have well-defined ownership and reporting criteria for the solutions, they will end up unmanaged and relatively useless in a very short time. Remember, most IT orgs are already overtaxed for resources. If you throw a new solution in the mix without making real accommodations for how it will be owned, no one will own it.

What do you recommend for overcoming these challenges?

Change management is a critical component of any IT environment, so again it boils down to people and process. If a process is poorly managed when it’s manual and you throw a technology at it, you’ll just end up with poorly managed automation. Also, you need to carefully consider the resource and impact requirement of any change versus the proposed efficiency gains. Power is often considered the biggest problem in a data center from a cost perspective, but it’s not.

Here’s an example based on a $1 million a year spend on data center:

Solution: Power monitoring and management with an expected savings of 2 to 5% are implemented.

Costs: The costs are 150K for hardware, software and implementation, and the ongoing yearly maintenance and management costs are 50K, for a five-year cost of $350K.

Savings: The savings over five years based on a 5% efficiency gain are $250K.

The average greenfield data center has a life expectancy of 15 years, so you can quickly surmise that there’s a much more obvious opportunity in a new facility than in retrofitting an older one.

The above is a very conservative and admittedly “back of the napkin” example, but it should give you an idea of what the risks/rewards are. (This example also doesn’t put a cost on the risk incurred during implementation. )

Gartner also recommends accelerating the speed of virtualization and consolidation projects to yield power, cooling and space benefits in 2010 and 2011 to offset the capacity requirements of new hardware.

I agree. I can’t emphasize enough that you should be pushing the envelope on your virtualization efforts. The majority of IT organizations are at 30% virtualization or less.

Do you think organizations are already speeding up virtualization and consolidation projects anyway?

Yes. Interestingly, many of the efforts are being accelerated due to a desire to utilize cloud computing as much as they are to save on power, space and cooling. Either way, it’s the right thing to do.

How about the cutting data centers costs overall? What strategies do you think are most important?

Here are four: First, know the total costs and the cost drivers for your Data Center. You also need to ensure you have a strategy for ownership with a top-down cross-functional leader. In addition, know how are your assets managed. And finally, create efficiency opportunities in the area of airflow management.

If a company is serious about cutting data center costs, should energy-saving/green IT-focused strategies be the top priority?

Many of the ideas I’ve covered have a significant impact on your carbon footprint (your “greeness”). I am a casual conservationist, but assume that my first responsibility to any business is to help ensure bottom line success through ethical business practices.

That being said, a well thought out efficiency plan is the same as a “going-green” plan. Anytime you’re using fewer resources (people, space, equipment, boxes, trucks, and so on) you’re being greener. For larger enterprise customers, there are even less obvious options like having their equipment delivered in more environmentally friendly packaging. An example would be having the hardware vendor deliver a rack full of gear in one box, versus having 5-30 servers delivered in individual cartons.

What are your thoughts on how well companies are doing—or not doing—in terms of focusing on cutting costs in the data center? And what do you think the motivation is?

As a global community I think the top 30% of data center owners are making excellent progress. My biggest concerns are for the thousands of companies with 10K server farms or less, who don’t have the appropriate ownership strategy in place.

As for motivation, it varies depending on the maturity, size and industry. With maturity comes an understanding of the costs and an increased focus. Size is similar to “maturity” in the sense that when you get big enough you can’t ignore the costs anymore. Across industries, IT and finance companies tend to have a stronger focus on their data centers. IT companies because it’s embedded in their DNA and finance because they have a high level of risk aversion and strong cost management strategies.

Any last words?

Buy what you need to solve a problem or enable a business opportunity—don’t buy technology.

Related Information From Dell.com: Your Power and Cooling Strategy.

It seemed so clear. Like it or lump it, the top brass realized, your company would move its enterprise desktops to Windows 7 as Windows XP came to the end of its sales and service life. Then, Microsoft changed the rules. At the same time that Microsoft announced the beta program for Windows 7 and Server 2008 R2 SP1s, the company “decided to extend downgrade rights to Windows XP Professional beyond the previously planned end date at Windows 7 SP1.” This means you’ll still be able to “downgrade” PCs from Windows 7 Professional or Windows 7 Ultimate to Windows XP Pro until early 2015.

Despite that sort-of announcement, Microsoft’s Windows Communications Manager Brandon LeBlanc, insisted that “Support for Windows XP Service Pack 3 will [only] continue through April 2014.” According to Microsoft, “After April 2014, customers will need to either get a custom support agreement or install a more modern OS on those PCs.”

Some observers, like Microsoft expert Ed Bott, think that this means Microsoft won’t generally support Windows XP SP3 even though the company will let you purchase it. Others think that Microsoft won’t cut off Windows XP SP3 support until five years or more after the last copy of XP is sold. This would put Windows XP’s enterprise end-of-life in 2020.

What’s an enterprise IT manager to do? Despite Microsoft’s glowing reports of Windows 7 sales, Tami Reller, Corporate VP and CFO of Windows & Windows Live, admitted at the Worldwide Partner Conference on July 12 that “74 percent of … business PCs are [still] running XP.” Clearly, businesses aren’t rushing to Windows 7.

Some IT executives, like Jeff Cooper, IT Infrastructure Manager at Abbott Vascular Devices, aren’t tempted by the thought of sticking with Windows XP through the end of the decade. Cooper assumes that Windows XP support will still end in April 2014, and that there “will be no more patches issued for XP, and that you are ‘on your own’ by running it without Microsoft backing.”

That really doesn’t appeal to him. “Additionally,” Cooper continued, “third party hardware and software vendors are likely to not support Windows XP beyond what Microsoft has claimed (2014), and are likely to phase out XP support between now and then. So if I understand this correct, organizations should still continue their plans to move to Windows 7 and not interpret this as a reason to slow down.”

Others, like Steve Kilbride, the owner of ThermaRay, sees no reason to shift from Windows XP. “Our choice of OS is driven by the apps that we need to run. So far, we have not found critical applications that rely on newer OSs,” said Kilbride.

Windows 7 isn’t the only option, if he is going to change OSs. Kilbride is also considering replacing Windows XP with Linux or a server-based Virtual Desktop Infrastructure (VDI) solution whenever Windows XP reaches the end of the road. Their concerns are largely driven by financial issues; the company decision makers hope that the growth in software-as-a-service (SaaS) and Web-browser based applications like Google Apps for Business will be mature enough to allow them to avoid paying for pricey Windows 7 Professional or Enterprise client-access licenses (CALs) while still providing basic office-worker functionality using alternative desktop operating systems.

Rajesh Goel, the CTO of Brainlink International, an IT support business, on the other hand, loves Windows 7 both for their in-house users and for their customers. “We’re switching to Windows 7 [and] Office 2010 as fast as possible. Clients love the stability and power. We love the fact that Windows 7-64-bit lets us deploy desktops with 8GB or 12GBs of RAM. This is a life saver for folks who like to keep 10-30 Outlook windows, 5-20 PDFs and dozens of Word documents open all day.”

Perhaps the most common response was that companies simply prefer to stick with Windows XP. As Tom Catalini, the Technology VP for William Gallagher Associates, a Boston-based insurance brokerage, observes, “We’ve looked more carefully than ever at our IT investments in recent years, and operating systems quickly fall down the list of initiatives to consider, even among the Microsoft family of products. Investments in their other products, like Office, Exchange, SharePoint, or SQL [Server], would offer much more bang for the buck. So, in some ways, Microsoft is competing with itself for our technology dollars.”

Besides, Catalini continues, “At the end of the day, there just isn’t enough value offered in migrating to a newer version of Windows. An operating system upgrade is very costly, both in terms of time and money, and it’s very disruptive to the end users. In many ways, this is also a testament to the fact that Windows XP is serving our needs very well. We very much welcome the news of extended support for this platform, as it allows us to consider far more strategic investments in technology going forward.”

What about your business? Where do you see its desktop going?

Related Information From Dell.com: Why Dell for Windows 7?

Not all business is conducted within range of major mobile networks. What happens when your mobile workforce does business quite literally in the field, or telecommutes from a town that’s off the beaten path? One wireless broadband start up is building out wireless networks to support the rural American mobile workforce, one small town at a time.

Grass roots marketing, along with identifying and then tapping into an underserved market and complementary acquisitions, are the cornerstones of one Internet-focused corporation’s anticipated double-digit growth in 2010. Yonder Media, headquartered in Reno, NV, is extending the Internet’s reach out to roughly 50 million Americans, remote enterprise workers, and telecommuters via WiFi wireless broadband technology one small town at a time, and banking on rural America to come through.

Founded in 2006, the company goes into towns of 3,000-5,000 people who are predominantly served up access via antiquated dial-up or expensive satellite technologies. Yonder Media installs WiFi mesh networks that deliver 3 to 6 MB bandwidth along with customized portals that support local community activities. Yonder is turning church towers, water towers, and even hilltops into WiFi towers and stringing together one town after another.

According to Dirk Christiansen, president & COO, the company’s marketing strategy is based on straightforward word of mouth, traditional marketing tools, and the referral system. He says, “In rural America, we primarily use doorknockers, mailers, even flyers left in coffee shops and the referral system.”

Christiansen is pragmatic and at the same time optimistic about Yonder Media’s growth in the current economy. “During this past year we have continued to grow, maybe not as quickly as originally projected, although still in the lower double digit numbers. We’ve seen some economizing taking place with our customers and we’ve also seen a fair amount of migration in our networks. So when someone’s dropped off, we’ve picked up new folks along the way.

The competitive landscape is interesting. Christiansen notes, “We don’t see much in the way of competition from dial-up, satellite, or small local ISPs who are slow, expensive, or don’t provide great quality of service.” Significantly, Yonder brings in fiber as a differentiator as opposed to some providers who bundle DSL lines and resell them. He says Yonder Media bumps into Comcast and AT&T networks occasionally and can’t compete with their $7 per month price tag. While they’ve lost a few customers to large carriers offering triple play bundles (voice, high speed data, and TV), that isn’t Yonder Media’s market.

Acquisitions will play a large role in the company’s anticipated 15-20% growth this year. Christiansen explains, “We buy a lot of small companies and migrate them into the Yonder Media umbrella, upgrading their quality of service and customer support along the way. We’re currently actively engaged in conversations with 14 or 15 different companies, looking for the most appropriate acquisitions.”

He says that their biggest hindrance to growth is securing financing for the acquisitions. The company is privately held and has purposefully not sought out venture capital because according to Christiansen, most VCs just don’t get their market. He says they don’t use proprietary technology; they use equipment from leading network infrastructure equipment manufacturers like Cisco, Motorola, and Proxim so there’s no smoke and mirrors involved. Their model is subscription based, and the VC model is not built around that.

As a result, he says they secure their financing through banks. “We spent a lot of time back on Wall Street last fall obtaining money, so as we make these network acquisitions we have banks and supporters that will help us fund those purchases.” He added that the question they were asked most often was if people who lived in the American countryside could afford Yonder’s services; Wall Street bankers had this certain perception that rural America had no money when in fact, often the case is that rural folks have more money than do inner city dwellers.

An additional misconception by the city bankers was that great coverage already existed across America. They’d evidently swallowed Verizon and AT&T’s advertising Kool-Aid and thought Americans could get coverage on their donkey in the desert. Fortunately, Yonder convinced its potential backers by demonstrating that coverage was great as long as you stayed in town, on the interstate, or in first class on United – but decide to telecommute from your home five miles outside of Carson, NV and you were in the sticks with few good options.

Related Information From Dell.com: Your Mobility Strategy.

HTML5’s greatest contribution in the enterprise will be the way it re-unifies development, bringing together efforts for desktop and mobile applications, as well as “native” and Web apps. That’s one promise, at least, of this already-misunderstood standard.

Fragmentation of GUI Skills

One of the most vexing managerial challenges of the last several years has been the balkanization of graphical user interface (GUI) technologies. Progressive organizations have wisely embraced the opportunities new interfaces – telephone handsets, netbooks, “pads,” virtualized desktops, “webtops,” kiosks, and more – have brought. Deployment of applications on new devices improves an organization’s efficiency and leverages its underlying “knowledge base” and business rules. Development of those applications, though, has too often demanded unique and expensive skills in device-specific interface programming. It’s hard for programmers to move among Java, .Net, Objective C, Qt, and all the other toolkits likely to be involved in GUI development of modern applications.

HTML5, though, has (finally!) advanced to the point that it’s reasonable to re-consolidate much or all of these specializations. It’s time for development departments to standardize on HTML5 and take advantage of the interoperability it offers. Programmers can turn their focus from the low-level “widgetry” necessary in the last few years, and concentrate on contributing business value that aligns with larger organizational goals.

Time for Judgment

Let’s be clear on exactly what HTML5 offers. Like any realistic technology, it doesn’t so much solve problems, as rationalize them, so that they become more manageable. Suppose, for instance, that your organization has an existing internally-maintained desktop application available on your LAN for scheduling such corporate resources as videoconferencing centers, specialized testing equipment, time with outside consultants, and so on. While plenty of “schedulers” have been written, this one is unique to your organization because it embodies specific business rules on chargeback, security, and traceability constraints.

You know what happens next: As soon as the scheduler is working smoothly on desktops, employees ask when it’ll be ready for access from home, or Blackberry, or so on.

Answering such questions never becomes automatic. Slogans about “write once, run everywhere” are ideals that simply don’t apply in practical situations. A sophisticated smartphone application must behave differently, and be coded differently, than its desktop counterpart.

What is possible, though, is to take advantage of robust, broadly-backed standards to make the best of the portability challenge. HTML5 has become one of those standards. It’s a good target for your interface programmers. While its “completion” is years away — in an interview a couple of years ago, the standard’s editor Ian Hickson gave a timeline that stretches to 2022! — it has achieved a “critical mass” in the last year. Savvy programming teams are turning out sharp-looking applications of all sorts based on HTML5 now. More than that, industry leaders such as Microsoft, Google, Apple, Oracle, and even Adobe are committing to HTML5 in ways that ensure its growth and health.

Technical Details

The bottom line: The default assumption for any new development deserves to be an HTML5-based GUI. HTML5 supports plenty of the graphical building blocks — such as sliders, combo-boxes, and canvases — over which Web applications stumbled for so long. HTML5 standardizes multimedia such as <video> at least as well as any other common toolkit. Moreover, graphical engines are increasingly exploiting hardware acceleration, so that the newest browsers render HTML5-based graphics at full speed.

When there’s a requirement for an older browser, or a specific mobile handset, it might be necessary to use a compatibility library. These libraries have become quite capable just in the last year, though, and are appropriate accessories to a good development process now. HTML5’s expanding standardization has nearly made these libraries into commodities, and largely eliminated the problems of vendor “lock-in” that plagued the market for Web scripting in the past.

HTML5 doesn’t change programmers’ need to understand their deployment targets: a public kiosk, a salesman’s Palm, and a factory workstation all have different security profiles, network reliability, and so on. Programmers can reasonably select from the same bundle of HTML5 features and techniques, though, in addressing the range of targets they encounter in enterprise-level development.

HTML5 even has the potential to affect information technology purchasing:

• Proliferation of Web applications combines with desktop virtualization to extend the effective life of individual workstations;
• A strong standard such as HTML5 increases the likelihood that demanding end-users actually benefit from high-end hardware, rather than having its advantages lost by a toolkit that doesn’t happen to make the most of them; and
• Mobile technologies can be analyzed and purchased more as commodities than as long-term commitments only safe in their own silos.

HTML5’s benefits are strategic. They arise almost entirely beyond the scope of any one application or program or purchase. That’s why it’s important to understand at an executive level how this standard has reached its “tipping point.”

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

Through it all, NASA CIO Linda Cureton must transform IT capabilities to enable NASA’s mission, no matter what that turns out to be. It’s a situation far too many CIOs can identify with. Here is her take on how to manage change when change is clearly managing you.

ITEV: How do you cope with such a sea-change? And what tips can you offer other CIOs who find themselves in charge of steady upheaval?

Linda Cureton, NASA CIO: At the end of the day, we are here to facilitate NASA’s mission, no matter how it changes. An increased flexibility to adapt to an always-evolving Agency is certainly one of the benefits we hope to achieve through the current efforts in which we are investing.

An example of the kind of flexibility that allows us to adapt quickly is Nebula, our cloud computing initiative. By pooling resources, a new program can access computing needs without a lengthy acquisition process for new hardware.

ITEV: How do you learn of new and emerging technologies? From your own staffers? NASA’s R&D labs? Reading? Analysts? Some combination of the above?

Cureton: I do my best to keep up with NASA’s emerging technologies, of which there are obviously many. But I am more focused on keeping my fingers on the pulse of IT-specific technology. I read a lot, from magazines to online resources, to keep up with the latest trends and news.

I also get information from my staff, including the many CIOs at the NASA Centers. Some of our most cutting edge IT efforts can be found incubating at the Centers. Under my watch, I’d like to see us do a better job of making sure those best projects and practices percolate to the top and get shared across the Agency.

We have heroes at our Centers whose IT innovations need to be tapped across the Agency. Our first IT Summit this year will help us do this. It takes place August 16-18. In the interest of cost efficiency, we are bringing much of the CIO staffs across the Agency together all at once to reduce travel needs the rest of the year. While many internal meetings will be going on, we will also have a larger Summit that is open to the public to present and attend. We have our CIOs and many staff showcasing their efforts to spread knowledge across our IT organization. We will also get perspectives from public- and private-sector IT leaders such as Vivek Kundra, CIO of the United States, and Google’s Vint Cerf.

ITEV: Every CIO has to contend with staff reductions and budget cuts at one time or another. How do you keep up your own – and your staff’s – morale when you have to contend with cuts?

Cureton: I have been very lucky in that regard. The Office of the CIO is working to make smart investments in our IT infrastructure now to standardize our end-user services, strengthen security of our IT systems, and achieve greater efficiency in our operations. These investments have meant a ramp up in staff in the near term, which is surprising in this fiscal environment.

But that increase in resources demonstrates that we have a strong mandate to transform our IT organization into the leading example for the federal government. In fact, Vivek Kundra, the CIO of the United States, has asked us to take the lead in forming a task force to demonstrate to other Agencies a pragmatic way to implement cyber security using automated systems.

ITEV: For some CIOs the biggest challenge is explaining technology to non-geeks. But for you at NASA (arguably the holy land of geeks), you must convince tech-savvy folks to adopt your strategy.  How do you handle this, and what tips can you offer CIOs in a similar position?

Cureton: I have to admit, this makes my job easier. Leadership at NASA has an inherent understanding about both the power and challenges of technology. We went to them with a vision to strengthen our IT efforts, and while we didn’t get everything we asked for, it is clear we have the support we need to ensure our IT keeps pace with NASA’s needs.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

As more and more application workloads are transferred to the cloud, it is becoming increasingly cost-effective to build appliances, both physical and virtual, to serve as platforms for these cloud-bound apps.

The benefits of the cloud extend beyond just a new application platform. A cloud-based appliance also lets IT professionals save time. No longer do you need to physically prepare a computer system and then arduously install its operating system and applications. These appliances let you pick and choose operating systems, applications, and files; configure them exactly as needed; then create multiple images of virtual machines that can run in Hyper-V, VMware, and Amazon Elastic Cloud Computing (EC2) environments.

One beneficial use case for such appliances is within software development and testing. Testers can build virtual environments that exactly duplicate their end users’ platforms. By conducting their QA analysis on multiple virtual platforms, many incompatibility issues and bugs can be found and removed by QA teams. Software appliances are also gaining traction with software sales teams, who can configure an appliance with the potential customer’s system configuration, loaded with the software to be sold. Such systems make for powerful demonstrations.

How much financial savings your IT shop can gain depends on the use case from which the appliance builder is working. Independent software vendors (ISVs), for instance, spend an estimated 40% of their R&D budgets on multiplatform development and testing, according to rPath co-founder and former CEO Billy Marshall. The ISVs’ customers, in turn, spend 50-60% of their IT personnel budgets making applications and operating systems work together. Appliance-building tools can eliminate most of these budget line items by allowing ISVs to create multiple testing environments in minutes rather than days; the promise is that the ISVs can ship applications to their customers that reduce or eliminate application deployment incompatibilities.

One such tool is rPath’s rBuilder, one of the forerunners in appliance building technology. rPath’s app-centric approach claims it can cut IT costs and simplify deployments to multiple platforms. It also aims to bridges the gap between development teams and IT staff when applications are moved, scaled, or provisioned.

rPath got its start five years ago after ex-Red Hat employee Erik Troan started mulling over the problems he saw first-hand in large-scale deployments — problems like applications breaking, hitting the scalability wall, or sprawling out of control. The solution emerged: application deployments done on a unit basis.

Troan’s concept completely upended the existing, all-purpose horizontal infrastructure stack (OS, database, libraries, application server, etc.) that must support applications with widely varying requirements. So Troan proposed a sleeker, vertical, customized, app-centric layer with just the application and the specific runtime elements or dependencies (JeOS or Just Enough operating system, middleware and other components) that it needed to function.

That’s the core philosophy behind rBuilder, an online tool that lets users choose-and-click appliances together at a very granular level. And getting started is very simple.

Using rBuilder

rBuilder can be downloaded from its website, and is available also as a local Linux distribution that can be installed on a dedicated physical computer or virtual machine. Both versions are identical in functionality, though the online version of rBuilder can take some time to build an image.

Also, rBuilder Online is very much geared as an evaluation version for larger enterprises. You can manage up to 20 instances of an appliance on Amazon EC2, but no more. But this edition is a very good tool for users with modest requirements, or departments that want to get started on a small scale.

When you first visit rBuilder Online, you sign up for a free account. Once logged in, it’s a fairly straightforward three-step process to begin building your first appliance, as indicated in Figure 1.

Figure 1: The initial rBuilder home page.

To begin, click the green plus (+) icon in the Appliances section of the Resources pane. The Create Appliance dialog box (see Figure 2) opens.

Figure 2: You can choose from a variety of target images for your rBuilder appliance.

Give your appliance a unique name (which must be free of uppercase and special characters, as well as whitespaces), and a more plain-English appliance name. Next, choose one or several types of destination images from the six types presented.

Only two types of platforms are presented as options for the user in rBuilder Online: CentOS 5 (a direct clone of the Red Hat Enterprise Linux 5 OS), and rPath Linux 2, which is more of a JeOS-type platform. In advanced options, select whether you want your appliance to be public or private.

When Create is clicked, the rBuilder Workspace page will appear (see Figure 3). Here is where much of the configuration happens.

Figure 3: The rBuilder Workspace page.

To configure your appliance, hover the mouse over the Appliance contents section, and click on the Edit icon when it appears to open the Appliance Content Editor, shown in Figure 4.

Figure 4: The Appliance Content Editor.

This is at once rBuilder’s most flexible and most potentially confusing feature. Almost nothing is pre-loaded into the CentOS or rPath Linux platforms, so you need to install every package necessary for your application to run. Select the packages, then click the appropriate arrows mark them for installation. To install your own package, click the green plus (+) icon to access a file browser for uploading your software. When finished with package selection, click Done.

If the choices for images were not enough when you first began the appliance creation process, here’s a handy tip: on the Workspace page, click the green plus (+) icon in the Image definitions section to open the Image Definitions Editor. This unassuming dialog box gives you a much broader range of image types to choose from, for both 32- and 64-bit computers.

Once you have your packages and images configured, click the Create build icon in the Appliance content section. Again, depending on the work load in the rBuilder queue, you may have to wait some time before the software is compiled.

Users with an Amazon EC2 account can manage their EC2 builds using the rPath Management Console, which allows for fairly seamless integration the EC2 toolset.

Of the appliance building tools available, rBuilder is not the most intuitive on the market, but its bare-bones approach can deliver enormous flexibility to users looking to build very customized appliances.

Related Information From Dell.com: Experience the Advantages of Linux.

The best way to think about a PivotTable is as though you are a newspaper editor. In any journalism class you learn that the key to making sense of a news story is to answer the “five Ws:” Who, What, When, Where, and Why.

Excel can’t really answer the Why, but instead it can supply the key fifth element in any such analysis, namely “How Much.”

We use a simple spreadsheet as an example of how to create a management-themed pivot tables. It has seven columns, listing a lot of data that is difficult to comprehend at first glance.

A basic spreadsheet in Excel tracks a lot of information but it doesn’t make a lot of sense.

In Excel 2010 and Excel 2007, to begin a PivotTable, you select a cell in the spreadsheet, and click PivotTable on the Insert tab. In earlier versions, you use a Wizard to begin a PivotTable, under Select Data. In either case, you end up with a scary dialog box that probably is responsible for most Excel users deciding learning the feature is not worth the effort.

A basic spreadsheet in Excel tracks a lot of information but it doesn’t make a lot of sense.

Don’t let the choices here confuse you. All they’re asking is where the data is. Excel selects the spreadsheet in its entirety by default. Click OK, and you are provided with a very useful set of tools in a new Worksheet.

The PivotTable Field List lets you quickly and easily reorganize and configure the confusing data into a view that makes sense.

In newer versions of Excel, an entire PivotTable tab opens on the menu. We can ignore that for now and concentrate on the basic features that really are key to analyzing data.

Let’s look at our list of Fields more carefully:

• Who/What = Client; Supervisor
• When=Quarter
• Where=Branch
• How Much=Expenses; Sales; Gain/Loss

Start with the first Who — the Client — and check that box. By default, it becomes a Row heading in the new interface we’re creating.

If we want to track results by Branch (for the sake of our example), we drag that field into a Column Label.

And now here’s the key to the puzzle: How Much is almost always the payoff. Generally it’s a calculation of Values. So whatever numbers you want to see, drag them into the Values panel.

The result shows the essential beauty of the PivotTable. The question we asked is, “How much gain or loss have we had for each Client (in mobile operations—relative to Sales and Expenses) by Branch (or region).”

By posing questions about your data, you drag Field labels into Rows and Columns to determine what you want to know, and drag Fields for “how much” into the Values panel.

We can make this prettier. We can fine tune the appearance by formatting the values as Currency, and using AutoFit to widen the columns. However, in just a few moments we now can clearly answer the question we posed; we see Gain/Loss data clearly by Branch for each Client.

But wait, there’s more! (Actually, there’s quite a bit more, but we’re just covering the basics here; for more in-depth explanation of what you can do with pivot tables, you may want to look at Pivot Table Data Crunching, by Bill Jelen and Michael Alexander.)

Notice that the pivot table has an empty panel, for Filters. If we want to detail the data by Supervisor (Who) or Quarter (When), we can drag those labels into the Report Filter panel, and then use the drop down arrow to drill down deeper into the data.

With the values organized in the center, adding Report Filters lets you quickly recalculate the values for each individual.

By filtering the data, we can quickly determine which client had the best results for a particular supervisor, in her branch or area.

Filtering the data gives the user an even clearer or more precise snapshot of the values being compared for the parameters Who, What, Where, and When.

To remove or change the Report Filters, just click the drop down arrow again and select All to remove the filter, or drag the unwanted filter back from the Report Filters panel and drop it back up into the main PivotTable Field List.

To reconfigure the rows and column headings and reorganize the data, you can also just uncheck the unwanted labels, or drag and drop them back up into the main PivotTable Field List.

If you use the new Microsoft Office Web Apps, either with WindowsLive or on SharePoint, you can also upload a version of your PivotTable and give others permission to view it, While you can’t revise the PivotTable directly online, you can use the Report Filters you’ve already added to the PivotTable to share your analysis with others.

The Excel 2010 Web Application lets you upload a PivotTable from your desktop and share it with others to analyze the data.

As you begin working with PivotTables on your own data, I recommend that you articulate your question of the data before you even begin: What do you really want to know? Then, keep the process as simple as possible by using only those fields that are directly relevant to your question. If you have another question, you can reconfigure your PivotTable accordingly by adding and removing field labels.

One reason that pivot tables are so powerful is that they don’t mess with your data. A pivot table doesn’t change the underlying values of the original spreadsheet, although if your spreadsheet depends on values from other sources it updates as those values change.

You can also always go back and begin another PivotTable from the same data, place it into another new Worksheet, and rename the worksheet to remind you what the information represents, or what question it answers.

As a manager, pivot tables give you instant flexibility and power over your ability to get the information and answers you want from columns of data that really make no sense when they are originally entered. Using them makes it a lot easier to make informed decisions, to plot strategy, and to report to the board of directors. It also gives you summarized information that helps you discuss results with those under your supervision, with the facts clearly in hand.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

Perhaps Ray Bradbury would be the person who could best appreciate this newest metaphor from the burgeoning realm of cloud computing: Imagine a chapter from The Martian Chronicles where, in a distant city, people are not educated but instead “provisioned.” In their youth, they’re bred and raised only to be adequate vessels for the information that would be imprinted on their minds like a laser etching — information that instantaneously enables each individual to perfectly fulfill a designated role in society. When a vessel fails, as vessels are prone to do, the image of that perfect function can be recalled and re-imprinted from a backup. In such a world, what constitutes a person’s identity for the sake of his function in society would be relocated from the integrity of his mind to the reliability of his image. And inevitably, better images could be replicated, distributed, and given market value.

It Was Inevitable: The App Store for Servers

In the real world, in data centers everywhere today, the thing that we refer to with the term “server” is changing form. It’s moving from the box with the processors and the network cable and the cooling, to a unit of fully installed, pre-activated, self-sustaining software. And even the notion of infrastructure is moving from a physical to a virtual foundation.

The Windows Server provisioning table from version 3.0 of GoGrid.

GoGrid’s system is the first to employ Windows Server 2008 (as opposed to Windows Server 2003, which Amazon EC2 uses, although it’s not yet 2008 R2) in a stable, “non-beta” scenario. This screen capture from the newly released version 3.0 of GoGrid’s management interface shows where customers can instantiate fully configured Windows Servers on the fly. Notice the separate instances that include pre-installed middleware such as Microsoft SQL Server and IIS, which are necessary components for a number of Web-centered applications (for example, content management systems like Umbraco). And in the first of what may turn out for GoGrid to be many partner-sponsored selections, notice the rather surprising entry for Hedgehog 3.5.2. This refers to Sentrigo Hedgehog, a database activity monitoring tool that scouts for suspicious usage patterns and applies policy-based responses — a tool that first rose to prominence with Oracle, and now works with SQL Server and Sybase.

This is the server market of the 2010s decade: a kind of app store where the product for sale is a fully defined set of IT functions. The whole metaphor completes its 360-degree rotation, for what a customer of cloud service provider BlueLock called “service-as-a-product.”

A screenshot from The Cloud Market, a Web site that exclusively dishes up Linux and Windows Server images for Amazon EC2.

For Amazon’s Elastic Compute Cloud service (EC2), the server image market has not only matured; it’s already being franchised. The Cloud Market is an independent service for the marketing of preconfigured server images already prepared for EC2. Without even having to download the software locally yourself, you claim the image with the buildout you need; the transfer takes place between the Market and Amazon.com.

The Newest Subsidiary Market: Image Maintenance

Economists typically point out that a clear sign of a healthy market is the presence of  little subsidiary markets that sprout around it like mushrooms. In the cloud space, these new markets include some that were originally intended for conventional data centers, but which are finding new life in the cloud.

An established backup service named Zmanda is one example. Its recently announced Zmanda Enterprise 3.1 package is both mindful of cloud deployments, and uses Amazon’s EC2 as its own platform for disaster recovery. Making use of Microsoft’s Virtual Shadow Copy Service (which, for reasons too numerous to explain here, is abbreviated VSS), Zmanda effectively places backup agents in the midst of major middleware installations.

“To be honest, [backup] used to be much more complex than it is today,” admits Zmanda CEO Chandler Kant. “It used to be that basically you had to do some kind of reverse engineering based on what Microsoft was giving you, figure out what had changed, and extract it out. Today Microsoft provides VSS, and we interact with VSS to get live data out of Microsoft Exchange, SQL Server, and SharePoint.” Kant adds his software agents also can determine what data has changed at a more incremental level.

That’s not substantially different than other backup services. What is different is the disaster recovery component. Zmanda effectively uses the data acquired from those agents to enable an emergency image of sorts to be deployed on Amazon’s infrastructure, in case Zmanda’s clients go down (something which can still happen, even in the cloud). It’s not an easy setup process, so although documentation is available, Kant tells us, many customers often end up retaining Zmanda as a kind of auxiliary architectural consultant.

“Let’s say you have an internal private cloud, with Windows Server 2008 R2, and you’re backing it up to Amazon S3 (Simple Storage Service). You can create an instance of Windows Server 2008 R2 on EC2, and have that as your disaster recovery location. We do not charge extra for that, [but] if you want us to set this up for you, we will charge you a consulting fee.”

The Four Dimensions of Cloud Provisioning

With conventional servers, you pay not only for the mechanism but the space it consumes, the work needed to keep it functional within that space, the licensing of the software installed on it, and the upkeep and maintenance of that software.

By contrast, this new class of server images consumes four dimensions of configuration space, all of which are measured more granularly:

• Time: The memory required for each image to be hosted within the cloud data center, often payable by how much time the memory is actively available (what GoGrid calls the “gigabyte-hour”);
• Space: The bandwidth consumed by the image’s Internet connection during its normal course of operation, payable by the megabyte;
• Breadth: The storage necessary to host the database accessed by the software and middleware these images will run;
• Depth: The software that makes the image functional, typically including the operating system — for which Windows Server is rarely, if ever, the least expensive option.

As the first retailer to discover a viable formula for selling computing as a commodity, Amazon’s EC2 pricing is based on the size of the machine each image represents. The twist here — the concept that effectively launched this industry — is that you have to think of size in terms of time; Amazon charges for the relative bigness of its server images by the hour. EC2’s smallest “Standard” instance consumes 1.7 GB of memory, for which the Windows-based charge is $0.12 per hour; its largest “standard” instance consumes a full 15 GB and costs $0.96 per hour. (Amazon offers as much as 58% discount for prepaid, “reserved” instances.) Much higher memory instances are available on a separate tier, for a substantial premium.

Here is where you may find yourself actually making an architectural decision, for a higher memory instance in a high-bandwidth scenario may result in greater speed, which could result in efficiencies that pay for that premium.

One alternative to housing all that memory on one image could be apportioning a separate cloud-based storage unit (which you may have to do in a multi-image scenario anyway), although you may need to calculate in advance the extent of data transfer between your images and that storage unit. Any transfer that takes place over the Internet incurs a separate charge. For Amazon EC2, it’s $0.10 per gigabyte incoming (effective November 1, 2010) and $0.15 per gigabyte outgoing, for the first 10 terabytes. The separate data storage block (the “depth” in our dimensional metaphor) incurs $0.10 per gigabyte per month, plus an additional $0.10 per month for every 1 million read/write events.

“The ability to increase or decrease compute capacity within minutes, not hours or days, has been a game-changer in terms of cost, performance and business growth,” explains Amazon spokesperson Kay Kinton. “When computing requirements unexpectedly change (up or down), Amazon Web Services can instantly respond, meaning that developers have the ability to control how many resources are in use at any given point in time. In contrast, traditional hosting services generally provide a fixed number of resources for a fixed amount of time, meaning that users have a limited ability to easily respond when their usage is rapidly changing, unpredictable, or is known to experience large peaks at various intervals. As a result, companies either provision too little resources, in which case their customer satisfaction suffers, or too many resources, in which case they’re losing money by not being at full utilization.”

To be competitive against market leader Amazon, GoGrid charges nothing for incoming bandwidth. The size of its instances is measured in RAM-hours; and here, you have to be careful. Even though GoGrid’s marketing and its provisioning calculators imply that you can select server image sizes in increments of 0.5 GB RAM-hours, in fact, when you get to the part where you’re selecting a pre-provisioned image, you realize that Windows Server-based images (true to Microsoft’s specifications) are limited to 2 GB minimums. So the per-hour cost of running any Windows Server image on GoGrid makes it instantly preferable to prepay for one month’s run time ($199 on the “Professional Cloud” plan).

Holding Your Cloud Over the Provider’s Head

The personal service aspect — specifically, the upkeep of the data center hosting these images — is typically considered part of the package. The cloud server market is competitive enough today that no player should stoop to the level of rendering a service charge for availability.

“Amazon Web Services is able to aggregate hundreds of thousands of customers with every imaginable use case to have very high utilization of our infrastructure,” says Amazon’s Kinton. “AWS gives users a great deal of control and visibility into their environment. Users can choose where to place their data [and] run their applications; they can back up to multiple availability zones; and in the event of any service interruptions, they have access to a service health dashboard that gives regular updates on the service health. We also offer services that provide monitoring, auto-scaling and elastic load balancing for even greater resilience in building applications. . . Most customers tell us that our services are also more reliable than what they achieve themselves.”

Up-and-coming cloud service challenger BlueLock makes a similarly bold claim, but then raises Amazon’s bet. It’s willing to state that the business relationship between BlueLock and its customers gives them a more executable form of accountability that they don’t have with their own IT departments.

Boasts BlueLock director of sales engineering Bob Roudebush, “BlueLock specializes in managed IaaS cloud offerings which add a layer of people on top of that compute capacity, who are able to manage those hosted resources as well as — and many times better than — that company could on its own. Whether or not one takes stock in either of these assertions, the difference between hosting this in an outsourced data center versus one on-premise is the accountability aspect. With an outsourced solution, companies can have SLAs in place with guaranteed commitments and financial penalties of those commitments aren’t met. Typically a business unit (the R&D division, for example) wouldn’t have this ‘stick’ to use with an internal IT department.”

Elsewhere, we examine some of the more technically complex methods in which cloud service providers are extending premium tier services to enterprise-level customers, including effectively reselling a policy management service that originally sprouted forth from VMware.

Related Information From Dell.com: A Success Blueprint for the Efficient Enterprise.

On second thought, perhaps the stateless model for the Web wasn’t such a good idea. Sure, it made serving up hypertext easier. And it enabled the first model for distributed applications on a global scale that actually worked. But it’s left us with a significant problem, one so unique and complex that inevitably, enterprises like yours may need to solve it by making tough choices and rolling their own solutions.

True, the typical technology story is about some vendor’s new, or announced, or projected “solution.” This story is actually about a loophole, for which a Microsoft product manager recently told a conference there are “no absolute answers,” despite all the progress that company and others have made in reaching a common diagnosis.

It has to do with identity: in this case, how software attributes requests for resources to individual users. Without some notion of identity, of ascertaining who is making requests for data, modern applications cannot function securely — which today is the same as saying they can’t function. But the service models on which distributed applications depend do not attribute identity to users. They require added-on technologies to affix real-world identities to service requests. That’s where the problem starts.

Who Gets to Say Who You Are

All distributed, networked applications today are designed around simple Web services. In most respects, this model is efficient, elegant, and cost-effective. If all information processing were conducted not online but rather by mail (not the electronic kind), then the Web services model would look like any company’s basement mail room. Someone would open up envelopes containing forms sent and signed by customers requesting some information. If a sender filled out the form properly, the office worker would send her back another form containing whatever information she requested, or a simple rejection.

The assumption is that the mail handler would trust the identity of the return address on the corner or back of the envelope. After all, who would dare forge a false return address? In the old world of the postmaster, the problem of trust is resolved by certified mail, since naturally, everyone trusts the Post Office. In the  modern world of distributed applications (in which the Web now plays a critical role), there is no central Post Office.  In its place is a cluster of third parties, independent services that earn their living certifying — or rather, authenticating — the users of services such as Microsoft Exchange and Salesforce.com, and the providers of services such as PayPal and FreeCreditScore.com. In keeping with the trend of borrowing ominous sounding terms from science fiction, these third parties are called identity providers.

Two centuries ago, the evolution of the Post Office was driven by the need for consolidation — for one centralized, trustworthy service to shuttle messages between two points on the map. With the Internet as the backbone of today’s distributed applications, competition works against consolidation. The result is a plethora of competing solutions, with names that call up metaphors ranging from ballistic missile launchers to political action committees: SAML, SWT [pronounced “swat”], WRAP, WS-* [pronounced “W.S. Star”], Shibboleth, Liberty Alliance. Their simultaneous existence has itself given rise to a handful of competing proposals for how those solutions become interoperable.

The Promise(s) of Claims-Based Identity (-ies)

By design, and for simplicity’s sake, Web services are stripped down to simple request/response message pairs. Because nothing about these messages can be implicitly trusted, distributed applications rely upon identity providers (IdP) to examine the signatures attached to them, and authenticate their claims to identity. Without this basic bond of trust between the relying party (RP) and the IdP, all business conducted online today would disintegrate, and the foundation of modern online commerce would collapse. There is no safety net; this has to work.

The closest that Windows has come to a truly viable, efficient identity provision service is a system inspired by Web services. Claims-based identity is a kind of role reversal for the server/client model, wherein the client asserts its identity and the server (the RP), and in an effort to pin down that assertion, asks the client for data that can prove its claim. This challenge and response continues, perhaps indefinitely, until the RP is either satisfied or convinced otherwise. The data the client provides is verified against the database from the third-party IdP, whose identity has already been established, thus forming a bond of trust. Once the RP is satisfied, it grants the client a token — a nugget of XML-encoded data whose basic contents represent the IdP’s certification that the client is privileged to be using the services it’s requesting.

The concept of claims-based identity is at least a decade old, perhaps longer. As such, it’s had plenty of time not only to mature, but to be fruitful and multiply. There are now more than a handful of identity claims formats. The differences between them may actually be trivial, though they’re quantitative enough to render these formats effectively distinct and unique.

“That’s one of the challenges, to get everyone to agree on a protocol for passing these tokens around, and what are the tokens themselves going to look like, and how do I get them from point A to point B,” stated the co-founder of .NET developer training service Pluralsight LLC, Keith Brown, at a recent Microsoft developers’ conference — specifically, to a room full of IT professionals who had been invited to tell Brown, along with other Microsoft representatives, how they’re dealing with the multiple-format problem.

This has been going on for a decade,” Brown said.  “This started with SAML way back in 2000. These protocols have been developed, and the problem is that there are a plethora of them. Everybody’s got them,” he continued, before referring to a homebrew solution one of the attendees cooked up to solve the claims translation for his own company. “I’ve never even heard of it before. It’s ‘Protocol X.’ And the SAML guys have the SAML protocol stack; Microsoft has WS-*; there’s a new protocol out called WRAP; and SWT. There’s all these different protocols out there.”

A Token Solution, or Just a Token?

In recognizing that distributed software needs to be interoperable with other distributed software, multiple vendors have prescribed approaches to resolving each other’s problems, ways to trade incompatible tokens for compatible ones, embracing the even bolder ideal of identity federation. Now, major players like Microsoft, Oracle, Novell, CA, VMware, Siemens, SAP, and IBM (via Tivoli), plus new and emerging brands such as Ping Identity, Symplify, Radiant Logic, PortWise, and Entrust are all offering identity federation platforms, resulting in more ways to federate the various claims-based token standards than there are standards.

Everyone wants to be the identity federation, the “United Nations of Me.” Not just a member state in that federation, but its capital.

Microsoft’s play for the identity federation market began last November with its rollout of Windows Identity Foundation, essentially an API that provides a layer of abstraction between .NET-based Web services and the multitude of claims token formats with which they may have to interoperate, if they’re to effectively trade identity data with one another. That was followed up in May with Active Directory Federation Services 2.0, which extends its support of security token formats beyond WS-* to include Security Assertion Markup Language (SAML), believed by many to be the claims market leader, and the basis of Novell’s and CA’s product line.

When WIF and AD FS were first announced, Microsoft marketed them to systems developers as a way to “externalize” the problem of identity management, divorcing that topic from the logic of the applications they’re building. The key takeaway from their message was “Keep using WIF and the problem will migrate elsewhere.” Taken to its extreme, “externalizing” the problem could become another way to pass it down the chain — to make someone else deal with the architectural decisions imposed upon businesses by dueling identity systems.

“Claims-based identity is the identity layer that the Internet has been missing,” program manager Stuart Kwan told me last November. “Windows Identity Foundation is our contribution to making it possible to build applications that will plug into this missing identity layer, and make it really easy for you, so you don’t have to think hard about it anymore. . . Most developers don’t have the time to spend to become an expert in the SAML protocol. They just don’t. And what we’re offering to them is, you don’t have to. You just need to learn the programming model of WIF and claims-based identity, and you’re good to go. You can leave the, ‘What knobs should be turned and what underlying mechanisms are actually going to be used,’ to the IT professionals who are going to deploy and manage your application, who really do become experts in things like SAML protocol, or X.509-based cryptography.”

In retrospect, the notion of “leaving it to the professionals to fix” may not have been the most federation-friendly approach. The very next day, a group of those IT professionals who are going to deploy and manage your application, showed up at Keith Brown’s chat session, along with several security developers. There Brown, Kwan, and their colleagues got an earful. Politely, but firmly, the professionals related their stories of rolling their own solutions, creating their own federations between Exchange and Salesforce.com and SharePoint and Domino using duct tape and baling wire.

These are the people whose job it is to craft some way to literally federate the federations — to interoperate with all types of identity services platforms and parse every permutation of claims token format. They’re proud, but they’re not happy, and they’re demanding action.

There were unresolved questions about the limits of claim tokens’ functionality (could a token be used to claim a specific privilege, for example, and have that privilege be parsed across platforms?); whether claims can be used to authenticate the roles of users, including in Active Directory; and perhaps most importantly, what happens when the Web browser in the enterprise seals off access to identity functionality from within the “sandbox” in which Web apps run? The predicaments these implementers face, and gauging the progress Microsoft and others may have made in resolving them since that time, are topics for another discussion.

Related Information from Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter.

Identity management is usually thought of in terms of security. By properly assigning passwords, permissions, and such, you can help to protect your company’s computers from data loss and other bad stuff. But a well-managed identity management program can also help cut IT costs.

Unlike some management initiatives, especially in the area of security, the cost savings from a good identity management process are easy to quantify. They show up every place from support costs to licensing to reductions in audit costs. This makes identity management “low hanging fruit” for IT executives looking for fast, straightforward cost savings with a minimum of disruption.

Basically, identity management consists of making sure employees have the right permissions to let them do their jobs and don’t have access where they don’t need it. This is something you do even if you didn’t have a label for it before, although like any other IT process it generally works better once you’ve given thought to doing it right. With or without automated tools, identity management is fundamental to running an IT operation.

Identity management starts with assigning passwords to new users and includes adding permission to access the applications and data the employee needs to do the job. It ends when an employee or associate severs relations with the company, by an IT staff member making sure that person no longer has access to the company IT system.

This is undoubtedly the most common part of identity management. It also has a lot in common with being nibbled to death by ducks. The problem isn’t that provisioning, change, and deprovisioning is hard, or even that each instance of it takes a lot of time. It’s that there’s so much of it. By some estimates, as much as 40% of all help desk calls involve identity management issues.

The result is something that adds up to a significant cost over the course of the year. It robs both support people and end users of valuable time.

A good identity management system largely automates this process. The department supervisor or human resources person authorizes the changes and they’re made automatically. In the case of changes in permissions, the employees can often do most of it themselves.

However, that isn’t necessarily where a well-managed identity management program saves you the most money. Potentially larger savings come from adequately controlling identities and the associated licensing costs.

The most obvious part of this are phantom users: “Users” whose identities are still on the system long after they no longer need them. Typically these phantoms were employees who left the company, moved to different jobs, or contractors who are no longer working with the enterprise. Because of slip ups in record keeping or lack of attention to detail, these phantoms can hang around for weeks or months after they should have been killed, using up resources.

A more subtle but much more expensive cost associated with poor identity management involves unneeded software licenses. Since most large companies license their software on a per-user basis, each unnecessary software license costs the company money. When you consider that many systems have software with hundreds of dollars in licensing costs associated with the average employee, this mounts up fast.

There are really two parts to this problem. The easy one is the effect of phantom users. By killing those phantoms, or by more quickly deprovisioning users, you save licensing costs.

The other part is more complex but potentially saves a lot more money. That is: managing permissions more strictly so people who don’t need a software package don’t have access to it.

In a perfect world, identities are assigned on a case by case basis. Every person gets exactly the permissions he or she needs and no others. Except in the smallest enterprises that’s impossibly unwieldy, so permissions are usually assigned en masse. Often, employees are divided into classes with associated bundles of permissions.

The trick in this kind of identity management is setting up the classification scheme. You want permission classes that are broad enough to let everyone do their work but include the minimum of unnecessary permissions. Of course, setting up such a classification takes work; too many user classes become difficult for the IT staff to manage. As a result, there’s a constant tension between ease of use of the identity management process and granting precise permission bundles.

To get the most out of identity management, and to keep licensing costs down without burdening your support staff, you need to think carefully about which permission classes you create with what permissions that category of user needs. This is, in general a one-time effort that pays off in the end.

One popular way to handle classification is to establish a basic classification which includes software everyone gets, such as e-mail and antivirus, and create additional classes for more specialized needs, such as accounting. You also need to make sure you can easily add permissions for specific applications if needed on a custom basis.

Related Information from Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

“As far as companies actually having policies, it’s more rare than you would think – even for very large companies. Often they’re very limited and not customized – just pulled off the Internet,” says Alex Hamerstone, a security consultant at SecureState. He writes a few hundred policies a year in his role there.

Of course, security policies must start with the basics. “In most cases, IT security needs be neither radically complex nor confusing; common sense and basic protection are generally more than sufficient,” says James Quin, lead research analyst at Info-Tech Research. Policy #1, then, starts at the ground floor, with foundational requirements to end users that they utilize at least 7-character password protection for access to corporate resources, and that forbid employees to share passwords and user names.

Users also need to take proactive protection when they’re away from their systems, to protect data against insider activity as well as outside penetration. This seems obvious, but isn’t always followed. Policy #2: End users must lock up their desktops when they walk away from them. This policy not only helps prevent access to data by those with malicious intent, but also it’s just a sound precaution for avoiding accidental breaches in compliance requirements. So, it’s particularly effective in organizations subject to regulations securing consumer and patient data.

Tip: Technical controls matter a great deal to enforcing security policies. As an example, if you say you need a 7-character password in your written policy, you need to require that in Windows Group policy or other software that supports that. Erdman also points out that Windows 7 has much better security controls in important areas that IT can leverage to secure end user computing. AppLocker, for instance, is a set of control rules that administrators can setup which determine what applications certain users are allowed to run, he says, and BitLocker’s full disk encryption capabilities address the fact that data no longer lives securely in the data center but on traveling laptops’ hard disks.

Securing systems against breaches of industry or regulatory requirements, from PCI to HIPAA, is a reason to institute Policy #3: End users may not access their personal email accounts on corporate-owned resources. An incident at Ohio’s Akron Children’s Hospital last year sheds light on why: A man e-mailed commercial keylogger spyware to an ex-girlfriend’s personal Yahoo account, so that he could monitor her actions on her own PC, according to reports of the incident. But she wound up opening the message on a shared computer in one of the hospital’s departments and installed the program on that system. As a result the man was e-mailed more than 1,000 screen captures that included details of medical procedures, diagnostic notes, and other confidential information pertinent to more than 60 patients, reports said.

Encompass All IT-Owned Infrastructure…

That incident could have been prevented if employees at Akron Children’s Hospital understood a policy not to install any application on their desktops that hasn’t been IT-approved. But even if such a policy already exists in an organization, it can be made more current by making it clear that it extends beyond traditional PC systems. Policy # 4: End users may only install applications noted on the published list(s) of acceptable applications to any corporate-owned device. That includes desktop PCs, laptops, and wireless devices. Employees otherwise are strictly prohibited from downloading/installing applications to any of these devices. All other applications must be approved by IT before end users may download or install them. Employees are not authorized to download any unapproved software. (That’s a long one but you can’t be too careful when it comes to being clear here.)

Wireless mobile devices’ increased ubiquity and capability means that, in many respects, best security practices should be to treat them no differently than laptops are treated, says Quin. For example, “Encryption of the hard disk of a laptop is a great way to stop attackers from getting data by stealing laptops,” notes Steve M. Erdman, Hamerstone’s security consultant colleague at SecureState. So why not apply that same thinking and deploy encryption technologies to all portable computing devices containing restricted or confidential data? Or even to desktops that may contain a certain number of restricted or confidential data records?

Getting encryption technologies on board your systems is a job for IT and InfoSec, but IT also needs to create encryption policy for users. To that end, Policy #5 should require end users to take actions such as reporting any known, unencrypted restricted data that exists on portable or other computing devices to IT, and not to attempt to disable, remove, or otherwise tamper with encryption software.

…And Account For Non-IT Owned Infrastructure, Too

Security has to come into play from the very personal to the most public – and by that we mean the cloud. “There really are a litany of security concerns associated with cloud computing, ranging from insecure interfaces, to untrustworthy employees to risk of search and seizure,” says Quin. “Most of these issues revolve around an enterprise’s relinquishing of control (i.e. the lack of control of how interfaces are coded, lack of control over employee screening processes, lack of control over data storage paradigms).”

Fortunately, at least one of those can be addressed with a policy measure. Policy #6 should mandate that leadership in business and IT units should use the cloud only for storage and processing of non-confidential, non-proprietary data, to use the cloud most safely. (That refers only to data that you can afford to lose, Quin explains).

To really ensure your polices are effective and enforced, educating your end users must be a priority. Train them about the risks, help them understand what threats look like (such as suspicious emails), and tell them they should keep IT in the loop when something concerns them. Says Hammerstone, “If they don’t understand why policies are in place, they tend not to follow them or to look for ways around them…. If they understand why, they tend to be more receptive,” he says. “They don’t think of it like ‘the man’ coming down on them.”

Related Information From Dell.com: Create a Network Roadmap.

“Virtualization lengthens the rope for a company to hang itself,” says Gregory L. Smith, senior product architect at DR vendor SunGard Availability Services. “A poorly set up virtual environment or one with a sub-optimal recovery strategy may leave a client in a much worse position than prior to the virtualization.”

It’s vital to know what virtualization can – and cannot – do for DR efforts.

License Agreement Snafus: Virtualization can’t magically change license agreements. “If your licenses are tied to specific hardware or not supported on virtual systems – as many are – you may be out of compliance using virtualization for DR,” says Andi Mann, vice president of Product Marketing at CA Technologies.

Customized Hardware and Compliance Issues: If you have systems and applications requiring very specific or customized hardware with high resource consumption (CPU, memory, etc), you may not be able to use virtualization for all recovery systems. “Certain clustering and load balanced scenarios may be better enabled with physical systems, as well,” explains Dave Shackleford, a security and virtualization consultant and a 2010 VMware vExpert.

“Organizations with extremely sensitive security or compliance requirements may opt to use physical systems for recovery to ensure the maximum possible segmentation or separation between systems, applications, and data,” he says.

Near-term Budget Issues: It costs more to buy virtualization products and services than it does the traditional alternatives, although total cost of ownership for virtualized products is significantly lower. Additionally, the front-end costs are dwarfed by the value of saving the enterprise from complete failure or lengthy delays caused by a disaster. Still, you’ll need to spend some money upfront for virtualization.

Virtualization Doesn’t Replace Backup and Storage Needs: “IT managers will need to make sure there is ample storage for the VMs and provision sufficient resources (memory, CPU, bandwidth),” advises Koka Sexton, manager of business development at Paragon Software Group, a global data security and storage software developer. “Make sure you build virtualization into your DR plan with regular backups and redundancy as you would with any other DR plan used.”

Virtualization Won’t Address Priorities for You: There are as many levels of DR as there are IT infrastructures. There is data you’ll need to recover instantly and data you’ll need later. Risk acceptance also varies by department and data set. All of these priorities must be determined at onset of virtualization. Otherwise, virtualized sprawl will complicate recovery efforts. Unfortunately, internal politics can make prioritizing a more complex issue than simply weighing data value.  “Determining the appropriate technology is actually the easy part,” notes Jeff Nessen, practice director of Platform Virtualization at Logicalis, an international provider of information and communication technology (ICT) solutions and services. “An often more difficult challenge is negotiating internally what levels of risk different departments within an organization are willing to accept for their applications and data.”

Virtualization, like any other technology, is a tool, not a goal. In this case, however, the tool is exceedingly handy and its uses are numerous. Still, use virtualization only if you have a real reason to – otherwise leave it alone.

Remember, as Mann puts it, “Virtualization is not a silver bullet, for DR or anything else.”

But then again, was a silver bullet the thing you were looking for – or did you just want to make DR a little faster and easier? Go into it with open eyes and practical approaches, and virtualization will deliver.

Related Information From Dell.com: A Smarter Path to Virtualization.

“While it is tough to justify shelling out the extra dough for a top-of-the-line processor, it is well worth it on the day that your processor fails,” says Jerry Melnick, CTO at Marathon Technologies Corporation, a provider of automated, fault-tolerant, high availability software for Windows applications.

“Many IT staff are working with constrained budgets and therefore have to buy lower priced equipment,” he says. “This equipment is more likely to see failures, increasing the likeliness of future problems.”

However, there are ways to cut costs in DR without jeopardizing the enterprise. You just need to know where to slice and where to steer clear.

Where Not to Skimp

Don’t guess where to cut: Know! “The best way to determine where financial resources should be dedicated is to conduct a business impact analysis,” says Simon Kissler, executive director and director of technology at Indiana Higher Education Telecommunications Services (IHETS), a consortium of Indiana’s public and private higher education institutions, state government agencies, public libraries, public broadcast stations, and K-12 schools collaborating to advance the education and public service activities of its members through shared technology and eLearning services. “This process will identify the most critical components of the overall system, their tolerance, or lack thereof, for downtime, and create a logical mapping of where dollars should be dedicated and where an organization may be able to skimp.”

Never skimp by using common components in the physical network hardware. Dual-ported network cards share common hardware logic, and a single card failure can disable both ports, advises Melnick in one example. “For full redundancy, you need either two separate adapters or a built-in network port combined with a separate network adapter,” he says.

Have a telephone disaster recovery plan. Customers need to reach you and the telephone is a common touchpoint, especially in emergency situations. Make sure phones are answered and messages are properly forwarded to your company during and immediately following a disaster. Don’t assume Internet telephony will save you, as it too is vulnerable to connectivity outages. Make sure you have a full telephony DR system in place.

Make regular and frequent data backups. Be sure that data is automatically backed up on a frequent and regular schedule. Otherwise, you may recover old and worthless data during an actual emergency.

“There are two methods for replicating data across sites,” explains Melnick. “One method is to tightly couple redundant servers across high speed/low latency links, to provide zero data-loss and zero downtime.” The other, he says, is to loosely couple redundant servers over medium speed/higher latency/greater distance lines. “This provides a disaster recovery capability where a remote server can be restarted with a copy of the application database missing only the last few updates. In the latter case, asynchronous data replication maintains a backup copy of the database.”

Where to Cut Costs

Use virtualization technologies. These are cheaper to use technologies that often maximize bandwidth, and make data accessible from any device anywhere. “Well planned virtualization as a disaster recovery strategy significantly reduces, or in some cases eliminates, the need for secondary hardware, creating a many to one relationship,” says IHETS’ systems security engineer, Brandon Beale. “Capital cost savings can be substantial.”

Guard against an under/over vendor purchase. Do your homework. Many vendors use the same terms but mean very different things. Make sure you know what you are buying and how it fits your actual needs. “For example, if you plan for a 24-hour recovery time objective (RTO), but your application and business needs require a four-hour RTO, then your plan – at any cost – will not be successful in meeting your requirements,” says Jim Grogan, senior director at SunGard Availability Services. “Alternatively, if you develop the capability to recover in two hours, but your business processes really only needed 24-48 hour recovery, then you have likely invested in premier services that were not needed.”

Plan personnel to prevent staff shortages and payroll overages. Identify a core group of key employees as “first responders.” Make sure you have enough people to schedule relief after reasonable work periods and to prevent as much overtime and human exhaustion as possible.

Additionally, plan for reserve employees as backup for key employees who may be hurt in the disaster or otherwise unavailable for duty. A common mistake is to identify key personnel initially but not to appoint a replacement if one or more of those individuals leave the company. The time of disaster is not the time to discover necessary staff is not in place or that sufficient training was never done. “Without the structure of an existing plan that has been validated in both practice and in meeting the business requirements, an ad hoc response can make matters worse rather than advancing any recovery effort,” says Grogan.

Ineffectiveness costs far more in the end than whatever you think you saved in the beginning.

“If a DR program is not effective, then any investment of time and resources become wasted investments,” says Grogan.

Related Information From Dell.com: Create a Network Roadmap.

In fact, a misstep in cloud use can totally train wreck your DR efforts. So, when is it wise not to use the cloud in DR? We asked three top experts to give you their tips.

Andi Mann, vice president of product marketing at CA Technologies, an IT management software and solutions company that serves Fortune 500 companies: A few scenarios come to mind. For one, workloads that have large data volumes may be difficult to recover to a cloud, especially an external or public cloud. The need to transfer big data volumes can simply make external recovery impractical, if not impossible. Local or private cloud recovery will not always have the same issues, but even across a high-speed WAN, inter-data center recovery may still take too long to be useful.

Workloads that have strict compliance requirements may not be appropriate for cloud recovery either, depending on your cloud destination. If you are recovering a customer payment application to a public cloud, for example, you may not be able to maintain PCI-DSS compliance; if you are recovering a health care patient data application, you may not be able to maintain HIPAA compliance. This may force internal or private cloud recovery, but you may be able to work with an external provider to ensure compliance.

Workloads that depend on specific hardware – like industrial equipment, barcode scanners, or graphics chips (e.g. for design applications) – may also pose significant challenges. Mostly, such hardware requires a local hard connection or specific device support, and cloud systems depend substantially on hardware independence. These types of workload may therefore require a specific and dedicated selection of hardware for failover and recovery purposes, which makes cloud DR more difficult, though not necessarily impossible.

Lawrence Guillory, CEO of Racemi, a provider of rapid imaging and cloud migration solutions: Core business data, for now, is not something you want residing outside of your business. We believe you should first use the compute power for all of the different use cases where public clouds make sense, and until you have the processes and security well accepted and the risk well mitigated, you should not consider allowing core business data to leave your own IT services.

And even then, we believe it should likely remain on-premises where you can maintain 100% responsibility for the security of your core business data.

Michael Miora, president and founder of security and disaster recovery consultancy firm, ContingenZ Corporation, author and a professor at Norwich University’s Masters of Science in Information Assurance and Masters of Science in Business Continuity programs: If you are an organization with multiple and geographically dispersed locations, and have sufficient storage at each location so that you can replicate all the information in multiple places, then your best option may be to store data in multiple at your own locations. This way, you stay in complete control.

Related Information From Dell.com: Dell and Cloud Computing.

Consumer electronics and computer vendors used the Consumer Electronics Show this past January to launch USB 3.0, an update to the popular standard external data transfer interface. The new speed of USB 3.0 generated a lot of interest.

The Universal Serial Bus (USB) has done wonders for creating a standard interface on PCs. Prior to the USB port, PCs were a mishmash of various proprietary ports, often single-vendor efforts. There was no effective means for transferring files between two PCs. If you’ve been around PCs long enough, you remember LapLink, for transferring files between two PCs, a popular application that relied on proprietary software and a thick cable connected to the serial port.

USB freed us from proprietary solutions, proprietary software, and perhaps best of all, bent pins. Ever bend a pin when plugging in a PS/2 mouse or keyboard? It’s a recipe for a bad hardware day.

The USB standard has had long lags between revisions but made up for it with quantum leaps in speed. The first version shipped in 1996, and featured a data rate of 12 Mbits per second. USB 2.0, released in April 2000, specified 480 Mbit/s, a forty-fold increase over the 1.0 specification.

USB 3.0, also known as SuperSpeed USB, has throughput of up to 5 gigabits per second. That’s even faster than the 3Gb/sec of SATA hard drives and 1Gb/sec. of high-end networking in the home. There’s 10Gb Ethernet, which has no mass market use, and is meaningful only in data centers – not on an enterprise laptop. So unless you have one of those new 6Gb SATA drives, you won’t max the speed of a USB 3.0 cable.

As a more direct comparison, it would take 14 minutes to transfer 25GB of data over USB 2.0, but just four minutes with USB SuperSpeed.

USB is standard on every PC that ships these days. Even though yours has USB 2.0 built-in, add-in cards support USB 3.0, and there are PC Card cards for laptops as well. You can buy a PCI card with two ports for as little as $39, and a host of external drives and case enclosures. If you’re into building systems, there are also motherboards with USB 3.0 as well.

External storage in particular has embraced USB 3.0 because the new hardware standard finally allows for external drives that can operate at a speed comparable to internal drives. A USB 3.0 drive wouldn’t  require an external power supply, drawing power for the drive through the USB cable. Old external drives using USB 2.0 usually required an external power supply; in some cases, they used two USB 2.0 ports at the same time to get the power and throughput they needed.

USB 2.0 was such a bottleneck that a stopgap was introduced called eSATA, which allowed for external drives that used a SATA hard drive interface. Well, USB 3.0 pretty much that out to pasture.

What’s New?

The USB Implementers Forum, which coordinated development of the spec, used the same physical plug with both USB 1.0 and USB 2.0, so it was possible to plug a 1.0 device into a 2.0 port, or a 2.0 device into a 1.0 port. In the case of the latter, the USB 2.0 device simply ran at 1.0 speed.

But with USB 3.0, even though the plug looks the same, the cable has extra wires. Because of this, it will not work in a 2.0 port. The edge of a USB 3.0 plug is colored blue so you know it’s a 3.0. The USB 3.0 cable has nine wires, compared with the five in a USB 2.0 cable, even though it’s the same thickness.

Likewise, the end of the cable that connects to a USB device, such as a printer or external drive, is also different from the old USB 2.0 connector. Because of this, you can’t use USB 3.0 cables to connect USB 2.0 devices. Also, if your drive, scanner, printer, camera, or whatever is a USB 3.0 device, then you must use a 3.0 cable.

On the plus side, you will be able to plug USB 3.0 devices and cables into the USB 2.0 ports on your current computer, but you won’t get the speed advantage.

With nine wires, USB 3.0 has two additional lanes of traffic for data, and the traffic can flow bi-directionally. USB 2.0 can only do single-direction transfers. If a device and computer were to send data back and forth, the two devices had to take turns exchanging data.

Also, USB 3.0 supports asynchronous transfers between devices. In USB 2.0, the host controller had to ask for data and then the device sent it. Imagine you want a book from someone. The USB 2.0 way would require you to ask for the book’s contents one page at a time, and would request each page one after the other. The USB 3.0 way simply hands you the book.

Power to the USB

USB 3.0 SuperSpeed has a higher power draw. A USB 3.0 device can get up to 50% more power through the port than through 2.0. This permits powering much more powerful devices instead of just little thumb drives or small digital cameras.

But another big change in USB 3.0 is very important: They ended a feature in 2.0 called polling. When a USB device is plugged into the port, the computer keeps polling the port. This keeps the device and computer from going into low power states and drains the battery at a faster rate. That’s not big deal on a desktop, but on a laptop it matters.

At one time or another you probably used a notebook running on battery power, then plugged in a USB device and left it there. Next thing you knew, the battery was at 20%. That’s because the computer kept polling the USB device, sucking up its battery power.

USB 3.0 will be interrupt-driven, so if nothing is happening with the device, the machine doesn’t poll it. If you are working on a Word document, it won’t poll the device until you actually read or write to disk. This will allow the CPU to go into a low power state and thus preserve battery life.

Your Move, Intel

Intel is a member of the USB working group but has been rather quiet about USB 3.0. In late 2009, Nvidia (no friend of Intel), told anyone who would listen that Intel would not put USB 3.0 support in its chipsets until 2011, and Intel chipsets are dominant in the x86 market (unless you go for AMD).

Later, that rumored delay date was pushed out to 2012. The motherboards and add-in cards you see now with USB 3.0 use chipsets from NEC, and other vendors are reported to be so frustrated with Intel’s foot dragging that they may do their own.

So why would Intel sabotage an industry effort in which it participates? Most likely because it has its own solution in the works, called Light Peak. Intel first showed it at the Intel Developer Forum (IDF) in September 2009 and gave an update in June of this year.

Light Peak is a fiber optic wire connection. It uses the same size connector as USB but the wires are thinner than a shoe lace, as opposed to the rope-like thickness of USB. But much more important: Light Peak can transmit data up to 50 meters. USB tops out at five meters, and that’s pushing it.

The other plus of Light Peak is its speed. It can transmit 10Gb of data per second bidirectionally, twice that of USB 3.0. At the June update, Intel showed it running on a laptop computer, streaming high-definition video while transferring multiple gigabytes of files at the same time.

Would Intel favor Light Peak over USB 3.0? Why not? It has a technically superior product that could easily be used inside computers as an alternative to the much slower SATA as well as external connectors, and Intel would get all of the royalties instead of sharing them with a consortium.

They aren’t hurting the industry by not producing a USB 3.0 chip, just inconveniencing it. Other vendors are making USB 3.0 chips, after all. And USB 2.0 is so entrenched it will take a while for mainstream support to come about.

Windows 7 does not have USB 3.0 support in it yet. There are rumors Microsoft will add native USB 3.0 to the first Service Pack for Windows 7. Currently, the USB 3.0 support requires drivers from the chipset maker, but Microsoft will reportedly make it native with SP1. The beta still has not been announced as of this writing, so at this point it’s all conjecture.

The future is going to be much faster. Which road we take is not entirely clear. It all depends on what Intel chooses to support. As a major supplier of chipsets, the direction it takes could be make or break, or at the very least a headache for one side.

Related Information From Dell.com: Create a Network Roadmap.

Most enterprises use server virtualization because an organization’s most critical resources are usually server based. “Critical business services, customer-facing applications, partner-oriented systems and data, etc. are all housed on servers, for the most part, so ensuring these are highly available is usually a top priority from a risk management and mitigation standpoint,” says Dave Shackleford, a security and virtualization consultant and a 2010 VMware vExpert.

But desktop virtualization is also useful, and the two kinds of virtualization often work better together than apart.

“Now more organizations are starting to leverage desktop virtualization to minimize standalone workstation costs and management overhead,” adds Shackleford. “For organizations with largely autonomous users who store important data on local desktops, the use of desktop virtualization can be a cost-effective way to improve centralized backup and accessibility of their data, which would need to be available in a disaster scenario as well.”

That is not to say that companies are rushing to deploy desktop virtualization. “As most larger enterprises discourage local workstation storage today, this is a somewhat slower area to emerge,” explains Shackleford.

There is compelling reason to ditch desktop device reliance. Desktop devices are easily destroyed in disasters, information stored only on these devices can be lost or stolen, and information on desktops can be noncompliant with regulations or company policies and thus a cesspool of trouble for enterprises.

Being able to see, retrieve and manage client-side data is a darned smart and safe thing to do. “With a client/server model, the complexity for disaster recovery increases dramatically,” says Gregory L. Smith, senior product architect at DR powerhouse, SunGard Availability Services. “With the introduction of virtual desktops into the enterprise ecosystem, the client/server interaction can be recovered by IT with no client- side work needed.”

Microsoft Windows 7’s desktop virtualization “may be the bridge necessary to allow greater adoption of virtual desktops in the enterprise,” Smith says. Microsoft Enterprise Desktop Virtualization (MED-V) will allow Windows 7 to act as Windows 2000, Windows XP, or Windows Vista for specific applications. “The ability to deploy a universal desktop and move it with the server aspects of an environment may help dramatically reduce the complexity of recovery,” he says.

Certainly, desktop virtualization can substantially speed recovery times.

“For example, many companies have access to SunGard DR stations, but without desktop virtualization, the employees just have a computer to work on,” explains Mike Strohl, president of Entisys Solutions, a top-tier consultant and integrator of datacenter and desktop virtualization solutions. “With Windows 7 desktop virtualization, they will be up and running within minutes, using their personalized desktop and applications, in the same operating environment as they are accustomed to, from the SunGard, or whatever workstation they have chosen,” he says.

Companies have alternatives to Windows 7 for desktop virtualization. Products including VMware View and Citrix’s Xen Desktop provide a means for end user content and settings to be stored on a central device.

“I would expect that desktop virtualization delivered from an organization’s data centers will be a more popular choice than virtualization within Windows 7 itself,” says Martin Ingram, vice president of strategy at AppSense, a leading provider of user virtualization for the enterprise.

However it is achieved, desktop virtualization is increasing in popularity as an important part of the recovery strategy whereas server virtualization is considered a cornerstone in the DR effort. In most cases, using both will achieve the best results.

Related Information From Dell.com: A Smarter Path to Virtualization

Managing Bond was no picnic for the head of the Secret Service, “M,” who tried to enforce strict control and to communicate clear objectives, but Bond always got the job done—his way.  And he managed to stay employed through dozens of novels and movies (not to mention seven actors).

While today’s manager may not be willing to grant a mobile worker a license to kill, she still needs to clarify objectives, maintain channels of clear communications, and evaluate whether tasks were completed and deliverables obtained—holding  the worker accountable for the results.

In many ways, the mobile world parallels that of Bond. To accomplish the mission you need to pick the right people, give them the necessary tools, and let them use their best judgment and resources in the field. Then, evaluate the results in ways that don’t always fit neatly into a spreadsheet.

Bond is no longer an anomaly.  By next year almost three-quarters of the U.S. workforce is anticipated to become mobile [pdf] in some fashion, says IDC, along with one-third of the world’s workforce.

So how would the tactics of Bond’s “manager,” M, translate into getting a mission accomplished and holding her rogue agent accountable in today’s remote workplace?  We can focus on three main areas:

• Setting clear objectives
• Providing the necessary resources
• Granting trust and autonomy (with verification)

Set Clear Objectives

A major aspect of getting positive results from your mobile workers is setting expectations realistically and communicating them clearly when you seek accountability. Coaches Roger Connors and Tom Smith, authors of the bestselling books The Oz Principle and How Did That Happen talk about an accountability paradox: the more you enforce standards of accountability, the less accountable and more resistant employees become.

Connors and Smith emphasize the need to keep expectations consistent and aligned with organizational goals, make sure they are achievable, clearly communicated, and then they can be measured and evaluated. That’s true for all employees, but especially so for remote workers and telecommuters.

The following areas need to be clearly defined:

• Tasks and behavioral objectives
• Metrics for completion of tasks/success
• Specific deliverables and deadlines

The coaches stress that managers should “Never play the blame game. It’s not productive and will only give everyone else in your organization permission to waste time and energy on something that yields no results. Remember, what you create accountability for is what you get.”

Provide Resources

In the Cisco report, Understanding and Managing the Mobile Workforce (PDF), Stuart Duff (occupational psychologist at Pearn Kandola) wrote, “Managers must not fall into the trap of treating mobile workers in the same way as office-based employees. They need to be effective communicators and relationship builders with an adaptive management style that they can tailor to the personalities within their team. Organizations must also ensure that the right tools and resources are made available to mobile workers, giving them the same connectivity as office-based workers.”

The study emphasizes the need to provide mobile teams with the communications technology they need to reduce a feeling of isolation. In Bond’s case, Q the gadget man anticipated this aspect of remote activity, although Bond would frequently shed the device de jour and act autonomously to save the day—as you may recall Bond tended to have female companionship to reduce his feeling of isolation.

Peter Linkow, president of WFD Consulting, advises creating a three-part support network for work support, career support, and psychosocial support for remote workers. Work support is normal management supervision, while career support is essential to make mobile workers feel like part of their organization and not “invisible” to the home office.  Psychosocial support involves “acceptance and confirmation” of their efforts.

Linkow is also an advocate of regularly scheduled communications — but without micromanagement­­ — focusing on results and not methods.  He says that effective managers are religious about maintaining consistent connections and “being open with feedback and coaching.”

Grant Trust and Autonomy (with Verification)

In his whitepaper, The Top Ten Strategies for Managers of Mobile Workers: Surviving and Thriving in the Emerging Mobile Workforce, Terrence Gargiulo goes through the following methods managers can use to ensure that deliverables and deadlines are met:

1.              Focus on building relationships

2.              Streamline communications

3.              Incorporate less didactic forms of communications

4.              Spend more time listening

5.              Let mobile workers define communication and reporting practices they want to follow

6.              Manage deliverables not activities

7.              Engage in more frequent and informal performance management activities

8.              Give complete trust until given a concrete behavioral reason to do otherwise

9.              Use adaptive management styles tailored to individual workers

10.           Leverage technology

Gargiulo’s strategies emphasize the need for managers to be systematic in their communications and open to feedback from workers as to the means by which they communicate. Managers should implement a communications plan that has buy-in from all participants, calls for specific interaction at regular intervals, and is re-evaluated periodically, so that milestones and issues can be effectively tracked. Gargiulo suggests that to ensure accountability the manager “treat these employee-defined practices as privileges that can and will be modified if key performance metrics are not hit.”  Managers should also let workers know that projects occasionally “require less flexible, employee-driven communication and reporting practices.”

A communications plan that supports accountability might include regular e-mail, IM, an online status conference, memorandums, customer surveys that evaluate performance, or even social tools like blogs and private networks. Creative techniques using anecdotes, stories, videos and other less structured forms of communication can keep a manager in the loop and also provide remote workers with a sense of freedom and participation.

Gargiulo contends that these strategies allow managers to maintain a sense of authority, while also freeing up their own schedules. That lets the manager concentrate more on planning and strategic initiatives, something that Bond’s boss, M, would certainly appreciate, giving her time for lunch with the Queen.

The Digital Nomads blog has a wealth of information on increasing productivity by mobile workers.  Steve Litchfield wrote, “Make sure targets are set each day/each week for your nomadic staff. As with any employees, they need to know that ‘you’re on their back.’ Not necessarily in a heavy handed way, but with enough sense of communicated urgency that the priorities filter down into their hourly activities. There has to be some sense of guilt when a nomad veers too far in the ‘email/coffee/Bejewelled’ direction. And, of course, targets needed to be daily/weekly checked, discussed and revised.”

In his book, Keeping Employees Accountable for Results, Quick Tips for Busy Managers, Brian Cole Miller presents a six-part plan for effectively getting employees to conform to business policies. He calls it “SIMPLE”:

• Set Expectations: clearly documented
• Invite Commitment: buy in to benefits personally and for organization
• Measure Results: make them quantifiable
• Provide Feedback: share your own information
• Link to Consequences: not blame or punishment but guidelines and (re)focus
• Evaluate Effectiveness: hold yourself accountable along with the team

No matter what the technology may be for deploying and monitoring such behavioral strategies, they are the basic concepts to follow for holding workers accountable for meeting the manager’s expectations and ultimately achieving the organizations objectives.

If you have an operator like Bond on your team, of course these behavioral strategies may need to be modified to account for games of Baccarat, car chases through Monte Carlo or skydiving in the Alps; but for the ordinary sales or service remote worker, Miller’s concepts can foster conformity to procedures and ultimately accountability.

Learn from Social Media

Social media did not exist at the time of James Bond but it has a lot to teach us about giving employees incentives to embrace corporate objectives and building relationships that foster accountability.

One of the best examples from the world of social media is Blue Shirt Nation, an internal social network developed by two marketing gurus at Best Buy, as a way to research issues of customer service. As Gary Koelling and Steve Bendt interviewed employees, they discovered an unanticipated eagerness to participate and share information that eventually grew into a worldwide social network – in which Best Buy employees freely and actively improved the level of service.

This only happened because savvy upper level managers recognized what the marketing folks were doing. They invested in the network both financially and emotionally, and more importantly listened to the workers’ concerns and ideas, making sure that their input was put into practice.

Managers of remote workers can learn a great deal from how a vibrant social network works and connects people, and they need to do so because the Internet is their lifeline of communication. Of course, implementing clearly defined social media policies is a fundamental part of any such strategy, so that remote workers clearly understand what they can and cannot post online.

Today’s remote worker has plenty of tools with which to communicate with the main office, but how she fulfills her responsibilities still comes down to managing behavior and not just handling technology.  While Bond gave his manager (and audience) many anxious moments about whether he would succeed in his mission, M’s confidence in her rogue agent—how he would perform outside her immediate range of control—came down to handling him correctly.

With respect to road warriors or telecommuters equipped with a company laptop or PDA, successful management means defining expectations clearly, giving them the support and resources they need both technically and emotionally, and finally giving them a trust-but-verify sense of autonomy with which to perform their tasks.

Related Information From Dell.com: Dell and Cloud Computing.

Why would you want to run Linux on the desktop? The largest driver is cost, with secondary motivators including Linux application support and developer needs. Users now have increased Linux exposure, with implementations on netbooks, notebooks, and desktop systems. Younger users are more likely to be familiar with Linux.

The Linux operating system often costs nothing and is available as a re-distributable download. Some Linux distributors charge for media, proprietary drivers and software, and organizational user support above Linux community online forums, which are often specific to the distributor and Linux version release.

An application called a desktop hypervisor is needed to run Linux concurrently with Windows 7. Microsoft provides a desktop hypervisor called Windows Virtual PC 7 that’s designed for running Windows XP XP3 on Windows 7, but it can be used for minimally functional concurrent Linux hosting. The only interaction you’ll get between Windows 7 and any Linux version using VPC7 is at the file level. It’s not recommended for a useful Linux sampling.

Other vendor’s desktop hypervisors are available with a higher degree of feature support for Linux. The base prices range for slightly stronger Linux support found in Oracle’s free VirtualBox, through Parallels Desktop 4 at $79.99 that has a very high, almost transparent integration between many Linux guests and Windows 7.

Organizational Deployment Considerations

As with any guest operating system, management/administrative overhead increases for each user of the guest OS. Each user has two operating systems that IT needs to support, the Windows host OS and the Linux guest. Additional costs include malware and anti-virus costs for the guest OS, and organizational training and application support/licensing costs for guest OS applications and use, although base costs for Linux applications is often free.

Each guest OS used represents a newly supported instance, and therefore, costs associated with inventory, application licensing tracking, problem remediation/helpdesk costs, and lifecycle considerations—as well as compliance, audit, and systems security.

Sampling

Ubuntu and Novell SUSE Linux Enterprise Desktop are strong choices for enterprise desktop Linux deployments. Both have customer support communities and paid support. Both products are free to license. (Although Novell charges for some proprietary software pieces, there is a free version). Both are full-featured releases that can be installed in normal or minimized-footprint forms.

The PC needs room for the guest OS. In a 4GB-based system, at least 1GB of memory and 20GB of hard disk set-aside space should be allocated for each user machine. The guest OS will be compatible with most Windows 7-based hardware components and network connections—if the hardware is up-to-date. Certain features, such as Bluetooth, wireless cellular, and USB connections can be directly allocated to either Windows 7, or the guest OS. Here, the weakness of integration in VPC7 shows, as it’s unable to give Linux guests advanced sound features, Firewire, and a list of other peripherals to Linux. By contrast, desktop hypervisors from Oracle, VMWare, and Parallels give most peripherals automatic (or by selection, exclusive) access to most all peripherals. It’s advisable to check if specific printer, webcam, cellular modem, and other connected peripherals will be able to be linked to the Linux version you select; they’ll need Linux driver support. Most popular peripherals (but not all) have Linux drivers available. Your PC hardware vendor is the best source for peripheral driver compatibility.

Installation of Linux isn’t easy under VPC7, requiring advanced installation steps and preparation. By contrast, Parallels Desktop 4 for Windows and Linux is an example of a desktop hypervisor application that’s less difficult with Linux than Microsoft’s VPC7. It knows both Ubuntu and SUSE by name and can install the web distributed versions simply, although customizations for both are available to add-in organizational software selections as well as corporate logos and links if desired.

PD4WL integrates Linux  into the Windows 7 GUI in a method that Parallels calls “Coherence.” Coherence allows the Windows 7 user interface to show and run Linux applications as though they were native Windows 7 applications, although the behavior of the Linux apps won’t completely match the behavior of Windows applications for users. The PD4WL also allows the guest operating systems to be distributed to users for easy installation.

VMware Workstation 7.1 is similar to Parallels Desktop, allowing users to intermingle Windows 7 UI features like Aqua as well as Flip 3D when using Linux programs. The experience for both desktop hypervisors is far more seamless than the distancing found in Windows Virtual PC as VMWare Workstation 7.1 supports Windows UI-Linux UI integration as well as user-selectable peripheral integration.

Finally, Oracle, through its acquisition of Sun, offers VirtualBox, which has the current benefit of being free, while running largely the same guest operating systems choices as Parallels and VMware. While not as feature-filled as Parallels and VMware, VirtualBox works solidly, and Oracle continues to support its use and development. Oracle also offers paid support for VirtualBox, as well as free support on the VirtualBox community forums.

Security and Administrative Policy

Each instance of a guest operating system must be protected separately from its host operating system. If the guest OS is unprotected, it represents a hole in security and manageability. While many Linux versions, including Ubuntu and SUSE Desktop, are compatible with Active Directory Services, these Linux guests must be configured to adhere to organizational security; default settings won’t work. Indeed, if a network is secured through Microsoft’s IPSec VPN protocol, the use of Linux editions requires a slight lowering of overall Active Directory security, or the introduction of third-party tools to allow Linux to adapt to Microsoft’s IPSec requirements. This will change as the Linux-Active Directory adaptation software, SAMBA, releases its new version this year.

Additional Microsoft security protocols, such as network admittance controls (NAC), have to be modified through the use of third party tools to allow Linux operating systems to be admitted to the Microsoft Active Directory where NAC is implemented.

Patches and fixes for Linux guests can be administered automatically where permitted by the Linux guest operating system. Ubuntu and SUSE Desktop both have this feature enabled by default. The network traffic generated, however, can trip Intruder Detection/Prevention software, as the sites where updates are found are occasionally black/grey-listed by these security applications.

Enabling Positive Experiences

Planned rollouts of Linux require planning to standardize the initial experience, training, helpdesk and support, provisioning, and application payloads. IT managers should consider a shakedown period.

The initial experience of users requires training and provisioning of things like organizational logos on desktop wallpaper files, icons representing website or application destinations Consistent experience reduces support calls. Nothing, of course, replaces initial training and self-support links to which users can refer to help themselves.

Helpdesk workers need to be trained on Linux support. They aren’t likely to understand Linux foibles. Help desk personnel need training to prevent their call centers from lighting up like the Fourth of July during a Linux rollout.

Part of the success of Linux has been a diversity of free sources of software for users. Limiting initial application choices (by policy, and even controlling outbound access) also confines support for the applications—usually office automation tools. Great initial choices include Oracle’s OpenOffice for word processing, spreadsheet, presentation graphics, database, and math equation editor. Online apps like Google Docs might prove sufficient. Training for both is recommended where budgets aren’t as dry as the Sahara.

Online applications—cloud apps—may not be suitable for organizational Linux users until the application providers have been vetted according to organizational policies regarding security and audit. Further information regarding security, compliance, and audit procedures can be found at ISACA, which has regional chapters devoted to IT and organizational compliance issues.

Once you vet application loads and distribution prototypes, you should roll out Linux in stages, so the tech support infrastructure isn’t swamped with queries.  Depending on the desktop hypervisor chosen to host Linux, users may be able to download and import Linux into their systems easily and simply. But you need to  understand and test variants of hardware. There’s nothing like testing to prevent surprises.

Initial rollout usually includes training, but resources such as user how-tos, and YouTube videos can help users enable themselves.

Planning a rollout of Linux guest operating system instances isn’t difficult, but there are decided costs involved in training, support, compliance and audits. You might be happy with Microsoft’s Windows Virtual PC 7 support, but there are competing products that offer specific and higher-level integration between Windows 7, the hardware that you’ve bought, and Linux applications. These range in licensing cost between free and $80/user, depending on features and your negotiating skills. The payoff may be a more successful rollout with lowered costs.

Related Information From Dell.com: Get Beyond the Status Quo.

Best Buy, for example, uses WordPress to allow store managers to independently manage the sites for their own stores. Take a look at what Best Buy has going on at a microsite for its store in Fairless Hills, PA. These localized sites are managed within a multisite framework that allows for centralized control, meaning that a “super administrator” controls what options, templates, and plugins are available to those local store administrators.

Eric Fliegelman, General Manager of the Pennsylvania store, says the ability to post local content has paid off. “It’s a good way to get information out to customers, and it’s made me more accessible to the customers by having my picture, my cell phone number, and my email on the website,” he says.

Fliegelman’s staff updates the site at least once a week, posting things like holiday hours and specials, and availability of individual open box items for sale at a discount. “That keeps people coming back,” he says. And it’s easy to keep the site current because the site is easy to update.

Although multisite configurations are a little more complicated than single site ones, it’s still the simplicity of the system from a user standpoint that’s the major appeal.

This multisite capability used to be only available from a fork of the WordPress codebase called WordPressMU (for multi-user), but WordPress 3.0 merges it with the core system. So now multisite is just another capability you can turn on if you need it, or ignore if you don’t. The new release also supports custom post types, so that you can go beyond the built-in “page” and “post” content types to create your own hierarchies for events, real estate listings, or any arbitrary content category.

If you’re wondering whether the core system meets your enterprise requirements, that depends on what you want to do with it.

Consultant Richard Knudson, a specialist in Microsoft technologies, has a good blog post comparing WordPress to SharePoint, but ultimately coming to the conclusion that the comparison is beside the point for most IT managers. That is, yes, WordPress is a better blogging tool than the one included in SharePoint, so if your goal is to field a bunch of blogs, WordPress is your choice. On the other hand, if you’re looking at blogging as one component of a larger collaboration and content management strategy and you have any significant investment in Windows technologies like Active Directory and Exchange, SharePoint is your answer. That would be particularly true if you’re talking about some sort of internal web collaboration project that might involve giving employees their own blogs.

However, if you’re more focused on streamlining content publishing to the world at large than you are with maintaining an all Windows-centric architecture, WordPress can be a fit. And you can achieve some level of enterprise network integration with Wordpress using plugins that connect to Active Directory or LDAP authentication.

WordPress is backed by Automattic, the company founded by WordPress project founder Matt Mullenweg. Automattic runs WordPress.com (where it hosts entry-level blogs for free) and employs many of the core developers for WordPress software, which is available as a free download from WordPress.org. If you want professional support for your WordPress installation, Automattic will sell you a VIP Support package, and it also offers a directory of consultants with WordPress expertise. But part of the point of going with a popular open source tool like WordPress is to tap into the pool of free community resources that surrounds it.

Automattic says it doesn’t consider WordPress to be in competition with the likes of SharePoint, period. However, it does offer some add-ons like the P2 theme for enhancing the collaboration and discussion capabilities of WordPress sites. That’s one of the tools Automattic created for internal collaboration with a geographically dispersed development team.

Microsoft has enough respect for WordPress’s charms that it is promoting the advantages of running WordPress on Windows and supporting a project to make the software run on SQL Server (by default, WordPress works with MySQL).

The more frequently cited head-to-head comparison is between WordPress and Drupal, another open source content management system with a fanatical following. The big contrast between the two is that Drupal was from the beginning designed for maximum flexibility to manage any sort of content, meaning it can be configured many different ways. Fans cite that as a virtue, while critics say the complexity can get in the way of doing simple things. (Also see Replacing SharePoint with Open Source CMSs.)

In contrast, WordPress developers for many years resisted demands to generalize the system, instead staying focused on getting the core blogging and web publishing functionality right. As a result, the default configuration is a very usable basic content publishing system that you can build upon with free, commercial, and custom plugins and themes to provide whatever additional functionality and styling you require.

In WordPress, a plugin is just a PHP script with some identifying comments in its header that you place in a designated plugins directory and activate through the administrator’s control panel. The WordPress API allows you to invoke custom functions whenever the system initializes, a page loads, or a specific piece of placeholder text occurs within a document. So if you have (or hire) PHP developers, they can add just about any desired behavior to your WordPress installation. For example, you could have a plugin that calls out to an external database or data feed and graphs the results, placing them wherever a placeholder “shortcode” like [saleschart] appears in a post or page.

So you can stretch WordPress to do almost anything. That doesn’t mean it’s the right tool for every job, but it can be a good tool for many of them.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

Interviewing candidates for network administrators is a bit like opening up the door to a herd of Chihuahuas. Sit them down and start talking and all you hear is Yip! Novell? Yip! VPN services? Yip! MCSE? Yip! CCNA? Yip! Yip!

IT managers need to bring on the best talent to run their networks; the company’s infrastructure relies on productive, capable staff. How do you cut through all the Yipping? What questions do you ask to find that stately Shepherd amidst the dog pack?

Whether you are a technical hands-on manager or a business-centric CIO doing that final “check for a fit with the company” job interview, the questions you ask a network admin candidate should check on seven aspects of what makes a good employee: Knowledge, Tinkering, Honesty, Ethics, Community, Discretion, and the all important Sanity Check. We asked network specialists to share their favorite questions (and best answers) to help you eliminate those annoying Yippies.

Knowledge Check: What is a TCP Three-Way Handshake?

Let’s go right for the jugular. By now, you’ve asked a few questions, sniffed through the resume looking for fudged qualifications, determined a level of expertise, and found out how many years she has spent using the technologies on which your organization relies. But do you know what your candidate really knows? Asking a simple question rather than a tough one can be revealing.

Only 5-10% of IT professionals have very strong technical skills, says Robert Brockway, a system and network administrator at a software development company based in Toronto. “I would rather ask them, ‘Describe a three-way handshake.’ That is really an introductory question for a network administrator.”

“Maybe one in 10 people get it right,” he says, “And sometimes these [candidates] are for senior positions.” If someone gets the answer right, Brockway can ask harder questions. “But more often than not, they get that question wrong, and that troubles me,” he says.

The right answer? SYN SYN/ACK ACK. The candidate can go into more detail, Brockway adds, but if the interviewee says that phrase, he gives them high marks. “When you are diagnosing network problems you have to understand the network or you don’t know what you are looking at,” Brockway says.

Tinkerer Check: What is Your Home Network Like?

A good employee manages his own mindset. He has to do what is necessary to keep that elan for the work. A true love of technology helps, especially on the days when you have to slog through one too many worst-case scenarios.

“We’re looking for someone who can bring enthusiasm and curiosity to the office. What we’re looking for the most is someone who has a tinkerer’s mentality. Someone who wants to try out things at home, because they can’t get enough of the technology at work,” says Scott Sherrill, senior systems engineer for the Regional Educational Media Center, a Michigan nonprofit that provides desktop, network, and ISP support for K-12 schools, libraries, and other local agencies.

Perhaps the job candidate is using a wireless server for the family or maybe just trying out cutting-edge technology to see how it goes. Maybe she’s turned an old laptop into a picture frame. Any of those technologies are okay. It’s not necessarily one specific technology that you should look for. It’s more the mindset, says Sherrill.

Of course, this is not to negate a person who has a healthy balance of home life and work; you also want people who don’t invest too much time into their home operation.

However, the answers you get to this question can provide more character insight than the candidate realizes.

“We had a candidate who went on and on about all the pirated software that he had, so right away we had the opportunity to ask: Is this the type of character we want in our organization? He was trying to score points by describing how big his network was and that sort of thing. That this person admitted to something like this in an interview means he is probably not going to be good for us,” says Sherrill.

Honesty Check: What was the Worst Mistake You’ve Made as a Network Administrator?

All thieving aside, a good check of a person’s honesty is finding how easily he will lie to make himself look good.

“I look for a willingness to admit your own faults. Everybody makes mistakes. The key aspect of a mistake is to learn from that mistake. If you’re not willing to say, ‘Here’s what went wrong, here’s what I did,’ then you are never going to learn from what you did,” says David Nolan, a senior network engineer for a midsized global company in the Pittsburgh area. “It’s not about who’s to blame. It’s about how do we avoid this in the future, how do we improve the process, how do we make this better.”

Nolan also presents a list of technologies that his company uses asks the candidate which ones she knows. “If I list 20 technologies and you claim to be experienced with all of them, I’m going to be worried,” says Nolan.

Weeding out the hands-off managers is also key. While the above question is a good indicator, so is asking a candidate to give a detailed description of a project she worked on, from high level to ground work. If the candidate can’t articulate a coherent project vision, you’ve found a superficial show dog whose resume is a waste of ink.

Discretion Check: What was the Worst/Strangest Network You’ve Managed?

In addition to checking whether your candidate can bark out a clear narrative that tells the story behind a beyond-bizarre network and how its oddities were resolved, by asking this question helps you find out if the job candidate will blurt out the secrets of his previous employer.

For example, the job candidate might explain a problem encountered on a network she managed – “how the guys at AT&T had exposed all this iPad stuff” and add, “I told them and told them and they didn’t listen to me.” At one level the candidate is explaining a technical issue. However, “You just told me who your client was, and you just told me what their problem was,” points out Terry Hamilton, president of IASSIST in Toronto. That’s a breach of trust, if not a security issue — and it does not bode well for the candidate’s trustworthiness.

“If someone had relayed that type of information who had worked in a financial institution, or somewhere similar, I would not want them to tell me the organization had (or even perhaps still has) a hole in their network, or had security problems, or had issues with data loss,” he says.

Ethics Check: Do You Belong to LOPSA, SAGE, or USENIX?

People with a code of ethics have given time and thought about the kind of person they want to be. They live according to a set of standards they have given themselves, and no one has asked them to do it. A code of ethics is often something you have to search for and adopt. The League of Professional System Administrators (LOPSA), USENIX (The Advanced Computing Systems Association), and the USENIX special interest group for system administrators known as SAGE all share a code of ethics.

“I always ask if people belong to [these organizations], and people rarely say Yes. It has been my experience that only a small percentage of the people have given any consideration to the ethics of what they are doing,” says Brockway.

“Consider how we use the Internet these days and everything we use it for. The network administrator can spy on your traffic and can do so without anyone knowing, because the network administrator has that privilege and has that knowledge. I’ve come to the conclusion that ethics is extremely important. And that’s one of the reasons why I’m a supporter of these organizations,” he says.

Community Check: Do You Belong to Any User Groups?

If your network administrator doesn’t know that answer to a problem, especially a time-sensitive one, how does he solve it? Does the candidate have a network of peers to turn to, either online or offline? How plugged in is he to technologies that are gaining speed or losing momentum? Who or what is his sources of research and information?

Belonging to a user group, says Brockway, shows that the candidate is interested in technology. “The people who are passionate about something are the best at the subject,” says Brockway.

Sanity Check: If You were a Kitchen Appliance, What Would You Be?

Wisdom, character, honor, integrity, your candidate can have it all. But if they are a whack-a-doodle all that becomes moot. A nut-bar hunt requires drastic measures—even shock and awe tactics. Granted, asking this may backfire and you can lose a good candidate, but you might just be better off without her if she can’t fetch an answer to this question.

There are clear warnings in people’s responses. Electric knives, garbage disposals, bread makers are all cause for alarm. But an interviewee may say he is an oven because he likes to be where the action (and heat) is, or the microwave because he is quick and convenient. Better yet, he might say he is the coffee maker, and as we all know, no office should be without one of those.

However, there is a method to this madness, says Damion Alexander, a system administrator for Bard College in Annandale-on-Hudson, NY.

In addition to checking whether the candidate has a sense of humor, he says, “I want to know if they can think on their feet. Since this question is rarely heard of (so far), it catches people off guard. This gives some measure of how they respond to a situation they’ve never seen or heard before.”

“I rarely measure time [in answering the question], but if they give up easily that doesn’t fare well.  If they give the name of an appliance and can’t come up with at least a basic reason why, then I would worry if they would just spew answers to customers and coworkers with no comprehension of why they were giving that answer,” Alexander says.

“I’ve actually had a CIO candidate refuse to answer the question. Since he had pondered for a while before that, everyone came to the conclusion that he would not do well when things hit the fan.”

The question also shows how a candidate views himself and how he operates, says Alexander.

“For example, we had two candidates for the same position give an answer of dish washer. The first ‘liked to throw everything in and make it clean.’ The second ‘liked to line everything up nice and neat, so that the water reaches every surface, etc.,’” says Alexander.

“The second response, and how he said it, caused some concern because it gave a sense that he preferred a degree of order that our environment just couldn’t provide. Compared to the first who seemed to accept some level of chaos.”

In the end you really have to go with your gut, he says.

What questions would you ask when interviewing a candidate for network administrator? Share your experiences in the comments.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency.

[Editor's note: Edited to change the "right answer" for the technical question.--Ed.]

Intel and AMD have done their best to differentiate the x86 architecture as much as possible while retaining compatibility between the two CPUs, but the differences between the two are growing. One key differentiator is hyperthreading; Intel does it, AMD does not.

Multicore and HyperThreading (referred to as “HT”) are not the same, but you can be suckered into believing they are, because hyperthreading looks like a core to Windows. My computer is a Core i7-860, a quad-core design with two threads per core. To Windows 7, I have eight cores.

Multicore CPUs were introduced as a solution to the fact that around a decade ago, processors hit a clock speed wall. The CPUs just were not getting any faster, and could not do so without extreme cooling. Unable to get to 4GHz, 5GHz, and beyond, AMD and Intel turned to dual core designs.

There’s two ways to look at computation: speed and parallelization. In some instances, such as tasks involving massive calculation, it makes sense to have an 8GHz core. The thing, is most business application uses don’t really need this. In fact, there are vendors arguing that the Xeon is overkill for many server tasks.

So the solution was multicore. AMD was the first consumer chip vendor to release a multicore chip in 2005 with the Athlon X2. Intel followed in 2006 with the Core 2 Duo. (The first non-embedded dual-core CPU was IBM’s Power 4 processor in 2001.) If a vendor’s CPU couldn’t improve performance with one 5GHz core, they could get there with two 2.5GHz cores.

To use a highway analogy, it’s the equivalent of going from a one-lane road to a two-lane road. Even if the two-lane road has a lower speed limit, more cars can travel to their destinations at any given time.

You may remember the days of symmetric multiprocessing (SMP), when computer systems had two physical CPUs on the motherboard. There’s no difference in execution between two single-core processors in an SMP configuration and a single dual-core CPU.

The difference, though, is that the dual-core CPU has much, much faster communication between the cores. That’s because they are on the same die and connected by a high-speed interconnections. In an SMP system, “communication” between the CPUs has to go out through the CPU socket, cross the motherboard, and go through the socket of the second CPU. So inter-CPU communication is considerably faster.

Intel first introduced HyperThreading with the Pentium IV processor in 2002 and that year’s model of Xeon processors. Intel dropped the technology when it introduced the Core architecture in 2004 and brought it back with the Nehalem generation in 2008. Intel remains firmly dedicated to HT and is even introducing it in its Atom processor, a tiny chip used in embedded systems and netbooks. As Tom’s Hardware found in tests, HyperThreading increased performance by 37%.

AMD has never embraced hyperthreading. In an interview with TechPulse 360, AMD’s director of business development Pat Patla and server product manager John Fruehe told the blog, “Real men use cores …  HyperThreading requires the core logic to maintain two pipelines: its normal pipeline and its hyperthreaded pipeline. A management overhead that doesn’t give you a clear throughput.”

With the June 2009 release of the six-core “Istanbul” line of Opteron processors, AMD introduced something called “HT Assist,” a technology to map the contents of the L3 caches. It reserves a 1MB portion of each CPU’s L3 cache to act as a directory that tracks the contents of all of the other CPU caches in the system. AMD believes this will reduce latency because it creates a map of cache data, as opposed to having to search every single cache for data. It’s not multithreading and shouldn’t be confused for it. It’s simply a means of making the server processor more efficient.

HyperThreading Deconstructed

HT is the technical process where two threads are executed on one processor core. To Windows, a core capable of executing two threads is seen as two processors, but it’s really not the same. A core is a physical unit you can see under a microscope. Threads are executed inside the core.

HT is like passing on the left on the highway. If a car ahead of you is going too slow, you pass it at your preferred speed. In HyperThreading, if a thread can’t finish immediately, it lets another run by it. But that’s a simplistic explanation.

Here’s how it works. The CPU has to constantly move data in and out of memory as it processes the code. The CPU’s cache attempts to alleviate this. Within each CPU core is the L1 cache, which usually is very small (32kb). Outside of the CPU core, right next to it on the chip, is the L2 cache. This is larger, usually between 256kb and 512kb. The next cache is the L3 cache, which is shared by all of the cores and is several megabytes in size. L3 caches were added with the advent of multicore computers. After all, it was easier and more efficient to keep data in the super fast memory of L3 cache than let it go out to memory.

The CPU executes one instruction at a time, according to its clock speed. Instructions  take a various amount of cycles; some can be done in one cycle, others may require a dozen. It’s all based on the complexity of the task. Cycles are measured  in nanoseconds.

Every CPU core has what’s called a pipeline. Think of pipelines as the stages in an assembly line, except here the process is the assembly of an application task. At some point, the pipeline may stall. It has to wait for data, or for another hardware component in the computer, whatever. We’re not talking about a hung application; this is a delay of a few milliseconds while data is fetched from RAM. Still, other threads have to wait in a non-hyperthreaded pipeline, so it looks like:

thread1— thread1— (delay)— thread1—- thread2— (delay)— thread2— thread3— thread3— thread3—

With hyperthreading, when the core’s execution pipeline stalls, the core begins to execute another program that’s waiting to run. Mind you, the first thread is not stopped. If it gets the data it wants, it resumes execution as well.

thread1— thread1— thread2— thread2— thread1— thread2— thread1— thread2— thread2—

The computer is not slowed by this; it simply doesn’t wait for one thread to complete before it starts executing a new one.

HT in Practice

There’s two ways HT comes into play. One is execution. A multithreaded computer boots much faster, since multiple libraries, services, and applications are loaded as fast as they can be read off the hard drive. You can start up several applications faster with a HT-equipped computer as well. That’s primarily done by Windows, which manages threads on its own. Windows 7 and Windows Server 2008 R2 were both written to better manage application execution, and both operating systems can see up to 256 cores/threads, more than we will see for a long time.

Of course, the same applies to cores. A quad-core processor is inherently faster than a dual core processor with HT, since full cores can do more than HT. However, benchmarks have found that for system loads, you don’t gain much after four cores (or two cores with two threads each). More cores and threads cannot compensate for other bottlenecks in your computer, like the hard drive.

Then there’s application hyperthreading, wherein an application is written to perform tasks in parallel. That requires programming skill; in addition, the latest compilers search for code that can be parallelized. Parallel processing has been around for years, but up until the last few years it remained an extremely esoteric process done by very few people (who commanded a pretty penny). The advent of multicore processors and the push by Intel and AMD to support multithreading is bringing parallel processing to the masses.

Intel has never, ever claimed that HT will double performance, because applications have to be written to take advantage of HT to make the most of it. Even there, HT is not a linear doubling. Intel puts the performance gain of HT at between 20% and 40% under ideal circumstances.

Threads can’t jump cores. Because threads are hardwired to the core,  chip vendors can’t put too many threads per core or they slow the core down. That’s why Intel has just two per core.

Multithreading does not add genuine parallelism to the processing structure because it’s not executing two threads at once. Basically it’s letting whichever thread is ready to go run first. Under certain loads, it can make the processing pipeline more efficient and to push multiple threads of execution through the processor a little faster.

So while multithreading is good for system level processing — loading applications and code, executing code, etc. — application-level multithreading is another matter. Multithreading is useless for single-threaded applications and can even degrade performance in certain circumstances.

AMD takes great delight in pointing this out. On a blog entry, “It’s all about cores,” the company points out examples from software vendors against HT.

• A consultant who deals with Cognos, business intelligence software owned by IBM,  recommends disabling HyperThreading because it “frequently degrades performance and proves unstable.”

• Microsoft recommends turning off HyperThreading when running PeopleSoft applications because “our lab testing has shown little or no improvement.”

• A Microsoft TechNet article recommends disabling HT for production Microsoft Exchange servers and says it should “only [be] enabled if absolutely necessary as a temporary measure to increase CPU capacity until additional hardware can be obtained.”

Why? Because these applications have not been optimized for multithreading, for starters. And, since two threads are sharing the same circuitry in the processor, there is the odd chance for cache overwrites and data collision. Even with Windows Server 2008’s multithreading management, it can’t fully control what the processor does.

It should be noted that these are exceptions and not the rule. Hypervisors, the software layer that manages a virtualized server, are HT-aware and make full use of the threads. HT provides the virtual machines with more execution scenarios than if HT was disabled, because the CPUs might otherwise be viewed as busy.

Applications that need lots of I/O – network and disk I/O in particular – can benefit from splitting operations into multiple threads in a HT system. By splitting tasks like disk and network I/O into multiple threads, you might see some performance gains.

The bottom line is that when considering hyperthreading systems, you need to check with your software vendors to learn what they recommend. If a number of your applications are better off with HT disabled, that should play into your decision-making process.

A Hidden Cost

The threads vs. cores argument has one more element to consider. Enterprise software vendors have two pricing policies that could potentially impact you: by the core and by the processor. Both Intel and AMD have encouraged the industry to support pricing on a per-processor (or per-socket) basis.

Some do. Microsoft has a stated policy that it charges by the processor, not by the cores. VMware’s software license is on a per-core basis. Oracle licenses its software both ways. Its Standard Edition software is on a per-socket basis, while its Enterprise Editions are on a per-core basis. Fortunately, they actually charge by the cores, and don’t view HT as extra cores.

Because of this variance, it’s incumbent on every company making a purchase decision to ask the software providers if their pricing scheme is per-core or per-socket. A typical blade server from Dell has two sockets on it, and some have four, but CPUs are moving to four, six, eight, and 12 cores.

If you purchase an AMD blade server with two Opteron 6100 processors, it’s the difference between two processors or 24 cores. Or you may want either an Intel Xeon 5600 with six cores, or an older AMD Opteron 6000, which also had six cores but no HT. It certainly adds a nice layer of confusion, doesn’t it?

Related Information From Dell.com: A Sea Change in Efficiency.

The HTML5 standard promises “to ease the authoring of Web-based applications,” according to the specification current in summer 2010. Improvements in security are a vital part of that “ease,” especially the iframe “sandbox.” Let’s look at sandbox’s costs and benefits – not how to code with sandbox, but how to decide where to use it, and what the implications will be for your software development team. Before your in-house programmers baffle you by giving you more techie detail than you need to know, here’s what you should understand about the choices inherent in a migration to HTML5.

The purpose of HTML5 sandboxes is to manage iframe “mash-ups,” web pages that pull together their content from more than one site. You might build an application, for instance, in which part of the screen shows price-and-availability from a third-party vendor. The easiest way to accomplish that could be simply to retrieve a Web page from the vendor, and display it within your application.

Think what that means from a security standpoint, though. Anyone who trusts your application is now implicitly willing to render the vendor’s page. Permission to run scripts, allow cookies, and so on, given to your application, are all extended to the vendor’s page. An iframe-d page could pop up an annoying advertisement and make your application look vulgar.

That’s a steeper cost than many of us can bear, and it’s a situation that can and should make a CIO nervous. In fact, it’s even worse than this description suggests, for there are implementation reasons – state management, performance, and modularization, for instance – to use iframe even when the user-view doesn’t directly involve a mash-up. Also, iframe is an accessibility challenge; conventions for browsing iframe-based pages with non-visual browsers are unsatisfying.

The result: iframe has the reputation of being hazardous, and is probably used less than it should be. Web coders end up relying on more difficult or fragile codings, simply to avoid iframe. Over-all security suffers both when iframe is used and when it isn’t.

HTML5 Changes All That

The HTML5 sandbox changes that conclusion: It limits the trust the browser puts in iframe-d content, to eliminate the damage a third-party site can do within your Web application.

A clear picture of the gain that the sandbox brings requires first an understanding of HTML5 and its role in construction of Web applications.

HTML5 is a medley, not a symphony. HTML5 is not a single definite standard, like, say, FORTRAN 77, or a specific recipe for farfalle; it’s more of a style, like “Italian cooking.” HTML5 isn’t fully “baked” yet, and probably never will be; it’s likely that, by the time all its many parts have been formalized, the Web world will have moved on to something new.

When someone says he’s writing HTML5 now, he probably means he’s using an HTML5 <!DOCTYPE html>, and perhaps the canvas widget. He might be doing more in CSS these days, and relying less on <center>.

Beyond these general tendencies, it’s hard to pin down “HTML5″ as developers speak of it in terms of specific features. Different programmers do or don’t think of:

• drag-and-drop
• geolocation
• scalable vector graphics (SVG)
• Web storage
• Web forms
• media playback
• …and at least another half-dozen major features

The point for an IT manager should be this: When a developer on your team talks about HTML5, and especially about browser support for HTML5, have the person say exactly what that means to her.

“HTML5 sandbox,” in contrast, is relatively well-defined. Web applications have experimented with several sandbox concepts and implementations before; from now on, though, the HTML5 sandbox as it appears, for example, in this July 2010 reference will be the winner. Browsers will increasingly support it, and coders will increasingly rely on it.

Direct support for HTML5 sandbox is narrow today. The only major browser to claim it as of this writing is Google’s Chrome. However, it’s widely assumed that all other browsers will support it in their next releases, and libraries and plugins implement compatibility patches for essentially all the browsers. Your front-line coders should be able to use sandbox freely, and count on being in an environment that implements the standard correctly. (Unless you’re still committed to IE6, in which case, God help you.)

If your development team is thinking about HTML5 sandbox, it needs to do a serious analysis of the implications for your users. Keep in mind that HTML5 as a standard is so fragmented that any other analyses you’ve done are unlikely to bear directly on HTML5 sandbox. Whether you use canvas or SVG or off-line storage doesn’t determine at all what is right for you with HTML5 sandbox. In most cases, though, the security enhancements HTML5 sandbox brings are so large that it’s easy to decide go with it. The only occasions I’ve seen for it not to be chosen are when a user population is particularly dependent on a legacy browser (IE5 or IE6, for example), and the team already has in place another solution for the security challenges iframe presents.

The bottom line is this:

• If iframe benefits your Web applications, then HTML5 sandbox is probably the safest way for you to use iframe.
• If you’re thinking about HTML5 sandbox, you need to design a compatibility strategy that fits your users and the browsers on which they rely. Which browsers will natively support sandbox when you roll out? Which will need auxiliary libraries?
• Once you’ve chosen to code against HTML5 sandbox, expect to use it with every iframe. The security boost it gives is so strong, and its application so flexible, that there’s unlikely to be a good reason for any iframe to be without it.

Related Information From Dell.com: Dell and Cloud Computing

Despite the benefits, companies aren’t moving quickly to establish social media policies. A June 2010 report from Forrester Research, the “CIO’s Guide to Creating a Social Media Policy,” found that 43% of respondents’ organizations did not have a social media policy, and 11% were unsure if a policy existed.

The data indicates that many employees access social media without a policy to guide their efforts. At the same time Forrester found that when a policy is in place, employees do read it.

According to Forrester’s research, a quarter of organizations, 26%, do not sanction social media access while at work.

CIOs worry about the potential security risks of social networking, according to a  May 2010 report by IT recruitment company Robert Half Technology. Still, only 38% of CIOs reported tightening up IT policies in response to social networking. Twenty-three percent of that 38% implemented stricter policies for personal use of social media, while 5% tightened up controls when it came to business use.

Planning Before the Plan

Before creating a policy, think about whether your company can sustain social media activities. If your company is not committed for the long haul then all the work related to creating, implementing, and enforcing policies is pointless.

Outline the social media goals for your company. Are they used to communicate with customers? Get feedback? Mine for new leads? Upsell products? Crafting a successful policy without a clear idea of the end goals is unlikely.

Identify which stakeholders need to be involved in setting social media policies. CIOs should take the reins in outlining the security risks, IT architecture, and potential productivity drain, but other departments such as human resources, compliance, legal, public relations, and marketing also need to be in on discussions. Remember that each of these departments likely believes social media to be its domain. Be prepared to support the sometimes-competing needs of each entity with a cohesive plan that gets everyone onboard.

Crafting the Plan

There is no one-size-fits-all  plan when it comes to social media policies. Rules or guidelines related to social media can be incorporated into existing media-related policies, treating social media like any other form of media.

For some companies social media may seem like Wild West. In those cases you may want to have a set of strict regulations and policies to protect against unforeseen problems. However, if your company is more open keeping policies loose and free-flowing is the best way to go.

Because social media technology is still in its infancy, policies need to be broad and should not focus on a specific technology that might be out of favor (or fashion) in six months or a year.

The policy should be positive. Rather than telling employees what they can’t do, focus on what they can do. That leaves them feeling empowered rather than hindered or restricted by the new rules.

And while you want to empower employees, social media does represent a critical risk to corporate security. Employees must understand that the company — in the person of a department head or direct boss or the IT department — will monitor of social media and social networking websites. Employees need to exercise good judgment; respect copyrights and fair use; and protect confidential and proprietary company information. All of the information regarding enforcement should be clearly laid out. However, consequences resulting from misuse or policy violations are probably best handled by department managers or direct supervisors.

Keep it simple and accessible. If the guidelines are overwhelming, no one is going to read them, which means no one will follow them. Make sure that the policy is announced to employees and published in a place (like the intranet and company handbook) where it can be easily accessed.

Finally, look at this as a work in progress. Understand that these policies will evolve over time. Set a time — maybe 4 to 6 months — after putting the policy in place when you evaluate what is working and what might need tweaking. Gather feedback from stakeholders and employees to implement changes.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

Even though cloud computing has seen setbacks, generating distrust and concern over security and stability, corporations and governments are actively moving data into the cloud. Just last month, InformationWeek reported that recent surveys show two of the most conservative industries—financial and healthcare—are adopting cloud solutions.

Even the U.S. government’s CIO, Vivek Kundra, wants to see the government migrate its systems to the cloud. Back in May, he wrote an excellent blog post explaining his goals and defining the cloud by way of an analogy:

“There was a time when every household, town, or village had its own water well. Today, shared public utilities give us access to clean water by simply turning on the tap. Cloud computing works a lot like our shared public utilities. However, instead of water coming from a tap, users access computing power from a pool of shared resources. Just like the tap in your kitchen, cloud computing services can be turned on or off as needed, and, when the tap isn’t on, not only can the water be used by someone else, but you aren’t paying for resources that you don’t use.  Cloud computing is a new model for delivering computing resources – such as networks, servers, storage, or software applications.”

But wait! That sounds rather different from the supposed “cloud” that’s described periodically in the mass media whenever a large online service loses data. Suddenly the cloud is considered any online storage system. If you’re a bit overwhelmed by the numerous definitions of cloud computing, you aren’t alone. (In one news report, somebody used Flickr as an example of the cloud.)

I don’t hold universal authority and therefore can’t declare unequivocally that the inhabitants of Earth must, henceforth and hitherto, only refer to the cloud in one way or another. But as a software developer, the definition given by the White House CIO is much closer to the version of the cloud for which I’ve written software.

But still, others disagree, and that’s why we need an organization to define not only what the cloud is, but how it works and the standards it needs to operate successfully. Standards-creation is commonplace in the world of programming, because we need agreed-upon rules for software to interoperate. We have an official standard for the C++ programming language, for example, overseen by the International Organization for Standards (ISO). We also have standards for HTML, XML, and CSS, headed up by the Worldwide Web Consortium (W3C). The organization tells us what HTML is, and the developers of the web browsers, after much bickering, finally agree to follow these standards.

However, sometimes standards compete. For example, word processing has two competing standards, one created and pushed by Microsoft and adopted by ECMA, and another, OpenDocument, embraced by Open Office and adopted by the ISO.

No actual laws say that software developers must use one or the other. Rather, over the long term one standard usually wins out through more software adopting one technology or way to accomplish things.

Today there are no fewer than 13 active organizations in the cloud computing universe. But they’re not all trying to create standards. Some are pushing for the use of cloud computing (however it’s defined), while others focus on security issues or on creating APIs. Here’s a rundown of the organizations and what they’re trying to accomplish:

The Standards Organizations

When I started searching for organizations involved in Cloud standards, I at first came up with over a dozen. But once I started organizing the organizations, I realized that really only two are involved in creating overall cloud standards, and two are creating standards for one aspect of cloud technology. Let’s look at those four first.

Open Cloud Incubator

This is an initiative of the Distributed Management Task Force (DMTF) to create a set of standards for cloud computing, with primary focus on interoperability between platforms. It has many members, and several of the big names. Yahoo is present, as is Microsoft, Oracle, Rackspace, Red Hat, VMWare, and Novell.

One goal of the Open Cloud Incubator is to bring together what would otherwise be competing companies so that they can together create a set of informal, agreed-upon specifications. These informal specifications would later be revised and deemed as official by this organization. The DMTF has been around since 1992 and has over 3,000 members from over 200 different organizations. While this isn’t quite ISO or ECMA, it is on the same level of the W3C. Standards produced by this organization are respected and implemented by the industry. For example, DMTF has produced web-based enterprise management standards, a desktop management interface standard that’s part of the Linux kernel, and a Web services management protocol.

Open Cloud Consortium

This is the other organization trying to create a set of standards. Their website states:

“The Open Cloud Consortium (OCC) is a member driven organization that supports the development of standards for cloud computing and frameworks for interoperating between clouds, develops benchmarks for cloud computing, and supports reference implementations for cloud computing.

“The OCC also manages testbeds for cloud computing, such as the Open Cloud Testbed, and operates clouds computing infrastructure to support scientific research, such as the Open Science Data Cloud.”

Members include Cisco, NASA Ames Research Center, and Yahoo. Most of the big cloud players, such as  Microsoft, Google, Rackspace, Dell, and Amazon, are absent.

Committee to Advance Identity Standards for Cloud Computing

This committee, which is part of OASIS (Organization for the Advancement of Structured Information Standards), is creating a standard focusing on the security concerns of identity management in cloud computing. According to the website, the technical committee’s purpose “is to harmonize definitions/terminologies/vocabulary of Identity in the context of Cloud Computing; to identify and define use cases and profiles; and to identify gaps in existing Identity Management standards as they apply in the cloud.” They plan to release a set of documents, including one that details the use cases of identity management, and others that identify gaps in existing standards (although they don’t say what those existing standards are). Its members include Alfresco, CA, Capgemini, Cisco, Cognizant, Boeing, eBay, IBM, Microsoft, Novell, PingIdentity, Red Hat, SafeNet, SAP, Skyworth TTG, Symantec, Vanguard, VeriSign.

Open Cloud Computing Interface Working Group

This working group is part of the Open Grid Forum, and is creating an API standard for the remote management of cloud computing infrastructures.

Because cloud computing includes the approach of dynamically allocating resources and billing them like a utility, many of the technologies used in utilities apply to this dynamic aspect of cloud computing. Remote management is one technology that is used in utility companies, and this organization recognized the need for an API for remote management of cloud utilities as well. They’ve completed the first proposed recommendation for the standard; it is now available for public inspection and comments through the website.

Other Influential Cloud Organizations

Several organizations are thinking beyond standards. They are actively working to influence the direction of cloud computing and to help encourage businesses to adopt it. Here’s a rundown of the bigger players.

Open Cloud Manifesto

This consortium of companies isn’t creating a set of standards, but is instead creating a list of core principles that are, as their website states, “fundamental expectations of cloud computing technology providers.” Their six-page document, the Open Cloud Manifesto, was written a little over a year ago, at a time when the cloud was getting bad publicity from the data loss incidents. As a result, the document includes a detailed definition of cloud computing (in line with the definition the White House CIO gave) and is frank about challenges and barriers to adoption. But they go beyond what the cloud currently is and present the concept of an open cloud, which focuses on the ability of cloud customers to change providers without much trouble.

This group has a huge list of members, including Sun, VMWare, Akamai, Rackspace, AT&T, Sybase, Cisco, and many others. Microsoft isn’t present, nor is Amazon, Google, or Salesforce.com.

Cloud Computing Interoperability Forum

This organization was started by a single person, Reuven Cohen of Enomaly (which markets Elastic Computing Platform, an Infrastructure-as-a-Service product), but includes several big-named sponsors: Cisco, Intel, IBM, RSA, Thomson Reuters, Sun, Orange, Enomaly, Adaptivity, Appistry, SOASTA, Zero Nines, CloundCamp, SIMtone. The group’s goal is to create a common framework by which cloud technologies can exchange information.

Cloud Industry Forum

The Cloud Industry Forum aims to create a certifiable code of practice in an effort to spread adoption of cloud computing and help consumers know that they’re going with a dependable cloud vendor. The founding members are Microsoft, Rackspace, Computacenter, Fasthosts, FASTiis, nominet, and Scalable.

Cloud Security Alliance

This group is promoting the use of various “best practices” regarding security in cloud computing. Members include pretty much all the big names, such as Google, Rackspace, Microsoft, Cisco, you name it, as well as the cloud-standards.org group. (Although it doesn’t appear Amazon is present.) This organization has several subgroups called Research Initiatives focused on various aspects of cloud security. The research groups have produced several documents, such as “Security Guidance for Critical Areas of Focus in Cloud Computing” (currently at version 2.1).

Cloud Storage Initiative

This initiative is part of a larger group called the Storage Networking Industry Association, and is creating a single standard that focuses only on storage in the cloud, called the Cloud Data Management Interface. The group is a professional association of producers of storage and networking products, and has been around since 1997. The member organizations support the use of cloud technology, since such technology requires the purchase of the members’ products. Version 1.0 of the standard is available, as is Java source code for a reference implementation of the standard.

Cloud Services Initiative

This is a project of the TM Forum, an industry association for communications and media companies. So far they’re not creating any standards. Instead, they’re focused on helping their industry adopt and adapt to the cloud. They produce several news articles and general information documents about cloud technology to assist IT managers in making informed decisions. Additionally, they have a set of projects called Development Catalysts, where member organizations work from buyer specifications to solve various cloud-related challenges. For example, one such project is called Cloud Service Broker, which is creating a trusted cloud management platform.

Cloud Standards Coordination

This group is documenting the activities of the various standards groups—sort of what I’m doing with this article, but with a lot more words and a lot more detail.

Focus Group on Cloud Computing

This is part of the International Telecommunications Union (ITU), which has developed various standards in the past pertaining to the telecommunications industry. However, at present they’re only gathering other cloud standards and developing documentation for how they apply to the telecommunications industry. Their focus group has only been around since May 2010, so it’s barely off the ground. In my experience, standards and recommendations put out by the ITU are usually embraced by European telecom companies, and largely ignored by American telecom companies. My own personal assessment is that if they do create any cloud standards, such standards would probably follow a similar path of embracement.

Standards Acceleration to Jumpstart Adoption of Cloud Computing

This initiative is part of the National Institute of Standards and Technology (NIST), and was started in response to a request by Vivek Kundra, the U.S. government’s CIO. The goal is to provide a process primarily for the US government, which industry optionally may follow. This is a new project (initial publication [PDF]), and will bring together various standards and suggestions. At present a website isn’t built, but they intend to create one to serve as a portal for cloud computing information.

Where Do They Stand?

Looking through this list, you’ll notice that only two groups (identified by a single asterisk: Open Cloud Consortium and Open Cloud Incubator) are actually creating standards for the cloud. A handful of the groups are creating standards or APIs for specific aspects of cloud computing. This is good: We don’t need a dozen standards organizations. Two is a good number. And by far most of the blogs that I read about this topic are rooting for the Open Cloud Incubator.

Finally, we should note one major problem with all this: Amazon is clearly one of the big players in the cloud space with its Amazon Web Services. They were one of the forerunners in the cloud game, laying an early groundwork. Yet, oddly, Amazon isn’t involved in either of the two groups creating standards. That’s pretty typical in the computing world; it’s not a surprise when one of the biggest players doesn’t play well with others because they really don’t care what their competitors are doing. So perhaps in a year or two we’ll have a cloud standard that some organizations use and others don’t. What, then, is my final analysis? It appears that IT managers should watch the work of the two standards groups, especially the Open Cloud Incubator, while choosing the cloud.

Related Information From Dell.com: Dell and Cloud Computing

It isn’t a pretty thought to consider migrating an enterprise to a new Internet addressing scheme. Any change to the network can be time consuming and expensive to deploy. But in addition to the technical forces making the move a necessity there are good technical reasons for making the switch.

What are the differences between IPv6 and IPv4? Well, for starters, there’s a gigantic difference between the 4.3 billion unique addresses you get with IPv4’s 32-bit addressing, and IPv6’s 128 bits worth of address: 340,282,366,920,938,463,463,374,607,431,768,211,456. That’s 2 to the 128th power. IPv6 addresses are composed of eight groups of four hexadecimal numbers. So, for example, 2010:0625:0000:0000:0000:0000:0433:56cf would be a legal, albeit eye-watering address.

With that many addresses, we won’t need to worry about running out of network addresses unless we give cats and dogs Internet-enabled devices.

Fortunately, network administrators seldom need to deal with IPv6 addresses. One of IPv6’s design goals was to cut down on the time technicians had to spend configuring and managing systems. IPv6 networks can use stateless auto-configuration to assign addresses without manual intervention.

Of course, you can use Dynamic Host Configuration Protocol (DHCP) to do that on business LANs today. But, with DHCP you can only assign unique addresses within your own network.

Problems get in the way when you try to use Internet applications like videoconferencing or Voice over Internet Protocol (VoIP) with the Network Address Translation (NAT) wall that usually comes between users and the Internet with DHCP. While these problems can be overcome, they take time to repair.

With IPv6, every device on every network has a unique IP address, and your IT staff should have less trouble deploying Internet-dependent applications.

In stateless IPv6 addressing,  your network equipment assigns unique IP address by combining its LAN Media Access Control (MAC) address with a prefix provided by the network router. This means your network administrators don’t need to worry about setting up unique IP addresses. Your hardware will do it for you.

Another IPv6 plus over IPv4 is that Internet Protocol security (IPSec) is built-in. IPsec is a framework of open standards for protecting communications over TCP/IP networks. Typically, it’s used in virtual private networks (VPNs) through the use of cryptographic security services. IPsec supports network-level peer authentication, data origin authentication, data integrity, and encryption. The net result should be to make all Internet traffic safer, since IPv6 can secure and authenticate communications at the network layer, instead of the higher levels of the stack such as today’s commonly used Secure Sockets Layer (SSL) and Hypertext Transfer Protocol Secure (HTTPS).

In addition, while IPv6 doesn’t prevent spam getting through completely, it becomes one more barrier for the spammers. With malware trying to get into your Windows PCs every hour of every day via e-mail, anything that helps blocks spam is a good thing.

IPv6 also speeds up networks. The header of an IPv6 packet has a fixed length, little-used IPv4 fields have been removed, and the network packet itself has been designed not to fragment. The net result is that IPv6 switches and routers throw and catch IPv6 network traffic at far higher speeds. In practice, this means that, for example, your IPv6 10Gigabit Ethernet switch should be able to send and receive traffic at 99% of the device’s top speed. Thanks to IPv4’s overhead, it can’t come as close as IPv6 does to reaching a device’s theoretical wire-speed.

That speed increase is boosted by another specific kind of performance boost that we’re all going to need more of in the coming years: multimedia performance. While you may not want your employees watching the World Cup during business hours (GOALLLL!!!), you probably do want to maximize your videoconferencing capabilities and make your real-time applications as close to real-time as they can be.

For this, IPv6 comes with baked-in support for multicast — the transmission of a single datagram to multiple receivers. Or, as Internet architect Dave Clark described it: “You put packets in at one end, and the network conspires to deliver them to anyone who asks.”

IPv4 has some multicast capabilities, but these are optional and not universally supported. With IPv6, multicast is part of the package.

While IPv6 has advantages, switching may be painful. It would be great if IPv6 were simply backwards compatible with IPv4 so we could easily switch over to the inevitable IPv6-dominated Internet. Alas, it’s not.

“The lack of real backwards compatibility for IPv4 was the single critical failure [of IPv6],” said Leslie Daigle, Chief Internet Technology Officer for the Internet Society, said at a June 2009 meeting of Internet Engineering Task Force (IETF) leaders. “The reality is that nobody wants to go to IPv6 unless they think their friends are doing it, too.”

It’s a different story today. The need to migrate to IPv6 has become more urgent, with the Internet running out of IPv4 addresses, as measured by the IPv4 clock.

The original transition plan was dual-stack. “We would start by adding IPv6 to the hosts and then gradually over time we would disable IPv4 and everything would go smoothly,” said IETF Chair Russ Housley. “It hasn’t worked out that way, although dual IPv4/IPv6 stacks will end up being part of the answer.”

There are some advantages, besides simple necessity, to switching to IPv6. Would they be enough by themselves? No, the record is clear: They haven’t been. Still, as we’re forced by the coming scarcity of Internet addresses to move to IPv6, it’s nice to know there are some advantages to be gained from our future network architectures.

Related Information From Dell.com: Create a Network Roadmap.

It would have been so easy if the early Internet and TCP/IP network designers had made IPv6 backward compatible with IPv4. They didn’t. And, while  Leslie Daigle, Chief Internet Technology Officer for the Internet Society, admitted at a June 2009 meeting that IPv6’s “lack of real backwards compatibility for IPv4 was [its] single critical failure,” crying over spilt standards isn’t going to help us now. No, instead we have to make the best of using IPv6 in an IPv4 world.

How? It depends on what your network and operating system vendors offer. You may not know it, but almost all vendors already have a variety of solutions in place. You must — I can’t emphasis this enough — must test IPv6-to-IPv4 component interoperability before deploying them. Let’s take a look at the options.

IPv4/IPv6 approaches usually take one of two forms. One is dual stack, where your network hardware ends up running IPv4 and IPv6 at the same time. The other is to “tunnel” one protocol within another. Usually, this means taking IPv6 packets and encapsulating them in IPv4 packets. Their technical basics are outlined in the RFC 4213 Basic Transition Mechanisms for IPv6 Hosts and Routers.

There are other methods as well. For example, there’s Network Address Translation – Protocol Translation (NAT-PT). Like the name says, in this method an additional device translates IPv6 packets into IPv4 packets.

Dual-stacking and tunneling are going to be your main choices. Both come with advantages and disadvantages.

Dual-IP Stacks

With this method, your computers, routers, switches, and other devices run both protocols, but IPv6, if it works, is the preferred protocol. A common procedure is to start by enabling both TCP/IP protocol stacks on the wide area network (WAN) core routers, then perimeter routers and firewalls, followed by your data-center routers and finally the desktop access routers. As the public Internet transitions to IPv6, your network administrators may need to deploy dual-stack capable switches on the enterprises’ edges earlier.

The advantage of this approach is that Dual-IP stacks are supported by all the major operating system and network vendors. The downside is that many legacy networking hardware and servers don’t support IPv6. This can lead to such problems as dual-stack edge switches running into DNS (Domain Name Server) problems while users are trying to get to various Internet sites.

Dual Stack Application Level Gateway

A related problem is that some versions of older network programs, such as File Transfer Protocol (FTP), won’t work with IPv6 addresses. That’s where Dual-Stack Application Level Gateway (DS-ALG) comes in. This gateway acts as a proxy that translates between the two protocols over the IPv4 Internet.

There are several downsides to this method. First, it will only work for specific applications and it will also slow traffic down as every packet has to be inspected to see if it needs DS-ALG services.

Network Address Translator – Protocol Translator

Another approach is to set up a table where an IPv6 switch has all useful IPv4 addresses mapped within it. As you might guess, this can increase network latency because of the time spent updating these tables and giving packets new addresses on the fly. In addition, NAT-PT also requires ALGs to resolve application-level issues that arise from those IP address translations.

IPv6 over IPv4 tunneling

In tunneling, one protocol is carrying inside another. Typically, that’s going to be IPv6 in IPv4. These tunnels can move your IPv6 packets across both your internal IPv4 WAN and the Internet, which will stay primarily IPv4-based for years to come. Another way to think about this technology is to consider it as tunnels between IPv6 islands with IPv4 seas in the way. Eventually, as IPv6 becomes dominant, we’ll start to see IPv6 tunnels carrying IPv4 traffic across IPv6 seas.

There are two types of tunnels: manual, aka static,  and dynamic. Manually configured IPv6 tunneling requires configuration at both ends of the tunnel. As you can already tell just from the sound of it, this manual approach is not an ideal solution for businesses looking to keep networking costs down. Dynamic tunnels use a variety of techniques to establish packet destination address and routing on the fly. This makes them far easier to create and maintain. On the other hand, manually set up static tunnels make it possible to track traffic from endpoint to endpoint. This in turn makes static tunnels more secure.

Dynamic tunnel technologies are becoming dominant. Businesses would rather deal with the security headaches of dynamic tunneling tomorrow than pay for static tunnel maintenance today.

6to4

The most popular tunneling technique is 6to4. It has the advantage of not requiring an explicit tunnel set-up. Instead, it uses dedicated relay routers to forward encapsulated IPv6 packets over IPv4 links. A significant advantage of 6to4 (which has nothing to do with the Chicago song “25 or 6 to 4“), is that it’s lets you set up Ipv6/V4 tunnels without jumping through a lot of configuration hoops. The actual traffic uses IPv4 unicast to create point-to-point links over the IPv4 backbone for transmission.

To be used safely, your vendor and network engineers must be sure to set its security up carefully. It’s all too easy to hide bad traffic inside the encapsulated packets and  to spoof addresses within the IPv4 and IPv6 headers, which can lead to Denial of Service (DoS) attacks.

So what’s a CIO to do? Well, at this point, 6to4 tunneling looks to be the easiest path to take. It also has the advantage of having wide vendor support even down to inexpensive commercial off-the-shelf equipment.

However, before deploying any IPv4/IPv6 bridging solutions, you’re going to need to spend a lot of time having your network engineers and vendors making sure that everything in your new network stacks can interoperate. It’s all too easy to mix and match equipment and methods in ways that will slow your network down to a crawl. Do you want to explain to your CEO why no one  could reach the Internet from the corporate intranet for a week? I didn’t think so.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

When you were a kid, all the other kids would head down to the beach, creek, or swimming pool. Even though the purpose was to go swimming, there would be a minute or two before anyone would jump in. Everyone kept waiting for someone else to take that first frigid plunge. It’s the same with businesses getting their feet wet with IPv6. No one wants to be the first to jump in. Well, now you don’t have to, since one of the biggest kids on the block, Google, has already jumped into IPv6.

Google, which saw the need to start moving to IPv6, began its implementation in March 2008. By May of the same year, Google started offering Google Search over IPv6 at http://ipv6.google.com. (Unless you have an IPv6 connection to the Internet this site will not work for you.)

Since then, with Google network engineers Lorenzo Colitti and Erik Kline leading the way, Google has started offering more services over IPv6. It’s not been easy. As Steinar H. Gunderson, a Google open-source and IPv6 developer explained at the Google’s IPv6 Implementers Conference in June 2010, when trying to retro-fit network programs for IPv6 (PDF), your software should “Start listening on IPv6, then send IPv6 data. Watch it crash. Fix, repeat until it looks OK.”

In short, they learned, if you don’t want your company to have real fits come the day that you start implementing IPv6, have your internal programmers start working on in-house software now and start insisting that your ISVs (independent software vendors) deliver IPv6 ready software.

That advice is not what CIOs want to hear. But it’s a good guideline about what you should expect, if that’s what Google has found — and they know about as much about writing network-enabled programs as anyone on the planet.

In addition to search using IPv6, Google offers Google Alerts, Docs, Finance, Gmail, Health, iGoogle, News, Reader, Picasa Web Albums, Maps, YouTube, and App Engine applications on appspot.com over IPv6.

But not just any IPv6 implementation will work with Google IPv6 enabled applications. Google has very specific IPv6 requirements for its users. First, your DNS server must natively support IPv6. Supporting IPV6 through an IPv4 tunnel does not work. For smaller companies that use their ISP’s DNS, that also means that the ISP’s DNS server must support IPv6.

Then, you need to get Google’s permission to use their IPv6 services. Google states, “To qualify for Google over IPv6, your network must have good IPv6 connectivity to Google. Low-latency, redundant paths using direct peering or reliable transit are required. Your network must provide and support production-quality IPv6 networking and provide access to a substantial number of IPv6 users. Additionally, because IPv6 problems with users’ connections can cause users to become unable to access Google if Google over IPv6 is enabled, we expect you to troubleshoot any IPv6 connection problems that arise in your or your users’ networks.”

You are welcome to try to use IPv4/IPv6 tunneling to Google, but Google warns, “We prefer to avoid enabling Google over IPv6 for networks behind tunnels at this time, as it can be difficult to guarantee good performance and to debug problems. If you would like to use Google over IPv6 but your up-streams only provide tunneled connections, or don’t provide IPv6 connectivity at all, we encourage you to ask them to support native IPv6. If there is sufficient demand, we may consider developing a solution to offer Google over IPv6 for tunneled networks, so please let us know if you’re interested.”

You’ve got the right stuff, or not, and you still want to give it a try? Then drop Google a note at google-ipv6@google.com.

You may be wondering why isn’t Google just opening the door to every brave network thrill seeker? It’s because, according to the Google IPv6 FAQ, “We continuously conduct detailed measurements on the quality of IPv6 connectivity, and our latest results show that making Google services generally available over IPv6 at this time would lead to connection problems and increased latency for a small number of users. User experience is very important to us, and we do not want to impact users on networks that do not yet fully support IPv6.”

Looking ahead, Google has been joined by its partners, and indeed some of its competitors, in getting the Internet and Internet services ready for IPv6. These include Cisco, Comcast, IBM, Nokia, T-Mobile, and Yahoo.

As you can probably tell from the above, while Google is working hard on IPv6, it’s not really ready for prime-time yet. That said, like it or lump it, we’re all going to need to start working with IPv6, so it would be better to start working with IPv6 now and companies like Google that are already in the IPv6 swimming hole then wait too long. After all, if you wait until the last minute before switching your network infrastructure, you may find yourself at a competitive disadvantage on the Internet, and no company can afford that in the 21^st century.

Related Information From Dell.com: Create a Network Roadmap

A combination of services, were previously only the province of very expensive and customized clustered configurations, are now available in the virtual world.

These services, including high availability, virtual storage management, and near-term server failover, can serve as a good substitute for many enterprise’s disaster recovery (DR) applications, too. Virtual machines are easily portable and replicated across the Internet, so you can quickly get a secondary site up and running when the primary server fails. “We have seen disaster recovery protection [become] available to a whole class of customers that couldn’t do it before,” says Bob Williamson, an executive VP with Steeleye Technology, a specialized virtualization vendor. ”In the past, you needed to buy another physical server and have it ready if the primary machine went down.” But, he says virtualization and hosting servers at a remote location permits enterprises to use these machines if their data center goes out. “That lowers the entry cost for deploying wider-area disaster recovery, and opens up this protection to a whole new set of companies that haven’t been able to consider it before,” he says.

In the past year, the three major virtualization vendors — Microsoft, VMware, and Citrix/Xen — each have strengthened their ability to provide more capable DR and business continuity services in their products. These have lots of appeal for enterprises that previously would have either considered a full DR solution or clustering too expensive.

It is possible using these newer tools to replicate and bring up a new instance of Windows Server 2008 in a few milliseconds. For example,  you may need to provide additional capacity on an overloaded server or in case of planned upgrades. Consider a server farm with a dozen physical computers, all delivering a Web application. If an enterprise has designed for peak load performance, at other times many of these systems will do  little or no work, twiddling their little digital thumbs. The ideal solution is to spin up or spin down new instances of application servers when these loads change, to match a particular service delivery metric and to keep the costs of power and cooling to a minimum.

These solutions aren’t appropriate for transaction processing applications, where immediate failover is required to handle tasks like online payments processing or airline reservations. “There are still times when you need clustering, such as when you can’t afford to lose a single transaction and have to restart this transaction on the new machine after a failover,” says Carl Drisko, an executive and data center evangelist at Novell. “If your virtual machine goes down, anything that is being processed in memory is going to be lost.” But the high-availability virtualized applications can work for less demanding applications, such as enterprise e-mail servers.

One of the issues with earlier custom clustering solutions is that they require identical hardware and operating system versions for each physical machine that was part of the cluster; virtualized servers are more forgiving and flexible, not to mention less expensive. Microsoft’s HyperV, for example, now supports the ability to migrate a running virtual server to a new physical host that even has a different processor family, such as moving from an Intel-based server to one running on an AMD processor.

Another issue is that many of the older-style clusters required very high-speed  links to tie together the members of the cluster. Virtualized solutions are also less demanding of connectivity and can make do with longer latency connections, even across typical Internet connections.

As these “almost-clustering” solutions become more popular, look towards increasing sophistication from third-party monitoring tools to help provide a complete solution. For example, Lyonesse Software’s Double-Take, Steeleye’s LifeKeeper, Symantec’s Veritas Application Director, and Cassatt’s Active Response can monitor both physical and virtual applications on running virtual servers, and notify IT staff when a virtualized host or application fails, so that a new virtual instance can be quickly brought online.

All this means that virtualization and clustering will become more interrelated and complementary solutions for IT managers. While the two technologies have come from different heritages and infrastructures, they are now merging and providing a powerful tool for managing more complex workloads in the data center.

Related Information From Dell.com: A Smarter Path to Virtualization

Telehealth is bringing treatment to rural patients in Colorado. In June, health insurance carrier UnitedHealthcare and Centura Health, Colorado’s largest health care provider, launched Connected Care, which uses telehealth technology to give patients in four rural Colorado communities expanded access to physicians and specialists. “The goal of the Colorado Telehealth Network is to improve patient safety, increase access to care, reduce health care costs and allow providers to focus on the needs of the patient,” said Steven J. Summer, CEO and president of the Colorado Hospital Association.

Telemedicine also allows healthcare to expand outside the doctor’s office. Medication-management vendor CompuMed, partnered with California School Health Centers Association to use CompuMed’s CardioGram and CardioGramKids electrocardiogram (ECG) telemedicine technologies in more than 150 school health centers throughout California.

It’s programs like those in Colorado and California that are driving adoption of telehealth nationwide.

“We have clients who are really looking at telemedicine from a strategic standpoint,” said Gerard Nussbaum, director of technology services at the Health Care Consulting Group, Kurt Salmon Associates.

Of course, doctors have consulted each other for years, relying on telephones and conferences, telegrams and journals, as well as crowded hospital rooms. Networking technology combined with security and videoconferencing solutions now bring the doctor to the patient, and a growing number of hospitals are tapping into this invaluable resource.

Telemedicine will reshape treatment, with 89% of healthcare decision-makers predicting that telehealth will transform healthcare in the next decade, according to a study by Penn Schoen Berland for Intel.

The anticipated doctor shortage, too, could promote the use of telemedicine. Based on current graduation and training rates, the United States could face a shortfall of up to 150,000 physicians in the next 15 years, the Association of American Medical Colleges estimated.

At first, the shortage will likely be for primary physicians, but specialists will also come into demand. By 2020, the nation could be short up to 4,000 cancer doctors, the American Society for Clinical Oncology reported. One reason for the increased demand is the aging population — including, ironically, a growing number of retiring oncologists, the study found.

A Healthy Habit

The main reason for investing in telemedicine is to improve patient outcomes, respondents to the Intel study said. Other returns on investment include more complete clinician access to patient data, and early identification of health issues. Telehealth can cut financial costs by reducing the need for patient readmissions by up to 25%.

Telemedicine has been a technology-show staple for years but is now a reality. “Cisco has been advertising this on their home page for a while, but now we are really seeing it,” said Ryan McGowan, technology solutions engineer, at distributor Ingram Micro.

The market for telehealth and home health monitoring will reach $7.7 billion by 2012, compared with $3 billion last year, according to Data Monitor. Some of the billions of dollars the federal government allocated to healthcare spending are directed toward telehealth — $12 billion will go to broadband access, facility construction and telemedicine initiatives, according to Gartner.

A Tough Regimen

Perhaps the most difficult component of beginning a telemedicine regimen has nothing to do with technology. Rather, it has to do with credentialing.

“Current CMS [Centers for Medicare and Medicaid Services] regulations require that hospitals and [critical access hospitals] receiving telemedicine services privilege each physician or practitioner providing services to its patients as if such practitioner worked onsite. While the current regulations permit the use of third-party credentialing verification organizations, the hospital’s or CAH’s governing body retains responsibility for all privileging decisions,” Nussbaum said.

CMS proposed revised conditions of participation (CoPs) that would allow hospitals to rely on information provided from another location, rather than being forced to conduct their own individual appraisals and examinations of credentials, he said. The goal is to simplify the process for smaller hospitals that do not have the necessary resources.

In June, however, CMS delayed the requirement to implement telemedicine standards until March 2011. It originally had set a deadline of July 15, 2010, for Joint Commission accredited hospitals to implement new elements of performance to conform to Medicare’s credentialing and privileging requirements for telemedicine services.

The subject is getting attention everywhere. During the American Telemedicine Association meeting in May, President Barack Obama’s federal CTO Aneesh Chopra said CMS was “actively working” to address the Joint Commission Standards for Credentialing and Privileging, especially the area of telehealth across state borders.

No matter whether the doctor is three feet or 3,000 miles away, if the diagnosis is accurate, the treatment is correct and the cure works,  that’s a good bedside manner.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency

The HITECH Act, with its electronic record-keeping requirements for healthcare providers, gets a lot of attention and financial investment. But competition and margin pressures, coupled with technological developments, are encouraging both large and small healthcare providers to research and invest in a diverse array of solutions.

Take a Tablet

Mobile devices including tablet PCs, jazzy handhelds and smartphones can do anything short of perform surgery.  Sales of handheld devices in healthcare will hit $8.8 billion this year, up 7% from last year, according to “Handhelds in Healthcare: The World Market for PDAs, Tablet PCs, Handheld Monitors, & Scanners,” by healthcare market research firm Kalorama Information.

“Healthcare workers need to be mobile, and so PDAs and monitoring devices have long been a good fit,” Bruce Carlson, publisher of Kalorama Information, said in a statement.

Because flat-screen tablet computers are user-friendly and intuitive, North Shore University Hospital is using the devices for medical-records entry, said Emil Novelo, a healthcare IT consultant.

In other instances, handhelds are the preferred device. That was the case at Palm Valley Health Care, which equipped its 250 field nurses with wireless Pocket PCs, said Nathan Armstrong, IT administrator. Instead of commuting back-and-forth to the office to access their schedules and record patient assessments such as vital signs and other data, nurses now securely enter the data remotely. The information is synchronized with the company’s centralized servers to ensure fast and efficient billing, thereby shortening Palm Valley’s medical reimbursement cycle, Armstrong said.

“Everything is Pocket PC-based here at the company,” Armstrong said. Many other companies use laptops, but Palm Valley Health Care has found laptop users require a great deal of support. ”You can imagine the number of calls we’d get saying, ‘I can’t connect to Wi-Fi,’ or ‘I’ve lost my connection.’” The mobile devices are less expensive, and virus-free. ”It’s worked very well for us,” he said.

Wireless Wellness

Wireless adoption continues to flourish within healthcare: It grew more than 60% in the past year worldwide, both in wireless LANs and Wi-Fi Real Time Location Systems (RTLS), with high double-digit growth projected over the foreseeable mid-term, according to ABI Research.

“It’s definitely taking place in the United States at the same rate as the rest of the world. It has stayed on course,” principal analyst Jonathan Collins said. “It’s not going to stop tomorrow. It’s going to continue.”

Wireless is moving beyond traditional computer devices into the world of sensors placed on patients for real-time remote tracking and monitoring of heart rate, sugars, and other parameters, he said.

At first, that kind of monitoring might be more well-accepted in the world of fitness, not healthcare, said Collins.

“People opt in to check their own heart rate and so forth. That’s an existing market with a good amount of take-up. That’s already transitioning into a wellness market, where it’s part of a fitness routine or weight-loss package,” he said. “That’s also getting included into health care premiums so employers or employees get a reduction on their insurance premiums if they sign up for healthcare monitoring.”

The Office is Open

Some practices are taking a long, hard look at their open source options. Palm Valley needs to upgrade Microsoft Office, and could save about $20,000 by switching to an open source office application to run on its Linux-based desktops, said Armstrong.

“I don’t believe a lot of companies realize what they can save with open source,” he said.

Some healthcare providers expect to save on their government-mandated EMR investment by implementing one of several open source EMR solutions. Some, such as Practice Fusion, include features like e-prescribing, along with patient records and other primary requirements.

Indeed, Practice Fusion, which partnered with Dell to offer a user-friendly EMR, grew 72% in the first half of 2010, reaching 43,000 users, according to the developer of the free, open source, web-based EMR solution. It now represents about 7% of the total ambulatory EMR market, according to Software Advice.

And that’s nothing to sneeze at.

Related Information From Dell.com: Experience the Advantages of Linux

Both healthcare and education are collaboration-intensive environments where quality improves in direct proportion to the amount of valuable input from the right sources. In the hospitality industry, hotels, convention centers, and resorts vie for the conference organizers’ mindshare and money by offering them a smorgasbord packed with every conceivable amenity, be it massages and luxury rental cars, or on-demand videoconferencing and enhanced IP communications.

The Doctor Is In?

It’s a good fit. But so far, healthcare has lagged behind in unified communication adoption, according to Robin Gareiss of Nemertes Research.

“UC adoption in healthcare has lagged the overall market, with only 27% of healthcare organizations deploying vs. 47% of all industries,” she said. “But UC offers significant advantages to a vertical where reducing transaction times and speeding access to information has benefits beyond saving money. Healthcare organizations can reduce costs and improve patient care by leveraging vertically focused UC solutions.”

Already, some hospitals are using unified communications to leverage their best assets: their people. In regions where specialists are in short supply, hospitals are beginning to consider telemedicine by contracting with specialists to provide follow-up visits via secure videoconferencing links, said Gerard Nussbaum, director, technology services, for the Healthcare Group of Kurt Salmon Associates.

“We have clients who are really looking at telemedicine from a strategic standpoint,” he said.  ”Telemedicine is going someplace.”

Wuesthoff Medical Center in Rockledge, Fla., for example, contracted with a teleneurology company called Specialists on Call which provides 24×7 emergency consulting services to between 15 and 20 hospitals in the Sunshine State. Communicating via a secure videoconferencing connection, a doctor in Orlando sees stroke patients as they come into the emergency room.

“A shortage of specialists is driving it,” Dr. Mylissa Graber, the new medical director of the emergency department at Wuesthoff-Rockledge, told Florida Today. “But, from the emergency room point of view, it cuts down on time. And with stroke, every minute counts.”

Staying in touch with busy nurses is another challenge facing hospitals. At the University of Colorado Hospital, nurses now communicate using a combination of unified communications technologies from NEC and Cisco to make certain a live caregiver receives and responds to a patient’s call for assistance. The nurses’ old wireless handsets had short battery lives and limited features and were cumbersome to use. Since the devices had no storage, caregivers had to hand-write notes and contact information when they were away from their stations. The switch resulted in improved patient care and more satisfied nurses.

“Instead of being at the nurses’ station, our caregivers are on their preferred devices, in-building, [on] wireless IP phones, responding to a patient need, even as they are on the way to the patient’s room,” said Joe Bajek, chief technology officer at the hospital.

A Suite Spot for UC

In the cut-throat world of hospitality, high-end hotels are investing heavily in unified communications,  from swanky videoconferencing and telephony solutions to back-end systems designed to make guests feel pampered and secure.

The Spotlight 29 Casino, for example, credits its NEC Univerge SV8500 communications server and UC for Enterprise (UCE) solution with improving customer service, enhancing productivity and cutting phone-system costs in its call center, said Jim Galvan, IT director.  Over at theWit Hotel, guests are protected by the Chicago hotel’s Amcom enhanced 911 system, running on NEC’s Univerge SV8500 IP communications server to give an emergency-caller’s location, including the floor and room number, to the local 911 call center. If someone calls 911 from within the hotel, the system alerts specific hotel staff via screen prompt, text message, or phone call, too.

Although the Park Hotel Weggis in Switzerland is using Avaya’s call center technologies to support guests transparently and seamlessly, it also opted to use Avaya’s Guest Media Hub to stream live webcam feeds of the natural landscape and Lake Lucerne.

Streamlining a hotel’s guest services through unified communications not only improves the customer experience; it also saves the resort money, according to vendors and hotel executives. Messages appear in one box so agents do have to check e-mail messages, faxes, and phones, and a centralized contact center eliminates the need for phone responders for various hotel departments.

The savings extend beyond reservation agents and housekeeping. In the case of Australia’s Crown Entertainment Complex, which opted to replace a private branch exchange (PBX) with a Cisco unified communications solution and Cisco Unified Contact Center Express, it also saved on IT maintenance. Before the switch, each guest room would have needed five cables to support the standard two telephones, two TVs, and Internet access. Today, all these devices are supported over one Cisco IP network, reducing the cabling requirements throughout the sprawling hotel campus.

Plus, the hotel no longer needs technicians to relocate phones, a step that is expected to save significantly over time, according to the complex spokespeople.

Talk may be cheap. Undoubtedly, unified communications are not. But for businesses in communication-intensive industries, these technologies are a sound and a necessary investment, and certainly are something their competitors are considering.

Related Information From Dell.com: Get Service and Support Wherever, Whenever You Go

Not only does unified communications include multiple technologies — think phone calls, voicemail, e-mail, instant messaging, videoconferencing, and presence, among others — it also includes hundreds, if not thousands, of vendors and their channel partners. Each of these brings their own expertise and bias, their own history and legacy, and their preferred methodology and technological approach. No wonder some corporate customers, already burned by proprietary systems and vendor incompatibilities in other implementations, are leery of promises to play well together.

“We are sometimes challenged with the integration of those respective manufacturers,” said Kent MacDonald, vice president of infrastructure solutions at Longview Systems, a unified communications user and solutions provider. “We’d like the manufacturers — the Ciscos, Microsofts of the world — to all work together. They are both recognizing they have mutual clients and collaboration is a work in progress.”

Or, as independent analyst Dave Michels said, “Un-unified communications. How to create a unified communications solutions among different vendors, clients/servers, and cloud services.”

Come Together

Vendors are working together in organizations such as the Unified Communications Interoperability Forum (UCIF), a non-profit alliance of worldwide technology leaders working together to fully realize the potential of unified communications, formed in May 2010. Participants include Microsoft, Polycom and Hewlett-Packard. Although invited, Cisco and Avaya did not join the group.

“Interoperability is not only critical to customer success for deploying unified communications but intrinsic to the delivery of legacy, current and next-generation UC tools, services and infrastructure from multiple vendors.  Until now, efforts to achieve interoperability have appeared ad-hoc, which has given customers little assurance that their existing and planned investments are protected and will deliver the value promised,” said Jonathan Edwards, research analyst, unified communications at IDC. “Together, these companies will help drive industry-wide adoption of open standards and develop programs that put accountability on the vendors and provide peace of mind and investment protection for end customers – something that will surely accelerate adoption of UC technologies.”

In January, Cisco released an interoperability protocol that allows multi-screen telepresence systems to interoperate into the public domain. LifeSize, Tandberg (now part of Cisco) and RadVision signed agreements to license Cisco’s TelePresence Interoperability Protocol (TIP), which Cisco offered to industry participants royalty-free, according to the networking giant.

” We want to make sure we can interface to other technologies,” said Joe Vitalone, vice president of sales at LifeSize. “You don’t want to live on an island, however beautiful it is. You always want to make sure you live on an island that has a bridge.”

A Simple Call

Others are looking to further simplify unified communications from the services perspective. Verizon Business recently took the wraps off three plans designed to reduce communications costs for Verizon VoIP customers. Its IP Audio Conferencing plan for instant meetings eliminates extra fees for calls beginning on a Verizon IP-enabled location, while its VoIP IP Enterprise Routing (VIPER) cloud-based VoIP feature was designed to reduce the cost of business-to-business voice calls be cutting out the domestic or international per-minute calling charges for calls made between Verizon VoIP customers who sign up for VIPER.

And a centralized multi-site design for Verizon’s Hosted IP Centrex clients in Europe aggregates calls to reduce costs in those countries where the communications company offers VoIP.

For its part, American Express Business Travel is expanding the services it offers to its almost 12,000 clients, who together spend more than $26 billion, to include access to public Cisco TelePresence Suites through American Express Business Travel’s virtual meetings eXpert (vmX) solution. Under this agreement, American Express Travel gives corporate clients virtual meeting consulting services to help them select the best method of face-to-face collaboration by leveraging publicly-available Cisco TelePresence rooms and increasing the use of private, corporate-owned systems around the world, said Issa Jouaneh, vice president of global meeting strategy within the Advisory Services group at American Express Business Travel.

“I think this applies to organizations of different sizes. We launched the solution with a Fortune 500 company and we have several clients in the pipeline that are looking at and evaluating the solution,” he said. “Clients have a real interest in the solution. As with any new technology there is a maturity cycle and there is an element of education and change management and then optimizing it over time to get the best yield for our clients.”

The lines are open and operators are standing by, ready to take calls, answer questions, and guide businesses through the evolving tangle of unified communications technologies.

Related Information From Dell.com: Get Service and Support Wherever, Whenever You Go

Last year, Mad Money’s Jim Cramer predicted that the mobile Internet would bring the tech sector out of the recession, and his prediction is right on track. Sales of mobile devices are going through the stratosphere. According to Gartner, over 347 million smartphones were sold in Q1 2010. For the first time, global laptop computer sales are exceeding desktop system sales. The Apple iPad and tablet computers are becoming part of the business environment.

In short, businesses have turned to mobility to make the difference in their bottom line. Mobile technology, along with its benefits and challenges, is infiltrating the corporate landscape faster than any other technology out there. And the crush is on to support the mobile workforce like never before.

That’s the good news. The not-so-surprising, not-so-good news is that cyber-crime is up. The Federal Bureau of Investigation (FBI) notes that reported criminal activity was up 22.9% in 2009 from 2008. Losses more than doubled from $264 million in 2008 to about $560 million in 2009. According to MarkMonitor Inc., an online brand protection solutions company, online sales of counterfeit and gray market goods will cost companies more than $135 billion in 2010.

Along with mobile computing’s obvious benefits come headaches for the IT security folks who have to ensure the sanctity and tranquility of their networks. Three major considerations that security experts need to address are that traditional security models don’t work for several reasons; smartphones are sometimes too smart for their own good; and mobile applications downloaded from app stores by employees to their “personal-but-also-dialed-in-to-the-network” PDAs can wreak havoc.

Think Outside the Box

Laptops and netbooks are really PCs in a transportable form factor. However, smartphones are quite different animals. You can’t install typical security measures like a firewall, virtual private network (VPN), or anti-virus on smartphones like you’d traditionally install on a desktop or laptop. Doing so would put a major load on the phone’s CPU, causing reduced performance as well as eating up bandwidth and battery life. Not to mention that users can turn off such features (also a sure bet, if they’re losing bandwidth and battery life).

Bear in mind that mobile operating systems are much different. For instance, mobile operating systems don’t really multi-task and a cool user interface doesn’t mean it’s necessarily secure. For instance, Apple’s iPhone has drawn criticism from IT managers for its lack of enterprise manageability and in response has developed Mobile Device Management service (MDM) but it still falls short when security and app stores come into play.

Unfortunately, application stores are fast becoming the biggest culprits and delivery systems for malware. A recently published study says that about 20% of the apps for sale in one store are already infected. Additionally, 5% of applications have the ability to place a call to any number, without requiring user intervention, dozens of applications have the identical type of access to sensitive information as known spyware, and 2% of market submissions can allow an application to send unknown premium SMS messages without user intervention. Ouch!

Too Smart for Their Own Good

The obsession to have the “hottest” phone is driving the influx of smartphones into the enterprise environment from the executive level down, and iPhones and Droids are at the top of the hit list. The gotcha with these phones is that they are inherently insecure. Active Sync isn’t secure enough and Native iPhone security isn’t by any means secure so if you connect your smartphones using native security you’ve just blown any compliance you hoped for.

But it’s not all bad news; there are ways to safely integrate smartphones onto the network by maintaining their invisibility on the Internet and tightly controlling them via a policy driven umbrella. Alternatively, you could form corporate policy to populate your network with Blackberrys from RIM. Although they’ve not viewed as the hot ticket gadget, these smartphones can be secured with user experience regulated.

Corporate culture and management requirements need to be taken into consideration when deciding which position to adopt. There are some clear cut options available. You can let users connect their various devices to the network, take the associated risks and throw compliance to the wind. You can go to the opposite extreme, allowing only corporate issued devices on the network and having them guarded by a strictly centralized mobile and smartphone policy. Or you can accommodate in the middle ground where you allow employees to connect their devices but have them comply with a centralized policy and maintain compliance enforcement.

Many businesses want the functionality of Microsoft SharePoint without the limitations and lock-in that come with building on a Microsoft platform. While SharePoint 2010 is undeniably a strong product, it has hefty system requirements and its use limits an organization’s IT choices in other areas. The only way to get full functionality out of SharePoint 2010 is by using Windows Server 2008 and Microsoft Office 2010 on the desktop – upgrades your organization may not be ready to deploy.

SharePoint 2010 is a bit better than its predecessor in regard to vendor lock-in. SharePoint 2007 required ActiveX controls, shutting out everybody on Macs and Linux. SharePoint 2010 isn’t as restricted, and even works in a limited fashion on iPads and iPhones.

But SharePoint 2010 also limits browser choice. While you can work with SharePoint 2010 with Firefox or Safari, they aren’t treated as “first class” browsers for SharePoint 2010. Only Internet Explorer (later than IE6, which has been rightfully deprecated) can exploit all of SharePoint’s features. Note that even some features in 2010 require ActiveX controls that are not available for 64-bit versions of IE.

Probably the most compelling reasons to deploy an open source solution instead are price and flexibility. The licensing costs of SharePoint, plus Windows Server, plus SQL Server and the rest of the bundle are not insignificant. If you’d prefer to avoid becoming too deeply entrenched in Microsoft-based solutions, you’ll find several open source alternatives — and three I personally recommend: Alfresco, MindTouch, and Drupal.

Why those, and not some of the other open source CMSes? Alfresco and MindTouch are two of the most feature-compatible replacements for SharePoint. Drupal is not a direct replacement for all of SharePoint’s features, but handles many of the use cases for which SharePoint is popular. All three not only enjoy a strong user and developer community, but also have strong commercial support, making them much more suitable for enterprises that choose open source but still seek support and training services.

Alfresco

Alfresco is an enterprise content management platform (CMS) that runs on Windows, Linux, Mac OS X, and others. Its a Java-based system that utilizes Hibernate, Lucene, Spring, and other enterprise-class open source components. It’s billed as faster than proprietary systems, and (of course) is cheaper.

Like SharePoint, Alfreso provides content management for documents, records, images, Web pages, and it allows users to collaborate on content development.

Alfresco can be extended and offers a number of third-party solutions. It provides a CIFS connection to Windows so that your users can connect and share files in a similar way to SharePoint. Users can also access repositories over WebDAV and FTP.

The underlying platform, of course, is radically different from SharePoint. Organizations with a Java bent will probably prefer Alfresco to SharePoint, while Microsoft shops may choose SharePoint over Alfresco.

In most cases, users will find Alfresco an adequate substitute for SharePoint. Alfresco is integrated with both Microsoft Office and OpenOffice.org, so your organization can continue to use the Microsoft suite or migrate away from both SharePoint and Microsoft Office.

Organizations have a couple of licensing options. The company offers an entirely open source stack that’s licensed under the GNU Lesser General Public License (LGPL) as well as an enterprise subscription. The Enterprise edition also work with MS SQL Server, Oracle, and proprietary Java application servers like BEA WebLogic and IBM Websphere.

The Enterprise Edition also has system monitoring and clustering features not present in the community edition, which may or may not be vital for your organization. The licensing for Alfresco’s Enterprise Edition is, obviously, more expensive than the community edition, but provides technical support and additional options like platform certification, system monitoring, and enterprise extensions that might be interesting to large organizations.

Drupal

Drupal is not a drop-in replacement for SharePoint if you need a records management system. It’s not a enterprise content management system by any stretch. But for organizations that adopted SharePoint for intranets or building external websites, Drupal should not be overlooked.

The Drupal CMS has scaled to power some of the world’s busiest sites. Drupal is used by the U.S. Federal government to power sites like Recovery.gov, but also can be (and is!) used by much smaller organizations.

The Drupal tagline is “community plumbing,” which is an apt description of the project. Drupal alone is useful for developing websites, intranets, blogs, and the like. However, Drupal’s real power is in its developer community and the thousands of modules that extend the CMS’ functionality. Your organization’s developers can extend the platform or simply take advantage of Drupal’s existing add-ons. With the modules on Drupal.org, you can add file management, e-commerce functionality, LDAP authentication; you name it, it’s probably been added to Drupal.

It can be a bit of a beast to tame. Drupal’s user interface is, charitably, best described as “unintuitive.” This is something that’s been acknowledged by the Drupal community, and it’s one of the focal points of the Drupal 7 development cycle (which should be complete by autumn of this year). Drupal’s APIs are not universally loved by developers, either. In short, Drupal has its flaws,but it’s very widely and successfully used and for all manner of content management.

Drupal is written in PHP and licensed under the GNU General Public License. It runs on Apache or Microsoft IIS, uses MySQL, PostgreSQL, or Microsoft SQL Server, and PHP 4.4.0 or higher. Because the Drupal community has tried to push towards compatibility with PHP 5.x, many modules may require PHP 5.x or better even if Drupal runs on 4.4.x.

Commercial support for Drupal is available through a number of vendors, most notably through Acquia, a company run by Drupal founder Dries Buytaert.

MindTouch

If your company has a strong Microsoft bent, but would like to avoid SharePoint for some reason, MindTouch may be a good compromise.

MindTouch is a collaboration platform for internal and external work. In addition to the expected content management features, MindTouch’s “mashups” extend the software and enable connections to popular Web services and sites (such as Windows Live and Amazon).. It also works with popular open source publishing systems like WordPress, Joomla, Drupal, and Mambo.

MindTouch has “desktop connectors” that provide similar functionality to SharePoint for Windows users, and has Active Directory and LDAP support for authentication.

The downside to MindTouch is that much of its functionality is only available in paid releases. MindTouch Core is the fully open source release, available under the GPLv2. The Standard edition doesn’t have connectors for Microsoft Office or the features needed to easily scale MindTouch for larger organizations. Still, even the paid versions are likely to be less expensive than SharePoint, and having a open core provides the ability for third-party vendors to offer support.

MindTouch is built on top of PHP and .Net, and programmers can add functionality using PHP, C#, JavaScript, and other languages. You can deploy MindTouch on Windows using the .NET framework or on Linux with Mono. MindTouch uses MySQL on Windows or Linux, and also requires PHP 5.2 or better.

Final Thoughts

Should every organization run out and ditch SharePoint? Of course not. If SharePoint is already a working solution for your organization, it’s a bad idea to rip and replace just to implement an open source solution. If the business has made a large investment in SharePoint already, a switch would be expensive and probably would bring unwanted costs in terms of training users and dealing with user dissatisfaction. (Assuming users are happy with SharePoint, of course.)

But if SharePoint isn’t deployed widely in your organization, now’s a good time to consider whether SharePoint is a requirement or if open source solutions would be a better choice. It many cases, Alfresco, MindTouch, Drupal, or another open source solution — I’ve mentioned only a few of the dozens of open source CMSs — might be a suitable replacement.

All are easy to deploy for testing purposes, so there’s little reason not to road test an open source solution to judge if it’s a suitable option.

If SharePoint is part of your infrastructure, consider keeping it in check and using an open source solution for new deployments. Don’t try to rip and replace, but if you need a new Web site for the organization, use Drupal. Need a records management solution for a department not yet using SharePoint? Roll it out using Alfresco instead of SharePoint.

Open source solutions and SharePoint can co-exist. If your organization is mostly a Microsoft shop, deploying a few open source solutions can introduce the IT department and your knowledge workers to alternatives. If nothing else, the in-house use of open source CMS is useful negotiating tool with Microsoft when discussing licensing and future purchases.

Related Information From Dell.com: Experience the Advantages of Linux

There is such as document. It has existed and been updated since 1960, it is available to anyone to read for free and to own for $37 — and you don’t know about it.

Simple and commonsensical, the National Fire Protection’s NFPA 75, “Standard for the Protection of Information Technology Equipment,” is a detailed, explanatory almost-checklist for how to keep your business’ heart beating in case of a fire. While the standard was written for larger data centers stocked with mainframes and Cray and IBM BlueGene supercomputers, its wisdom is applicable to smaller setups. In 2011, a revised version of the standard will be released that addresses a wider audience.

NFPA 75 is under the covers of other standards that are in place, says Brian Rawson, senior program manager for Installation Planning with IBM. Rawson’s role is to provide business and technical support to data installations in the field worldwide. “Typically, this standard falls under the umbrella of the fire sprinkler standards. If a building has a water sprinkler standard, then usually so shall the data center.”

But by following NFPA 75, you go above and beyond. “It means you have more options, and that’s where the standard comes into play,” says Rawson, who is a principal on the NFPA 75 committee.

First Evaluate the Risk

Anyone who is considering an upgrade to the company’s data center should consider fire safety – but many IT professionals don’t know where to start. These guidelines are just a sample of what is in the standard, which also touches on electrical systems and other building code issues, telling you explicitly where to go for more information.

Clear thinking leads to clear planning, says Thomas Wysocki, a technical consultant and senior scientist for Guardian Services, a fire protection research firm and a member of NFPA 75’s committee. “The data is often more important than the equipment itself. You can replace the equipment easier than you can replace the data,” he says.

A CIO has plenty of questions to answer. First and foremost: Are your systems in charge of life safety, such as hospital services or air traffic control? What is the potential for fire; for example, are you located in an industrial facility where manufacturing could raise the potential for danger? What is the economic loss to your business if you had to shut down for a period of time or if you lost records? What is the economic loss of some or all of your equipment?

When evaluating your risk considerations, remember to evaluate your records. Classify your data into three kinds of records: Important, Master, and Vital. The standard qualifies these records according to the difficulty of replacing them. For example, you can replace important records with considerable expense and delay. Master records are those that you turn to when you need to rebuild your database. Vital records are irreplaceable, in which the reproduction is not as valuable as the original, the records are needed to sustain your business, or they are the records that would help you recover from a disaster.

Once you’ve gone through this straightforward process and quantified your business’ risk, you can next move to the construction or retrofit of your data center. You know the extent of the protection you need. “Look at your risk considerations and apply the standard as to mitigate those risks, reduce those risks to an acceptable level. That’s what safety engineering, fire protection engineering, is all about,” says Wysocki.

Designing Your Data Island

Thinking of your data center as a data island is absolutely correct says Wysocki.

Your data should be separate from other sections of your building, especially any hazardous areas, and surrounded by fire-resistant construction, according to NFPA 75. That construction should be capable of providing resistance from fire for at least one hour. That construction should include the ceiling, doors, and the floor. Windows should be fire-rated or have a fire-rated shutter. Air ducts should also have automatic fire and smoke dampers where they pass through fire-rated construction. The temptation is to put the data center in the basement, but the possibility of a fire on an upper floor makes such a location undesirable, the standard says.

“The separation from other spaces is very important. Having a fire-resistant barrier around the space and even separating large data storage rooms from the equipment room is an important recommendation,” says Ralph Transue, senior consultant for Rolf Jensen & Associates and current chair of the NFPA 75 committee.

Top of the line data centers have a main disconnection switch that allows for the shutdown of power and HVAC and closes all smoke dampers. That main switch should be located near the exit doors.

The ideal, of course, is for a company to have a data island that is protected and furnished with its own utilities. “Very often it’s not that way,” says Wysocki. “Someone may decide they are going to rent part of the 94th floor of the Sears Tower and put in a data center. You may not have the ideal conditions in there, but you do the best you can to apply the standard and make the appropriate modification to the structure’s fire resistance and isolation of air handling systems,” he says.

Furnishings should be fire-resistant or even made of metal. No exposed plastics are permitted by the standard. If you have a raised floor, it should be made of noncombustible material, the space underneath the floor must be accessible, and the floor should have provisions for drainage (in case of fire wherein the sprinklers discharge).

Fire Protection Should Complement Your Goals

To design the safest data center, get all the key organizations in the same room talking to each other, says Rawson. “You have the brick and mortar infrastructure people and then you have the software applications people. If they’re not talking to each other and on the same page, you could design a data center and have a production center that is really inadequate just two years down the road,” he says.

“You have to have a very good idea of where you are going as an industry as well as an organization. Understand what your information technology needs are going to be, then match the infrastructure with the fire protection to complement it,” says Rawson.

Related Information From Dell.com: The Smarter Path to Tackling Power and Cooling Issues

If ever there was a time when green initiatives ranked high priority on the global corporate mind, it has to be now with the ongoing Gulf Coast oil crisis in full bloom and government regulatory efforts becoming increasingly stringent. Not that that’s a bad thing; in fact, it’s cool to be green. IT managers and decision-making influencers are reviewing their existing IT infrastructure with new scrutiny and mapping it toward increased environmental responsibility.

Their data center is likely at the top of their list. While migrating a data center into the green world isn’t an easy task, it’s helpful to see how other businesses have achieved their goal.

Ikomm, a Nordic application service provider (ASP), wanted to build Norway’s greenest data center and they did so in a year. According to a recent case study (PDF), Ikomm managed to reduce energy consumption by around 40%. Doing so gave them a competitive edge on pricing and earned the company the first “Green Datacentre” certification awarded by the Norwegian government. Ivar Rusten, Ikomm product and partner manager explained the company reasoning behind the decision saying, “Energy-efficient data centers are now a key factor when companies choose ASPs, and we wanted to be the greenest of the green.”

Founded in 2003, Ikomm provides managed services to private companies and Norwegian city governments such as Lillehammer and Gausdal. Due to rapid growth, the data center outgrew its original facility even after infrastructure and application consolidation efforts in 2004. According to Rusten, their legacy equipment as well as their cooling system was not energy efficient. “More than 50% of our total energy consumption was used just to cool the system, which drove up costs for our customers and increased our carbon footprint.”

Ikomm decided to design and build out a brand new data center based on the newest, greenest technology available rather than re-engineering its existing facility and equipment. It contracted the build out to Dell. While this may not be a universally feasible solution, for Ikomm, with its anticipated growth, it seemed the best solution given they expect ROI in six years.

The subsequent needs analysis process involved measuring existing data residing on Ikomm’s storage area networks (SAN) as well as the energy consumption of the existing setup to provide a baseline from which to generate accurate metrics on the new environment once complete. Once Dell recommended a new infrastructure prescription consisting of various PowerEdge servers, blade servers running on Intel x86 architecture, server cabinets and a state-of-the-art cooling system, they sized out the required facility real estate square footage and began construction on the building to house the new data center. Even the materials used in the construction adhered to sustainable standards and allowed for easy expansion for growth.

One unique feature of the data center is its cooling system. According to Rusten, the cooling system uses eight holes in the earth and circulates water to a depth of 230 meters. He says, “Because the temperature underground is always between seven and ten degrees Celsius, we can cool the APC racks extremely efficiently and use the heat generated by our equipment to heat our offices. The green system gives us 80 kilowatts of cooling and heating power while consuming just 500 watts of electricity.”

In the event of a power failure, the new data center has an uninterruptible power supply (UPS) generator. Data disaster recovery is covered; Ikomm created a disaster recovery center in its old facility, which also mirrors the site and regularly backs up the data.

Building out an entirely new facility may not be in the cards for your green migration, but sound planning and a comprehensive needs analysis and individual elements of Ikomm’s project may serve to take you down the path in the right direction.

Related Information From Dell.com: Solutions and Services to Maximize IT Efficiency

I’m sitting outside an office building in Portland, Oregon. The building has at least half a dozen businesses with about 40 Wi-Fi access points (AP). In the hour I’ve been sitting here, I’ve broken into 28 of these corporate networks.

While I certainly know more about networking than most people do, I’ve no special expertise. I’m no hacker. I’m just making use of a good network packet analyzer, Wireshark (formerly known as Ethereal) and several common-as-dirt, dead simple to use cracking tools.

The simple truth is that, given a few days and publicly available programs, any wireless network can be broken. Sadly, as I just rediscovered today, most Wi-Fi networks don’t require that much trouble. Heck, it barely requires any effort at all.

Indeed, two of the businesses (downtown businesses, mind you, not Harry’s Home Network) didn’t have any security on their APs. Sigh. Leaving an open AP isn’t just a matter of letting other people share your bandwidth. It’s also an open door into your network. Another three were even worse: They used the default passwords for their wireless routers and APs. As for the rest, most were little more trouble to unlock.

That’s because most Wi-Fi security protocols are pathetically easy to break. For example, it’s a good bet that every Wi-Fi device your company has supports Wi-Fi Wired Equivalency Privacy (WEP). And many of you, including ten of the companies I just “visited,” use WEP for security.

It’s just too bad that WEP was broken, for all practical purposes, back in 2001. WEP stops someone with no clue about Wi-Fi networking security, but those are the only people that it will stop. However, every vendor still includes WEP as part of their laundry list of supported protocols; some reputable sources, like Consumer Reports, as recently as 2009 recommended WEP’s use. Consumer Reports subsequently corrected its mistake, but alas its “better” recommendation, WPA (Wi-Fi Protected Access), is also pretty easy to crack.

WPA, with its baked in security protocol, Temporal Key Integrity Protocol (TKIP), was broken more recently. It takes more of an effort to break than does WEP, but it’s also useless against any determined attacker. If someone wants to be fancy about it, he can try cracking your WPA using either a vulnerability in Quality of Service (QOS)  or using a man-in-the-middle attack.

Practically speaking, I, and anyone else who wants to jump into your network probably doesn’t need to bother with these methods. Instead, they’ll use the rainbow tables, lists of the most common WPA passwords. That’s because your SSIDs (the broadcast name of your Wi-Fi Access Point) makes up part of the password. Thus, chances are you’ve already given any would-be hacker part of the key. They then use the rainbow table to look through likely passwords until they find one.

How successful is this technique? With a 2.2GHz processor and an 8GB rainbow library, I broke into 15 WPA “protected” networks. Mind you, I didn’t have to do any work; I used a common program that automated the process and set it to work. Had I more time, I have no doubt I would have cracked the other WPA networks. There’s even a service, WPA Cracker to do it for you!

Perhaps you imagine that WPA2, the most advanced standardized Wi-Fi security protocol out there, would be immune. You’d be wrong. You see WPA2 has two security standards: TKIP and the jaw-breaking Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), also known as Advanced Encryption Standard (AES).

It’s more trouble to break WPA2 with CCMP, but thanks to those rainbow tables, it can be done on any ordinary laptop computer. Such as mine, which managed to bust into one WPA2/TKIP network. In 2011, both WEP and TKIP-based security will no longer be supported by the Wi-Fi Alliance. But, of course, millions of legacy devices, including any that you buy this year, will still include them.

So, what you really want is WPA2 with AES. Unfortunately, a lot of older equipment and operating systems don’t support it. For example, Windows 2000 and Windows XP SP2 systems cannot support this protocol natively. If for some reason you just won’t move to Windows XP SP3, you can add WPA2-AES support to Windows XP SP2 with the Windows KB893357 hotfix. Note that this is not a patch. Even if your system techs. were keeping Windows XP SP2 up to date, before Microsoft pulled the plug on Windows XP SP2 support, you still won’t be able to use WPA2-AES unless they deployed that hotfix.

OK, let’s say you are using WPA2. You probably know that it comes in two versions: Personal and Enterprise. With Personal version there is a single universal password, the so-called Pre-Shared Key (PSK) for everyone. With the Enterprise version, each Wi-Fi wireless network user gets his or her own password.

As you might guess, the Personal version, even with AES, is more dangerous to use than the Enterprise one. But both can be broken. As long as your network is constantly sending and receiving packets over the air anyone can snatch them and try to brute-force their way into the network. If you were using a really long, random password, like say 20-characters, you’d be “relatively” safe. But how many of us would really use 20-character long passwords like sfds*&10wiJMdis12rt?

The other networks I visited were all “protected” by WPA2-Personal with a really easy to guess password. In one case, the password was the same as the SSID. In the other, it was the name of the company. Great security there, guys. Just great.

Of course, you could just let the machine remember the password rather than try, and fail, to get people to remember it. That will fail, of course, if anyone with malicious intent ever steals a PC.

Here’s the simple truth. People being people, your Wi-Fi security will be broken.  It’s just a matter of time. That being the case, if you’ve got information on your network that you really don’t want anyone getting into, consider making it only available over wired networks. Yes, you get into those too, but the skill sets needed to break into a building are entirely different, and a lot harder to find, than those needed to break into a wireless network.

Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter

MSPs are becoming more popular. Using an MSP can help an enterprise maintain existing service levels with a reduced IT staff, or provide a less-costly means of increasing services than hiring new staff. Since many of them have expertise in Internet applications, they can quickly bring them online. Also, increased regulatory complexity requires offsite storage, which can be provided by MSPs.

“Everyone is taking this stuff more seriously now, and managed services is a very common practice,” says Charles Weaver, president of the International Associated of Managed Service Providers, a trade group. “Larger enterprises have IT departments who are overtaxed and underfunded, and they are doing more with MSPs to offload certain segments of IT management such as e-mail management, server management, VPNs and security, log monitoring, and auditing.”

Even Dell, long the king of direct sales, has gotten into the MSP action by purchasing SilverBack Technologies and offering its own array of managed services.

Clearly, the pool of managed applications will continue to widen. So we’ve put together a short guide to help you choose the right MSP partner. Ask candidates these five questions before you decide.

1. Does the MSP have its own data center or does it rent space somewhere else?

Many MSPs don’t have their own data centers and rent space elsewhere, thus putting yet another intermediary in between your apps and your users. When considering an MSP that rents a data center, make sure that the MSP’s data center is at least up to the same level of integrity and reliability as your own.

2. Do you need .Net or Java? Windows or Linux?

Many providers are either/or and want to stay that way. Others are generalists and don’t have a lot of depth. Some are focused on Web-based applications; others say that they are Web-focused but don’t have much security expertise. Make sure the specific technology and programming expertise you need is what they offer. Ideally, you want someone who can do more than just bring up a new server when you need it. The MSP should also be able to do application optimization and maintain your applications to run at peak performance.

3. What kind of connectivity do you need?

Part of the MSP evaluation is how the company is connected to the Internet, how it prices its bandwidth, and how it measures its overall network quality of service. If your needs vary by time of day or month, or you need a partner that can grow with you as you offload more applications without escalating prices into the stratosphere, the MSP should understand what your usage needs are and scale up or down accordingly.

Also, while everyone promises redundant Internet backbones, check these claims carefully. Look for MSPs that have at least two and ideally three different ISP connections. They should have set up and actively tested failover scenarios with your particular applications portfolio to make sure you stay online all the time. Some providers take pains to route their connections through different paths and separate routers to increase redundancy.

Still, you can’t plan enough. A few years ago, a fire in the Baltimore Harbor Tunnel knocked out all three Internet connections to a financial services company’s data center 50 miles away in Virginia. No one on the company’s IT staff knew that all of their Internet providers had lines that went through the tunnel; since then, the IT staff has requested network maps from providers to ensure better path diversity.

4. Talk to reference customers who are outsourcing the same applications portfolio.

It can be hard to properly vet an MSP, because, as Weaver says, “Even hairdressers have more government oversight today than MSPs.” Nevertheless, look for staffers who were former – and successful – IT managers at larger companies prior to joining the MSP.

A good warning sign is if the MSP is still charging time and materials for services, rather than offering a fixed monthly fee. Charging by time and materials shows that your poten