www. eweek.

com
OCTOBER 8, 2007 VOL. 24, NO. 31 $6
BY DAVE GREENFIELD 40
IT BUDGET
AGENDA
2008
Priorities are shifting,
as companies increase
spending on productivity
and collaboration apps
Oracle Database
11gs automation
features impress
in eWEEK Labs
tests 46
31p1.indd 1 10/5/07 12:19:45 PM
S:7 in
S
:
9
.
7
5

i
n
Editorial Director Eric Lundquist
Editor Debra Donston
Executive Editor, News Michael Hickins
Executive Editor, eWEEK Labs Jason Brooks
Chief Technology Analyst Jim Rapoza

NEWS
Senior News Editor Jeffrey Burt
News Editors John Hazard, John Pallatto
Channel News Editor Sara Driscoll
Senior Editors Jessica Davis, Peter Galli,
Paula Musich, Darryl K. Taft,
Lisa Vaas
Senior Writers Clint Boulton, Renee Boucher
Ferguson, Roy Mark, Chris
Preimesberger
Staff Writers Scott Ferguson, Deborah
Perelman, Brian Prince
Microsoft Watch Editor Joe Wilcox
eWEEK LABS
Technical Director Cameron Sturdevant
Senior Analysts Andrew Garcia, Wayne Rash
Technical Analyst Tiffany Maleshefski

EDI TORI AL PRODUCTI ON
Managing Editor Rick Dagley
Deputy Managing Editor Debra Perry
Copy Chief Jim Williams
Senior Copy Editors Kelsey Adams, Patrick Burke
Copy Editors Vikki Lipset, Heather ONeill,
Shane ONeill, Robby Trail
Newsletter Editors Sharon Linsenbach, Alethea Yip

ART/MULTI MEDI A
Group Editorial Art Director Stephen Anderson
Art Director Paul Connolly
Senior Production Designer Tara-Ann Fasulo
Senior Designer Chip Buchanan
Designer Brian Moore

eWEEK
Group Publisher
Karl Elken
Marketing
Tia Lambert, Marketing Specialist
Research
Guy Currier, Research Director
Senior Production Manager
Michael DiCarlis
Group Ad Coordinator
Chris DeNiscia
eWEEK editorial staff members can be reached at
(781) 938-2600 or (800) 451-1032, or via e-mail
using the following convention: name.surname@
ziffdavisenterprise.com.
THE BUSINESS OF IT Not
all that long ago, IT was
seen as something that
a small group of people
with a distinct knowledge
set dealt with in the back
rooms of a business. During
the last few years, though,
the mantra has been linking
technology to business proc-
esses, making IT a critical
part of a companys overall
strategy. That theme will
be front and center at the
Gartner Symposium/
ITxpo Oct. 7-12 in Orlando,
Fla. Look to eweek.com for
reports from the show by
Staff Writer Deb Perel-
man, who also will be front
and center.
eweek.com
Upfront
4 Girls cant do physicscan they?
ANALYSIS
11 Vendors continue to push collaboration.
13 SAP unveils a new version of NetWeaver.
16 Adobe looks to compete in SAAS.
20 AT&Ts and Verizons pricing is under fire.
22 The iPhone may be a hackers playground.
24 HP gives SMBs a blade server that fits.
30 Microsofts hypervisor shows promise.
INSIGHT
40 Whats on the IT budget agenda for 2008?
46 Oracles Database 11g stresses automation.
COMMENTARY
56 Eric Lundquist: The current crop of
emerging technologies is worth examining.
57 Jim Rapoza: I dont want security vendors
deciding what apps can run on my computer.
58 Jason Brooks: Whitelisting may not be
such a bad idea for improving PC security.
60 Guest column: Snags in fighting spam
shouldnt discourage the search for a fix.
62 Blog Watch: eWEEK in the blogosphere.
74 Spencer F. Katt: There just might be
something to the Web 2.0 hoopla after all.
INTERVIEW
65 Saab Security Systems CTO discusses
the challenges of adapting products to
meet customers needs.
CONTENTS
40
www. eweek. com
OCTOBER 8, 2007 n eWEEK 3
C
O
V
E
R
:

J
A
M
E
S

K
A
C
Z
M
A
N
31p3.indd 3 10/5/07 12:14:13 PM
Upfront
Girls cant
do physics
T
hi s story act ual l y
starts on a day when
my older daughter and I
walked across the sun-
filled lawn at the Univer-
sity of Virginia, in Char-
lottesville. We visited
t he physi cs
depart ment
so t hat my
d a u g h t e r ,
i n t e n t o n
b e c o mi n g
a phy s i c i s t ,
could have a
look around.
An instruc-
t o r t h e r e
looked at me,
then at my daughter, then
dismissed us with, Girls
cant do physics.
That was 10 years ago,
and, supposedly, much
has changed. Indeed, the
first day of the Emerg-
ing Technologies Confer-
ence at MIT Sept. 24 was
devoted to a workshop
exploring the problem of
getting more women into
science and technology.
The proportion of women
entering the sciences is
growing, we were told.
The number of women in
management positions at
technology companies is
rising, conference speak-
ers said.
And, to some extent,
this is true. Sophie Vande-
broek, chief technology
officer at Xerox and presi-
dent of the Xerox Inno-
vation Group, said 40
percent of the engineers
her company hires are
women. And, she pointed
out, thats twice the per-
centage of female
engineers in the
gen eral popula-
tion.
But i f you
l o o k a t t he
population of
scientists and
engineers in
c o mp a ni e s
today, espe-
cially at a senior
l evel , most are
men.
At the EmTech con-
ference (as its affection-
at el y known at MIT)
in Cambridge, Mass., I
saw far more men than
women in the audience,
and the speakers talked
about their problems in
finding enough qualified
women to work for them.
However, isnt it possible
the reason there arent
enough women in science
and technology doesnt lie
with the companies? Is
it possible its the fault
of the universities where
women get their training
in the first place?
Thi s past spri ng, I
escort ed my younger
daughter on a college
search si mi l ar t o her
sister s. A decade had
passed, so I was hopeful.
Once again, we enjoyed a
rare springlike day in early
April as we visited Charlot-
tesville. Once again, we
asked about physics for my
daughter. We dont have
a lot of girls interested in
physics, we were told.
We were more encour-
aged by other schools.
Nearly half of MITs stu-
dent body is women, for
example, but the propor-
tion of young women enter-
ing science and technol-
ogy fields is much smaller
elsewhere. At CalTech, its
about 20 percent. Other
schools we visited enrolled
women in technical pur-
suits at levels somewhere
in between.
When he opened the
EmTech conference, Rob-
ert Birgeneau, chancellor
of the University of Cali-
fornia at Berkeley, said he
was the person at MIT who
helped open the way for
women. But when I asked
him what schools can do
to make women feel wel-
come in science and tech-
nology, he didnt say. And
thats the problem.
If universities wont at
least pretend to be inter-
ested in welcoming women
into their science and
technology departments,
how can they expect those
young women to be inter-
ested? If girls keep getting
told they cant do physics,
engineering, computer
science or whatever, where
will the supply of those
new minds be found?
Wayne Rash
The data growth/
undercapacity
paradox
I
had a chance to dis-
cover at the Ziff Davis
Enterprise Storage Sum-
mit in Chicago Oct. 2 that
theres a storage paradox
no one seems to be getting
a handle on: The amount
of data that needs to be
stored is growing faster
than you can say green
IT, but that quantity is
still being overshadowed
by the number of physical
servers spinning at less
than half-capacity.
By most estimates, the
amount of stored data in
the world has grown from
[CONTINUED ON PAGE 6]
4 eWEEK n OCTOBER 8, 2007
www. eweek. com
P
A
U
L

C
O
N
N
O
L
L
Y
31p4.indd 4 10/5/07 1:10:15 PM
WERE BECOMING WELL KNOWN FOR RAISING SPIRITS.
Implement technology solutions that leverage our extensive hardware and software expertise
and youll toast to business success. As more businesses look for a partner to help achieve
their challenging IT goals, the choice is clear. Gain a trusted advisor. Gain Insight.
Source Code:AD068
2007 Insight Direct USA, Inc. All rights reserved. Insight is a registered trademark of Insight Direct USA, Inc. All other company and product names are trademarks or service marks of their respective owners. For all prices and products, we reserve the right to make adjustments due to errors, changing market conditions, product discontinuations or typographical errors.
Technology
Solutions
insight.com 800.927.3209
HP dx2300 Microtower
RT977UT#ABA
Intel Pentium Dual Core 1.6 GHz processor
CD-ROM; Ethernet, Fast Ethernet
Microsoft Windows XP Professional
1-year warranty
HP L1906 - Flat Panel Display
PX850A8#ABA
Max resolution 1280 x 1024
Dot pitch/pixel pitch 0.294 mm
3-year warranty
HP Storage Works Backup System
EH880A#ABA
1TB Raw capacity
750GB usable capacity
3.5 250GB SATA
40MB/s performance
5 exabytes (or 25 billion
gigabytes) to 161 exabytes
during the past five years.
And theres no sign of a
slowdown.
Fuel ing part of this
growth are policy changes
dictated by new regula-
tions and changes to the
federal rules for civil pro-
cedure; also driving the
growth are the kinds of
media were storing, which
increasingly include video
and image files.
Despite this explosion
in hoarded data, however,
storage servers in most
data centers are only run-
ning at something like 33
percent capacity. Its as if
we were drowning in data
but unable to grab hold
of the life rafts bobbing
around us because theyre
all banging together and
smashing our fingers.
The end result is that
companies are spend-
ing more money on pur-
chasing physical servers
(buying more life rafts)
and powering them, and
then spending even more
money cooling the servers
they didnt really need in
the first place (crushing
their fingers between the
pitiless wooden hulls).
There are some obvious
solutions to this problem,
other than firing your IT
staff and burning vendors
in effigy.
These include actually
listening to recommen-
dations for buying stuff
such as newer servers with
virtualization capabilities
baked in and applications
that will reduce useless
data duplication. (Its safe
to say there are 50 copies
of that e-mail you sent last
week floating around your
network, and, if youre a
particularly egregious data
duplication offender, make
it 500 copies.)
There are also some
less obvious solutions
that companies should
c o ns i d e r. Pr i nc i pa l
among these are ensuring
that everyone agrees on
who owns the data being
stored (IT or the busi-
ness manager) and who
sets policies on access
(IT or the legal depart-
ment), and that software
purchased by individual
business units doesnt
have features such as
workflow, deduplication
and e-discovery that con-
flict with new storage
mandates.
But the single-biggest
thing companies must do
to fix the data saturation/
undercapacity paradox is
to change, because what
theyre doing now isnt
worki ng. And therei n
lies the rub. As one Stor-
age Summi t at t endee
reminded me, resistance
to change is not a modern
phenomenon. Machiavelli
wrote in The Prince, his
famous tome on govern-
ing, that the initiator [of
change] has the enmity of
all who would profit by
the preservation of the old
institutions, and merely
lukewarm defenders in
those who would gain by
the new ones.
Michael Hickins
Bermuda short
(on connectivity)
B
ermuda has ni ce
coral reefs. Its also
famous for rum swizzles,
golfing and shorts worn
as busi ness appar el .
The people in Bermuda
are nice, too. They say,
Hello, how are you? to
complete strangers.
was in Bermuda, if I could
have looked it up online.
During my trip, I did
pop into an Internet cafe
on a few occasions. The
connection speeds were
loathsome, and they cost
me $4 for 15 minutes in
St. George and $3.50 for
15 minutes in Hamilton.
Do you know that feeling
you get when you can hear
the quarters clinking out
of your pocket as you wait
for pages to load?
Coral reefs, nice. Rum
swizzles, fine. Connectiv-
ity? Uh-uh.
(And nobody in their
right mind should pay to
swim with dolphins. They
swim just fine by them-
selves.)
Lisa Vaas
Google
marches on
G
oogl e on Oct . 3
added core security
and policy management
facilities to the Gmail
application in its Google
Apps Premier Edition via
the purchase of Postini.
Normally, such product
additions are not a big
deal, but this is Google.
Everyone is waiting with
bated breath to see how the
search and software ven-
dor is going to endear itself
to the enterprise to better
compete with Microsoft,
IBM and others in the
office productivity and col-
laboration space.
Googl e s move has
even gotten some analysts
UPFRONT FROM PAGE 4
6 eWEEK n OCTOBER 8, 2007
www. eweek. com
Upfront
[CONTINUED ON PAGE 8]
But connectivity? Thats
another story.
On a vacation in Ber-
muda last month, I got
zip for Sprint coverage:
no roaming, no nothing,
despite advertised roam-
ing rates of $2 per min-
ute. Look, Im calling right
now, as I type, trying to
determine why I couldnt
get coverage.
Nobodys answering.
Sprint phone reps must
all be in Bermuda, chew-
ing on snorkels.
Oh, wait, heres a rep.
Im supposed to do what
now? Call to set up cov-
erage before I leave the
country?
Oh.
Well, I guess I could
have found that out while I
31p4.indd 6 10/5/07 1:10:38 PM
1) Industry-leading performance-per-watt. For industry-leading savings. 2) Optimal virtualization technology.
For getting the most out of every server. 3) Consistent architecture, consistent power and thermal envelopes. For
superior investment protection. 4) Native quad-core with Direct Connect Architecture. For a whole new level of
performance. But dont just take our word for it. Feel free to explore. Visit www.amd.com/quadcore
Leading the industry again, this time in quad-core.
The new Quad-Core AMD Opteron
TM
Processor delivers much more than just four cores.
2007 Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo, AMD Opteron, and combinations thereof, are trademarks of Advanced Micro Devices, Inc. Other
names are for informational purposes only and may be trademarks of their respective owners. SPEC and the benchmark name SPECfp_rate2006 are registered trademarks of the
Standard Performance Evaluation Corporation. Results for Quad-Core AMD Opteron processor Model 2350 are under submission to SPEC as of Aug 28, 2007. SPEC results stated above
reect results published on www.spec.org as of Aug 28, 2007. For the latest results visit http://www.spec.org/cpu2006/results/
SPECfp_rate2006
+35.1%
The SPECfp_rate 2006 peak score shows the
Quad-Core AMD Opteron
TM
Processor enjoys a full 35.1%
performance advantage over the Xeon 5345.
1 2
3
4
1
2
3
4
pumped up, which is gen-
erally not an easy thing for
folks whove seen every-
thing the industry has had
to offer.
Take Gartner analyst
Tom Austin, who has been
covering corporate e-mail
since the 1970s. Austin is
particularly taken with the
speed with which Google is
rolling out improvements
to Apps. (Postini security
features come three weeks
after the deal closed.)
You re heari ng the
march of the million-man
army moving across the
continent with SAAS
[software as a service]
applications, Austin told
me. If they dont come out
with something new every
two weeks, Im going to be
shocked. These guys are
moving along in a way that
nobody in the traditional
software industry is, and
nobody in IT frankly gets,
and so I wouldnt be sur-
prised to see them make
more acquisitions here.
Austin wouldnt specu-
late on what acquisitions
Google might make, but
hes convinced we will see
major additions to Apps
be they acquisitions or prod-
uct upgradesin the next
few months. Im inclined to
think we will see small buys
to flesh out Apps features
for the rest of the year. After
that, who knows?
I asked Austin about
Googl e s competition,
specifically the free Lotus
Symphony s ui t e I BM
unveiled in September
and Microsofts Office Live
my blood pressure and
pulse. They listened to
my heart. I was asked to
change into one of those
short hospital gowns.
Just after Id gotten
changed, a nurse pulled
down the front of the gown
and began sticking things
to my chest. The metal
contacts told me they were
EKG sensors. I knew the
real pain would come later,
when they were torn free,
but for now it was
comfort i ng t o
know that the staff would
be alerted immediately to
anything that might hap-
pen to me.
Then came something
I didnt expect. After the
leads were attached, the
nurse connected a beige
box. The leads passed
through a hole in the front
of my gown, and the small
box was inserted into a
pocket. At that point, true
to the eWeek spirit, I had
a geek moment: Wire-
less communications, I
said aloud, to the annoy-
ance of the technician who
was trying to listen to my
heart.
I d ha d a s i mi l a r
moment a few years ago
when I found myself in a
hospital in Las Vegas fol-
lowing an auto accident.
My good friend Jan Ziff,
then of the BBC, walked
in to take a look at me and
said excitedly, Wayne,
they have you attached to
an HP laptop!
I asked lots of questions
at the hospital in Virginia,
but the staff insisted on
tal king about medical
things. Later I learned
that GE Medical Systems
made the Apex Pro
that was attached
to me. Accord-
ing to a GE rep,
the wireless moni-
toring system can
support as many
as 300 people and
cover the entire
gr ounds of t he
hospital. I could go
to the gift shop and
be moni t ored i f I
wanted to.
I doubted that the gift
shop staff would want
me, considering my attire,
but it was good to know.
Equally useful was finding
out that I could now get a
Wi-Fi-based home moni-
toring system if I needed
one. While telemetry has
been around for a few
years, it hasnt been well-
publicized in the IT com-
munity. Wi-Fi telemetry is
even less known because
its new.
Fortunately, it turned
out I didnt have a heart
attack. Still, it was comfort-
ing to know that if I had,
the hospital staff would
have known immediately,
regardless of where in the
hospital Id wandered.
Wayne Rash
UPFRONT FROM PAGE 6
8 eWEEK n OCTOBER 8, 2007
www. eweek. com
Upfront
Workspace, which was
unveiled in early October.
Austin dismissed those
moves in comparison with
Googles SAAS initiative,
saying that Microsofts
news was more along the
lines of were thinking
about [online collabora-
tion], too, while IBMs
Symphony news sounded
more l i ke 1993 Lotus
Development Company
and AT&T announcing
Network Notes than whats
really going on today.
Austin conceded that
Apps l acked the deep
functionality of Microsoft
Office but said he expects
Google to change that on
its march.
Fair enough. We still
have a long way to go before
we get the kind of SAAS
penetration rate Gartner
is expectingsomething
in the vicinity of 25 to 30
percent during the next
four or five years. But its
fun watching a relatively
young company blaze a
new trail and leave in its
wake a long trail of SAAS
hopefuls.
Clint Boulton
Fear and wireless
F
irst its the fear. The
pain in my chest had
subsided, but that didnt
stop fear from gripping
my heart t i ght l y as I
was wheel ed t hrough
the doors of the hospital
emergency room in Fair-
fax, Va.
Then the hurried routine
in the hospital began to
unfold. The staff checked
31p4.indd 8 10/5/07 1:10:54 PM
his notebook may
crash, but his
drive wont.
Introducing the new Samsung Flash Solid State Drive (SSD).
No moving parts, except some hardworking electrons. A mean time
between failures (MTBF) six times longer than a hard drive. Virtually
unlimited shock resistance. And power use that extends battery life
up to 20%. With a Samsung SSD inside your notebook, your data is
always there when you need it.
www.samsungssd.com
solid state reliability
Samsung Solid State Drive
A new-generation Flash drive available
in notebooks from leading OEMs.
endurance (MTBF
1
)
shock resistance
read speed
write speed
active power consumption
system boot speed
2
operating temperature
> over 2 million hours
> 1500G / 0.5ms
> 100MB / sec
> 80MB / Sec
< 0.5W
< 24 sec
-25C ~ 85C
1
Mean Time between Failure
2
HP NX9420, XP Pro, Core Duo Processor 2.0Ghz, 512MB RAM, ICH 7, i945 Chipset
2007 Samsung. All rights reserved.
By Clint Boulton
and Peter Galli
M
ajor technol-
ogy vendors
are continuing
to push initiatives to bring
collaboration tools online,
fueled by equal parts cus-
tomer demand and com-
petition from rivals.
Moves by Microsoft and
AT&T illustrate efforts by
established tech companies
to carve out space in the
market contested by major
vendors such as IBM and
relative newcomers such
as Google.
Microsoft, of Redmond,
Wash., is ratcheting up
its software-plus-services
strategy with an offer-
ing known as Office Live
Workspace that is due
later this year and will let
customers access, share
and collaborate on docu-
ments online. But there is
a catch: Users will not be
able to edit the documents
they are viewing through a
browser unless they have
Office installed on their
computer.
You need Microsoft
Office to edit Office docu-
ments, but if you do not
have it installed you can
view Office documents
More services, software
make their way onto the Web
Microsoft ratchets up its software-plus-services initiative with Office Live
Workspace; AT&T buys Internet conferencing company Interwise
in a browser [both Inter-
net Explorer and Firefox
will be supported] and
can comment on them,
a Microsoft spokesperson
told eWeek Sept. 30.
For users who do have
Office on their machine,
when they click to edit a
document, it will be down-
loaded into the version of
Office they have on the
desktopOffice 2003 and
Office 2007 are supported.
When changes are made
and the document is saved,
the changes are automati-
cally saved to the online
version of the document,
the spokesperson said.
The service will be avail-
able at no charge when
released later this year,
and the software maker
is accepting registrations
from customers who want
to help test the beta.
While Office Live Work-
space initially will not
include advertising, the
plan is to do so at a later
stage. The company is also
testing different designs
and may also offer addi-
tional features or services
for a price at some point,
the spokesperson said.
The Office Live Work-
space offering is yet another
indication of how seriously
Microsoft is taking the
growing competition in
the productivity space as
well as the threats posed
to its traditional business
model by online com-
petitors such as Google,
with its Documents and
Spreadsheets offerings.
IBM has also announced
Lotus Symphony, a suite
of free software tools for
creating and sharing docu-
ments, spreadsheets and
presentations.
Microsoft is initially
offering three online ser-
vicesExchange Online,
Office SharePoint Online
and Office Communica-
tions Onlineto enter-
prises with 5,000 or more
seats.
This new era of con-
nected computing is about
empowering people and
businesses to balance the
power of the Internet with
the rich interactivity and
high performance of cli-
ent and server software,
said Jeff Raikes, president
of the Microsoft Business
Division. With todays
announcements, we are
taking a significant step
forward by combining
our deep client and server
software experience with
our strong commitment to
delivering flexible services
offerings for our wide vari-
ety of customers and their
unique needs.
When asked if Office
Live Workspace was a
response to the growing
threats in the online pro-
ductivity space, the Micro-
soft spokesperson said that
it was created to enable
ANALYSIS
www. eweek. com
OCTOBER 8, 2007 n eWEEK 11
This new era
of connected
computing is
about
empowering
people and
businesses.
JEFF RAIKES
[CONTINUED ON PAGE 12]
31p11.indd 11 10/5/07 2:40:09 PM
Office users to access their
information anywhere and
share their work with oth-
ers, whether at home, work
and school.
The existing Office Live
offering will be rebranded
Office Live Small Busi-
ness, a change announced
by Microsoft CEO Steve
Ballmer at the companys
Worldwide Partner Con-
ference in July.
Microsoft is also now
differentiating between
the Live services tar-
get ed at i ndi vi dual s,
business users and vir-
tual workgroups and the
online services that live
in its data centers and that
are geared toward large
organizations with more
advanced IT needs.
The online offerings
from Microsoft are one
of the three ways custom-
ers can get their software;
the others are by buying
and hosting the software
themselves on-premises
or through the hosted
services available from
Microsofts partners.
For its part, AT&T, of
San Antonio, is buying
Internet-based conferenc-
ing and collaboration soft-
ware provider Interwise for
$121 million and with it a
bigger play in the video,
Web conferencing and
collaboration race against
rivals Sprint Nextel, Veri-
zon and Cisco Systems.
AT&T announced the
acquisition of Interwise
Oct. 1. Interwise offers
VOIP (voice over IP), Web
and videoconferencing ser-
vices for both on-premises
and hosted deployment,
along with a hybrid of on-
site and hosted services.
AT&T said it will offer
these services alongside
its own networking, VOIP,
conferencing and collabo-
ration services, as well as
its MPLS (Multiprotocol
Label Switching)-based IP
network for businesses.
There is no shortage
of market opportunity
for such services, which
businesses often use in
conjunction with e-mail,
instant messaging, pres-
ence and other collabo-
ration tools to help their
employees work together
on tasks. Research com-
pany Frost & Sullivan said
the market for audio, Web
and videoconferencing
will be worth $5.9 billion
through 2007, with growth
continuing into 2008.
The added utilities will
help AT&T better reach the
lucrative market opportu-
nity selling into enterprises
that the phone companies
and other technology pro-
viders crave. Sprint Nextel
and Verizon are also offer-
ing audio, Web and video-
conferencing for their
business customers.
Were really excited
about having Interwise
as part of the company
because they are one of
the only ones to offer
premise[s]-based collabo-
ration, network- based
collaboration or a hybrid
solution, allowing users
to collaborate across both
environments, said Steve
Sobolevitch, AT&Ts vice
presi dent of busi ness
development.
IDC anal yst Robert
Mahowald said the deal
is a step up for AT&Ts
enterprise business, which
has strong, hosted audio
conferencing but lacks on-
premises services and has
relied on reseller agree-
ments for Web conferenc-
ing to this point.
As they try to grow
their enterprise business
larger and larger toward
[broader] Web collabora-
tion, this gives them a
development platform,
Mahowald told eWeek.
It gives them some cus-
tomers, but it also gives
them a platform that they
can actually play with as
opposed to Microsofts or
Ciscos, which they were
just reselling.
To be sure, phone com-
panies are far from the
only technology provid-
ers interested in Web col-
laboration. Microsoft and
IBM have been carving
out such packages through
their SharePoint and Lotus
portfolios, respectively, as
part of broader unified
communications strate-
gies. Adobe Systems and
Citrix Systems also play
in the Web conferencing
space.
Ci sco, of San Jose,
Calif., lent spirit to the
hunt in March with its
bid to buy WebEx for $2.9
billion. But most acqui-
sitions in this space are
fill-in-the-gap deals, such
as IBMs Aug. 22 deal to
buy on-demand Web con-
ferencing software maker
WebDialogs.
The way these indepen-
dent companies are flying
off the shelves, I dont even
know whos left to buy,
Mahowald said.
Should the deal close
in the fourth quarter as
AT&T expects, Interwise
will operate as a business
unit within AT&Ts $35
billion Global Business
Services group, which is
led by Group President
Ronald E. Spears.
12 eWEEK n OCTOBER 8, 2007
www. eweek. com
ANALYSIS
Bought Interwise Oct. 1 for $121 million; Interwise offers VOIP,
Web and videoconferencing services both for on-premises and
hosted deployment as well as multiple other on-site and hosted
services; AT&T will pair those services with its own networking, VOIP,
conferencing and collaboration services
AT&T and Microsoft both made moves designed to expand their
reach into the competitive space of online collaboration, including:
Working on the Web
Source: eWEEK reporting
AT&T
Announced Office Live Workspace Oct. 1; due later this year,
it will let customers access, share and collaborate on documents
online, but they need to have Office installed on their computers to
edit the documents seen through a browser; initially Microsoft will
offer Microsoft Exchange Online, Office SharePoint Online and Office
Communications Online to enterprises with 5,000 or more seats
Microsoft
WEB FROM PAGE 11
31p11.indd 12 10/5/07 2:40:15 PM
By Renee Boucher Ferguson
IN LAS VEGAS
S
oftware maker
SAP has garnered
headlines in recent
weeks over t he
launch of its Business
ByDesign on-demand suite
and its ongoing competition
with rival Salesforce.com in
that area.
But at its SAP TechEd
event here, company offi-
cials shifted their focus
back to NetWeaver inte-
gration, all but lost in the
recent brouhaha over Busi-
ness ByDesign.
SAP announced Oct.
2 the next iteration of
NetWeaver, which brings
the discussion around the
integration and
devel opment
platform full
circleback to
business pro-
cess orchestra-
tion, where it
started when
NetWeaver was
announced in
2003. In addition, the Wall-
dorf, Germany, company
said that developers can
download a NetWeaver
license on a yearly sub-
NetWeaver 7.1 marks the completion of the ESA road map laid out
several years ago by SAP CTO Vishal Sikka and other officials.
NetWeaver
takes center
stage for SAP
New version of integration platform
completes enterprise architecture push
scription basis.
The goal for SAP in
changing its licensing struc-
ture around NetWeaver is to
open access to the platform
to a much broader commu-
nity of developers. In other
words, SAP wants to make
NetWeaver a strategic devel-
opment platform for both
SAP and non-SAP custom-
ers, partners and ISVs, a
strategy the company has
been pursuing for several
years.
We expect a great deal
of innovation on top of
NetWeaverfilling in the
white spaces with func-
tionality we do not have, or
[building] alternative appli-
cations, said Mark Yolton,
vice president of the SAP
Communi t y Net work.
My expectations are that
easy access to this license
gives noncustomers an
opportunity to test drive
NetWeaver.
With the introduction of
NetWeaver several years ago
as part of its ESA (Enterprise
Services Architecture) ini-
tiative, SAP introduced the
concept of composite appli-
cationsbuilding process-
based functionality using
components or services
from various applications
from SAPs ERP (enterprise
resource planning) suite.
But now that SAP has
introduced a new on-
demand suite of applications
with Business ByDesigna
completely services-based
platform that sits on top of
NetWeaver
the question
is whether the
new NetWeaver
d e v e l o p e r
l i cense pro-
gr am i s an
effort to expand
SAP as a plat-
form provider
into the on-demand world.
And, if so, how will devel-
oper innovation with Busi-
ness ByDesign funnel back
into SAPs on-premises
applications?
The short answer seems
to be that not much will
change with SAPs plat-
form strategy in the short
t erm; Net Weaver wi l l
remain an on-premises
development strategy. But
as Business ByDesign
becomes available to more
users and partners in the
coming year, that para-
digm could see a defini-
tive shift.
Business ByDesign
leverages much of Net-
Weavers historical code,
so there are some nice syn-
ergies between NetWeaver
and Business ByDesign,
Yolton said. But theyre not
exactly the same. There are
some innovations related
to Business ByDesign and
the next step for SAP is
to ensure that innovations
introduced in Business
ByDesign will be integrated
into NetWeaver and the two
live side by side and [are]
developed side by side.
Yolton said that Business
ByDesign is treated cur-
rently at SAP as a separate
ANALYSIS
www. eweek. com
OCTOBER 8, 2007 n eWEEK 13
[CONTINUED ON PAGE 14]
You will have the ability
to take a model and
deploy it directly into the
code in Eclipse.
VISHAL SIKKA
31p13.indd 13 10/5/07 2:39:11 PM
platform. The reintegra-
tion of those innovations is
still to come, he said.
Before the announce-
ment about the subscrip-
tion license, the NetWeaver
devel oper l icense was
available, but as a per-
petual licenseand one
that was pretty hard to get,
Yolton said.
The license was avail-
able forever, through a
sales rep, he said. It
was primarily available
through large partners
and it was difficult to get
your hands on a license.
Now developers have a
new licensing option and
a new version to work
with. There are three main
pieces being added to the
NetWeaver stack with Ver-
sion 7.1: CE (Composition
Environment), Enterprise
Services Repository and
NetWeaver Process Inte-
gration.
By incorporating the
t hr ee el ement s i nt o
NetWeaver, SAP hopes
to lay the foundation for
business process manage-
ment in the world of SOA
(service-oriented architec-
ture), officials said. It also
opens up the NetWeaver
platform to a bigger cast
of developers, an ongoing
goal for SAP.
We ve been talking
about composite applica-
tions for the last couple of
years, but what we realized
with Composition Envi-
ronment is the ability to do
innovationit should be
model-driven and should
give you the ability to do
innovation, SAP Chief
Technology Officer Vishal
Sikka said in his keynote
address Oct. 2. CE 7.1 is
exposure of our platform;
you can expose it, you can
develop on it.
The NetWeaver CE is
essentially a set of tools
that customers and part-
ners can use to compose
and deploy composite
applications in a Java envi-
ronment. CE combines
infrastructure components
such as SAPs Java EE 5
Application Server, Web
Dynpro-based user inter-
faces, NetWeaver Visual
Composer for UI model-
ing, guided procedures for
collaborative process mod-
eling, and an infrastructure
for service and business
definition, according to the
SAP Developer Network.
CE also uses an Eclipse-
based environment to
compose processes across
a companys IT landscape.
An upgraded version
of the Enterprise Services
Repository provides the
repository for SAP Web
services. It also manages
process models and busi-
ness object models so that
common business seman-
tics are used across ser-
vices, with the idea that
services can be reused.
Net Weaver Process
Integration, due later this
year, is an evolution of
the NetWeaver Exchange
Infrastructure, sort of an
integration hub in SAP
NetWeaver 20047.1 is
the next iteration of that
releasethat was designed
to manage the integrations
between SAP and non-
SAP applications. What
Process Integration adds
is more standards, such
as Web Services Reliable
Messaging, and an event
infrastructure designed
to help companies both
monitor business events
and act on alerts.
At the end of his key-
note, Sikka talked about
what is coming next with
NetWeaver. We are doing
our own modeling, our
own process manage-
ment, he said. You are
going to be able to link the
processes to the underly-
ing platform and manage
it. You will have the ability
to take a model and deploy
it directly into the code in
Eclipsethe environment
we want people to start
using. The key thing: This
actually executes code.
The bottom line for
Sikkaand, really, the
overall message of this
years TechEdis that SAP
has completed its ESA road
map laid out several years
ago. The concept behind
ESAand SOA, for that
mat t er i s t o enabl e
companies to respond to
changes in their businesses
by allowing them to change
business processes with-
out taking months to alter
applications.
The ability to cover this
vast spectrum of processes,
that ability is herethe
other components of our
Business Process Platform,
Sikka said. We are there.
That said, SAP still has
some work to do to push
NetWeaver adoption. While
officials reported Oct. 2
that they have 13,000 SAP
customers and 18,000 sys-
tems in productionand
saw a 50 percent growth of
NetWeaver revenues in its
first quarter of 2007SAP
has more than 30,000 cus-
tomers that could potentially
use NetWeaver. SAP offi-
cials said they would give an
update on NetWeaver adop-
tion during the companys
Oct. 18 third-quarter earn-
ings call.
14 eWEEK n OCTOBER 8, 2007
www. eweek. com
ANALYSIS
NETWEAVER FROM PAGE 13
SOA at SAP
Source: SAP
Composition Environment An integrated set of tools that cus-
tomers and partners can use to build and deploy standards-based
composite applications; it supports the Java Platform, Enterprise
Edition 5 and leverages an Eclipse-based integrated environment
Enterprise Services Repository Upgraded version enables
businesses to better manage SOA projects; manages Web services,
business process models and business object models; it includes a
registry of definitions of thousands of productized enterprise services
from SAP
Process Integration Grew out of Exchange Infrastructure;
supports SOA industry standards such as Web Services Reliable
Messaging; enables businesses to monitor business events and
resolve alerts in real time; will be available to early customers in
December
At its SAP TechEd event, the
software company rolled out the
latest version of its NetWeaver
development platform, with new and enhanced capabilities, including:
31p13.indd 14 10/5/07 2:36:24 PM
By Darryl K. Taft IN CHICAGO
A
dobe systems is
looking to expand
its competition
with titans such as Micro-
soft and Google.
At its Max show here
Oct. 1, Adobe officials
announced the company
is branching out into new
areasincluding word
processing and document
sharingand bolstering
its positions in other devel-
opment sectors, moves
that will bring Adobe into
direct competition with its
larger rivals. Kevin Lynch,
chief software architect at
Adobe, said the company
is getting more into the
SAAS (software as a ser-
vice) arena.
A key to the strategy
is Adobes decision to
buy Virtual Ubiquity, of
Waltham, Mass., and its
online word processor,
Buzzword. Adobe also
announced the addition of
a new file-sharing service.
Code-named Share, the
beta service will make it
easier for people to share,
publish and organize doc-
uments online, said Erik
Larson, director of market-
ing and product manage-
Adobe hits the SAAS
trail at its Max show
Software maker outlines plans to take on Microsoft and Google
ment at the
Sa n J o s e ,
Calif., soft-
ware maker.
Share is a
free, online
document -
sharing ser-
vice, Larson
said. Users
s el ec t t he
documents
they want to
share, send
a message
t o r e c i pi -
e nt s , a nd
de t er mi ne
whether the
f i l e s wi l l
be publicly
accessible or restricted,
he said. The service, built
with Adobe Flex technol-
ogy, will include a set of
REST (Representational
State Transfer) APIs to let
developers create mash-
ups with their applica-
tionsincluding storing
and accessing filesas
well as creating thumb-
nails and Flash-based pre-
views of documents.
The Share service can
be integrated with Adobes
Acrobat Connect, which
together with Buzzword
will form the basis of a free
online service from Adobe.
However, over time, Adobe
will offer premium online
subscription services and
developer services based
on Share, Larson said.
The move adds to Adobes
push into the SAAS space
and looks to compete with
the likes of Microsoft and
Google.
With Share, users can
send documents without
e-mail attachments, access
document s from any-
where, view all the docu-
ments they have shared or
received in one place, post
a link to their document
on a wiki or blog, embed
a Flash preview of their
document on any Web site,
and limit access to a docu-
ment to a list of recipients,
Adobe officials said.
At the show, Andrew
Shebanow, an engineering
manager at Adobe, dem-
onstrated Share, which he
said gives users 1GB of
storage, but its not just a
drive in the sky. This prod-
ANALYSIS
With Buzzword, Adobe is expanding its online collaboration capabilities.
16 eWEEK n OCTOBER 8, 2007
www. eweek. com
[CONTINUED ON PAGE 18]
31p16.indd 16 10/4/07 3:21:47 PM
uct is like FlashPaper on
steroids.
Now in beta, Share is
expected to become a live
service next year.
Adobes next steps for
Share include providing
improved file organiza-
tion, such as tags, filters
and user-defined collec-
tions; the ability to print
from any application to
create a PDF directly on
Share; and PDF conver-
sion for Microsoft Office
and ODF (Open Docu-
ment Format) documents,
officials said.
Adobe is offering its
Web conferencing, PDF
creation and new Buzz-
word word processing
capabilities, along with
REST APIs, so developers
can use the Adobe service
infrastructure to add to
their applications, Larson
said. The company also
will provide APIs based on
its Flex Web development
technology and the Action-
Scri pt Fl ash- ori ent ed
development language.
The acquisition of Vir-
tual Ubiquity is key to the
strategy, Larson said. The
founders and 11-person
Virtual Ubiquity team are
expected to join Adobe,
he said.
Buzzword, which is
based on Adobes AIR
(Adobe Integrated Run-
time), built with Adobe
Flex software and runs in
the Adobe Flash Player,
allows users to collaborate
in creating high-quality
documents, Larson said.
Because of its heritage in
Adobe technologies, Buzz-
word enables greater doc-
ument quality, enhanced
typography, page layout
cont rol s and support
for integrated graphics,
regardless of the browser
or device, he said. Its sup-
port for AIR means it can
run in a hybrid online and
offline environment and
work with both hosted
and local documents, he
added.
Moreover, Buzzwords
collaboration capabilities
allow multiple authors to
edit and comment on doc-
uments from anywhere,
and document creators
can set permissions that
eliminate version control
chaos, Larson said.
The Virtual Ubiquity
acquisition furthers Ado-
bes commitment to foster
a vibrant ecosystem for
RIA (rich Internet appli-
cation) development that
delivers experiences built
on AIR, he said.
Virtual Ubiquity CEO
Rick Treitman said the
company was founded
more than two years ago
to build a full-featured
word processor that made
no sacrifice about running
on the Web. We wanted
to take advantage of the
Web.
Treitman told eWeek
that in developing Buzz-
word, Virtual Ubiquity
tried everythingJava,
.Net, AJAX [Asynchronous
JavaScript and XML]and
we settled on Flash. We
used Flex as a way to get
in the Flash Player.
With its impending
acquisition of Virtual Ubiq-
uity, Adobe announced
the general release of the
Buzzword beta.
Adobe official s al so
pointed to work theyve
done wi t h Scene7, a
company they bought in
May. At the time Adobe
announced plans to offer
and expand Scene7s inter-
active publishing services
as it extends the online
presence of its flagship
creative technologies.
Doug Mack, who was
Scene7s CEO and is now
vi ce presi dent of cre-
ative solutions services at
Adobe, described Adobes
plans for the Scene7 ser-
vice, including taking the
rich-media publishing sys-
tem and providing auto-
mation and enabling the
creation of enhanced Web
site experiences.
Ma c k s a i d Sc e ne 7
delivers a dynamically
rendered single master
image. While the com-
panys creative suite was
the primary entry into the
system, we fill the gap
between the content and
the viewers, which can be
achieved through a simple
URL call into the pages,
he said.
Scene7 can share con-
tent via an image portal
or a URL. Its delivered
as SAAS, Mack said. If
you want to share content
with others, its a simple
URL call.
The Scene7 on-demand
solution gives business
user s t he cont r ol t o
upload, manage, enhance
and publish dynamic rich
content with minimal IT
support. The platform
delivers unlimited varia-
tions from master imag-
ery, Mack said. Scene7
will be a hosted solution
from Adobe and will take
advantage of AIR tech-
nology.
18 eWEEK n OCTOBER 8, 2007
www. eweek. com
ANALYSIS
ADOBE FROM PAGE 16
Buying Virtual Ubiquity and its word processor, Buzzword,
which is based on Adobe technology and will strengthen the
companys collaboration offerings
Rolling out Share, a free file-sharing service that will make it
easier for people to share and organize documents online; now in
beta, Share will become a live service in 2008
Adopting Scene7s interactive publishing services, which Adobe
aquired with the company in May; a self-service offering will roll
out next year
Unveiling Pacifica, a service for developers to integrate high-
quality voice, messaging and presence into Adobe Flash and Flex
applications
Announcing Adobe CoCoMo, a service for integrating real-
time collaboration capabilities such as screen sharing and white-
boarding into applications
Adobe is taking aim at rivals Microsoft and Google with a series of
moves in the SAAS space, including:
Expanding horizons
Source: Adobe, eWEEK reporting
31p16.indd 18 10/4/07 3:21:53 PM
FREE 3
-
DAY TRIAL
AND UP TO
$
100 MAIL
-
IN REBATE
with two-year activation on a BroadbandAccess plan.*
Sidestep the obstacles of remote connectivity
with BroadbandAccess Built-In from Verizon Wireless.
* Rebate available on select notebooks from participating suppliers equipped with Verizon Wireless BroadbandAccess Built-In. Ofer good on accounts activated through 12/31/07, with continuous service for at least 30 days. Rebate
takes up to 8 weeks. Activation fee/line: $35 ($25 for $59.99 BroadbandAccess plan). Ofer not available on federal, state, or local government lines of service. Cannot be combined with other ofers. BroadbandAccess service is available
to more than 210 million people in 245 major metropolitan areas and 194 primary airports in the U.S. Network details and coverage maps at www.verizonwireless.com. See www.verizonwireless.com/bestnetwork for details.
2007 Verizon Wireless. All Rights Reserved. Verizon Wireless is a registered trademark of Verizon Trademark Services LLC. All other trademarks are the property of their respective owners.
In the world of IT, obstacles are unavoidableexcept for the avoidable ones. Take
remote connectivity, for instance. With Verizon Wireless BroadbandAccess Built-In,
you can give your company secure, high-speed wireless access to the Internet,
corporate fles, company networks, and VPNs anywhere on Americas most reliable
wireless broadband network without the need for PC Cards or hotspots.
To learn more, visit www.verizonwireless.com/BUILTIN.
Now available from these leading notebook manufacturers:
By Roy Mark IN WASHINGTON
T
he top executive
for Sprint Nextel
says AT&T and Ver-
izon hold an unfair advan-
tage in the telecommuni-
cations market, and he is
asking U.S. lawmakers to
do something about it.
President and CEO Gary
Forsee on Oct. 2 told a
House subcommi t t ee
that a competitive, high-
volume business in the
telecommunications mar-
ket is unfairly rigged to
favor AT&T and Verizon,
with the result being that
the nationwide rollout of
broadband is faltering.
Wholesale availabil-
ityknown as special
accessto the nations two
largest carriers networks is
a critical component of vir-
tually every competitor to
AT&T and Verizon. Access
to these dedicated circuits
allows competitors to con-
nect their networks and
reach their customers.
Despite this central role
in telecommunications and
broadband deployment, the
special access market is a
failure, Forsee told the
House Subcommittee on
Telecommunications and
the Internet. [The failure] is
apparent in the overwhelm-
ing and increasing market
share of the two dominant
special access providers,
AT&T and Verizon.
Forsee said the incum-
AT&T, Verizon pricing under fire
Sprint CEO calls on lawmakers to fix failings in special access space
bents controlled 92.7 percent
of the special access market
in 2001. By 2005, he said, that
share had grown to 94.1 per-
cent. Forsee and others com-
plain that the merger mania
that saw AT&T acquire SBC
and Verizon buy MCI has
reduced the choices for
wholesale access.
The special access mar-
ket is a textbook example of
market failure, and consum-
ers are suffering the con-
sequences of this failure,
Forsee said. The future of
competition in telecommu-
nications hinges on whether
we address the special access
market failure.
Regulation of the prices
incumbent carriers can
charge competitors was once
the hallmark of U.S. tele-
communications policy, but
under Republican control
of Congress and the Federal
Communications Commis-
sion, deregulation became
the standard. Forsee and oth-
ers want the FCC to continue
to regulateor at least cap
prices AT&T and Verizon can
charge competitors for access
to their networks.
The FCC has the tools,
the evidentiary record and
the congressionally man-
dated obligation to ensure
that special access prices
are just and reasonable,
Forsee said. I urge this
subcommittee to let the
FCC know that it must
meet its obligation by
reducing special access
rates to reasonable levels.
Subcommittee Chair-
man Rep. Ed Markey, D-
Mass., noted a Govern-
ment Accountability Office
study that found the FCCs
deregulatory policies have
resulted in higher special
access prices and limited
competitive choice.
Because prices today are
higher than what a truly com-
petitive market would sup-
port, current and future wire-
less providers will expend
funds on special access that
would be better spent reduc-
ing prices to consumers or
deploying more and better
broadband facilities, Mar-
key said. Unless this market
failure is corrected, special
access could have a negative
impact on all wireless broad-
band deployment, including
deployment that facilitates
interoperability between pub-
lic safety organizations.
AT&T, of San Antonio,
Texas, and New York-based
Verizon found much fault
with Forsees testimony.
Verizon Executive Vice
President Tom Tauke told
the panel that Sprint, of
Dallas, was trying to use
regulatory measures to
undermine a successful
market-based business
environment. Instead of
regulation, Tauke said, the
FCC should affirm the cur-
rent special access policy
that removes government-
regulated pricing where
competition exists in the
market.
Parley Casto, AT&Ts
assistant vice president for
strategic pricing, said the spe-
cial access market is thriving.
Our customers constantly
remind us that if AT&T does
not offer them what they
want, they have plenty of
special access alternatives,
Casto said. During nego-
tiations with AT&T for the
purchase of backhaul special
access services, Sprint has
repeatedly pointed out to the
AT&T team that Sprint has
many other options.
ANALYSIS
20 eWEEK n OCTOBER 8, 2007
www. eweek. com
The FCC has
the tools ...
and the ...
obligation
to ensure
that special
access prices
are just.
GARY FORSEE
31p20.indd 20 10/4/07 2:43:20 PM
CLOSE-COUPLED COOLING
Gain thermal efciency with InRow cooling architecture.
Closely coupling the AC with the heat source reduces the
distance cold air must travel (from 50 feet down to 5 feet),
prevents hot exhaust air from mixing with cool air in the
room, and allows more targeted precision cooling.
CONSERVE POWER
Oversized legacy systems
waste power. Benet from
power efciency by right-sizing
your infrastructure so that you
pay only for what you need.
CAPACITY MANAGEMENT
Optimize management efciency with
intelligent, integrated capacity management
software that gives you real-time data on
exactly where to cool and what to power.
CONTAIN THE HEAT
Ensure cooling efciency by containing the heat
and eliminating expensive temperature cross-
contamination. Our Hot Aisle Containment System
reduces operational expenses by as much as 50%
over legacy approaches.
$
150,000 THERMAL GUARANTEE
AGAINST HARDWARE DAMAGE TO YOUR SYSTEM
WORLDS ONLY THERMAL GUARANTEE
The Efcient Enterprise

cooling is so predictable,
we guarantee it. Implement an InfraStruXure

solution with hot air containment and close-

coupled cooling and be eligible for our $150,000
Thermal Guarantee - the industrys only heat
defense policy.
2007 American Power Conversion Corporation and MGE UPS Systems, Inc. All rights reserved. All APC trademarks are property of APC-MGE.
e-mail: esupport@apc.com 132 Fairgrounds Road, West Kingston, RI 02892 USA EE2D7EF-US
Can your legacy system say the same?
Legacy systems work ne for brute-force cooling the entire room,
but skyrocketing energy costs make them scally irresponsible and their
fundamentally oversized design makes them incapable of meeting todays
high-density challenges. Even worse, power and cooling waste may actually
prevent you from purchasing much-needed new IT equipment. Simple problem,
simple solution. Cut your power and cooling costs and use the savings to buy
the IT equipment you need.
According to Gartner Research, 50% of all data centers built before 2002 will
be obsolete by 2008 because of insufcient power and cooling capabilities.
Power and/or cooling issues are now the single largest problem facing data
center managers.
Theres only so much power and money to go around
Your service panel limits the amount of power available. Your budget limits the
amount of money. You have to stretch every bit of both as far as you can.
What you need is the APC Efcient Enterprise

The APC solution offers modular scalability so that you pay only for what you
use; capacity management so that you know where to put your next server;
and dedicated in-row and heat-containment systems that improve cooling
and thermal predictability. An Efcient Enterprise earns you money through
the pre-planned elimination of waste. For example, simply by switching
from room- to row-oriented cooling, you will save, on average, 35% of
your electrical costs.
Our system reimburses you
Whether youre building a new data center or analyzing the efciency of
existing systems, your rst step is knowing where you stand. Take the online
Enterprise Efciency Audit to see how you can reap the benets of a smart,
integrated, efcient system: more power, more control, more prots.
Visit www.apc.com/promo Key Code x525x Call 888.289.APCC x9186 Fax 401.788.2797
How efficient is your enterprise system?
See exactly where you standtake our online Enterprise Efciency Audit today!
Introducing the Efcient Enterprise

more power, more control, more prots

:
.
By Lisa Vaas
T
he question of
security on Apples
iPhone was raised
almost as soon as the wildly
popular wireless device was
rolled out in June.
Now a security researcher
is saying that the iPhone
has been turned into a
pocket-sized network-
enabled root shell.
HD Moore has pub-
lished shellcode for the
smart phone and instruc-
tions on how to use it as
a portable hacking plat-
form. Because of his work,
Moores highly popular
Metasploit Framework
penetration-testing tool
can now be used to eas-
ily write point-and-click
exploits targeting iPhone
application vulnerabili-
tiesexploits that give an
attacker complete control
of the device, given that all
of the phones applications
run with root access.
Moore published details
of his recent work on the
iPhone Sept. 25. Besides
publishing shellcode, he
revealed multiple security
chasms on Apples device.
The first and most shock-
ing is that every process
running on the iPhone
from the mobile version of
Apples Safari browser to
its mail client and even the
The iPhone as a
hacking platform
Shellcode can give attackers complete control of device
Wi t hi n t hr ee days
of t he smart phone s
launch, hackers cracked
the iPhones firmware,
finding not only that the
phone runs on a Unix-
like operating system, but
going so far as to extract
the master root and other
system passwords. Moore
waited until the iPhone
price dropped and the tool-
chain for iPhone applica-
ANALYSIS
22 eWEEK n OCTOBER 8, 2007
www. eweek. com
phones calculatorall
run with full root privi-
leges. What that means
is a security vulnerability
in any iPhone application
can lead to complete sys-
tem takeover.
A rootkit takes on a
whole new meaning when
the attacker has access to
the camera, microphone,
contact list and phone
hardware, Moore said.
Couple this with always-
on Internet ac -
cess and EDGE
[Enhanced Data
GSM Envi r on-
ment] and you have a
perfect spying device.
Others agree. The
shellcode combined with
the number of bugs pres-
ent in the iPhone finally
make mobile attacks a real
threat, David Maynor,
chief technology officer
of Atlanta-based Errata
Security, wrote in a blog
posting.
Cha r l i e Mi l l e r, a
researcher with Baltimore-
based Independent Secu-
rity Evaluators and one
of a trio who were first to
unveil security issues with
the iPhone, told eWeek
that he wishes hed been
able to use Metasploit
when writing exploits for
the gadget in July.
It will certainly make life
tion development was
released before he bought
an iPhone to pick apart.
Moore said he can now
generate working iPhone
shellcode with a version
of Metasploit 3. Once he
had shell access, he found
not only that all applica-
tions run with root access,
but an assortment of other
things potentially interest-
ing to malware writers or
to any of the many people
who hack iPhones.
For example, the iPhone
has a potential security
pitfall in that its Mobile-
Mail application supports
Microsoft Office docu-
ment formats by using
the OfficeImporter frame-
work when converting
files into viewable form.
This looks like a great
target for file-format fuzz-
ing and some late-night
reverse engineering,
Moore said.
Miller told eWeek
that with Moores
Metasploit work,
t h e t i me
needed t o
write iPhone
exploits has
s ubs t a nt i a l l y
shrunk. One thing inter-
esting about the work HDs
done, if you look at the time
frame, is it took us two days
to find a vulnerability and
write something to where
we knew it was legitimate,
Miller said. [It took] seven
or eight days after that to
having a working exploit. If
we had what HD has done,
it would have taken maybe
a day or less. Having this
available now will cut what
we did from two weeks to
two days.
Researchers say the iPhone is
vulnerable to hacks.
easier for others who write
exploit code for the iPhone,
Miller said. Metasploit is
the go-to, point-and-click
[pen-testing] interface. Its
really designed to help you
write exploits and deploy
[them] in ways anyone can
use.
Apple officials in Cu -
pertino, Calif., did not
respond to requests for
comment.
31p22.indd 22 10/4/07 3:40:05 PM
HPs c3000 offers a low price
and ease of management.
A blade server that fits for SMBs
HP c3000 offers small size, small price and solid environmental features
of the half-height blades.
In a move away from the
traditional blade approach,
HP does not assume the
existence of a corporate
SAN (storage area net-
work), data-center-quality
power and cooling, or even
a separate core switching
or routing environment.
A companys entire infra-
structure could be inte-
grated within a single
blade chassis.
To make the c3000 use-
ful to small and midsize
businesses, the device
had to support functions
that arent always seen in
other blade servers. One
example is a tape blade
that supports up to 400GB
of tape backup; another
is a storage server/SAN
that handles a little more
than a terabyte of data. For
companies with an exter-
nal SAN, HP provides
iSCSI and Fibre Channel
switches that will let them
connect the c3000.
To get a better look at
this new blade infrastruc-
ture, eWeek Labs visited
HPs Houston
devel opment
labs. The testing
process was car-
ried out in two
stages. After the
obligatory death
by PowerPoint
by HPs marketing
group, I spent awhile with
the c3000s built-in man-
agement system. Once we
rolled the c3000 into the
lab, I attacked the hard-
ware.
The idea behind the
c3000 was to bring blade
solutions to what the com-
pany calls the Fortune
500,000. This device is
designed to live in a stan-
dard office environment,
run on normal 120-volt
AC power and cool itself
with ambient air instead
of chilled water or forced
cool air. Perhaps the key
marketing claim is that
the system is so simple to
use that even a vice presi-
dent can use it. The c3000
was pretty easy to use.
The HP Onbo a r d
Administrator can be
reached using an Ethernet
connection to the chassis.
The administrator includes
a series of graphical menus
and displays that let you
control the chassis itself,
all the embedded compo-
nents and any blades you
install. It also gives you
remote access to the HP
Insight Manager.
You can run the Insight
Manager in two ways.
There s a smal l LCD
screen that pops out of the
bottom center of the chas-
sis and then pivots so that
you can view it easily. The
screen displays the menus
and screens of the Insight
Manager, and I could con-
trol its actions using a set
of arrow keys. This screen,
along with images of the
arrow keys, is what you
also see remotely.
The Onboard Administra-
tor, meanwhile, is a browser-
based application that lets
the network administrator
control every aspect of the
chassis and the installed
devices. You can keep an
eye on your storage server,
the tape backup system or
the installed servers. You can
look at the current status of
any of the installed Ethernet
or FC switches, and you can
configure or reconfigure any
of those items.
The Onboard Administra-
tor is highly intuitive. Within
a few minutes of trying it
out, it was clear that any-
ANALYSIS
24 eWEEK n OCTOBER 8, 2007
www. eweek. com
full-height blades.
In the case of the HP
c3000, the box that con-
tains it is a smaller version
of the c7000 blade chassis
HP introduced last year.
It uses the same c-series
blades as its larger sibling
but can handle only eight
[CONTINUED ON PAGE 28]
By Wayne Rash
H
ewlett-packards
c3000 blade sys-
tem breaks new
ground in the server and
storage industry. While
blade systems have been
around for several years,
t hi s i s t he fi rst t i me
such a system has
been aimed at
smaller busi-
nesses.
To do this, HP
designed a blade
chassis that is
small enough to
fit into a server
closet, priced
low enough that smaller
companies could afford
it and has environmental
requirements that didnt
mandate a data center.
Indeed, HP has designed
what could be described as
a data center in a box.
HP is not the only maker
of blade servers, and its
not even the only maker
of blade devices for smaller
business. IBM, Dell and
Sun Microsystems all make
enterprise-class blade sys-
tems that can live in your
data center and provide
efficiencies of scale. In
addition, IBM has the
BladeCenter S series thats
also designed for an office
environment and is priced
for smaller organizations.
This six-blade chassis is
somewhat larger than the
c3000 and uses standard
31p24.indd 24 10/4/07 2:16:58 PM
1011010101001001001001001110100100100100010010010100101001001001000010101001010101011011010100100100100100100101110
1001011011011011110110110101010101101101101101101110101101101101101011011010101010101010101101110101000110100101001
0101010101011011011011011010010010010011001100111100101001010100100100111010100010101001010001100101010010100111011
0110101010010010010010011101001001001000100100101001010010010010000101010010101010110110101001001001001001001011101
0010110110110111101101101010101011011011011011011101011011011011010110110101010101010101011011101010001101001010010
1010101010110110110110110100100100100110011001111001010010101001001001110101000101010010100011001010100101001110101
0111001100110100000101010011010101010111001010101010010101001001001001000001010101011011010101001001001001001110100
1001001000100100101001010010010010000101010010101010110110101001001001001001001011101001011011011011110110110101010
1011011011011011011101011011011011010110110101010101010101011011101010001101011011011011011011010010010010011001100
1111001010010101001001001110101000101010010100011001010100101001110110100100100010010010101010010101011011010101010
1010101110010101010010010010101010101010100101010101010101010111010111001001100101010010101010101000101010101010010
1010100101010010100100101010101010101100101010010101001001010100100101001010010101010100101010011011010010101001001
0011101001111011011011011101011011011011010110110101010101010101011011101010001101001010010101010101011011011011011
0100100100100110011001111001010010101001001001110101000101010010100011001010100101001110110110101010010010010010011
1010010010010001001001010010100100100100001010100101010101101101010010010010010100101101101101111011011010101010110
1101101101101110101101101101101011011010101010101010101101110101000110100101001010101010101101101101101101001001001
0011001100111100101001010100100100111010100010101001010001100101010010100111010101110011001101000001010100110101010
1011100101010101001010100100100100100000101010101101001001000100100101010100101010110110101010101010101110010101010
0100100101010101010100101010101010101010111010111001001100101010010101010101000101010101010010101010010110110101010
0100100101001110100100100100010010010100101001001001000010101001010101011011010100100100100100100101110100101101101
1011110110110101010101101101101101101110101101101101101011011010101010101010101101110101000110100101001010101010101
1011011011011010010010010011001100111100101001010100100100111010100010101001010001100101010010100111010100101001001
0101010101010110010101001010100100110100100101001010101010010101001101101010100100100100100111010010010010001001001
0100101001001001000010101001010101011011010100100100100100100101110100101101101101111011011010101010110110110110110
1110101101101101101011011010101010101010101101110101000110100101001010101010101101101101101101010110101010010010010
01001110100100100100010010010100101001001001000010101001010101LO101010101001001001001011101001011011011011110110110
1010101011011011011011011101011011011011010110110101010101010101011011101010001101001010010101010101011011011011011
0100100100100110011001111001010010101001001001110101000101010010100011001010100101001110100100100110011001111001010
0101010010010011101010001010100101000110010101001010011101010111001100110100000101010011010101010111001010101010010
1010010010010010000010101010110100100100010010010101010010101011011010101010101010111001010101001001001010101010101
0100101010101010101010111010111001001100101010010101010101000101010101010010101010010101001010010010101010101010110
0101010010101001001010100100101001010010101010100101010011011010101001001001001001110100100100100010010010100101001
0010010000101010010101010110110101001001001001001001011101001011011011011110110110101010101101101101101101110101101
1011011010110110101010101010101011011101010001101001010010101010101011011011011011010010010010011001100111100101001
0101001001001110101000101010010100011001010100101001110110110101010010010010010011101001001001000100100101001010010
0100100001010100101010101101101010010010010010010010111010010110110110111101101101010101011011011011011011101011010
1110101000110100101001010101010101101101101101101001001001001100110011110010100101010010010011101010001010100101000
1100101010010100111010101110011001101000001010100110101010101110010101010100101010010010010010000010101010110100100
1000100100101010100101010110110101010101010101110010101010010010010101010101010010101010101010101011101011100100110
0101010010101010101000101010101010010101010010110110101010010010010100111010010010010001001001010010100100100100001
0101001010101011011010100100100100100100101110100101101101101111011011010101010110110110110110111010110110110110101
1011010101010101010101101110101000110100101001010101010101101101101101101001001001001100110011110010100101010010010
0111010100010101001010001100101010010100111010100101001001010101010101011001010100101010010010101001001010010100101
0101010010101001101101010100100100100100111010010010010001001001010010100100100100001010100101010101101101010010010
0100100100101110100101101101101111011011010101010110110110110110111010110110110110101101101010101010101010110111010
1000110100101001010101010101101101101101101010110101010010010010010011101001001001000100100101001010010010010000101
0100101010101101101010010010010010010010111010010110110110111101101101010101011011011011011011101011011011011010110
1101010101010101010110111010100011010010100101010101010110110110110110100100100100110011001111001010010101001001001
1101010001010100101000110010101001010011101001001001100110011110010100101010010010011101010001010100101000110010101
0010100111010101110011001101000001010100110101010101110010101010100101010010010010010000010101010110100100100010010
0101010100101010110110101010101010101110010101010010010010101010101010100101010101010101010111010111001001100101010
0101010101010001010101010100101010100101010010100100101010101010101100101010010101001001010100100101001010010101010
1001010100110110101010010010010010011101001001001000100100101001010010010010000101010010101010110110101001001001001
0010010111010010110110110111101101101010101011011011011011011101011011011011010110110101010101010101011011101010001
1010010100101010101010110110110110110100100100100110011001111001010010101001001001110101000101010010100011001010100
1010011101101101010100100100100100111010010010010001001001010010100100100100001010100101010101101101010010010010010
0100101110100101101101101111011011010010011101010001010100101000110010101001010011101101001001000100100101010100101
0101101101010101010101011100101010100100100101010101010101001010101010101010101110101110010011001010100101010101010
0010101010101001010101001010100101001001010101010101011001010100101010010010101001001010010100101010101001010100110
1101010100100100100100111010010010010001001001010010100100100100001010100101010101101101010010010010010010010111010
0101101101101111011011010101010110110110110110111010110110110110101101101010101010101010110111010100011010010100101
0101010101101101101101101001001001001100110011110010100101010010010011101010001010100101000110010101001010011101101
1010101001001001001001110100100100100010010010100101001001001000010101001010101011011010100100100100100100101110100
1011011011011110110110101010101101101101101101110101101101101101011011010101010101010101101110101000110100101001010
1010101011011011011011010010010010011001100111100101001010100100100111010100010101001010001100101010010100111010101
1100110011010000010101001101010101011100101010101001010100100100100100000101010101101001001000100100101010100101010
1101101010101010101011100101010100100100101010101010100101010101010101010111010111001001100101010010101010101000101
0101010100101010100101101101010100100100101001110100100100100010010010100101001001001000010101001010101011011010100
1001001001001001011101001011011011011110110110101010101101101101101101110101101101101101011011010101010101010101101
1101010001101001010010101010101011011011011011010010010010011001100111100101001010100100100111010100010101001010001
1001010100101001110101001010010010101010101010110010101001010100100101010010010100101001010101010010101001101101010
1001001001001001110100100100100010010010100101001001001000010101001010101011011010100100100100100100101110100101101
1011011110110110101010101101101101101101110101101101101101011011010101010101010101101110101000110100101001010101010
RECENTLY HACKERS MANAGED
TO TRANSFER ALMOST HALF A
M I L L I O N D O L L A R S F R O M A
CALIFORNIA CITYS GENERAL
FUND TO BANKS ACROSS THE
COUNTRY. THEY DID IT BY USING
A KEYLOGGING PROGRAM THAT
T H E C I T Y T R E A S U R E R
ACCIDENTALLY DOWNLOADED. THIS
PIECE OF SPYWARE GAVE THE
HACKERS BANK ACCOUNT LOGIN
& PASSWORD INFO. HAD THE
H A C K E R S B E E N O R G A N I Z E D
PROFESSIONALS, THIS MIGHT
H A V E G O N E D A Y S W I T H O U T
B E I N G N O T I C E D , W I T H T H E
MONEY BEING SENT OFFSHORE,
WHERE ITS HARDER TO TRACE
AND RECOVER. THE SPYWARE
P R O B L E M I S B I G G E R T H A N
YOU THINK. ONE IN TWELVE
S E A R C H L I N K S A C T U A L L Y
TAKES YOU TO A PAGE THAT
T R I E S T O L O A D S O M E
FORM OF SPYWARE ON
YOUR COMPUTER. SO ITS
NOT JUST A PROBLEM FOR
PEOPLE WHO SURF THE WEB
FOR FUN. IT CAN AFFECT THOSE
RUNNING A BUSINESS OR
E V E N CITY HALL. OF
COURSE, T H E R E S A
SMARTER SOLUTION. ONE
THAT FINDS 94 PERCENT
OF THE MORE THAN
200,000 SPYWARE
D E F I N I T I O N S
AGREED UPON BY THE
A N T I - S P Y W A R E
COALITION.
IN THE SPRING OF 2007, A MAJOR
RETAILER REPORTED HACKERS
HAD BROKEN INTO THEIR RETAIL
OPERATIONS SYSTEMS, ACCESSING
CREDIT & DEBIT CARD INFO
FROM STORES AROUND THE U.S.
AND PUERTO RICO. EXPERTS
ESTIMATE THAT AS MANY AS
45.7 MILLION CREDIT & DEBIT
CARDS HAVE BEEN STOLEN.OVER
$8 MILLION IN RELATED FRAUD
HAS BEEN REPORTED TO DATE.
AT $10 TO REPLACE EACH CARD &
$180 TO HANDLE EACH CALL, ITS
EASY TO SEE HOW THIS BREACH I S
G O I N G T O COST BILLIONS TO
REMEDIATE.AND THE UNTOLD COSTS
TO THE BRAND HAVE YET TO BE SEEN.
THE SPYWARE PROBLEM
IS BIGGER THAN YOU THINK
Spyware is more insidious and costly than viruses, because most of it goes undetected. One Fortune 100
retailer recently found 6900 undetected spyware programs, 586 Trojans and 21 keyloggers despite running
freeware plus protection from a leading antivirus provider. You see, most antivirus providers toss in some
average spyware protection (about 56% effective) with their product, and claim its safe. Only Webroot
AntiSpyware Corporate Edition could find and remove the critical malware for this retailer.
Webroot security software is the standard by which all other anti-malware products are measured, because it
includes industry-leading antispyware and antivirus protection. Thats why SC Magazine awarded Webroot
enterprise software Best Anti-Malware Solution of 2007. Call Webroot today at 1.866.865.3294 for a
30-day risk-free trial. Or visit www.webroot.com/eweek to learn more.
2007 Webroot Software Inc. All product names are the rights of their respective holders.
The Best Security in an
Unsecured World
There is a better way to protect your company from spyware.
1. EFFECTIVELY USING MORE THAN 30
PERCENT OF AVAILABLE CAPACITY
Sun Microsystems did research
among its customers and found
that clearly 70
percent of stor-
age capacity is
wasted. This is a
generally agreed-
upon statistic
among storage
companies.
2. CUTTING POWER
AND COOLING COSTS
This is consid-
ered the No. 1
problem by every-
body who thinks
utilization is the
No. 2 problem.
3. GETTING A GOOD DEDUPLICATION
STRATEGY INTO PRODUCTION
Redundant data
slows systems
and costs money
on the bottom
line, and not
enough compa-
nies are using
deduplication yet.
4. GETTING A GOOD
THIN-PROVISIONING
STRATEGY INTO
PRODUCTION
Applications
need the storage
space they
need to run
effectivelyand no more.
10 biggest storage challenges
5. FINDING A GOOD
WAY TO IMPROVE
I/O FLOW
A couple of
new compa-
nies, Xsigo and
InovaWave, have
come up with
ways to virtualize I/O and open up
that former bottleneck in the data
center.
6. KEEPING THE PHYSICAL FOOTPRINT
SMALL IN THE DATA CENTER
Many compa-
nies tend to just
keep adding
boxes and racks
in their data
centers as their
data store grows,
so the limitation
of physical space is a continuous
problem. Virtualization and more
powerful appliances help assuage
this issue (for a while).
7. IDENTIFYING A
GOOD E-DISCOVERY
STRATEGY AND GET-
TING IT INTO
OPERATION
New federal court
rules require that
organizations
pay more attention to how they
store and archive business-related
documents in case of litigation. This
includes virtually everything: e-mail,
spreadsheets, word documents,
photos, audio, movies, even instant
messaging records.
8. DECIDING WHETHER
TO IMPLEMENT
ONLINE STORAGE AS
PART OF AN OVERALL
STRATEGY
Storing data
online can be
very cost- and
labor-effective, but companies
must decide if they want to trust
their family jewels with an outside
service.
9. WHENAND
WITH WHAT
DATATO USE LOW-
PRIORITY DISKS OR
DIGITAL TAPE FOR
ARCHIVING
Disks and
digital tape are
used for data that probably wont
see the light of day again, except
in a legal emergency. The trick is
deciding which data to put in this
category.
10. CHOOSING WHETHER TO
USE MASTER DATA MANAGEMENT
BEST PRACTICES FOR PRIMARY DATA
An MDM platform offers a con-
solidated view
of a companys
data assets and
a consistent way
of aggregating
and distributing
the data. This
methodology
has proved to accelerate processes,
projects and products through
their various channels.
BY CHRIS PREIMESBERGER
It used to be that the size of the storage bucket was an issue. Storage space is less of a concern these days,
but management of data and the systems its stored on is growing increasingly complex.
Here, eWEEK names the 10 biggest storage challenges facing enterprises today.
ANALYSIS
26 eWEEK n OCTOBER 8, 2007
www. eweek. com
31p26.indd 26 10/4/07 2:40:49 PM
Condence in a connected world.
Veritas storage software puts you in control of your diverse enterprise storage environment.
Standardize storage operations with Veritas Storage Foundation and Veritas CommandCentral Storage from Symantec.
From server to SAN, these software solutions give you a complete picture of your entire storage environment. They support
every major storage and server platform enabling you to centrally manage your enterprise storage environment across all
your servers, storage systems, and data centers. Optimize your storage utilization. Keep your applications running at peak
efciency. Make the move to Veritas storage management software and keep storage complexity in check. Learn more at
symantec.com/storagemanagement
2007 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, CommandCentral and Veritas are trademarks or registered
trademarks of Symantec Corporation or its afliates in the U.S. and other countries. All other trademarks are property of their respective owners.
Storage complexity is connected to petabytes of data
is connected to proliferating storage systems
is connected to every major operating system
is connected to Veritas storage software, the unied solution
for keeping storage complexity in check.
Copyright 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are registered trademarks of Symantec Corporation or its afliates in the U.S. and other countries.
Other names may be trademarks of their respective owners. IDC, Worldwide Secure Content Management 2006-2010 Forecast Update and 2005 Vendor Shares, #203550, 09/2006
Condence in a connected world.
Symantec Endpoint Protection. The next generation of security from the leader in antivirus.
New threats require new means of protection. Antivirus alone is no longer enough. Thats why weve combined our
proven security and advanced threat prevention technologies with our Network Access Control capabilities in a single
agent, managed by a single console. Now you can have maximum security in a smaller, less intrusive product that
makes it easier for you to help protect every endpoint in your company. Visit symantec.com/sep
Your changing business is connected to a wide variety of computing devices
is connected to new threats that attack those devices
is connected to the power of one comprehensive, integrated solution
to manage their security.
one with even basic levels
of network administration
training could use the c3000
in normal operation. A rea-
son HP wanted to make the
c3000 so easy to use was to
make deployment easier
for channel partners. HP
officials said the c3000 is
designed to be configured
and deployed in about 5
hours, rather than the four
days it takes for a traditional
network to be deployed.
The choices for the
c3000 include a variety of
servers (HPs 1U ProLiants
are present in blade form
here), good storage options
and several swi t ches.
Regardless of which one
you plug into the chassis,
the Onboard Administrator
detects it and then pres-
ents an image of the blade
system complete with the
existing blades installed
in the spots where you
plugged them in.
Images of the front and
rear of the c3000 are shown
on the right side of each
screen. Roll your mouse
pointer over a portion of
either image and the name
and basic status of the
device pops up. If you click,
the device is highlighted.
If you click on the Insight
Manager screens location,
you can see and operate
it just as you could if you
were physically watching
the screen and touching
the buttons.
The Onboard Adminis-
trator also lets you control
other embedded features.
The DVD drive can be
used by any of the servers
that might be installed in
the chassis. Theres help
for every screen, and any
attempt to do something
you might regret (such as
reconfiguring the SAN)
results in warnings and
requests for assurances.
The first thing I did after
we rolled the c3000 into the
working part of the lab was
to start unplugging stuff.
This turned out to be eas-
ier than I expected. Each
of the blades has a lever
that pops out,
and you use
that to loosen
the blade from
its backplane
connect i on.
Then, you grab
it and pull it
out. Insertion
of the blades
is simply the
reverse.
There are a
few limitations
on what goes where. The HP
StorageWorks SB600c All In
One Storage Server consists
of two blades. The server
portionan HP BL460c
servermust sit immediately
below the storage blade. The
BL 680c and BL 685c blades
must have two adjacent slots
available because they take up
both. Interconnect modules,
which are actually Ethernet
and Fibre Channel switches,
slide into slots on the rear of
the chassis.
You can choose switches
from HP, Cisco Systems
and Brocade, and the
Ether net switches support
10/100/1000 BaseT Ether-
net and iSCSI. This combi-
nation of switches means
you can make your blades
part of an existing corpo-
rate SAN, or you can set up
the on-board storage server
as a NAS (network-attached
storage) device or as an
iSCSI SAN. The chassis
also supports InfiniBand.
The selection of blades
includes an HP Storage-
Works Ultrium 448c tape
blade that supports LTO
(Linear Tape-Open) 2 tech-
nology, allowing up to
400GB to be stored on a sin-
gle tape. The blade includes
HPs Data Protector Express
and supports what HP calls
OBDR (One Button Disaster
Recovery) for easy recovery
of applications and data. The
tape is bootable, and the res-
toration is automatic.
At 400GB, the tape is not
large enough to back up
the entire storage server
if filled to capacity, and
theres no autoloader avail-
able for this drive. How-
ever, a higher-capacity drive
is in the works, according
to HP officials.
The initial tested con-
figuration of the c3000
was the same as the con-
figuration that HP sent out
to its channel partners to
introduce the device. It
included a pair of servers,
the storage server and the
tape blade, leaving three
slots empty. Those slots
come with covers designed
to maintain cooling.
Those server blades all
contain their own storage.
This means that in addi-
tion to the 1.16TB on the
SAN, each has a pair of
disk drives. The servers
can also connect to exter-
nal storage and backup,
including external auto-
loading tape drives.
HPs suggested retail
prices for the c3000 and
b l a d e s a r e
a i m e d a t
smaller busi-
nesses. The
configuration
that I tested is
just more than
$22,000. This
includes a Pro-
Liant BL460c,
a Pr oLi a nt
BL465c (Intel
Xe o n 5 1 1 0
and Advanced
Micro Devices Opteron
2210 servers, respectively),
the HP StorageWorks
Ultrium 448c tape blade,
the HP StorageWorks
SB600c AIO 1.16TB SAS
Storage Blade, the HP GbE2
Ethernet blade switch and
the c3000 enclosure, which
includes the administra-
tion module, power sup-
plies and fans.
Perhaps most encour-
aging is that, despite my
best efforts, I was unable
to actually break anything.
Running the c3000 was
clearly aimed at compa-
nies without a dedicated
data center staff, and the
device itself was designed
to fit into an office environ-
ment. HP appears to have
met its goal of opening the
efficiencies of blade com-
puting to SMBs.
28 eWEEK n OCTOBER 8, 2007
www. eweek. com
ANALYSIS
SERVER FROM PAGE 24
HPs blades have levers that enable easy insertion and removal.
31p24.indd 28 10/4/07 2:17:03 PM
WHEN INFORMATION AVAILABILITY MATTERS
680 East Swedesford Road, Wayne PA 19087
800-468-7483 | www.availability.sungard.com
SunGard. Setting new standards for
Information Availability by delivering
a range of solutions that meet your
specific availability objectives. Flexible
enterprise wide solutions from IT
management to AdvancedRecovery
SM
.
2,500 experts. Three decades of
experience. 100% successful
recovery track record.
To see how SunGard can help
improve your IT availability stop
by www.availability.sungard.com
or call 800-871-5857 today.
TO SEE THE TOP SEVEN ROADBLOCKS COMPANIES FACE IN ACHIEVING INFORMATION AVAILABILITY
AND FIND OUT HOW TO AVOID THEM VISIT WWW.AVAILABILITY.SUNGARD.COM/IA.
By Jason Brooks
M
icrosofts win-
dows Ser ver
2008 Rel ease
Candidate 0 hit the Web
Sept. 25 on the road to its
scheduled February 2008
release, toting a new Inter-
net Information Services
role for the products lean-
and-mean Server Core
incarnation and a laundry
list of small fit-and-finish
tweaks.
However, the most sig-
nificant component of the
RC0 code drop is one that
wont go gold until three or
so months after Windows
Server 2008 hits general
availability: Microsofts
brand-new virtualization
services feature, code-
named Viridian.
Based on my first few
days of Viridian testing, I
Viridians status as a Windows virtualization role earns the feature
a spot in Windows Server Manager, where configuration and
management options for the hypervisor sit alongside advice from
Microsoft on the hows and whys of virtualization.
Viridian shows early promise
Microsoft hypervisor technology could prove viable alternative to VMware, Xen
can report that Microsofts
new hypervisor technology
is off to a solid startthe
code is certainly much
more polished than, for
example, the first few itera-
tions of the open-source
Xen hypervisor project.
Microsoft has done a
good job of integrating
its virtualization services
into the same framework
of easy-to-manage server
roles that govern Windows
Servers other key func-
tions, and I found that
Viridians facilities for cre-
ating and monitoring vir-
tual instances compared
well with rival products
from VMware and Xen-
Source.
Of course, my early tests
of Microsofts new virtual-
ization feature have not
been wrinkle-freethe
company has labeled this
initial public release of
Viridian as a Community
Technology Preview, and
the CTP moniker is fit-
ting. For instance, Virid-
ian cannot yet import
virtual instances stored
i n Mi crosoft s Vi rtual
Hard Drive format, and I
experienced some issues
enabling networking sup-
port for the Windows and
Linux guests with which
I tested.
With that said, I expect
Microsofts new virtualiza-
tion bits, which will even-
tually ship with every copy
of Windows Server, to sig-
nificantly expand the reach
of server virtualization and
give enterprises a viable
third alternative to the
VMware and Xen-based
hypervisor options that are
currently available.
I managed to install
Wi ndows Server 2008
RC0 on a dua l - c or e
x64-processor-powered
machine with hardware
virtualization extensions.
Windows virtualization
is 64-bit only, and, unlike
VMwares ESX Server,
Viridian will not function
on older machines that
lack these extensions.
While the so-called CTP
version of Microsofts new
hypervisor rides with Win-
dows Server 2008 RC0, the
new Microsoft virtualiza-
tion bits arent, strictly
speaking, part of RC0.
The upshot is that I had
to install two update pack-
ages before installing Win-
dows new virtualization
role through the systems
Server Manager.
The release notes for
ANALYSIS
30 eWEEK n OCTOBER 8, 2007
www. eweek. com
After applying the requisite updates duo, Windows virtualization
appeared alongside Server 2008s other roles.
[CONTINUED ON PAGE 33]
31p30.indd 30 10/4/07 12:32:31 PM
Adver t i sement
The Crucial Flaw in Server Performance
TODAYS SERVER TECHNOLOGY IS DESIGNED TO WITHSTAND CRITICAL WORKLOADS.
BUT THERE IS STILL ONE MAJOR FLAW, AND A SECRET EDGE FOR SOLVING IT.
2007 Diskeeper Corporation. All Rights Reserved. Diskeeper, Maximizing Performance and ReliabilityAutomatically, InvisiTasking, Terabyte Volume Engine, and the
Diskeeper Corporation logo are registered trademarks or trademarks of Diskeeper Corporation in the United States and/or other countries. All other trademarks are the prop-
erty of their respective owners. Diskeeper Corporation 7590 N. Glenoaks Blvd., Burbank, CA 91504 800-829-6468 www.diskeeper.com
The Importance of
Server Reliability
Its important enough that a single
user is able to rely on a computer,
and that the users data is always
there and quickly retrievable. But
when that computer is a server,
and when the number of users
escalates from one or a few up to
thousands, the word important as
it relates to reliability and uptime
becomes a severe understatement.
In todays corporate world, servers
are the brains and backbones of
the enterprise, for executives,
employees and, most importantly,
customers and prospects. Even a
few minutes of server slow-down
or downtime impacts the bottom
line of the company.
A large part of the reason that
server reliability has become so
vital is the evolution of the Web.
No longer the static display that it
once was, the Web is now a place
where billions in commerce is
conducted, where buyers shop for
commodities, pricing and avail-
ability, and where customers log
in to place and track orders. CRM
applications, once only used for
internal employees on the phone,
now interface with Web applica-
tions so that customers and even
employees can interact with the
company online. Databases such
as SQL must be instantly respon-
sive, as these interface with the
Web as well.
Server Technology Evolves
to Keep UpAlmost
Server technology has some time
since passed the point of being
single-box/single-disk solution,
having migrated into solutions
such as SAN (Storage Area
Networks), providing scalability,
redundancy, reliability, and per-
formance. Technology such as vir-
tualization takes server computing
one step further, making more effi-
cient use of resources for greater
power to deliver data and servic-
es. Chip technology such as quad-
core is being marketed to keep
pace with the constantly rising
need for processing power.
But despite all these advances, the
and running on. SQL creates and
deletes many temporary tables.
Setting up the defrags to be auto-
matic, the SQL performance
increased substantially. Queries
that originally took 30 seconds or
so are completing in 5 10 sec-
onds. The only change was having
Diskeeper 2007 installed and
operating.
Richard B. West,
Systems Management Architect,
IT Solutions and Infrastructure
Engineering, Melbourne, FL
Diskeeper EnterpriseServer
version also contains advanced
technologies such as Terabyte
Volume Engine

2.0.
Previously we were unable to
defragment the terabyte arrays
and fragmentation was resulting
in processing delays of incoming
data files. This resulted in our
SQL server falling behind during
times of high usage. Now, thanks
to Diskeeper, we have breathing
room to handle future growth.
Julie McGowan,
Santa Cruz County, CA
The backbone of enterprise com-
puting environments is the server.
And disk subsystems are, undoubt-
edly, vital to the overall perform-
ance of a server. And as tens of
thousands have discovered, the
most essential component for
maintaining maximum perform-
ance and reliability of those drives
is Diskeeper 2007 Server edi-
tions. Take advantage of the free
45-day trial and see for yourself.
InvisiTasking: The Secret
Edge to Server Performance
As thousands of IT personnel
throughout the world have discov-
ered, Diskeeper 2007 Server,
with its proprietary breakthrough
InvisiTasking technology, defrag-
ments and enhances file systems
in real-time, with no scheduling
needed. Testing has shown that
scheduled defragmentation leaves
fragmented files behind after run-
ning, or in best cases only provides
a very short respite from perform-
ance loss. Only Diskeeper 2007
consistently eliminates fragmenta-
tion to continuously provide maxi-
mum performance and reliabili-
tyautomatically
2
.
I am very pleased with [the
improved] performance I am see-
ing on the Windows

2003 servers
we have Diskeeper 2007 installed
cornerstone to server response
remains the hard drives, as they
remain the slowest components
the weakest links. Unfortunately
emerging technologies such as vir-
tualization dont change that fact,
and actually exacerbate it. While
being the weakest links, disks are
also the storehouse for all server
applications and data. Keeping
those drives defragmented for
optimum performance has long
ago become a given
1
but its
the defragmentation technology
that can make the crucial differ-
ence between keeping drives at
maximum performance and sim-
ply functioning. With todays
frantic pace of 24/7 server disk
access, fragmentation is continu-
ous and constant, and scheduled
defragmentation does not keep
pace
2
. To keep fragmentation from
corrupting workflow, you truly
need Diskeeper

2007 with its

proprietary InvisiTasking

tech-
nology defragmenting your disks,
constantly and invisibly, with no
hit on system resources.
Diskeeper has transparently pre-
vented disk fragmentation from
building up and measurably slowing
down our production servers. The
ability to prevent fragmentation
from building up without impacting
CPU load on the servers has been a
key feature of the product.
William Cox, IT Director,
Georgia Department of Easy Care
and Learning, Atlanta, GA
1
File Fragmentation White Paper www.diskeeper.com/paper3
2
White Paper: Is Real-Time Defrag Needed? www.diskeeper.com/paper4
Special Offer
Try Diskeeper 2007 FREE for 45 days!
Download: www.diskeeper.com/ew8
(Note: Special 45-day trialware is only available at the above link)
Volume licensing and Government / Education discounts are available
from your favorite reseller or call 800-829-6468 code 4414
Maximizing Performance and Reliability
Automatically!

u Ziff Davis Enterprise Branded Conferences

ANNUAL CONFERENCE TITLE DATE LOCATION
Spring Security Summit
Corporate Security:
The Next Step
March 14, 2007* New York, NY
CIO Summit
CIO Agents:
License to Innovate
May 14-17, 2007* La Jolla, CA
Virtualization Summit
Creating the
Virtual Enterprise
June 6, 2007*
October 24, 2007
Boston, MA
New York, NY
Channel Summit
eWEEK Strategic Partner
& Channel Insider
September 19, 2007 Chicago, IL
Storage Summit
From Data Growth to Business
Growth: Lean and Green Strategies
for Maximizing Storage ROI
October 2, 2007
October 10, 2007
Chicago, IL
Los Angeles, CA
Fall Security Summit
The New Imperatives
for a Secure Enterprise
November 1, 2007
November 8, 2007
November 13, 2007
Dallas, TX
Palo Alto, CA
Crystal City, VA

REGISTRANTS:
To apply for conference attendance, please
contact us at conferences@ziffdavisenterprise.com.
a Step in the Right Direction.
PLAN NOW FOR THESE EVENTS AND TAKE...
Ziff Davis Enterprise
Branded Conferences
address the issues that impact
your day-to-day business.
Conference dates and locations are subject to change.
*2008 conference dates to be announced.

SPONSORS:
For more information on our exclusive sponsorship
opportunities, please contact Beatrice Olivas at
415-547-8476 or Beatrice.Olivas@ziffdavisenterprise.com.
RC0 counsel ed me to
update my system BIOS
before firing up the hyper-
visor, but since Id man-
aged successfully to test
a version of XenSources
XenEnterpri se on the
machine Id set aside for
Windows Server 2008, I
tried skipping this step.
However, just before I
launched my first virtual
instance, Windows warned
me that its hypervisor was
not running. The pre-
scribed BIOS upgrade got
me up and running, but
I would have liked to see
Windows Server Manager
prompt me earlier that my
hardware configuration
was amiss.
I i ns t a l l e d g u e s t
instances of Windows
Server 2008 RC0, Windows
Server 2003 and an rPath
Linux-based MediaWiki
appliance on my Windows
virtualization host.
The rPath installers
Linux kernel panicked
shortly after boot, but I
took the advice of the ker-
nels error message and
rebooted my instance with
the kernel flag noapic.
My installation then pro-
ceeded normally.
However, once I had
the Linux instance up
and running, I noted that
my guest failed to recog-
nize the virtual network
adapter Id assigned to
it with Windows Server
2008 s wel l - appoi nted
instance configu-
ration tools.
Similarly, the
Windows guests
Id installed did
not immediately
recognize their
virtual network
interfaces. Win-
dows Server 2008,
however, gave me
the option of con-
necting a virtual
Integration Ser-
vices Setup Disk
t hat cont ai ned
virtualization-savvy
drivers to my guest
instances.
Id installed my
Windows Server
2008 guest instance in
its stripped-down Server
Core configuration, so I
could not navigate graphi-
cally to the virtual disk Id
connected. I was, how-
ever, able to navigate over
to the D: drive from the
Windows command line
and down into the virtual
disk to locate and run the
appropriate setup file for
installing the drivers I
needed.
I then cycled over to
one of t wo Wi ndows
Server 2003 instances
I d i ns t a l l e d on my
test system. The fi rst
instance Id installed was
a pre configured virtual
instance that I acquired
through Microsofts Run
IT on a Virtual Hard Disk
program, under which
the company offers vari-
ous server products for
evaluation in Microsofts
VHD format.
According to a Micro-
soft official , this CTP
r e l e a s e o f Vi r i d i a n
does not support direct
import of VHD- formatted
instances, but I was able
to create a virtual machine
confi gurati on
and connect the
premade virtual
hard drive to my
new instance.
Thi s was a
quick route to
installation, but
I encountered a
problem when
I attempted to
i nst al l Vi ri d-
i a n s v i r t ua l
drivers on the
system, which
had been con-
figured with the
virtual drivers
pack for Micro-
sof t s Vi rt ual
PC pr o d uc t .
The system instructed
me to first uninstall the
earlier driver set before
loading the new drivers,
but the uninstaller for
the Virtual PC drivers
sensing that it was run-
ning on the wrong sort
of hostrefused to run
at all.
I had better luck with
a Windows Server 2003
instance that Id installed
from a standard prod-
uct disk image. On this
instance, Viridians driver
set agreed to install, and
I watched as a handful of
previously unrecognized
pieces of virtual hardware
were automatically rec-
ognized and installed by
the system. From there,
my Windows Server 2003
instance performed nor-
mally, with full network
connectivity.
eWEEK Labs Executive
Editor Jason Brooks can be
contacted at jason.brooks@
ziffdavisenterprise.com.
www. eweek. com
OCTOBER 8, 2007 n eWEEK 33
ANALYSIS
Windows waited until just before I launched my freshly
minted virtual instance to tell me that its hypervisor
wasnt running. Although Id previously used the
same test machine to run a Windows instance from
a XenEnterprise hypervisor, Windows wasnt happy
with my hardware.
Creating a new instance with
Windows virtualization system
is fairly simple, with plenty of
installation source options. I
stuck to the RC0 media still in
the drive of my test system.
VIRIDIAN FROM PAGE 30
31p30.indd 33 10/4/07 12:32:36 PM
To learn more or to register visit: http://go.ziffdavisenterprisevts.com/business-intelligence
NOVEMBER 14, 2007
BUSINESS INTELLIGENCE
Get Your BI Tools to
Deliver the Right Data
BUSINESS INTELLIGENCE
KEYNOTE:
Transforming Operations and
Delivering Business Value with BI
Bob Pischke, Vice President, Global Information
Solutions, Avnet
HOT BUTTON PANELS:
Increasing Awareness & Adoption of BI Tools
Optimizing BI Tools: Is Your Infrastructure Ready?
Evaluating Self-Service BI
FEATURED SPEAKERS:
Terry Ciccodicola, Director, Firmwide Intelligence
Reporting Solution Team, Booz Allen Hamilton
Jonathan Rothman, Director, Data Management,
Emergency Medical Associates
Boris Evelson, Principal Analyst, Business
Intelligence, Forrester Research
Greg Corrigan, Vice President, Business
Intelligence, PHH Arval
Rob Singer, Director, Customer Intelligence &
Relationship Marketing, StubHub
and more!
Business Intelligence tools offer insight into customer behavior
and market opportunities. They can help businesses make better
decisions, cut costs, streamline operations and be agile. But capturing
the benets of BI tools can be challenging. Join Ziff Davis Enterprise
for the Business Intelligence Virtual Tradeshow for expert insight on
getting the data you need from your BI tool kits.
TOPICS COVERED INCLUDE:
Improving prociency with new BI toolsets
Overcoming dependence on manual methods
Achieving early wins to increase adoption
Reading systems and processes for
better performance
Best approaches to designing
self-service reports
Ziff Davis Enterprise
Named Winner
of the FAME Award
for Best Online Event by
Folio magazine!
Are your business managers
frustrated with new BI toolkits?
Were you dazzled by the demo
but disappointed with deployment?
How do you capture the cost and
time savings of self-service BI?
Sponsored by
CHANNELSOLUTIONS
Cotton Companies walks the walk
DISASTER ASSESSMENT SPECIALIST PRACTICES WHAT IT PREACHES WITH TERIAN SOLUTION
www. eweek. com
OCTOBER 8, 2007 n eWEEK 35
By Herman Mehling
C
otton companies knows all about disaster
recovery. The company, which specializes in the
restoration of fire- and water-damaged properties,
also realizes that practicing what it preaches goes a
long way to preserving credibility.
Thats why Cotton, of Houston, hired solution provider
Terian Solutions, also in Houston, to prepare the company
for worst-case scenarios involving the loss of vital business
data. Terian, in business for five years, sells hardware and
provides managed backup services. Its annual revenue was
$10 million last year.
Cotton Companies has firsthand experience with natural disasters.
Solutions
CHANNEL
r go.eweek.com/casestudies
Cot t on c ame t o us
because it liked our Secure
Backup services better than
any other backup services it
found and because its head-
quarters is a quarter of a
mile away from ours, said
Mike Colesante, president
of Terian. [The customer]
liked the idea that we could
be on-site in minutes in case
of an emergency.
Cotton employs more than
350 workers and has more
than $50 million in annual
revenue. Despite national
reach, the company focuses
on the Gulf Coast with ser-
vices such as assessment and
planning, restoration, and
environmental remediation.
Until recently its IT depart-
ment was a one-man show
run by Jeffrey Miller, Cot-
tons IT director. Having seen
enough computer rooms
destroyed in natural disas-
ters, Miller was worried, so
he turned to Terian for peace
of mind, data protection and
business continuity.
Terians Colesante said
small and midsize busi-
nesses are wise to outsource
im portant tasks such as back-
up to a specialist with the
right technology and facili-
ties to manage them.
A single serious event
resulting in data loss or appli-
cation downtime can result
in significant revenue loss,
fines or other negative impli-
cations, Colesante said.
Teri an moved Cot t on
from tape backups to its
auto mated Secure Backup
solution, which uses Asigras
Televaulting technology.
Jeff [Miller] liked the fact
that the solution provides
on-site, disk-to-disk backup
at LAN speed, as well as the
convenience and security of
remote data vaulting in two
locations, said Colesante.
Miller was eager to find
an alternative to tape. Id
seen enough of the effects
from floods, fires, wind dam-
age and many other catas-
trophes to know we had to
improve our data protection,
he said.
Miller said he has seen
computer rooms that were
deemed safe destroyed and,
with them, all of a compa-
nys data. In many cases,
the tapes that protected data
were ruined by high heat or
water damage, he said.
Aside from the profes-
sional reasons for improving
Cottons backup and recovery
technology, Miller also had
a more personal reason. I
was losing sleep worrying
about our tape backup sys-
tem, wondering whether it
was backing up properly or
at all, Miller said. I had lost
some data on occasion and
worried we could lose all our
data if a disaster or a virus
struck us.
Miller did tape backups
of the companys 12 servers
each day, verifying them from
home in the evening. I was
spending too much time on
backups and worrying about
losing data, he said.
Miller looked at alterna-
tives, including disk-to-disk
solutions he could manage
in-house, before he chose
Terians Secure Backup ser-
vice. I decided it was time
to outsource the task to
experts, he said.
[CONTINUED ON PAGE 38]
31p35.indd 35 10/2/07 11:57:28 AM
TAKE THE S HORTCUT.
Your search for new business never ends. Thats why the Microsoft

Partner Program offers a wide range of opportunities to help you
capture new leads for your companys services and solutions, today
and in the future.
CUS TOME RS ARE RE ADY TO GO.
Microsoft partners get leads every day from more than 125
specialized online directories. Last year alone, over
2.5 million searches passed through these directories,
resulting in nearly 56,000 customer-to-partner
connections. In addition, as a Microsoft partner you
can generate more leadsand get the recognition
youve worked hard to earnby using Partner Logo
Builder to create, customize, and promote your
Microsoft Partner Program status in your marketing
materials and customer communications.
ARE YOU RE ADY TO GO?
Demand generation is just the beginning. To see all of the business-
building opportunities the Microsoft Partner Program has designed
for you, visit partner.microsoft.com/us/success
YOU P R OS P E C T I V E C L I E NT S
MA P
T O
S U C C E S S
THE EASI EST WAY TO FI ND NEW CLI ENTS I S TO
HAVE THEM FIND YOU.
THE EASI EST WAY TO FI ND NEW CLI ENTS I S TO
HAVE THEM FIND YOU.
REFERRAL WAY
N
E
W

B
I
Z

R
D
.
O
P
P
O
R
T
U
N
I
T
Y

A
V
E
.
C
L
I
E
N
T

B
A
S
E

H
I
G
H
W
A
Y
LEA
D
G
EN
ER
A
T
I O
N
ST.
D
E
M
A
N
D
B
L
V
D
.
S:14.75 in
TAKE THE S HORTCUT.
Your search for new business never ends. Thats why the Microsoft

Partner Program offers a wide range of opportunities to help you
capture new leads for your companys services and solutions, today
and in the future.
CUS TOME RS ARE RE ADY TO GO.
Microsoft partners get leads every day from more than 125
specialized online directories. Last year alone, over
2.5 million searches passed through these directories,
resulting in nearly 56,000 customer-to-partner
connections. In addition, as a Microsoft partner you
can generate more leadsand get the recognition
youve worked hard to earnby using Partner Logo
Builder to create, customize, and promote your
Microsoft Partner Program status in your marketing
materials and customer communications.
ARE YOU RE ADY TO GO?
Demand generation is just the beginning. To see all of the business-
building opportunities the Microsoft Partner Program has designed
for you, visit partner.microsoft.com/us/success
YOU P R OS P E C T I V E C L I E NT S
MA P
T O
S U C C E S S
THE EASI EST WAY TO FI ND NEW CLI ENTS I S TO
HAVE THEM FIND YOU.
THE EASI EST WAY TO FI ND NEW CLI ENTS I S TO
HAVE THEM FIND YOU.
REFERRAL WAY
N
E
W

B
I
Z

R
D
.
O
P
P
O
R
T
U
N
I
T
Y

A
V
E
.
C
L
I
E
N
T

B
A
S
E

H
I
G
H
W
A
Y
LE
A
D
G
EN
ER
A
T
I O
N
ST.
D
E
M
A
N
D
B
L
V
D
.
S:14.75 in
CHANNELSOLUTIONS
COTTON FROM PAGE 35
Colesante said Terian has
refined its offering through the
use of not only good technology
but also best practices, which
include employing backup pro-
fessionals and keeping dupli-
cates of client data in two secure
locations. Another practice we
use is charging customers a
capacity-based price similar to
a utility service, which means
they typically pay a small
amount for secure backup,
Colesante said. Cotton pays
$1,200 per month to protect
200 gigs of data. The $1,200
includes a rack-mounted server
we installed for Cotton.
Asigras Televaulting is
the first agentless solution
to deliver bare-metal res-
toration capabilities across
distributed or multisite net-
works, said Colesante. Agent-
less means there is no need
to install client software on
target machines, while bare
metal means the software
restores servers without the
need to load applications or
files.
Televaulting has two main
componentsa client, which
resides at a customer site, and
a server, which resides at a
WAN-connected data center.
Televaultings technology
performs a full backup fol-
lowed by incremental, minor
backups.
Terians Secure Backup has
been a big hit with Miller. If
we lost all our data, it would
be equal to losing $1 mil-
lion or so, not counting all
the lost productivity and the
manpower involved in trying
to restore data, he said.
Miller said backups and
re storations are very fast and
manageable. Because a copy
of the data is available locally,
routine and test restores are
easy to do, he said.
On only two occasions in
the past year has Miller had
to test the speed of the ser-
viceone involved the payroll
server, and the other involved
the job estimates server, both
vital data sources. Both times
Terian was able to help me
restore the lost data within
30 minutes, Miller said.
Herman Mehling is a freelance
writ er in San Anselmo, Calif. He
can be reached at hermanmehling
@sbcglobal.net.
Cotton Companies workers clean an office after a storm.
CHANNELSOLUTIONS
31p35.indd 38 10/2/07 11:58:03 AM
No defense department
DEFENSE AGENCIES ARE OPEN TO ATTACK, EVEN THOUGH FIXING THE PROBLEM CAN BE EASY
By Lisa Vaas
O
n july 18, sunbelt software came across a sql
command passed as a query within a URL
belonging to an arm of a European countrys
military. With that, any visitor can pass queries
in the URL straight to the back-end database
and squeeze out any data, no password required.
Solutions
GOVERNMENT
G8 REPORTS PEG CHINA AS HOST OF MOST OF THE WORLDS INFECTED WEB SITES
r go.eweek.com/casestudies
At the time, the URL dis-
played what Sunbelt Presi-
dent Alex Eckelberry called
an infantile security mis-
take: putting production
code and a back-end data-
base into the hands of any-
body who wanders by. It
was, in other words, a seri-
ous security vulnerability
that even the most basic
security policy should have
forbidden, never mind the
security policy of a major
defense agency.
Sunbelt, of Clear water,
Fl a. , al ert ed securi t y
researchers f rom t he
country in question. They
assured Sunbelt that they
would notify the defense
agency.
Was this the end of the
story? Unfortunately, it
was not. Six weeks later,
Sunbelt checked the site
and found it was still a sit-
ting duck, serving military
base information to any
visitor who knew how to
frame a SQL query, telling
potential attackers exactly
which database it was run-
ning and what operating
system it was using, and
thereby painting a Day-
Glo arrow toward the exact
class of known vulnerabili-
ties and exploits that could
bring it to its knees.
Sunbelt again alerted
security researchers from
the country in question.
They again assured Sun-
belt they would notify the
defense agency.
This is far from an
anomaly. As evidenced
by the recent attack on a
portion of the Pentagons
networkallegedly perpe-
trated by the Chinese Peo-
ples Liberation Army
continued vulnerability in
defense establishments
is leaving governments
exposed and populaces at
risk. Whats worse, much
of it is due to sheer sloppi-
ness: poor security policies
and unpatched systems
nothing cutting-edge, but
just run-of-the-mill lack of
attention.
The Pentagon didnt
respond to requests for
information regarding
what vulnerabilities led
to the network penetra-
tion. Neither did the U.S.
consulate of the Euro-
pean country with the
security vulnerability, nor
the defense agency that
runs the site in question.
But finding specific vul-
nerabilities on these sites
isnt difficult. Eckelberry
directed eWeek to Google
sex porn site:.gov. Out
of the 10 top hits Sept. 6,
eight were for pornogra-
phy somehow tied in to
Web servers hosted by the
government of California.
On the face of it, redi-
rects to porn sites might
not seem as serious as
a defense agency whose
[CONTINUED ON PAGE G8]
www. eweek. com
OCTOBER 8, 2007 n eWEEK G1
31pG1.indd G1 10/1/07 4:44:20 PM
1_x - x PUB
You never know where your work will take you.
CDW

G has the technology to keep you mobile.

InFocus Work Big IN34
2500 ANSI lumens XGA projector
Contrast ratio: 1000:1
Two-year limited parts and labor, and six-month lamp warranty
$949.99 CDWG 1007903
Intel

Centrino

Duo Processor Technology

- Intel

Core

2 Duo Processor T5250 (1.50GHz)

- Intel

PRO/Wireless 3945 Network Connection (802.11a/b/g)

Memory: 1GB
15.4" WXGA display
Windows

XP Professional
Lenovo ThinkPad

R61i
$
899
99
CDWG 1259915
Lenovo X6 UltraBase

Includes parallel, serial and USB expansion connectivity

LED, locking device keyhole (cable lock)
Docking station for Lenovo ThinkPad

X60 Series
$199.99 CDWG 916998
Intel

Centrino

Duo Processor Technology

- Intel

Core

2 Duo Processor T7300 (2GHz)

- Intel

PRO/Wireless 3945 Network Connection (802.11a/b/g)

Memory: 1GB
12.1" XGA display
Windows Vista

Business Edition
Lenovo ThinkPad

X61
$
1 299
99
CDWG 1224944
Lenovo ThinkPad

7-cell Lithium-ion Battery

Supplements the runtime of your standard battery
Compatible with the Lenovo ThinkPad

T60 series
$163.99 CDWG 1226418
Intel

Centrino

Duo Processor Technology

- Intel

Core

2 Duo Processor T7100 (1.80GHz)

- Intel

PRO/Wireless 3945 Network Connection (802.11a/b/g)

DVDRW drive
14.1" WXGA display
Windows Vista

Business Edition
$
1 099
99
CDWG 1201140
Lenovo ThinkPad

T61 with Fingerprint Reader

Trend Micro

InterScan

Messaging Hosted Security

Protects your network by integrating multi-tiered antispam and
antiphishing with award-winning antivirus and antispyware
Flexible content filtering enforces compliance and prevents data leakage
Standard 51-250-user license, 1-year subscription $19.14 CDWG 1191627
Advanced 51-250 user license, 1-year subscription $23.05 CDWG 1191635
Intel

Centrino

Duo Processor Technology

- Intel

Core

2 Duo Processor L7500 (1.60GHz)

- Intel

PRO/Wireless 3945 Network Connection (802.11a/b/g)

Memory: 1GB
12.1" XGA display with tablet functionality
Windows Vista

Business Edition
Lenovo ThinkPad

X61 Tablet PC
CDW

G EXCLUSIVE
$
1 699
99
CDWG 1241510
Offer subject to CDW

Gs standard terms and conditions of sale, available at CDWG.com. 2007 CDW Government, Inc.
Whether you are a state, county or city agency, new technology plays an important part
in increasing productivity and potential. At CDW

G, our technology specialists understand

your agencys needs and can advise you on what software and system upgrades are right
for you. We have long-term solutions at an affordable price to help your staff accomplish
agency tasks faster. So call CDW

G today and get the technology you need to continue

serving the citizens who need you.
Were there with the technology you need.
CDWG.com 800.767.4239
1_x - x PUB
You never know where your work will take you.
CDW

G has the technology to keep you mobile.

InFocus Work Big IN34
2500 ANSI lumens XGA projector
Contrast ratio: 1000:1
Two-year limited parts and labor, and six-month lamp warranty
$949.99 CDWG 1007903
Intel

Centrino

Duo Processor Technology

- Intel

Core

2 Duo Processor T5250 (1.50GHz)

- Intel

PRO/Wireless 3945 Network Connection (802.11a/b/g)

Memory: 1GB
15.4" WXGA display
Windows

XP Professional
Lenovo ThinkPad

R61i
$
899
99
CDWG 1259915
Lenovo X6 UltraBase

Includes parallel, serial and USB expansion connectivity

LED, locking device keyhole (cable lock)
Docking station for Lenovo ThinkPad

X60 Series
$199.99 CDWG 916998
Intel

Centrino

Duo Processor Technology

- Intel

Core

2 Duo Processor T7300 (2GHz)

- Intel

PRO/Wireless 3945 Network Connection (802.11a/b/g)

Memory: 1GB
12.1" XGA display
Windows Vista

Business Edition
Lenovo ThinkPad

X61
$
1 299
99
CDWG 1224944
Lenovo ThinkPad

7-cell Lithium-ion Battery

Supplements the runtime of your standard battery
Compatible with the Lenovo ThinkPad

T60 series
$163.99 CDWG 1226418
Intel

Centrino

Duo Processor Technology

- Intel

Core

2 Duo Processor T7100 (1.80GHz)

- Intel

PRO/Wireless 3945 Network Connection (802.11a/b/g)

DVDRW drive
14.1" WXGA display
Windows Vista

Business Edition
$
1 099
99
CDWG 1201140
Lenovo ThinkPad

T61 with Fingerprint Reader

Trend Micro

InterScan

Messaging Hosted Security

Protects your network by integrating multi-tiered antispam and
antiphishing with award-winning antivirus and antispyware
Flexible content filtering enforces compliance and prevents data leakage
Standard 51-250-user license, 1-year subscription $19.14 CDWG 1191627
Advanced 51-250 user license, 1-year subscription $23.05 CDWG 1191635
Intel

Centrino

Duo Processor Technology

- Intel

Core

2 Duo Processor L7500 (1.60GHz)

- Intel

PRO/Wireless 3945 Network Connection (802.11a/b/g)

Memory: 1GB
12.1" XGA display with tablet functionality
Windows Vista

Business Edition
Lenovo ThinkPad

X61 Tablet PC
CDW

G EXCLUSIVE
$
1 699
99
CDWG 1241510
Offer subject to CDW

Gs standard terms and conditions of sale, available at CDWG.com. 2007 CDW Government, Inc.
Whether you are a state, county or city agency, new technology plays an important part
in increasing productivity and potential. At CDW

G, our technology specialists understand

your agencys needs and can advise you on what software and system upgrades are right
for you. We have long-term solutions at an affordable price to help your staff accomplish
agency tasks faster. So call CDW

G today and get the technology you need to continue

serving the citizens who need you.
Were there with the technology you need.
CDWG.com 800.767.4239
The Bush administration coun-
tered in an August court filing that
said the Office of Administration
is not subject to FOIA, and there
has been no further movement in
the CREW lawsuit. It appears they
are trying to run out the clock,
Weismann said, referring to the
2008 national elections when voters
will select a new president. Weve
had no indication of cooperation
from them.
Following up on CREWs informa-
tion, the National Security Archive,
an independent nongovernmental
organization based at George Wash-
ington University, sued the White
House on Sept. 5 seeking the recov-
ery and preservation of the missing
e-mails. The U.S. House Commit-
tee on Oversight and Government
Reform is also seeking additional
information on the matter.
The White House has until Nov.
5 to reply to the NSA lawsuit.
The White House did not return
inquiries for comment, but in an
April 16 briefing, White House
press secretary Dana Perino said,
Im not taking issue with [CREWs]
conclusions at this point. But I also
will tell you that the technical folks
that weve spoken to in the prelimi-
nary discussions was that if there
had been an inadvertent human
error or a technical problem it
wouldnt have been intentional.
Perino also said, I think there are
backup tapes; there are different ways
in order to go back and find e-mails.
That caught the attention of Rep.
Henry Waxman, D-Calif., chairman
of the House Committee on Over-
sight and Government Reform. At
Waxmans request, Keith Roberts,
deputy general counsel for the
White House Office of Adminis-
tration, briefed the committee staff
on the missing e-mails.
According to Mr. Roberts, the Office
of the Chief Information Offi-
cer conducted a review of
the e-mail system to deter-
mine the scope of the poten-
tial loss, Waxman wrote to
White House counsel Fred
Fielding Aug. 30. He said
that this review apparently
found some days with a very
small number of preserved
e-mails and some days with
no preserved e-mails at all.
Waxman noted Roberts claimed
a report was written summariz-
ing the situation and submitted to
the White House counsels office.
Roberts also said an unidentified
company was responsible for audit-
ing the White Houses e-mail and
archiving systems.
Mr. Roberts was not able to
explain why the daily audits con-
ducted by this contractor failed to
detect the problems in the archive
system when they first began,
Waxman wrote.
The White House has known for
a number of years the e-mails were
missing and refused to do anything
about it, Anne Weismann, chief coun-
sel for Citizens for Responsibility and
Ethics in Washington, told eWeek.
Covering more than two years,
the missing e-mails came to light as
part of congressional inquiries into
the White Houses firing of
U.S. attorneys.
The White House admits
the e-mails are missing and
that the Executive Office of
the President in 2002 aban-
doned the electronic records
management system put in
place by the Clinton admin-
istration. The e-mails were
deleted between March 2003
and October 2005. The Presidential
Records Act requires that all White
House e-mail be saved.
CREW filed a FOIA (Freedom of
Information Act) request with the
White House Office of Administra-
tion March 29 for records on the
missing e-mail. When the office
refused to turn over the informa-
tion, CREW sued the White House
May 23 for the information. The
organization also released a report
on the missing e-mails based on
information obtained from two
confidential sources.
D.C. WATCHDOG ORGANIZATION CLAIMS BUSH
ADMINISTRATION IS WAITING FOR 08 ELECTIONS
White House stalling on
missing e-mail, CREW says
By Roy Mark
T
he bush administration may be running out the clock in its efforts
to resist a congressional inquiry and two lawsuits seeking the where-
abouts and contents of more than 5 million missing White House
e-mails, according to an organization that has filed one of the suits.
Mr. Roberts was
not able to explain
why the daily audits
... failed to detect
the problems.
U.S. REP. HENRY WAXMAN
GOVERNMENTSOLUTIONS
G4 eWEEK n OCTOBER 8, 2007
www. eweek. com
31pG4.indd G4 10/2/07 9:56:11 AM
GOVERNMENTSOLUTIONS
IPR protections
remain key trade
barrier with China
By Roy Mark IN WASHINGTON
F
or china to truly become a nation built on
innovation, Beijing must improve its intellectual
property rights protections, according to the
U.S. Chamber of Commerce.
While software piracy rates have declined by
12 percent over the last two years, the theft rate is still
80 percent, chamber officials said.
China must take steps
to protect foreign inves-
tors, Myron Brilliant, the
chambers vice president
for East Asia, said at a press
briefing here Sept. 24, add-
ing that China is Americas
most important trading
partner. You cant be an
innovative society without
IPR [intellectual property
rights] protections.
In 2006, the United
States exports to China
totaled $55 billion. Imports
from China to the United
States hit $287 billion.
Brilliants comments on
IPR protections preceded
a wide-ranging presen-
tation on the chambers
Sept. 27 China trade rela-
tions testimony before the
Office of the United States
Trade Representative. In
addition to greater pro-
tections, the chamber is
focusing on currency rate
exchanges, food and prod-
uct safety, and defusing
growing congressional
concerns over trade with
China.
There are heightened
concerns over Chinas dis-
criminatory industrial and
investment policies that
effectively limit access to
its markets for American
firms, particularly in the
services sector, Brilliant
said. China should under-
stand that it must take steps
to address these concerns or
face a significant erosion of
support for the U.S.-China
commercial relationship in
the United States.
Despite the concerns of
U.S. lawmakers, Brilliant
said, We do not want to
retreat to protectionism.
In particular, the cham-
ber opposes congressio-
nal legislation aimed at
pegging the Chinese cur-
rency rate at market lev-
els. Many in Washington
argue that Beijing keeps
the yuan exchange rate
artificially low to help Chi-
nese exports.
Outside of Washing-
ton and Beijing, currency
is not that important,
Brilliant said.
A new chamber report
authored by Brilliant says
China has instituted some
intellectual property reforms
but they remain toothless
without effective imple-
mentation and enforce-
ment mechanisms.
Nevertheless, Brilliant
said China has made sig-
nificant progress on IPR
protections.
The chamber report
cited Beijings efforts to
force Chinese computer
makers, enterprises and
the government itself to use
legally licensed software. In
addition, notable progress
has been made in China to
ensure that computer mak-
ers ship new products with
legal software installed, the
report stated.
However, the report
noted that without further
progress in protecting soft-
ware, Counterfeiting and
piracy constitute a funda-
mental blight on Chinas
economic progress that
will lead political leaders
in the United States and
other countries to call into
question Chinas status as a
responsible global power.
Brilliant also said Beijing
has a number of concerns
about dealing with the
United States. The report
stated that the chamber
is sympathetic to Chinese
questions about restrictive
visa policies, out of step
export control regulations
and excessive mistrust of
Chinese investment in the
United States.
The chamber recog-
nizes that the trade rela-
tionship is not a one-way
street, Brilliant wrote.
PIRACY RATES HAVE DROPPED, BUT PROBLEMS
PERSIST, U.S. CHAMBER OF COMMERCE SAYS
U.S. and China by the numbers
Amount U.S. exports to China grew from 2005 to 2006,
making it the fastest-growing market for U.S. goods
The United States trading relationship is expanding rapidly,
as illustrated by the following numbers:
Source: U.S. Chamber of Commerce
32%
$55 billion
Amount U.S. exports to China reached
in 2006
$150%
Amount U.S. exports to China has grown since
China joined the World Trade Organization in 2001
$3.1 billion
Amount U.S. services exports to China
reached (with a surplus of $2.6 billion) in 2005
$723 million
Cash amount U.S. medical technology
exports to China reached (a 4 percent jump)
in 2006
$1.2 billion
Value of the legitimate software market in
China in 2006, an 88 percent increase over 2005
www. eweek. com
OCTOBER 8, 2007 n eWEEK G5
31pG5.indd G5 10/1/07 3:54:08 PM
2007 CDW Government, Inc.
CDWG.com 800.767.4239
At CDW

G, we understand how the right technology can help you do more with less. Were
there with expert advice from trained technology specialists who understand the needs of
state and local government. And with best-of-breed solutions from the top names in the
industry in almost every technology product category imaginable, you not only get what
you need, you get it whenever you need it.
When your technology budget
only goes so far,
were there to take it further.
2007 CDW Government, Inc.
CDWG.com 800.767.4239
At CDW

G, we understand how the right technology can help you do more with less. Were
there with expert advice from trained technology specialists who understand the needs of
state and local government. And with best-of-breed solutions from the top names in the
industry in almost every technology product category imaginable, you not only get what
you need, you get it whenever you need it.
When your technology budget
only goes so far,
were there to take it further.
thorized advertisements
and blogs. According to
The Washington Post Aug.
25, the blogs linked to ille-
gal prescription drug sites
hawking everything from
generic painkillers to erectile
dysfunction medication.
Eckelberry said also that
as of the week of Aug. 27,
a number of government
sites were redirecting to
porn pages requiring visi-
tors to view a sex video
by downloading a fake
codeca program that
performs encoding and
decoding on a digital data
streamthat in fact
was a piece of mal-
ware.
Its all happening
because of the most
banal of reasons:
People arent keeping
systems patched, Eck-
elberry said.
At one point, Sun-
belts Greg Kras, vice pres-
ident of product manage-
ment, changed the select
statement in the sites
URL to include informa-
tion schema columns,
which he expected would
give him the database
structure. He received two
error messages, which told
him the defense depart-
ment was using Access
as a back-end database.
Access isnt a SQL-based
database, but its just as
easy to toy with, he said.
A security policy that
would specifically help
sites such as the one
belonging to the Euro-
pean defense agency is
one that would keep SQL
users running with bare-
minimum access rights,
Kras said. Setting write
privil eges on another
account would be a good
idea, Kras said. Instead,
people cut corners for
simpl icity s sake, he
said.
G8 eWEEK n OCTOBER 8, 2007
www. eweek. com
database is a few key-
strokes away from being
displayed in public. But
these porn sites arent nec-
essarily benignmany
serve up Trojans. The fact
that government servers
can be used with impu-
dence to plant redirects
for spyware and porn sites
reflects the fact that the
U.S. government, just like
the European countrys
military and its naked
database, has spotty net-
work security.
This was made starkly
evident the week of Sept.
3 when the official site of
the Lawrence Livermore
National Laboratory was
discovered hosting unau-
DEFENSE FROM PAGE G1
REPORT SAYS THE COUNTRY HOSTS THE MOST COMPROMISED SERVERS
Most malware made in China
By Lisa Vaas
C
hina can keep denying that its peoples libera-
tion Army is responsible for infiltrating govern-
ment networks, but good luck in denying that its
pumping out the most malware on the planet.
Sophos nailed China as the top junk-spewer in its July
threat report, which said that China servers were behind
53.9 percent of the worlds malware-infected sites in the
first half of 2007. Thats more than the next three top
junk-serving countries combined. That number isnt
actually a reflection of the apex of Chinas malware
serving, though. At the end of 2006, the country hosted
just over a third of all malware; it then surpassed the
United States, according to Sophos reports.
But Sophos officials said that just because Chinese
servers are hosting junk doesnt mean the criminals
are actually in China.
As for why Chinas servers are such accommodating
hosts, Sophos credits the widespread rate of Mal/Iframe
infections on Chinese-hosted sites, with more than 80
percent of the countrys compromised Web pages being
stricken with the malware.
GOVERNMENTSOLUTIONS
Source: Sophos
China
53.9%
United
Kingdom
Others
5.9%
0.7%
Taiwan
6.35%
South Korea
0.6%
United States
27.2%
Import and export
China led all countries in the first half of 2007 in hosting
malware-infected Web pages:
Canada
0.8%
France
1.1%
Ukraine
1.2%
Germany
3.5%
Russia
4.5%
People cut
corners for
simplicitys sake.
GREG KRAS
VP OF PRODUCT MANAGEMENT, SUNBELT
31pG1.indd G8 10/1/07 4:44:46 PM
MOBILE
Dont miss a single breaking story while youre on the go!
Now you can get the latest technology
news & reviews from the trusted editors of
eWEEK.com on your handheld device.
eWEEK Mobile brings you
the top stories of the day in
an easy-to-read, accessible
format thats always at your
ngertps.
Visit today at
mobile.eweek.com
Sponsored by
S
pending for it goods and services
is expected to grow next year, as
organizations enter a new phase of
technology acquisition.
In 2008, IT will experience an 8 percent
increase in spending over 2007 pur-
chasing budgetsthats 3 per-
cent more than in 2007, said
Andrew Bartels, an analyst at
Forrester Research, in Cam-
bridge, Mass.
Data center consolidation,
infrastructure refresh and
security enhancements have
typified much of IT spending
since 2000. For 2008, spending pat-
terns are expected to begin to change,
as companies focus more on increasing
productivity than in cutting costs.
Forrester talks about two periods of technol-
ogy acquisition, which we call tech digestion
INSIGHT
and innovation growth, Bartels said.
During tech digestion, acquisition is all
about price and ease of use, with budgets
primarily driven by return on investment cal-
culations. Theres a large focus on infra-
structure rationalization and process
automationpretty much whats
characterized technology acqui-
sition for the past seven years
or so.
Next year will signal a
point of transition, as well
see a whole new level of
investment for the next four
or five years. Purchases will be
driven more by functionality and
less by ROI calculations. There
will be a shift from making processes
more efficient to helping companies opti-
mize business results by adding analytics
40 eWEEK n OCTOBER 8, 2007
www. eweek. com
Consolidation is still key, but companies are
spending more on productivity apps
IT BUDGET
AGENDA
2008
By Dave Greeneld
[CONTINUED ON PAGE 42]
31p40.indd 40 10/3/07 5:25:12 PM
INSIGHT
www. eweek. com
OCTOBER 8, 2007 n eWEEK 41
J
A
M
E
S

K
A
C
Z
M
A
N
INSIGHT
31p40.indd 41 10/3/07 5:25:35 PM
Hank Zupnick, and a major business
priority for the company, a business
unit of GE Commercial Finance, is
electronic content management for
providing easy access to business
documents such as tenant leases and
third-party vendor contracts. We are
also investing heavily in expanding
our financial analytic capabilities,
especially in the area of subledgers,
moving from [Microsoft] Excel-based
tracking to a Java-based system that
integrates with our general ledger,
said Zupnick, in an e-mail interview.
New Yorks Westchester County
will deploy new tools next year to help
employees be more productive. These
tools include a case management
system for the countys mental health
facility and an expanded point-of-sale
system at the countys amusement
park, Rye Playland, said Westchester
County CIO Norm Jacknis.
Some of Jacknis other application
plans could be considered more cutting
edge: He plans to roll out virtual-reality
planning simulations using Second
Life-like technology. Those simulations
will enable stakeholders to see the con-
sequence of planning decisions, not just
read about them in a static document.
If we concentrate development in these
areas, said Jacknis, then we can see
what will happen in other areas.
Jacknis added that he has requested a
10 percent budget increase for 2008.
Wheres the
infrastructure?
companies may be spending more
on productivity-enhancing apps next
year, but investment in infrastruc-
ture and the back-end processes that
drive IT certainly wont stop.
Data center reorganization and
consolidation continue to be major
projects for many companies, driv-
ing investments in virtualization,
storage, blade servers and more
effective management tools.
We are centralizing many of our
and vertical industry knowledge,
said Bartels.
According to Forrester research (see
chart, Page 45), software spending will
show the greatest increase over 2007, ris-
ing by 10 percent, fueled by the drive for
greater productivity as well as the spread
of virtualization software in the data
center. Communications equipment
purchasing will show the greatest per-
centage increase (9 percent more than
the 2007 budget), heavily influenced by
carrier infrastructure investment.
Communications equipment pur-
chasing by enterprises will be more
modest, growing at 6 percent more
than 2007 budgets. The budgets for
computer equipment will show a
slightly lower growth, at 4 percent,
than it did in 2007, while budgets
for IT services and outsourcing will
jump by 8 percent.
Macro issues
discussions with industryanalysts
and IT professionals indicate that
terms such as security and disas-
ter recovery still have a place on ITs
agenda, but moving up fast are terms
including green IT, data analytics
and knowledge transfer.
This latter term is particularly
important: The increasing mobility
of workers means that organizations
suffer when individuals take their
knowledge and intelligence with
them. Web 2.0 technologies, such
as wikis, blogs, and enterprise tag-
ging and bookmarking systems, are
being looked at as one approach for
capturing that intelligence.
Learning in major organizations
is just repeated constantly, said Keely
Flint, enterprise information architec-
ture program manager, at Bupa Health,
based in the United Kingdom. We
developed a library of use cases so that
people might come to a central reposi-
tory to trigger ideas for new projects or
gain guidance for existing projects.
Mike Pelligrino agrees. The vice
president of IT at Fuji Film, in Valhalla,
N.Y., said hes automated pretty much
everything that can be automated. Next
year hell start using Microsofts Share-
Point platform for collecting latent
information in the organization. We
have intranets and our internal Web
sites, but everybody has their drawers
stuffed with information, so the idea is
to promote the use of SharePoint as a
common platform, Pelligrino said.
Pelligrino added that some of these
technologies dont have obvious ROI.
There are some things that are
just pure breakaway success from
a technology standpoint, which the
most progressive companies can
leverage, that may not be so obvious
from the standpoint of an ROI analy-
sis, Pelligrino said. He cites the
Web as one of the best examples.
Organizations are also focusing
on addressing immediate customer
productivity requirements.
GE Real Estates IT budget is
expected to increase by 3 percent to
5 percent next year, according to CIO
INSIGHT
BUDGET FROM PAGE 40
42 eWEEK n OCTOBER 8, 2007
www. eweek. com
[CONTINUED ON PAGE 44]
If we concentrate
development in
[cutting-edge]
areas, then we
can see what will
happen in other
areas.
NORM JACKNIS
31p40.indd 42 10/3/07 5:26:03 PM
Y
o
u
r

c
h
a
l
l
e
n
g
e
:

b
u
i
l
d

r
i
c
h
,

i
n
t
e
r
a
c
t
i
v
e

W
e
b

s
i
t
e
s
.

D
e
f
y

i
t
:

u
s
e

t
h
e

A
S
P
.
N
E
T

A
J
A
X

c
o
n
t
r
o
l
s

i
n

V
i
s
u
a
l

S
t
u
d
i
o

t
o

w
i
n

a
t
t
e
n
t
i
o
n

o
n

a
n
y

b
r
o
w
s
e
r
.

M
o
r
e

t
i
p
s

a
n
d

t
o
o
l
s

a
t

d
e
f
y
a
l
l
c
h
a
l
l
e
n
g
e
s
.
c
o
m

B
E
F
O
R
E

Y
O
U

T
A
K
E

O
N

T
H
A
T

W
E
B

A
P
P
,

M
A
K
E

S
U
R
E

Y
O
U

H
A
V
E

T
H
E

R
I
G
H
T

W
E
A
P
O
N
.
significant success, Zupnick said.
GE also intends to expand the use of
virtualization in 2008 as a part of its
corporate centralization projects.
Fuji Films Pelligrino also noted that
a major focus next year will be consoli-
dating data centers. During 2006 and
infrastructure services [such as serv-
ers, network support and help desk]
on the corporate level, rather than
continuing to manage them our-
selves, GE Real Estates Zupnick
said. This will provide economies of
scale [internal efficiencies], freeing
up funds for new initiatives.
As part of that effort, GE Real
Estate is deploying WAFS (wide-area
file services) in 30 North American
regional offices in place of tradi-
tional file and print servers, with
INSIGHT
44 eWEEK n OCTOBER 8, 2007
www. eweek. com
BUDGET FROM PAGE 42
THE LEADERS
Empower green IT Doing good is being smart.
Companies will continue to look at being good citizens by
buying products that reduce power consumption, cutting
their electricity costs in the process.
Power to the people Having put the right infra-
structure in place, many organizations will enter a period
of purchasing next year where new capabilities drive
implementations. To those ends, look for increased invest-
ment in applications of all sorts, with a preference toward
vertical or industry-specific applications.
Download the employee Organizations are
increasingly looking at ways to preserve the knowledge
retained by individuals, both as a means of creating a larger
pool of data for improved performance and ensuring the
datas existence when employees leave. Enterprise 2.0
technologiessuch as blogs, wikis, and bookmarking
and tagging systemsare increasingly being looked at
as solutions here. However, while there is much interest
in Web 2.0, investments should be relatively minimal due
to the technologys low prices and companies nominal
deployments.
Get smart, go industry Looking to better enhance
understanding of their markets, organizations will increase
investment in business analytics and data warehousing, as
well as in business intelligence, to gain a deeper under-
standing of their markets.
Centralized data centers Consolidation remains
hot, and that goes for related technologies. Virtualization
tops the list here and is one reason that Forrester Research
sees the software category outdoing hardware next year.
Also high on the list in this area are blade servers and
WAFS (wide-area file services), as well as numerous
management technologies.
Secure the desktops Security will slump next year
Priorities shifting in 2008
as IT realizes that it takes more than just throwing money at
software to secure an enterprise. Process and a plan are just
as critical. One area to see investment will be nodal security, as
IT abandons the myth that a firewall can protect the enterprise
and seeks to secure clients and servers on their own.
Organizational integration Linking internal and
external systems as organizations continue to streamline
processes will move up a notch next year as SOA (service-
oriented architecture) moves from the esoteric to more
mainstream. Research and piloting will continue, but look
for implementations to pick up as well in 2008.
THE LAGGARDS
Windows Vista continues to uninspire
Companies for the most part are taking a wait-and-see
attitude toward the new operating system.
VOIP Theres certainly much interest in voice over IP,
and companies will continue to replace end-of-life telephony
gear with VOIP equipment, but most organizations wont be
replacing their telephony gear prematurely to take advantage
of VOIP or of new unified communications capabilities.
Servers With the growth in data center consolida-
tion, servers will see a downturn in investment. Watch
those dollars flow toward virtualization technologies as
organizations look to take better advantage of existing
hardware resources.
Outsourcing Companies will continue to outsource
some roles and positions, but overall outsourcing revenue
wont be as pronounced as in years past. In part, this is due
to fewer megadeals and falling prices as offshore factors
come into play, said Forrester analyst Andrew Bartels, of
Cambridge, Mass.
Disaster recovery Disaster recovery spending will
drop, not because of a lack of importance but because most
organizations have already implemented their disaster
recovery strategies. Dave Greenfield
HERE ARE THE INITIATIVES SHAPING UP AS THE LEADERS AND LAGGARDS BASED ON FORRESTERS DISCUSSIONS WITH IT PROS.
31p40.indd 44 10/3/07 5:26:15 PM
INSIGHT
We are also
investing
heavily in
expanding
our financial
analytic
capabilities.
HANK ZUPNICK
www. eweek. com
OCTOBER 8, 2007 n eWEEK 45
2007, Fuji Film rolled out most of its
SAP implementation and put into place
much of the necessary infrastructure for
the platform. The company refreshed
desktops, changed e-mail systems and
put into place the SAP ERP (enterprise
resource planning) modules.
Going forward, Pelligrino said he
expects to concentrate on data cen-
ter consolidation as part of Fuji Films
broader multiyear Vision 75 business
strategy (named for Fujis 75th anni-
versary in 2007), with a changing focus
on productivity creation. Pelligrino said
his budget will remain about the same
in 2008, but he also sees the consolida-
tion project yielding a 10 percent to 30
percent savings on related costs.
As such, heavy investment is
expected in any sort of hardware
consolidation technology, including
blade servers and virtualization, as
well as in storage, Pelligrino said.
At the same time, Fuji Film will
continue to merge onto SAP and
increasingly explore SharePoint.
Much of that technology will
increasingly need to use less power.
Westchester, for example, is becom-
ing a green county. The county
established its own Global Warming
Task Force, which means CIO Jack-
nis is starting to look at deploying
equipment that uses less electricity
and has lower heat dissipation than
conventional gear. The push
will extend to the desktop as
well, Jacknis said.
Back-end investment
wi l l a l s o be ne e de d
t o address regul at ory
requirements. While the
Sarbanes-Oxley Act may
have required financial
institutions to keep track
of past correspondence,
changes to the Federal
Rules of Civil Procedure
are requiring all organi-
zations to have e-discov-
ery programs in place.
Westchester, for example,
is putting into play a process to
capture all voice mails, e-mails
and correspondence, according
to Jacknis.
Focus on software
given it departments drive for
productivity enhancements and
better ability to address customer
requirements, its understandable
that software is expected to undergo
the greatest change in investment.
Perhaps whats less clear is where
the breakaway successes will come
from. According to the IT executives
interviewed for this article, one thing
is clear: Neither VOIP (voice over
IP) nor unified communications is
expected to provide that value edge.
While all are deploying VOIP, theyre
doing so gradually, as PBXes reach
their end of life or as new installa-
tions are rolled out.
It may be tempting to point to
Web 2.0 technologies as the next
wave of productivity-generating
applications, but the technology
is still maturing. Most executives
contacted for this story said they
are piloting or deploying some form
of Web 2.0 technology, including
wikis, blogs, social bookmarking
and tagging systems, or virtual col-
laboration systems. But they said it
is too soon to tell what impact the
technology will have.
A safer answer may be the ver-
ticalization of broad-based appli-
cations: the process of applying
industry knowledge to mined data,
allowing companies to gain deeper
insight into their businesses.
Google can pool together enor-
mous amounts of data, but we dont
really know what informa-
tion can come out of it yet,
said Pelligrino. I think
theres some opportunity
to take some of that verti-
cal knowledge and apply it
to a broader information
base to extract meaning
and insight relevant to our
requirements.
Dave Greenfield is a 20-
year networking veteran and
the principal of Strategic
Technology Analytics. He
can be reached at dave@
stanalytics.com.
Percentage
Follow the bouncing buck
10 0
2007 2008
Source: Forrester
Percentage of expected increase in spending over previous year
Software
Communications
equipment
Computer
equipment
IT services and
outsourcing
9 8 7 6 5 4 3 2 1
31p40.indd 45 10/3/07 5:26:21 PM
By Cameron Sturdevant EWEEK LABS
D
atabase 11g is the corner-
stone of Oracles dynami-
cally allocated computing
grids and should garner the
attention of database managers with
its improved management, recovery
and table compression capabilities.
Oracle Database 11g, released Aug.
20, also takes much of the guesswork
out of advanced database tuning.
I tested Database 11g Enterprise
Edition for Linux x86 32-bit systems.
The 64-bit Linux edition, the Linux ver-
sion most likely to be used by Oracles
enterprise customers in a production
environment, and all other platforms
are expected by the end of the year,
according to company officials.
Pricing for Oracle Database 11g is
the same as it was for 10g: For exam-
ple, the Standard Edition One costs
$149 per named user and $4,995
per processor, and the Enterprise
Edition costs $800 per named user
or $40,000 per processor.
Focus on automation
three years in the making, ora-
cle Database 11g has a slew of new
and improved features that focus on
automatically improving the perfor-
mance of the database, queries, and
memory and storage usage.
One of these is a what-if tool called
Database Replay. During testing, this
tool allowed me to capture an actual
database workload on a production
system and replay it on a test system.
Database Replay is not a feature to be
toyed with lightly, however, as getting
the best results may require restart-
ing the production database. When
I walked through the setup wizard, I
had to acknowledge several stern (and
appropriately so) warnings that the sys-
tem was ready to capture the workload
without causing disruption.
Database 11g was able to take the
captured workload and transform it
into what are called Replay Files. The
wizard also created metadata files
needed to process the workload. I
was able to play
back the captured
workl oad on a
test system.
The ability to
test and work with
actual workloads
is among the most
accurate methods
to predict how
application and
system changes
will impact real-
life performance.
Al ong t hose
lines, the SPA
( SQL Pe r f o r-
mance Analyzer)
enables database
administrators
t o predi ct t he
impact that sys-
tem changes will have on such fac-
tors as the SQL execution plan. SPA
can be used to anticipate perfor-
mance changes due to a database
upgrade, tuning, schema changes,
statistics gathering, database param-
eter changes and even operating
system or hardware changes.
I created an STS (SQL Tuning Set)
to hold the workload information,
including the execution plans, binds
and statistics on execution.
I created a Guided Workflow to create
a sequence of steps to execute two trial
SPA tests. The tuning sets included
SQL statements and execution statistics,
along with the execution context.
INSIGHT
Oracles Database 11g
streamlines management
Softwares many improvements emphasize automation
11 g goodies and gotchas 52
AmTrust tries out 11g 54
[CONTINUED ON PAGE 48]
SPA Asesses changes to the SQL execution
plan to significantly reduce the amount of DBA time needed to
identify and fix SQL statements that regressed Because of system
changes
Database replay Helps enable SPA and enables DBAs to rerun
actual production workloads in test environments
Table data compression Enables more data to be stored on less
disk space with only a minimal performance hit; new compression
techniques may enable the jump from disk to solid state drives
Flashback data archive Tracks and stores all transactional
changes to a tracked table over its lifetime
Online patching Means patching a running executable, not get-
ting patches from an online source; is akin to replacing parts on a
car that is driving down the freeway
SQL Access Advisor Extends recommendations to partitioning
options for indexes, views and tables
Among the hundreds of new and
improved features in Oracle
Database 11g are:
Whats new in 11g
46 eWEEK n OCTOBER 8, 2007
www. eweek. com
31p46.indd 46 10/2/07 5:01:30 PM
A L T E R NAT I V E T HI NK I NG A B OUT B US I NE S S A ND T E CHNOL OGY:
A Users Guide.
Alternative thinking is recognizing that information technology
is now business technology, and theres no going back.
Its realizing the proper role of technology in this era is not just to be
safe and steady and reliable, but to spur the business to compete
aggressively, imaginatively and daringly.
Its demanding that technology be judged not by arcane technical
benchmarks, but by business metrics. (HP will help you meet them.)
Its working with HP to ignite innovation, demand simplicity,
kill complexity and enforce efciency to get to market before
competitors even know whats coming.
2007 Hewlett-Packard Development Company, L.P.
ORACLE FROM PAGE 46
The SPA compares workload-handling to predict the effect of variables such as schema changes.
The STS I created ran against a
test human resources database. After
running the STS, I applied the patch
and replayed the tuning set with the
patches enabled. In my test, the SPA
showed that there was an improve-
ment in most of the execution of
most of the SQL, as well as a regres-
sion in performance.
The SQL Tuning Advisor in Data-
base 11g was able to use the informa-
tion found in the Guided Workflow
and make specific suggestions for
tuning the SQL text.
The new SQL Query Result Cache
improves application performance
by caching SQL query and Oracle
PL/SQL function results in memory.
Until the data in the database object
is modified, the cached query results
are used. The performance improve-
ment depends on the underlying data
remaining fairly static. In general,
though, using the optional Result
Cache yields the most benefit when
used for frequently executed SQL
queries and PL/SQL functions.
Extended statistics
extended (or multicolumn) sta-
tistics, new in Oracle Database 11g,
can help determine if there is a rela-
tionship between two or more col-
umns in a table. I used the extended
statistics capability to add a set of
statistics that showed the relationship
between customers, states and coun-
triesall data stored in a single table.
The CBO (Cost-Based Optimizer) can
use these statistics to reveal multicol-
umn relationships in the table.
During my tests, I was able to see
the CBO calculate the correct selec-
tivity of the single-column predi-
cateseven columns to which a
function, such as UPPER (lname),
had been applied. As a result, the
CBO was able to determine the selec-
tivity and cardinality of the column
INSIGHT
data and could use the extended
statistics to correlate columns.
Historical records
during testing, i set up database
11g to track and store all transactional
changes to records, and the database
has the ability to store this informa-
tion for the lifetime of the record.
Additional memory is needed to
store the transaction records, how-
ever, and DBAs should be mindful
of using flashback only on records
deemed to require this extra moni-
toring capability.
When I configured my tests, I
specified a memory quota of 10MB
and a retention period of one year
for the transaction archive. During
tests, I was able to change data such
as the salaries of various employ-
ees and then use the flashback data
archive to restore values that I later
determined to be incorrect.
This is certainly an area that will
be of interest to forensic data inves-
tigators. In general, the amount
of metadata created and stored in
Database 11g will make it increas-
ingly difficult for insiders to fake
records or clean up change trails.
Only the most diligent and obses-
sive wrongdoers will be able to
The Web-based Enterprise Manager hosts controls for many of 11gs tuning functions.
[CONTINUED ON PAGE 50]
48 eWEEK n OCTOBER 8, 2007
www. eweek. com
31p46.indd 48 10/2/07 5:01:59 PM
Alternative Thinking About The Size of Blade Systems:
Strength and power, now in a smaller, more convenient
size. Introducing the HP BladeSystem c3000. All the
technology of our larger BladeSystem in an efficient,
compact, affordable package. Careful, watch your step.
Technology for better business outcomes.
CAREFUL, DONT TRIP OVER
THE INFRASTRUCTURE.
1. Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and other countries.
The information contained herein is subject to change without notice. 2007 Hewlett-Packard Development Company, L.P.
Powered by the Quad-Core Intel

Xeon

Processor
1
Get down to the smallest details. Visit hp.com/go/nocompromise58
1-866-625-0809
Data compression packs more records into less disk space without excessive performance loss.
eradicate the tampering evidence
in Database 11g.
Strengthened security
oracle has beefed up security in
Database 11g.
I used Transparent Database
Encryption to scramble data stored
on disk. Accessed through the Web-
based Enterprise Manager database
control, I used the database encryption
to obscure individual columns. My
tests showed that using the encrypted
datain my case, made-up credit
limitswasnt that much slower than
using unencrypted data.
A rather complicated key storage
and management procedure is used
to meet regulatory requirements. In a
nutshell, because of limited space, each
table with encrypted columns has a sin-
gle key, which is itself encrypted with
the database master key and stored in
the data dictionary with the table. No
keys are stored in the clear, and the
database key is stored in a security
module external to the database.
The important thing for DBAs and
IT security staff is that the master data-
base key must be secured, and its loca-
tion must remain known so that it can
be used when its time to decrypt the
data. I point this out because database
master keys change (or should change)
over time. DBAs must put a plan in
place now for ensuring that future
staff will have access to the keys and
therefore the data when needed.
The Enterprise Manager Database
Control management and moni-
toring tool has been improved in
Oracle Database 11g, enhancing
security and providing more detailed
reporting. First introduced in Oracle
Database 10g, Enterprise Manager
uses a tabbed browsing interface to
show performance history, alerts,
host configuration, patch workflow
and table space contents, and serves
INSIGHT
as an entry point for most adminis-
trative tasks.
Storage concerns
oracle is concerned about stor-
age, and data compression has been
used aggressively in Database 11g to
reduce storage requirements.
During tests, I created two tables
and compressed one to see the dif-
ference in size. I also compared the
difference in time needed to access
the compressed data compared with
the uncompressed data. The results
were quite favorable, although I will
continue to test this feature to get an
idea of what data is most suited for
compression and will report on that
as results become available.
The tables I used for testing con-
tained just more than 900,000 sales
records. The uncompressed table
was approximately 36MB and the
compressed table was 19MBmore
than half the size of the uncom-
pressed data. While there was about
a 47 percent reduction in size, access
time to perform operations on the
two tables differed by only approxi-
mately 1 to 2 percent.
eWEEK Labs Technical Director Cameron
Sturdevant can be reached at cameron.
sturdevant@ziffdavisenterprise.com.
Statistics capabilities enable 11g to determine significant relationships between columns.
50 eWEEK n OCTOBER 8, 2007
www. eweek. com
ORACLE FROM PAGE 48
31p46.indd 50 10/2/07 5:02:27 PM
Experience a utopian world of storage. Visit hp.com/go/storageutopia3
1-888-490-8044
1. Dual-Core is a new technology designed to improve performance of multithreaded software products and hardware-aware multitasking operating systems and may require appropriate
operating system software for full benet; check with software provider to determine suitability; not all customers or software applications will necessarily benet from use of this technology.
Intels numbering is not a measurement of higher performance. Intel, Intel logo, Intel Inside, Intel Inside logo and Intel Xeon are trademarks or registered trademarks of Intel Corporation
or its subsidiaries in the United States and other countries. L.P. Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and/or other countries.
2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Technology for better business outcomes.
Imagine a storage environment thats simple, straightforward
and virtually effortless. The HP StorageWorks 1200 All-in-One
Storage System lets you manage your ever-growing data
using a simple Windows

application, in a language you

already know. Call it utopia, nirvana, or just plain easy.
STORAGE UTOPIA
IS NOT A MYTH.
Alternative Thinking About Storage:
Powered by the Dual-Core Intel

Xeon

Processor
1
Beware Oracle Database 11gs ease of use
By Cameron Sturdevant EWEEKLABS
O
racle database
11g is loaded with
automation fea-
tures that I praised
highly in my review on Page
46. To gain perspective on
the features that will be most
beneficial to Oracle shops,
I asked veteran consultant
Don Burleson to name
the top five goodiesand
gotchasin Database 11g.
Burleson is a senior con-
sultant at Burleson Consult-
ing, of Raleigh, N.C., and
the author of more than 30
books on Oracle database
management.
What are the top five fea-
tures of Database 11g?
The new Oracle data com-
pression utility promises
to save on disk storage up
to three times over storing
data in an uncompressed
format, with relatively
small overhead. This has
a whole lot more benefit
than just saving on disk
space. It will allow com-
panies to go solid state for
far less money.
ADR [Automatic Diag-
nostic Repository] is a re -
pository for critical errors.
Its basically automating
somet hi ng t hat dat a-
base administrators have
been doing manually for
decades.
As part of the ADR, SPA
[SQL Performance Ana-
lyzer] is one of the most
exciting features. Its a
holistic tuning tool that
Oracle softwares automated features will need a savvy database administrator
allows you to define and
replay a representative
workload on your data-
base. You can then adjust
the global parameters for
optimal performance very
quickly. Its the kind of
task that database admin-
istrators have been doing
manually for years.
By getting these initial-
ization parameters opti-
mized, you can save your-
self from having to tune
tens of thousands of SQL
statements. What SPA
does is allow you to bundle
together a representative
workload and then empiri-
cally test what the SQL set-
tings are going to be so you
dont have to guess.
[Another feature is] the
ability to do hot updates,
which Oracle has been
working on for years. Its
phenomenally difficult
from a software engineer-
ing perspective to write soft-
ware that can update itself
while its running. Oracle
is raising the bar for all
the database vendors with
this Real Application Clus-
ters [RAC] feature. People
want continuous availabil-
ity. That doesnt mean just
three yearsuntil its time
to do a patch upgrade.
Automatic Memory Man-
agement [AMM] tuning dates
back to Oracle Database 9i,
when Oracle provided the
first tools to dynamically
tune memory pools. [You
can read more about Burle-
sons suggestions for Oracle
tuning in his book, Creating
a Self-Tuning Oracle Data-
base. Visit www.rampant-
books.com/book_2003_1_
oracle9i_sga.htm.] The
AMM tool is basically a
detection mechanism. [11g]
has a number of RAM pools,
and if [it] sees a shortage in
one, it will steal RAM frames
from one area and reallocate
to where they are needed.
And the top five things to
look out for?
The two-day DBA. Oracle
offers a class called the 2
Day DBA where the claim
is they can teach someone
enough information to
manage, or really babysit,
an Oracle database in 48
hours. Oracle has become
so automated that you can
end up with a DBA that
doesnt really know what
is happening, and that is
getting a lot of companies
in trouble.
Also look out for choos-
ing a suboptimal replica-
tion system. Oracle offers
many kinds of data repli-
cation, including Oracle
Streams, Multi-master
and snapshot replication,
and Oracle RAC, which
is, in a sense, a type of
replication.
Misunderstanding the
output of the intelligent
advisersOracle has cre-
ated artificial intelligence
to advise on self-healing
operati ons, and these
are often misunderstood
and misapplied by people
without the requisite back-
ground.
Oracle has offered fea-
tures in 11g that are geared
to senior practicing DBAs
that have a huge potential
for abuse by dilettantes.
Many times I see that peo-
ple are using these auto-
mated tools beyond their
level of understanding.
INSIGHT
Naughty and nice
Two-day DBAs
According to veteran Oracle consultant Don Burleson, here
are the things to watch for and out for in Database 11g:
Data compression
Choosing the wrong rep-
lication system
Misunderstanding the
intelligent advisers
ADR (Automatic Diag-
nostic Repository)
SPA (SQL Performance
Analyzer)
RAC (Real Application
Clusters)
Implementing incompatible
security models
AMM (Automatic Memory
Management)
Putting power tools in the
hands of neophytes
52 eWEEK n OCTOBER 8, 2007
www. eweek. com
31p52.indd 52 10/3/07 10:31:35 AM
Copyright 2007, Oracle. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates.
Other names may be trademarks of their respective owners.
oracle.com/database
or call 1.800.ORACLE.1
Oracle
Database 11g
The Innovation Continues
Online upgrades and patching
Advanced partitioning and compression
Record and replay real workloads
Delegate jobs to a standby database
Query a database as it was a week ago
AmTrust ponders Database 11g upgrade
By Cameron Sturdevant
EWEEK LABS
A
mtrust bank, one
of the 20 largest
mortgage lenders
in the United States, uses
a combination of Oracle
products, including Data-
base 10g Release 2, and has
been beta testing Database
11g. So far, AmTrusts IT
department likes what it
sees, as the
11g platform
p r o mi s e s
t o i ncrease
ap pl i cat i on
uptime and
de crease time
spent on man-
ual tasks.
KP Singh,
database ad -
ministration
manager at
A mTr u s t ,
which keeps track of almost
$17 billion in assets, said
Database 11gs change man-
agement, SQL tuning, patch
management and improved
cluster management tools
are among the most impres-
sive features he has seen
during the beta process.
Change management
features, which include the
database replay technology,
looked very promising, said
Singh in Cleveland. The
SQL Performance Analyzer
[SPA] evaluates the impact
of database changes on SQL
performance.
Database 11g also might
allay another of Singhs
big concernspatch and
CASE STUDY: Oracle platforms automation features are a strong driver
fault management. For
fault management, there
is feature-based patching,
he said. One of our chal-
lenges today is [that] when-
ever we get ready to apply
a patch it is a challenge
to go out and look at whats
available and wondering if
its going to break some-
thing else.
AmTrust DBAs cur-
rently spend
time watching
Oracle sites,
i n c l u d i n g
MetaLink, and
using online
search tools
to see if issues
they encounter
are bugs. Based
on AmTrusts
beta use of
Database 11gs
feature-based
patching, Singh said he hopes
to significantly reduce the
time he and his staff spend
searching for patches while
also gaining some assurance
that patches wont unexpect-
edly break other program
features.
Singh also said he hopes
Database 11gs new online
patching capability, which
enables patches to be applied
to a running instance or clus-
ter, will increase application
uptime. We are a 24/7 opera-
tion, he said. It is so difficult
to find a window when I can
deploy a patch. If Im able to
do online patching, that gives
me more uptime.
Indeed, DBAs at most
compani es wi l l l i kel y
rej oi ce t hat Dat abase
11gs online patching fea-
ture will let them apply
patches when its conve-
nient rather than during
the usual middle-of-the-
night service window.
The Oracle Database Job
Scheduler can also be used
to automate online patch
deployment.
In addition, Oracle now
provides ADDM (Auto-
matic Database Diagnostic
Monitor) for the databases
RAC (Real Application
Clusters) feature. With
Dat abase 10g, usi ng
ADDM in a RAC environ-
ment means going to every
instance and printing out
a performance report.
ADDM for RAC on 11g
will give DBAs a global
view of RAC performance
and interconnect issues.
Today, I have a five-
node cluster, said Singh.
I look at my AWR [Auto-
matic Workload Reposi-
t or y ] s naps hot s and
run ADDM across each
instance. I take those five
reports to come up with
my analysis. If I have a
global cache buffer busy
wait, what do I do? Is it
caused by a particular
instance, or is it caused by
something clusterwide?
With ADDM for RAC,
I get one view that Oracle
has consolidated to give
me one point of refer-
ence. So I can see the top
concerns for my cluster,
such as cluster intercon-
nect tuning. This could be
a real timesaver.
Singh said that he plans
to create a certification area
where AmTrust DBAs and
developers continue to get
more hands-on experience
with Database 11g and
that he hopes to be up and
running with the new plat-
form early next year. After
gaining more experience
with the product, includ-
ing further evaluation of
its labor-saving features, he
said hell decide about what
to recommend to senior
management.
eWEEK Labs Technical Direc-
tor Cameron Sturdevant
can be reached at cameron.
sturdevant@ziffdavisenter-
prise.com.
INSIGHT
Online patching gives me
more uptime, Singh said.
Company AmTrust Bank
Location Cleveland
Issue AmTrust, an Oracle
Database 10g shop, is
considering an upgrade to
11g to take advantage of
new online patch deployment,
SQL tuning and application
testing features
Solution The company is
beta testing Oracle Database
11g
Whats next AmTrusts
IT staff is setting up Oracle
Database 11g in a certification
environment to continue test-
ing applications and features
before making an upgrade
recommendation to upper
management
Case file
Source: eWEEK reporting
54 eWEEK n OCTOBER 8, 2007
www. eweek. com
31p54.indd 54 10/3/07 4:39:45 PM
>> Feeling the heat from outraged end users? Poor application performance is a liability you
cant afford, so contact Juniper.
Juniper Networks is the leader in high-performance networking. We deliver LAN-like
availability to everyone, everywhere no matter how remote through one of the most
complete application performance solutions. So accelerate applications, optimize
bandwidth, enhance security, streamline delivery, and get amazing network visibility all
while reducing costs. And all with standards-based platforms that leverage your current
infrastructure investment while accelerating newly deployed applications. The best
solutions, the best economics, happy employees. Only Juniper makes any network a high-
performance network: www.juniper.net/applicationperformance

2
0
0
7

J
u
n
i
p
e
r

N
e
t
w
o
r
k
s
,

I
n
c
.
1 . 8 8 8 . J U N I P E R
COMMENTARY
Technologies emerge at MIT
Texting, Web services were among conference topics worth examining
ERIC LUNDQUIST
T
exting your way to
social network nirvana,
a renaissance in enter-
prise applications and
Web services that hide
a huge amount of com-
plexity were all agenda
items at MITs recent
Emerging Technologies
Conference.
The range of new, and
slightly new, companies
talking about the continu-
ing emergence of new
technology on the techi-
est campus on the East
Coast provided me with
a good counterbalance to
the not another social
networking company
syndrome Im convinced
has blinded the West
Coast to truly interesting
developments.
Given that syndrome,
why would I start out
with a look at Helio and
its CEO, Sky Dalton?
Although it is still unclear
to me whether Helio can
bring in new customers
as fast as it is shoveling
its SK Telecom invest-
ment dollars out the door,
Dalton at MIT did touch
on some key technology
developments.
The Helio phone net-
work riding on Sprint
brings to the United
States the text, multi-
media and location capa-
bilities that have long been
available to countries includ-
ing South Korea (the home
of SK). And the Helio Ocean
device offers the robust text
and Web access that the
iPhone sorely lacks.
In fact, the Ocean packs
more capabilities than your
friendly laptop and will
become the business execu-
tives constant companion as
more business apps find a
home in the mobile world.
Championing the renais-
sance of enterprise applica-
tions was Ann Winblad,
the co-founding partner of
Hummer Winblad Venture
Partners. Actionable analyt-
ics and turning data into
action are Winblads cur-
rent mantras, and I hope
she is right.
The amount of informa-
tion, both structured and
unstructured, coming at a
company executive these days
can quickly lead to business
paralysis as each new set of
data seems to contradict the
previous. The traditional BI
companies do not seem to
be particularly well-suited to
a realm of open-source busi-
ness analytic requirements
driven by data that does not
fit into neat rows and col-
umns. Google, Salesforce.
com and NetSuite, mean-
while, have made a great
business of hiding a lot of
complexity behind a simple
Web interface.
My favorite thing at the
MIT conference was Guil-
laume Cohens company,
Veodia. The company bills its
product as a live TV studio
in a browser, and it works as
advertised. When I think of
all the hassles associated with
recording, storing and broad-
casting video that Veodia
eliminates, I really am con-
vinced that the current crop
of emerging technologies is
worth investigating.
Editorial Director Eric Lund-
quist can be reached at eric.
lundquist@ziffdavisenterprise.
com.
The data coming at an
executive these days can
lead to business paralysis.
COMMENTARY
56 eWEEK n OCTOBER 8, 2007
www. eweek. com
31p56.indd 56 10/2/07 12:38:21 PM
Delist this security idea
Symantec ponders switch from blacklisting to whitelisting
JIM RAPOZA
COMMENTARY
verybody loves lists.
Magazines love lists,
TV shows love lists
and Web sites really
like lists. But possibly
no one loves lists more than
security vendors.
When you break down core
elements of security products,
it often comes down to big
lists: known viruses and spy-
ware, vulnerabilities, access
controls, and programs we
want to run and those we
dont want to run.
This obsession with lists
most recently surfaced in
reports from Symantec. In
interviews related to the lat-
est release of the Symantec
Internet Security Threat
Report, company officials
said that because of grow-
ing security threats and the
increased sophistication of
the bad guys, it may be time
to move from the classic
blacklist security approach
to a whitelist approach. This
means that instead of deter-
mining which programs run-
ning on someones computer
might be bad guys, future
security tools would instead
only let known good pro-
grams run and block out all
other programs.
Whitelists arent new; most
good security implementations
involve some combination of
whitelisting and blacklisting.
And whitelisting is a good idea
when done on an individual
or a company basismeaning
that a person or a company
chooses which applications to
run.
But this isnt the kind of
whitelisting being considered.
Instead, Symantec seems to
be talking about managing a
centralized whitelist of good
applications, and if an applica-
tion isnt on it, it wont run. If
this is Symantecs idea, then it
is a really bad one.
First of all, how would one
get an application onto this list?
Would it be free and easy for
any developer, or would there
be regular fees and hurdles that
would leave many open-source
and small developers out in the
cold? And what about programs
that my company or I write?
Would I be able to circumvent
Symantecs whitelist controls
and easily get these programs
to run, or would I have to jump
through hoops?
One other thing: Doesnt this
whole idea sound an awful lot
like Trusted Computing? I dont
know about you, but if I dont
trust Microsoft to tell me what
I can and cant do with my own
computers, I really dont trust
Symantec to do the same.
Finally, the big weakness
with the whole whitelisting idea
is that it doesnt work from a
security standpoint. Just because
some central authority says an
application is safe or trusted
doesnt mean it cant be used as
an attack point by the bad guys.
Many security problems occur
not because of some rogue appli-
cation getting on a system but,
rather, because an application
already on the system has a hole
that can be abused.
So thanks but no thanks.
When it comes to listing what
can run on my system, Im
going to make the call, not some
third-party security company.
Hey, heres a new list idea for
you! How about bad security
ideas? Sounds like we have a
candidate for the list.
Chief Technology Analyst Jim
Rapoza can be reached at jim.
rapoza@ziffdavisenterprise.com.
E
When it comes to listing
what can run on my
system, Ill make the call.
www. eweek. com
OCTOBER 8, 2007 n eWEEK 57
31p57.indd 57 10/3/07 4:56:29 PM
COMMENTARY
Sign me up for whitelisting
Symantecs suggestion for improving PC security has merit
JASON BROOKS
ymantec has been turn-
ing heads with its sugges-
tion that whitelisting might
be a better way forward for
ensuring the security of
PCs than the blacklisting
approach currently used by
anti-virus productsinclud-
ing those from Symantec.
My colleagues Jim Rapoza
and Larry Seltzer have
recently weighed in on the
idea: Jim doesnt like it (see
story, Page 57), and Larry is
characteristically skeptical of
it. I found it interesting that
Jim cited potential discrimi-
nation against open-source
software as a drawback to
application whitelisting,
since this is the model
around which popular Linux
distributions have been
modeled for years.
Linux distributions such as
Ubuntu, Foresight or Open-
SUSE consist both of core
operating system components
(alongside a handful of often-
used applications), such as
those that ship with Windows,
and a library of other, optional
applications that sit in net-
worked repositories.
If an application resides
in the repositories of your
Linux distributor, that piece
of software has undergone
some sort of vetting process.
The vetting differs from
distro to distro, and most
Linuxes include packages
with graduated levels of
vetting. Ubuntu Linux, for
instance, contains core pack-
ages, which enjoy a higher
level of testing and support
than do its universe or
multiverse packages.
For most distributions,
these packaged applications
are signed with encryption
keys from the distributor,
which gives users the con-
fidence that the packages
are coming from a source
theyve chosen to trust.
The downside of this appli-
cation whitelisting approach
is that sometimes the applica-
tions or the ap plication ver-
sions you want arent available
in your distributions reposito-
ries. In these cases, you must
package the applications your-
self (and take on the vetting
yourself, as well) or turn to oth-
ers whove done the packaging
work (and decide whether to
trust those packagers).
Is it a bummer not to be
able to install any applica-
tion you find floating out on
the Internet? It depends on
how highly you value the
integrity of your systems.
Its the classic battle of secu-
rity versus convenience.
One things for sure:
If you think you can skip
through the Internet, bend-
ing over to pluck and install
any shiny app you see,
youre going to get bitten.
Is application whitelisting
a total solution? I dont think
such a thing is possible. How-
ever, I contend that traditional
anti-virus products cannot,
never could and never will
clean up after app install pro-
miscuity the way that people
wish they would, so better app
vetting and a true commit-
ment to least privilege models
is the only way forward.
Application whitelisting
works for Linux. If Syman-
tec can bring it to Windows,
I say more power to Syman-
tec. What say you?
eWEEK Labs Executive Edi-
tor Jason Brooks is at jason.
brooks@ziffdavisenterprise.com.
If you think you can pluck
any shiny app you see off
the Net, youll get bitten.
COMMENTARY
58 eWEEK n OCTOBER 8, 2007
www. eweek. com
S
31p58.indd 58 10/2/07 1:56:07 PM
Seeking a spam solution
SLOW PROGRESS SHOULDNT DISCOURAGE US FROM WORKING TO STOP SPAM
JONATHAN KOOMEY, MARSHALL VAN ALSTYNE
AND ERIK BRYNJOLFSSON
I
n his sept. 10 column at
eweek.com, Why we havent
stopped spam, Larry Seltzer
outlined his concerns with
our anti-spam plan, which
was published under the
headline Youve got spam in
the Sept. 6 edition of The Wall
Street Journal.
Larrys column began by
identifying inertia and incon-
venience as preventing action
on spam. Hes right that these
can be formidable obstacles,
but there are ways around
them, and our approach was
designed with them in mind.
We suggested a hybrid
choice system because it
would allow e-mail users
themselves to exercise
choice. Using a hybrid sys-
temincluding the current
approach plus authentication
of e-mail senders and/or
anonymous bonds bundled
with e-mails, payable by
e-mail senders and redeem-
able by e-mail recipients
also allows an easier and less
risky transition to a better
e-mail environment.
People who prefer the cur-
rent system can continue using
it as is, while people who pre-
fer low costs can use authen-
tication and people who are
willing to pay for a recipients
attention can use bonding. We
predict that the result will be a
dramatic reduction in spam.
Larry raises the following
objections to our plan:
1) He says success requires
that there be
someone in
charge of
the Internet;
2) He says
that authen-
tication is
inadequate
by itself to
block spam (some measure of
reputation is also needed);
3) He implies that difficul-
ties of establishing a bonding
system are too formidable to
overcome.
Larry is correct that coordi-
nating change can be difficult
when there is no one in
charge, but if the benefits
are large enough, even decen-
tralized systems can change
rapidly. Consider how quickly
Internet users adopted Web
browsers, HTML, HTTP and
related standards, starting
from just a few Web sites and
no central command.
One advantage of the hybrid
system is that individual e-mail
companies can offer it to their
users without requiring partici-
pation of other e-mail provid-
ers or needing a mandate from
a central authority. Of course,
the more companies that offer
the system, the more effective
it would be.
We agree with Larry that
authentication by itself is
inadequate to end spam, but
authenticated e-mail would
be an improvement over the
current system. The phone
system offers a great analogy:
Existing laws, combined with
the relative lack of anonymity
for phone users, let us sue
bad actors for sending junk
faxes or calling people who
are on the do not call list.
Some telemarketing spam
calls still get through, but they
are few and far between.
Authentication allows
e-mail
We empathize with the
frustration over the problem,
but we shouldnt give up.
COMMENTARY
The following column is by Jonathan Koomey, a project scientist at Lawrence Berkeley National
Laboratory and a consulting professor in the Department of Civil and Environmental Engineering at
Stanford University; Marshall Van Alstyne, associate professor of information economics at Boston
University; and Erik Brynjolfsson, the Schussel professor at MITs Sloan School of Management
and director of the MIT Center for Digital Business. The views expressed are those of the authors
and not of their respective institutions.
[CONTINUED ON PAGE 70]
60 eWEEK n OCTOBER 8, 2007
www. eweek. com
31p60.indd 60 10/4/07 2:19:32 PM
ANALYSIS
eWEEK in the blogosphere
COMMENTARY
62 eWEEK n OCTOBER 8, 2007
www. eweek. com
in their sweep for bad code, an actionable list of that
good code would be easy to produce and could lead
to much more secure computing environments for
those willing to take the leap to whitelisting.
Tools and technology are already out there to do
whitelisting, and it is up to the administrator to decide
if and where such technology would be best used.
For instance, application whitelisting is absolutely
intriguing when we are talking about servers. If
you have a virtual server farm, with each instance
performing a limited, core set of functions, why
not whitelist? You already know what should be on
there, and you want to prevent anything else from
running.
On the desktop, obviously the argument for appli-
cation whitelisting is more complicated, as various
deployments will stray mightily from the golden image
when you account for all the different task-specific
permutations of applications that are necessary to do
this job or that.
During Bit9 testing, I found it easier to deploy
whitelisting with fresh systems rather than on an in-
place desktop or laptop fleet, due to the large disparity
of configurations.
But when beginning the project from a known start-
ing place, whitelisting can be a fine complement to a
Least Privileged User configuration. Administrators
can then adjust whitelist policy, by knowledge group, to
adjust for the different approved applications needed
for workers to do their jobswhether these applica-
tions are bought, open source or homegrown.
The big question with application whitelisting
should instead rest on who ultimately has control
over the list.
If an AV vendor like Symantecor a security soft-
ware company such as Bit9 or Lumensionrules the
whitelist with absolute authority, then, no, whitelisting
will not work.
But if the IT administrator has the flexibility to
adjust the whitelist, along with the tools to identify
differing applications and adjust policy accordingly,
then whitelisting is a feasible approach.
Posted Sept. 21, 2007 3:38 PM PDT
Andrew Garcia: Signaling IT
WITH THE RIGHT TOOLS AND
PERSPECTIVE, WHITELISTING
CAN WORK
U
nlike some of my counter-
parts here at eWeek, I am
among those who think applica-
tion whitelisting is definitely an
interesting idea whose time has
come for greater exploration in the enterprise.
But administrators dont need to buy into the concept
over the whole enterprise, as there are places where
it makes more senseparticularly from an ease-of-
administration perspective. But with the right tools and
the right plan, whitelisting is feasible.
A few vendors are already doing application
whitelisting for enterprise customers with some
interesting results.
For instance, I reviewed Bit9s Parity earlier this
year and found it to be a pretty compelling product
that just needed a little more polish. What I liked
most about the product, however, were the tools Bit9
had created to identify and vet applications on the
Web. Their ParityCenter and FileAdvisor services
actively acquire software from the Web, determining
who signed the file and scanning it for malware
then placing the code found into buckets of unsafe
vs. safe applications, thereby giving administrators a
frame of reference to base policy decisions on.
Also, Lumension ( formerly PatchLink, which
bought SecureWave) has been mining the whitelist
area for a while, teaming it with excellent port block-
ing controls, something Bit9 has also improved on in
its latest version.
If other vendors with more clout and more resources
(such as Symantec) want to get into the practice of
vetting and giving a seal of approval (for whitelisting
purposes) to applicationsrather than just finding
and identifying malwarethen I see that as a good
thing for the security industry.
Since the vendors automated tools are undoubtedly
already culling and examining good code anyway
31p62.indd 62 10/3/07 4:15:08 PM
ANALYSIS
ANALYSIS
COMMENTARY
Tiffany Maleshefski:
Desktop Confidential
VIOLENCE, BLOODSHED, GORILLAS
AND YOUR CELL PHONE
I
t rarely surprises me anymore
to discover something Ive lovingly
turned to every day is actually bad for
me and/or the world. My first encoun-
ter with this was when I learned how
many calories and fat grams my morn-
ing latte had. Thats not the wake-up
call I wanted.
So, fine, regular ol coffee and non-
fat milk it would be, until I discovered the coffee wasnt fair
trade. I switched to a fair trade vendor, but then realized
the paper cup into which my morning Joe was poured
was the least green choice I could make. Even if the cup
is made from recycled materials, it still takes up valuable
real estate in already clogged landfills.
Anyway, the list goes on and on, as you can imagine,
and, at the risk of beginning to sound like Jerry Seinfeld,
let me get to my point.
Recently, I learned that my computer and cell phone
contain a metal powder called columbite-tantalite, an
ore better known as coltan that is mined in Australia
and Brazil. Its also zealously mined in the Republic of
the Congo, where the high demand for this high-tech
essential led to the decimation of the Eastern Lowland
Gorilla population and one of the worlds greatest wild-
life parks, Kahuzi-Biega National Park.
I was stunned. I had no idea that my phone (which Ive
replaced quite a few times over the past few years) could pos-
sibly have something to do with the slaughter of hundreds
of gorillas and the demise of the African rain forest.
Outcry over this issue reached a fever pitch in 2001
Michael Hickins:
E-piphanies
WHOS ACCOUNTABLE IN
THE GAP DATA BREACH?
I
ncredible.
It seems like the Gap did
everything right. It used an expe-
rienced third-party vendor to manage job applicant data.
It insisted that the vendor use encryption to protect that
data in case of loss or theft.
Seems like the vendor didnt listen and, worse,
hasnt been listening. It failed to encrypt the data
when the demand for this precious material peaked due
to the unprecedented growth in the high-tech industry,
which led to fears among manufacturers of a diminished
coltan supply. That meant manufacturers were doubling
and tripling orders of the new black gold, afraid that
the worlds coltan supply could run out. And to some
extent, their instincts were spot on, with a worldwide
shortage of coltan upon us.
Not surprisingly, the high demand has driven up the
price for the mineral exponentially. Once priced at $30 a
pound, coltan can now command a price tag of roughly
$200 a pound. Like those from the 1849 Gold Rush, miners
have descended upon the Congo mines hoping to reap the
new fortunes this integral ore promises to pay.
Besides tearing into the regions natural habitat, the
miners began shooting the elephants and the gorillas
for meat. A researcher from the Wildlife Conservation
Society took a closer look at the destruction in the region
and found the elephant population had been essentially
knocked down to zero. Meanwhile, the estimated popula-
tion of the gorillas dropped by 50 percent.
It gets even uglier. Many folks believe the coltan industry
has been used to fuel a bloody civil war between insurgents
in the Congo, as well as an ongoing feud with looting
rebels in nearby Rwanda, Uganda and Burundia.
The United Nations issued a report on the deplorable
conditions surrounding the coltan industry a few years
ago, pressing for change, suggesting guidelines to high-
tech companies and attempting negotiations between
those warring factions hoping to gain control of these
lucrative mines.
Luckily, as more light is shed on this dark topic, public
outrage has led to, at the very least, attention to the subject.
Still, the bulk of the power for change rests in the hands
of those companies reliant on coltan for their existence.
Posted Sept. 14, 2007 1:02 PM PDT
contained on a laptop on which information about
800,000 job applicants was stored. Thats not exactly
like someones BlackBerry was left on the counter
at Starbucks. This is the height of cavalier vendor
irresponsibility.
So where is the accountability? Why is the Gap pro-
tecting the vendor by refusing thus far to identify it?
My colleague Evan Schuman has already detailed the
shamefully easy terms of TJXs settlement with cus-
tomers over stolen data. If customers wont hold their
vendors feet to the fire for such activity, when will this
kind of breach ever cease?
Posted Sept. 29, 2007 11:13 AM EDT
www. eweek. com
OCTOBER 8, 2007 n eWEEK 63
[CONTINUED ON PAGE 64]
31p62.indd 63 10/3/07 4:15:30 PM
Deb Perelman: Careers
MICROSOFTS PLAN:
HIRE FROM WITHOUT
W
hen a company needs to hire,
its got two places to look: inside
the ranks or outside the organization.
Human resources experts will tell you
that the first option is the favorable one, and not just because
it may seem more convenient: Hiring from within is seen
as a huge boost to employee morale. In workplaces where
employees continually see managers and directors brought
in from outside company ranks, employees are more likely to
feel stagnant and find themselves looking toward the door.
The highest levels of workplace retention are in environ-
ments where there is a clear investment in the career track of
individuals, Kevin Young, vice president of EMEA sales for
SkillSoft, a provider of content and technology for IT profes-
sionals, told eWeek in February. It brings people in when you
can see what development roles are laid out for people.
However, an article in The Wall Street Journal Sept. 26 dis-
cusses how Microsoft CEO Steve Ballmer does just the oppo-
site. As the company tries to expand into the areas of online
music, video games and advertising, Ballmer has determined
that he must tap outsiders rather than rely on homegrown
managers as the company has done in the past.
In fact, how Brian McAndrews, Microsofts new senior
vice president for advertising and publisher relationships,
fares at the company is being seen as a test of whether the
software maker is becoming more hospitable to outside
talent. McAndrews is one of six executives Ballmer has
hired from the outside since 2005.
The Journal paints Microsoft as a company that has dif-
ficulty integrating new executives due to its insular culture,
sheer size and the exalted status of its engineers, a point
that has not been lost on the recruiting team behind its
JobsBlog. A recent entry responds to concerns by employees
who believe that the company is wrong to bring people in
from the outside when it could be promoting from within
its ranks. In order for an organization to continue to be at
the top of its game, you need people who know this place
like the back of their hand, writes technical recruiter Janelle
Godfrey. You need college hires, you need people with
10-plus years of experience working in 10 different groups.
But, you also need people who have seen how the other half
works, including our competitors and people from other
industries. This balance allows a company to thrive.
But the question is: Do the workers, some of whom
might feel passed over for these promotions, agree?
Posted Oct. 1, 2007 6:45 PM EDT
ANALYSIS
COMMENTARY
Joe Wilcox: Microsoft Watch
JELLYFISH: MICROSOFT
GOES SOCIAL SHOPPING
M
icrosoft s acquisition
of Jellyfish.com is a smart
move, but one that could sting
Microsoft if the company swims
the same waters as other shopping
comparison sites.
I happen to know something about shopping com-
parison sites from my days as an analyst. One of my
last analyst projects covered shopping comparison sites,
of which there are many. My take on why there are so
many of these services: They dont give buyers enough
of what they really need.
The presumption is that shoppers want to compare
product features and find the lowest price. The approach
falls short of what many buyers really need, particularly
when online fraud raises issues of distrust on both
sidespurchaser and seller. The three pieces of infor-
mation I would expect from a shopping comparison
site that I often dont see are:
1) Full pricing, including shipping.
2) Proof the seller is for real.
3) Seller store and services information.
Most shopping comparison sites focus on the prod-
uct and pricing. Jellyfish provides similar information
but goes much further by giving information about
the seller, too.
The approach also means the buyer may stay longer
on the site, which is an important distinction from
most other shopping comparison sites. The longer
someone spends at the site, the more additional com-
merce opportunities a service can derive.
Additionally, Jellyfish will kick back a small percent-
age of its profits to buyers, which has numerous ben-
efits. Buyers have to register, which provides valuable
commerce-tracking and marketing information. The
approach makes Jellyfish more than a way station for
anonymous shoppers.
Jellyfish has a fresh approach that distinguishes it
from many other shopping comparison sites and in a
way that resonates well with Microsofts broader Live
objectives. Microsoft could get stung or use the stinger
on competitors.
The right approach would be to make Jellyfish more
readily available through Live Contacts, Messenger,
Search and Spaces. Microsoft would do better by extend-
ing the social-shopping capabilities outward rather than
cooking Jellyfish in a Live casserole.
Posted Oct. 2, 2007 9:49 AM EDT
64 eWEEK n OCTOBER 8, 2007
www. eweek. com
BLOG WATCH FROM PAGE 64
31p62.indd 64 10/3/07 4:15:41 PM
INTERVIEW
dealing with?
We have the challenges of
finding new technologies.
And many of the challenges
relate to the products and
the product development
for example, how to adapt
products for the customer
and the segments we are
developing the product for.
How does the requirements-
Could you explain your role
as CTO at Saab Security
Systems?
Im responsible for prod-
uct development and prod-
uct managementstrate-
gic product management
based on the needs of the
market.
What are some of the chal-
lenges that you find yourself
Jenny Hllmats-Bergvik
Adaptive technology
Giving customers what they want is
key for Saab Security Systems CTO
eadquartered in jrflla, sweden,
Saab Systems supplies customized
decision support systems, products
and components to the defense, avia-
tion, space and civil security markets. The company
has more than 1,200 employees in Sweden, South
Africa, Australia and Denmark.
eWeek Editor Debra Donston recently spoke
with the CTO of Saab Security Systems, Jenny
Hllmats-Bergvik. In a phone interview and via
e-mail, Hllmats-Bergvik discussed Saab Security
Systems flagship product, the Wearable Command
Unit, and the challenges of adapting products to
customers varied needs.
What we often do is let
customers try out technology
and see how it works.
development process work
with customers?
Sometimes the customer
knows the requirements
and what they want. If
they dont really, then we
have a process to find
requirements together
with the customer and to
understand the environ-
ment the users are work-
ing in.
Do you find that the cus-
tomers you deal with under-
stand the potential and the
limitations of technology?
In other words, do you find
yourself often resetting expec-
tations?
What we often do is let
customers try out tech-
nology and see how it
works. When they try it
or look at it, they see what
they can do with it and
the possibilities it gives
them.
So, no, I wouldnt say
that [expectations] are
unrealistic.
So, they may be underesti-
mating potential in some
cases?
Its like a revolution to their
way of doing things.
INTERVIEW
[CONTINUED ON PAGE 66]
H
www. eweek. com
OCTOBER 8, 2007 n eWEEK 65
31p60.indd 65 10/4/07 2:19:36 PM
What industries are your
customers in?
Theyre basically in three
different segments: first
response, including police,
ambulance and rescue ser-
vice; critical infrastructure
protection; and crisis man-
agement, from communi-
ties up to the international
level.
Could you explain what the
Wearable Command Unit,
or WCU, is?
Its a very unique prod-
uctan outcome of expe-
rience with developing
command- and- control
systems. The WCU is a
command- and- control
system adapted to work
in a commercial market,
based on off-the-shelf
products [and] aiming to
give the users situational
awareness.
The WCU is based on
the net-centric security
concept, which aims to
provide a structured inte-
gration model for secu-
rity service consumers
and producers. A stated
goal of network-centric
security is to ensure ele-
vated levels of security
through a rel iance on
technology-based solu-
tions. These systems are
intended as a means of
alleviating the burden
carried by empl oyees,
with technologies that
complement rather than
replace labor.
A further goal is to
make it easier and more
cost-efficient to integrate
older existing systems
and future systems. By
ensuring this level of inte-
gration, the customer can
feel that earlier invest-
ment in systems is not
wasted and that the sys-
tem lends itself to future
upgrade.
Could you give an example
of how the WCU is being
used?
The WCU gives users a
common situational pic-
ture or awareness and
the capability to commu-
nicateeven if the users
are in different places or
in different environments
or at different command
and control levels. It really
means that they can be
anywhere, but they can
still share the same infor-
mation.
If you look at the basic
functionality, you can have
a mapa common situa-
tional picturewhere you
can see where all the others
are. And you can handle
case managementwho
should do whatand the
others can see what they
are doing.
What technologies underlie
the WCU?
The WCU is a cl ient/
server-based platform that
we have developed. So its
built on our own integra-
tion model. But its built
on [Microsoft] .Net, with
C# as the programming
language. And its devel-
oped to be running in a
Windows environment.
Did you choose .Net and
Windows because those are
platforms you tend to use
often, or was that some-
thing that you felt would
hel p with the common-
alities you needed for the
platform?
We use it because its our
own server-oriented archi-
tecture, and because its a
development platform for
the future. You can use it
on standard computers,
and we can follow the com-
mercial market. And its
also more cost-effective.
Did you develop this for a
particular customer?
INTERVIEW FROM PAGE 65
INTERVIEW
66 eWEEK n OCTOBER 8, 2007
www. eweek. com
[CONTINUED ON PAGE 70]
Saab Security Systems client/server-based Wearable Command Unit, designed together with the Swedish
Rescue Services Agency, provides common situational awareness using a variety of mobile devices.
The WCU gives users a
common situational picture
or awareness and the
capability to communicate.
31p60.indd 66 10/4/07 2:19:50 PM
P o r t a b l e S e r v e r E n v i r o n me n t s
Kells Portable Server Environments are a very real
self-contained alternative to building dedicated server
rooms. And at a fraction of the cost, they save you
time, money and space.
Comprehensively soundproofed and equipped with
a super efcient silent cooling system, PSEs make it
possible for hot-running, noisy hardware to be installed
directly in the open ofce.
A single 24 U PSE supports up to six servers,
providing ample processing power for the average
100-person ofce.
And with a wide range of styles and nish options
designed to blend into all environments - from the
boardroom to the tearoom - Facilities will not be
a problem.
Kell Systems Inc. info@kellsystems.com Web :: www.kellsystems.com
Call: +703.818.0033
Very clever cabinets
a room in a box?
INTERVIEW
We started to develop it
together with the Rescue
Service. But then we saw
that the requirements are
almost the same for even
more users or customers.
Encryption and compres-
sion are important to what
you do.
Yes. We have a lot of mobile
clients. We communicate
through TCP/IP.
Secure communication
as an integral require-
ment within the mar-
ket has been a strong
focus for us throughout
the development of the
WCU. Our products are
designed to operate in an
environment where cer-
tainty must be achieved
regarding the integrity
of communication. Our
ongoing commitment in
this regard includes the
use of both compression
and encryption technolo-
gies throughout our solu-
tions, integrating AppGate
and Suns Security Server
technologies.
Furt hermore, com-
pression is of the utmost
importance, as it reduces
the consumption of valu-
able resources, specifi-
cally transmission band-
width. Encryption and its
converse, decryption, of
communication disallow
the introduction of third
parties.
Authorization is a fur-
ther point of measured
design effort on our part.
Users have roles speci-
fied, providing a means
to both limit complexity
to the user and ensuring
division of labor within the
system. Each role has per-
mission to activate a num-
ber of plug-ins, which in
turn has access to perform
different tasks within the
clients workflow model.
What other products are you
developing now?
From my perspective, Im
working on developing the
WCU for different custom-
ers, but also on keeping the
framework the same. Our
architecture is handling
consumers and producers.
Its easy to integrate with
other systems, but it also
has a plug-in architecture,
and that makes it easy to add
extra functionality to it.
70 eWEEK n OCTOBER 8, 2007
www. eweek. com
recipients to more easily block
mail from spamming addresses.
Authentication can also help to
enforce good behavior: If someone
asks to be removed from an e-mail
list and the spammer refuses to do
so, or if the spammer sends out
an obvious scam, the e-mail pro-
vider then blocks the spammer.
We also agree with Larry that
there are details to work out on
bondingthe idea that senders
could attach bonds worth a
few pennies to their e-mail mes-
sages, payable to the recipient, as
a way to vouch for the messages
legitimacy. In particular, a bond-
ing system will require micro-
payments (or minipayments) and
user-level authentication.
Small e-mail providers already
have implemented such sys-
tems, and these providers pri-
vately report that costs of operat-
ing bonding systems at a large
scale should be low enough
to be feasible. The question of
malicious hacking is a serious
one, but that, too, can be man-
aged, as it has been for credit
cards and online commerce.
It is an unfortunate historical
artifact that this type of security
wasnt built into our e-mail infra-
structure from the beginning,
but that certainly doesnt mean
that we cant incorporate it now.
Instead of dwelling on the dif-
ficulties of bonding (which we
think are surmountable), lets
consider the opportunities. At
present, legitimate advertisers
such as Citibank, Toyota and L.L.
Bean cannot advertise credit, cars
or clothing via e-mail for fear of
tarnishing their brands and being
identified as spammers. But what
if they paid you?
Advertisers spend $270 billion
annually to reach you. That is
almost $1,000 per person. Part of
this expenditure could go directly
to your pocket instead of into
TV overhead, radio broadcasts
or newspaper ads that clog up
landfills. Ultimately, bondings
cost-effectiveness and feasibility is
an empirical question requiring
serious testing at a large scale. We
havent seen that testing yet, and
we think its time to try.
Will a hybrid system completely
solve the spam system? We doubt
it. But, we cant let the perfect be
the enemy of the good. Most
e-mail users are fed up with spam,
but they dont take action because
they assume theres nothing they
can do about it. Ironically, that can
become a self-fulfilling prophecy.
Because of network effects, inertia
of others makes it less worthwhile
for any individual to take action.
However, if enough people adopt
a hybrid system, then even todays
skeptics will find it beneficial to
join the movement.
INTERVIEW FROM PAGE 66
Compression is of the
utmost importance, as it
reduces the consumption of
valuable resources.
SPAM FROM PAGE 60
COMMENTARY
31p60.indd 70 10/4/07 2:20:13 PM
e n t e r p r i s e
' | \ \ | | | | 1
Baseline Baseline Baseline Baseline Baseline
WHERE LEADERSHIP MEETS TECHNOLOGY

' | \ \ | | | | 1 1 J 1 1
P|a:e ]cu| ad || ||e
Z|ff 0av|s Ned|a Fnterpr|se 0|ass|f|ed 0roup:
ewEE|, C|0 ||||| a|d Bae|||e.
*Keep ]our campaign highl] visiole and increase reader
impressions o] running ]our ad four times per month in ewEEK
|c| rc|e |||c|ra||c| :a|| 1-800-/b8-8/89
UNINTERRUPTIBLE
POWER SUPPLIES
BUY SELL NEW REFURBISHED
SmartUPS

750..................$229.00
SmartUPS

1500.................$399.00
SmartUPS

1500 RM2U.......$549.00
SmartUPS

2200 RM2U.......$799.00
SmartUPS

3000 RM2U.......$999.00
www. upsf or l ess. com
( 866) 577- 3628
UPSFOR LESS
experts in uninterruptible power supplies
3 Magazines - 1 Insertion Order - 1 Price
1,775,000 Potential Customers
Place your ad in the
Ziff Davis Media Enterprise Classified Group:
eWEEK, CIO Insight and Baseline.*
The largest classified advertising arena in the Enterprise IT market.
For more information call 1-800-758-3789
Network with Spider
(from $800)
Web with Spider
(from $999)
Publish for CD/DVDs
(from $2,500)
Engine for W
in & .NET
Desktop with Spider
($199)
Network with Spider
(from $800)
Web with Spider
(from $999)
Publish for CD/DVDs
(from $2,500)
Engine for W
in & .NET
Engine for Linux
Engine for Linux
Desktop with Spider
($199)
1-800-IT-FINDS www.dtsearch.com
Instantly Search Terabytes of Text
Bottom line: dtSearch manages a terabyte of text in a single index and
returns results in less than a second InfoWorld
For combing through large amounts of data, dtSearch leads the market
Network Computing
Blindingly fast Computer Forensics: Incident Response Essentials
Covers all data sources ... powerful Web-based engines eWEEK
Searches at blazing speeds Computer Reseller News Test Center
The most powerful document search tool on the market Wired Magazine
For hundreds more reviews and developer case studies see www.dtsearch.com
over two dozen indexed, unindexed, fielded data and full-text search options
highlights hits in HTML, XML and PDF, while displaying links, formatting and images
converts other file types (word processor, database, spreadsheet, email and
attachments, ZIP, Unicode, etc.) to HTML for display with highlighted hits
Spider supports static and dynamic Web content, with WYSWYG hit-highlighting
API supports .NET/.NET 2.0, C++, Java, SQL databases. New.NET/.NET 2.0 Spider API
dtSearch

Reviews
The Smart Choice for Text Retrieval

since 1991
New
64-bit beta
Contact dtSearch for fully-functional evaluations
e n t e r p r i s e
' | \ \ | | | | 1
Baseline Baseline Baseline Baseline Baseline
WHERE LEADERSHIP MEETS TECHNOLOGY
For full details, Visit www.apc.com/promo Key Code x527x
Call 888.289.APCC x9188 Fax 401.788.2797
2007 American Power Conversion Corporation. All rights reserved. NetBotz, NetShelter and InfraStruXure are registered trademarks of American Power Conversion Corporation. Other trademarks are property of their respective owners.
132 Fairgrounds Road, West Kingston, RI 02892 USA AX4A6BF_NAMf
Download Free Rack white papers
Rack PDU starts at $89.99
Power distribution that remotely controls power
to individual outlets and monitors the aggregate
power consumption.
Switched, metered, and basic models available.
Includes horizontal, vertical, and toolless mount.
Puts power in the racks near the equipment where
it is needed most.
Wide range of input and output connections from
single-phase to 3-phase.
Rack-mount Keyboard Monitor starts at $1550
1U rack-mountable integrated keyboard, monitor and mouse.
15 or 17 ultra-thin, LCD monitor with
integrated keyboard.
Ease of installation minimizes support and
maintenance costs ensuring lower cost of ownership.
Can be used in a variety of IT environments from
computer rooms to large data centers.
Cable Management starts at $29.99
Comprehensive selection of accessories designed
to organize power or data cables within a
rack environment.
Eliminates clutter and cable stress.
Zero U of rack space with the vertical cable organizer.
Quick-release tabs, toolless mounting.
APC, the name you trust for power protection, also
offers a comprehensive line of non-proprietary racks,
rack accessories and management tools that ensure
the highest availability in a multi-vendor environment.
With APC racks, accessories, and management tools,
you can design a comprehensive rack solution that
meets your availability needs for today and that
easily scales up for tomorrow.
Need assistance? Our expert Congure-to-Order
Team can custom tailor a complete rack-mount
solution that suits your specic requirements.
Contact APC today and protect your rack application
with Legendary Reliability

.
NetShelter

SX starts at $1150
Rack enclosures with advanced cooling, power distribution,
and cable management for server and networking
applications in IT environments.
Integrated rear cable management channels allow easy
routing, management and access to large numbers of
data cables.
3000 lbs. weight capacity.
Vendor neutral mounting for guaranteed compatibility.
Toolless mounting increases speed of deployment.
NetBotz

Security and Environmental

starts at $889
Protecting IT assets from physical threats.
Visual monitoring of all activities in the data center
or wiring closet.
Third-party monitoring via dry-contacts, SNMP, IPMI,
05V and 420mA.
User-congurable alarm and escalation policies.
Temperature, humidity, and leak detection.
NetShelter is completely
compatible with all APC
award-winning InfraStruXure

architecture, allowing you to

add rack, power and cooling
on a scalable as-needed basis.
The NetShelter

SX is
vendor neutral and carries
the Fits Like a Glove
compatibility guarantee.
Rack Air Removal Unit SX starts at $2600
Rear-door fan system for performance heat removal up to 23kW
Temperature controlled, variable speed fans allow reduced
energy consumption during off-peak cooling periods.
Ducted exhaust system increases air conditioning efciency
and prevents hot spots by eliminating recirculation.
Manageable via Web, SNMP, Telnet and local LCD display.
Site Selection for
Mission Critical
Facilities
White Paper #81
Re-examining the
Suitability of the Raised
Floor for Data Center
Applications
White Paper #19
Essential Rack
System Requirements
for Next Generation
Data Centers
White Paper #7
Start with the right rack,
and you cant go wrong.
Get the seamlessly integrated, fully compatible
NetShelter

rack system from APC

.
eWEEK (ISSN 1530-6283) is published weekly except for July 16 and 30, Aug. 6 and 20, Sept. 3, Oct. 1 and 29, Nov. 19, Dec. 10, 24, 31 and combined issues (Feb.
12/19, April 2/9 and June 25/July 2) and by Ziff Davis Enterprise Inc., 28 East 28th St., New York, NY 10016-7930. Periodicals postage paid at New York, NY, and
additional mailing offices. Single-copy price including first-class postage: $6. One-year subscription rates: U.S. $195, Canada/Mexico $295, foreign airmail $395.
All orders must be prepaid. Subscription inquiries should be directed to Customer Service Department, eWEEK, P.O. Box 3402, Northbrook, IL 60065-3402, or call
(888) 663-8438, fax (847) 564-9453; Customer Service Web site: http://service.eweek.com. Please note that changes of address require that a new application be
filled out completely, and please include both the new and the old addresses. Please allow a minimum of 4 to 6 weeks for processing. POSTMASTER: Send address
changes to eWEEK, P.O. Box 3402, Northbrook, IL 60065-3402. We periodically make lists of our customers available to carefully screened mailers of quality goods
and services. If you do not want to receive such mailings, please let us know by writing us at Customer Service Department, eWEEK, P.O. Box 3402, Northbrook, IL
60065-3402. GST registration number 865286033. Publications Mail Agreement No. 40009221. Return undeliverable Canadian addresses to P.O. Box 503, RPO West
Beaver Creek, Richmond Hill, Ontario L4B 4R6. Printed in the U.S.A.
COMPANY PAGE TELEPHONE URL
Advanced Micro Devices 7 www.amd.com/quadcore
Alien Technology 38 www.rfidsolutionscenter.com/classified
American Power 21 (888) 289-APCC www.apc.com/promo
Conversion Corp.
CDW G2-G3, G6-G7 (800) 767-4239 www.cdwg.com
Diskeeper Corp. 31 (800) 829-6468 www.diskeeper.com/ew8
Hewlett-Packard 47, 49, 51 www.hp.com
IBM 9, 15, 17, 59, www.ibm.com
61, 68-69
Insight Direct USA 5 (800) 927-3209 www.insight.com
Juniper Networks 55 (888) JUNIPER www.juniper.net/applicationperformance
Kell Systems 67 (703) 818-0033 www.kellsystems.com
Microsoft 2, 36-37, 43 www.microsoft.com
Oracle Corp. 53 (800) ORACLE1 www.oracle.com/database
Samsung Electronics 10 www.samsungssd.com
America
Sungard Availability 29 (800) 468-7483 www.availability.sungard.com/ia
Services
Symantec 27 www.symantec.com
UAL 23 www.united.com/taipeitravel
VeriSign Inc. 75 (866) 893-6565 www.verisign.com/dm/evssl
Verizon Wireless 19 www.verizonwireless.com/builtin
Webroot Software Inc. 25 (866) 865-3294 www.webroot.com/eweek
ISSUE FEATURES DEMOGRAPHICS
Oct. 22 Careers
Compliance
Nov. 5 Development Developer Solutions
Mobile computing Government Solutions
Nov. 12 Campaign 2008 Channel Solutions
Networking Security Solutions
Nov. 26 Data protection
Productivity Apps
E DI T ORI AL CAL E NDAR
Marketing
resources
For information about advertising
in the No. 1 enterprise newsweekly,
go to www.eweekmedia.com.
Youll find the resources you need,
including our events calendar, research
and circulation summaries, as well
as background info on eWEEKs
award-winning print and online brands.
A D V E R T I S I N G C L O S I N G D A T E S
ISSUE CLOSING DATE ISSUE CLOSING DATE ISSUE CLOSING DATE ISSUE CLOSING DATE
Oct. 22 Oct. 8 Nov. 5 Oct. 22 Nov. 12 Oct. 29 Nov. 26 Nov. 12
ADV E RT I S I NG S AL E S OF F I C E S
Karl H. Elken
Group Publisher & Vice President
(212) 503-5631
NATIONAL REGION
Chris May
National Sales Director, Channel
(415) 547-8241
Tia Lambert
Marketing Specialist
(415) 547-8486
EASTERN REGION
Matthew Merkin
Group East Coast Ad Director
(212) 503-5641
Darrell Gottlieb
Midwest District Sales Manager
(212) 503-5650
Kate McLaughlin
Northeast/Southeast District Sales Manager
(212) 503-5685
Gena Grossberg
Account Executive
(212) 503-5647
WESTERN REGION
Christina Card
Regional Sales Manager
(415) 547-8474
Kelsey Chao
District Sales Manager
(415) 547-8485
Jessica Cooper
Sales Assistant
(415) 547-8866
CUSTOM SOLUTIONS GROUP
Martha Schwartz
Senior Vice President
(212) 503-5643
Jason Ratner
Senior Executive Sales Director
(415) 547-8813
Beatrice Olivas
Executive Sales Director
Face to Face Events
(415) 547-8476
CIRCULATION
Kelsey Voss
Circulation Director
(212) 503-5320
Dorrett McDonald
Circulation Manager
(212) 503-5340
SUBSCRIPTION INQUIRIES
(888) 663-8438; Fax: (847) 291-4816
http://service.eweek.com
eWEEKS sales and marketing staffs can be reached at
(212) 503-5600 or (800) 758-3789, or via e-mail by using the
following convention: name.surname@ziffdavisenterprise.com.
eWeek, PC Week, PC Week Netweek, PC Week Shoot-Out, Spencer
F. Katt and Spencer F. Katt: Rumor Central are registered trademarks
of Ziff Davis Publishing Holdings Inc. Copyright (c) 2002 Ziff Davis Media
Inc. All rights reserved. Reproduction in whole or in part without permis-
sion is prohibited. For permission to reuse material in this publication
or to use our logo, send e-mail to permissions@
ziffdavis.com. For reprints, contact Hiedi Brooks via
e-mail, hbrooks@fostereprints.com; phone, (866)
879-9144.
AD INDEX
www. eweek. com
OCTOBER 8, 2007 n eWEEK 73
31p73.indd 73 10/4/07 3:23:49 PM
74 eWEEK n OCTOBER 8, 2007
www. eweek. com
Spill your guts at spencer.katt@ziffdavisenterprise.com, or give the Katt a howl at 781-938-2627.
SPENCER F. KATT
Katt tests Web 2.0 waters
Google searches for stake in MySpace; GE cozies up to Mozy
T
here must be something to this Web 2.0 stuff,
quoth the Kitty as he sorted through this weeks
collation of tips and rumors. The Fastidious Feline
has always been suspicious of any designated technology
trend cooked up mostly by market analysts and industry
sales departments.
The Web 2.0 moniker usually sends Spencers FUD-
O-Meter buzzing because the
term has more definitions than
Websters Unabridged Dictionary.
Along with the Web 2.0 fad, the
tip stalker is wary of the constant
claims that every gadget, wire-
less phone, social networking
site or online videoconferencing
service is fated to be a hit in the
enterprise world.
But after switching off his iPod and firing up his
BlackBerry 8820 evaluation unit, the Wireless One had to
concede that there is some big money behind the latest
consumer crossover craze.
The Peripatetic Puss had just returned from a quick
trip to Chicago, where he heard that Google wants to
invest as much as $900 million in the MySpace social
networking site. The word is that MySpace owner News
Corp. and Chairman Rupert
Murdoch are giving the pro-
posal serious consideration,
although a decision apparently
is not imminent.
Google likes the idea of
cross-marketing ads and
promotions on MySpace and
Googles own YouTube, the
Chi-Town tipster told the Tabby.
Google would have partial
ownership of MySpace and
hefty revenue streams from
the Webs two most successful
youth networking sites.
Then there is online storage
backup vendor Mozy, recently
acquired by EMC. Mozy used
to be just a consumer play
providing online data backup service for home PC own-
ers. Then it landed a $10 million contract with General
Electric.
How did that happen? the Persistent Puss demanded
from an analyst contact. It turns out that GEs CIO, Gary
Reiner, used Mozy at home and decided it would be a great
solution for the enterprise.
Spencer spent some time in his
Hub stomping grounds to check
out the Emerging Technology
Conference at the Massachusetts
Institute of Technology. One of the
neat little gadgets at the event was
a wireless device that replaced the
typical convention identity tags.
If you took a close look at it, the
tag displayed a brief menu of options and actions. The tags
were designed so conference attendees could beam their
contact information to each other, similar to beaming infor-
mation between Palm devices. The tags were developed by
a Boston company called nTag Interactive.
The technology was spiffy, but the performance was not.
Info beaming was uncertain at best. It took patience and
persistence to do the info transfer, and sometimes it didnt
happen at all.
@
LITTERBOXLYNX
www.crucial.com
www.splitreason.com
www.bored.com
And dont forget me at go.eweek.com/kattoon
RUMOR CENTRAL
31p74.indd 74 10/4/07 4:30:37 PM
Gt your r EV whit papr at www.vorisign.comomovssl or call -866-893-6565.
WHI TE PAPER
The Latest Advancements
in SSL Technology
WHI TE PAPER
+ Introduction 3
+ SSL Overview 3
+ Server Gated Cryptography: 4
Enabling Strong Encryption
for the Most Site Visitors
+ Extended Validation SSL 5
(EV SSL): The Gold Standard
for Authentication
+ Browser Support for EV SSL 6
+ Third Party Trust Marks: 6
Inspiring Consumer Confidence
+ Summary 7
CONTENTS
WHI TE PAPER
3
The Latest Advancements
in SSL Technology
+ Introduction
Secure Sockets Layer (SSL) is the World Standard for Web Security. SSL technology
confronts the potential problems of unauthorized viewing of condential information,
data manipulation, data hijacking, phishing, and other insidious Web site scams by
encrypting sensitive data so that only authorized recipients can read it. In addition to
preventing tampering with sensitive information, SSL helps provide your Web sites users
with the assurance of having accessed a valid Web site. Support for SSL is built into all
major operating systems, Web applications, and server hardwaremeaning that SSLs
powerful encryption technology helps provide your business with a system-wide, liability
limiting security blanket for fortifying consumer condence, boosting the percentage of
completed transactions, and enriching the bottom line. Due to recent advances in SSL
technology, there is a variety of different kinds of SSL. In this paper, we will discuss some
of these advances to help you decide which would be best for your organization.
+ SSL Overview
SSL became the standard over a decade ago to ensure the privacy of online
communications. A special data le called an SSL Certicate is created for a specic server
in a specic domain for a specic entity. Similar to a passport or drivers license, SSL
Certicates are issued by trusted authorities such as VeriSign. Every entity that receives an
SSL Certicate must pass some form of authentication that veries it is who it says it is.
With the explosion of phishing and other fraudulent Web activity aimed at stealing
peoples personal information, identity authentication is more important now than ever
before. The level of identity authentication veried by an SSL Certicate differs from one
SSL Certicate to another, and from one Certication Authority (CA) to another.
With SSL, a private and public key system encrypts the connection between two parties,
such as a consumer and a Web site bearing an SSL Certicate. When the consumers
browser points to a Web site secured with SSL, a secure handshake between the two
systems authenticates both parties. Each session uses a unique session key for encryption
(the longer the key, the stronger the encryption). Once this connection is established the
two parties can begin a secure session guaranteeing the privacy and integrity of their
communications. This security is particularly important when people are sharing sensitive,
condential information over the Internet, an extranet, or even within an intranet. In the
case of e-commerce, a secure SSL connection is critical to doing business, as most Internet
users are afraid to share information with a Web site that doesnt offer SSL protection.
A small purchase here, a smaller purchase there, and a reluctance to change age-old buying
habits or reveal personally identifying information characterizes an enormous segment of
the worlds viable online consumer population. The question remains: Will potential
customers feel secure enough in their Internet dealings with your Web site to take a
meaningful plunge into the world of transacting online?
WHI TE PAPER
4
+ Server Gated Cryptography: Enabling Strong Encryption
for the Most Site Visitors
If your reputation in the online community depends upon the stringent safeguarding
of information processed through your Web site, then your Internet security solution
should include the strongest encryption available to each Web site visitor. Encryption,
as mentioned above, is the process whereby data is transformed into a code that will
be indecipherable to an unauthorized viewer. The stronger the encryption, the more
difcult it is for someone to eavesdrop on your online communications. This is especially
important if you accept any kind of online payments, connect to a bank or brokerage
account, transmit health records, must meet a governmental or other regulatory
organizations privacy and security standards, or process any kind of potentially
sensitive information.
Industry experts recommend a minimum of 128-bit encryption be used for all secure
online sessions. Some Web server-client browser congurations enable sessions with
up to 256-bit encryption protection, the strongest level of encryption commercially
available today. The strength of encryption enabled for any session depends on what your
customers browser and operating system support, as well as what your host server
systems will support. If your consumers browser or operating system doesnt support
higher levels of encryption, the session will default down to the highest level that
it can support.
For years the U.S. imposed export restrictions prohibiting browser manufacturers from
distributing products that supported higher levels of encryption. Although most export
restrictions were lifted in January 2000, there are many consumers, especially outside the
U.S., who are still using older browsers (such as those before Microsoft Internet Explorer
5.5 (export)) and operating systems (such as certain early Windows 2000 systems),
which may default to weak, lower encryption levels. The Yankee Group, in 2005,
estimated that tens of millions of Internet users connect to the Web using substandard
encryption levels.
1
SGC is an SSL extension originally created for nancial institutions exempted from the
U.S. encryption export restrictions. With SGC, encryption levels are controlled by the
server and not dependent on the client system. Once these original export restrictions
were lifted, SGC-enabled SSL Certicates are now issued to all types of Web sites, not
just authorized nancial institutions as in the late 1990's.
VeriSign offers market-leading SGC-enabled SSL Certicates so virtually every visitor to
your Web site will be protected by the industry recommended minimum of 128-bit
encryption.
1 2005, Yankee Group, Building Blocks of Transparent Web Security: Severs-Gated Cryptography
WHI TE PAPER
5
+ Extended Validation SSL (EV SSL): The Gold Standard
for Authentication
While more and more people are comfortable searching the Internet, there remains a
signicant disconnect between the numbers of surfers and those psychologically disposed
to transact business online. As a Gartner 2006 survey revealed, security concerns led
almost half of online customers to alter the way they use the Internet, at a cost of almost
$2 billion to the online business community.
2
Clearly, too many potential e-commerce
clients remain distrustful or fearful of revealing personal or nancial information to an
unseen and personally unknown entity. They need assurance and are increasingly
demanding it before they proceed through a personal revelation or nancial transaction.
These and similar observations led a group of CAs, browser providers, and WebTrust
auditors to establish the CA/Browser Forum for developing a new SSL standardone
that the online consumer world could easily comprehend and embrace. This consortium,
which includes representatives from both Microsoft and VeriSign as well as others,
created Extended Validation (EV) SSL. This new standard aims to combat the growth of
Internet threats such as phishing attacks. EV SSL requires a rigorous process of Web site
authentication and is considered the gold standard in the e-commerce industry for
authenticating the legitimate identity of a Web site. In order to issue EV SSL
Certicates, a CA must pass a rigorous WebTrust audit. VeriSign remains at the forefront
in the development and implementation of this new standard.
An EV SSL Certicate offers the online business and consumer a highly endorsed and
widely recognized level of protection from increasingly sophisticated Internet spoong
scams. EV SSL contains a number of user interface enhancements aimed at making the
identication of an authenticated site immediately more noticeable to the end user.
New high-security browsers display EV SSL Certicates differently than traditional
SSL Certicates. Rather than the subtle padlock symbol displayed by traditional
SSL Certicates, EV SSL Certicates trigger the browser address bar in high-security
browsers to change to an eye-catching green color. This change is immediately evident
to an end user and delivers a condence building effect. Overstock.com noticed that after
implementing EV SSL Certicates from VeriSign, its Microsoft

IE7-using visitors on
average completed transactions 8.6% more often than those using legacy non-EV-enabled
browsers. And, after deploying VeriSign EV SSL, DebtHelp.com realized an 11%
increase in completed transactions by IE7 users to their Web site.
2 2006, Gartner, Trends in Consumer Society
WHI TE PAPER
6
In addition to the noticeable green color, a security status bar prominently displays the
name of the owner of that Web site and the CA who has issued that EV SSL Certicate.
This eld reveals both names in turn when a visitor rst arrives on the Web site.
Like its traditional SSL predecessors, an EV SSL Certicate facilitates secure encrypted
communication between a Web site and a consumers browser. It also authenticates the
genuine nature of the Web site so all visitors know they have indeed reached the site they
intended to visit and not a counterfeit site.
You gain the benet of this gold standard for authentication as well as the powerful
protection of SGC encryption with VeriSign SSL Certicates. VeriSign offers a certicate
with both of these SSL advancements.
+ Browser Support for EV SSL
Microsoft, the rst browser manufacturer to support this new standard, integrated
the EV SSL interface enhancement with Microsoft IE7. Although relatively new to the
market, IE7 has already garnered 31% of the browser market. Additionally, Firefox 2.0
users can download an extension that enables them to see the green address bar when
they encounter a VeriSign EV SSL Certicate. Within a month of this extensions release
over 55,000 Firefox users had downloaded it. As of August 2007, no other CA offers
this benet.
+ Third Party Trust Marks: Inspiring Consumer Confidence
Virtually all shoppers acknowledge their concerns about identity theft, credit card fraud,
and other Internet scams. They have a reason to be concerned. During the one-year
period ending July 2006, the monetary loss from identity theft scams totaled $56.6
billion with an average cost per episode of $6,383.
4
The good news is that consumer awareness of solutions to security issues is likely to
increase as both the Internet security industry and certain governmental agencies get
the word out. To be sure, online consumers are already becoming increasingly savvy
about Internet security. Many now expect to see a familiar third party trust mark
identifying an online retailers Web site as a secure and viable shopping avenue. Inclusion
of an established third party trust mark on ones Web site is now essential for guiding
shoppers from the surng stage through the completion of a transaction.
Research has shown that the majority of online shoppers recognize the VeriSign
Secured Seal and indicate they would make an online purchase because of that seals
presence.
5
If you purchase a VeriSign SSL Certicate for your Web site you are entitled
to display the exclusive VeriSign Secured Seal. Displaying the seal should increase
your customers condence in your Web site and increase the number of completed
transactions you experience. Also, visitors can click on the seal to verify your site.
One week after posting a VeriSign Secured Seal on their Web site, Opodo, a leading
pan-European travel service saw a 10% jump in completed sales.
6
3 May 2007, www.marketshare.com
4 2006, Javelin Strategy/Better Business Bureau, Identify Fraud Survey Report
5 2006, Tech-Ed study
6 Warren Jonas, Head of Services Management, Opodo
WHI TE PAPER
7
Once you secure your Web site with a VeriSign SSL Certicate, all you need to do
to benet from the VeriSign Secured Seal trust mark is download and install it.
+ Summary
Credibility means a lot in the world of Internet security. With instant recognition by
88% of Web users
7
, VeriSign is by far the most recognizable Secure Sockets Layer (SSL)
security brand in the world today. VeriSign gained its leadership position by helping
the Internet security industry develop standards, update protocols, and apply the latest
technologies for the Web community. Savvy online consumers trust the VeriSign name
and feel condent about doing business with Web sites secured by a VeriSign SSL
Certicate. Naturally, this reputation wasnt created overnight. It was built upon a
platform of trust that has been cultivated for years and enhanced by the companys long-
time involvement and support of the development of the Internet security infrastructure.
Organizations that rely on Internet transactions have learned that a reliable and secure
Internet is necessary for company protability. The more secure the online consumer
feels, the more successful the online company will be in recruiting and retaining a
worthy client base. The creation of a successful online business requires the development
and cultivation of a trustworthy relationship with each potential client. VeriSigns
products enhance the building of such relationships. If you want to ensure that
potentially sensitive information is kept condential and secure, and especially if you
want your potential customers to trust that your company will value, respect and
safeguard their private information, a VeriSign SSL Certicate is right for you.
Displaying VeriSigns name emphasizes your Web sites genuineness, credibility and
trustworthiness to your customers. Your customers can then feel secure about completing
the transaction that led them to your site in the rst place.
+ About VeriSign
VeriSign operates digital infrastructure that enables and protects billions of interactions
every day across the worlds voice, video, and data networks.
Visit us at www.VeriSign.com for more information.
2007 VeriSign, the VeriSign logo, the checkmark circle, and other trademarks, service marks, and designs are registered or unregistered trademarks
of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.
00024924 08-06-07
7 2006, Tec-Ed study