I’m sure you already know about the other “network management” – where ISPs and carriers get their hands publicly slapped for limiting bandwidth to high-traffic offenders. But when is this kind of “network management” a good thing? At a panel sponsored by the FCC in DC, reps from carriers and ISPs discussed what steps they’ve been taking to prepare for a pandemic or other major global crisis – that would force workers to stay at home or work from more remote locations to limit exposure.

Are people paying attention to ICANN? They’re saying that IPv4 will be fully allocated in the next two or three years. Does anyone care? In their bid to make people care, ICANN talks about the state of IPv6 adoption and touts Africa as the most rapid adopter.

SOA soon part of the ‘cloud’? No, please no.

Microsoft – The Silver Lining in Every Cloud. Joe Wilcox over at eWeek’s Microsoft Watch, has been following Steve Ballmer around and collecting some nice quotes on how the company is transitioning. “For many years, we had kind of what I would call the all-encompassing mission, vision and scorecard statement: a computer on every desk and in every home. …Well, our footprint and portfolio is broader than that. “ [In every hand and of course, in every cloud…] “So, as a vision statement we talk about creating seamless experiences that combine the magic of software, the power of the Internet across a world of devices.” The magic of software – something I haven’t thought about for a while. And:

“You need a real platform in the cloud. When we wanted to go after the PC, we built an operating system. When we wanted to go after the phone, we built an operating system. When we wanted to go after the enterprise, we built an operating system. We’ll announce a new operating system, one that runs in the cloud and has a wide variety of capabilities.”

• Moderator: Jim Metzler, Vice President, Ashton, Metzler & Associates
• Rowan Snyder, CIO, KPMG
• David Michael, CIO, United Business Media Group
• Joanna Young, Chief Information Officer, Corporate Information Systems & Enterprise Services, Liberty Mutual

Jim: Is the CIO a technical job anymore? For example, inside Liberty there are business projects with an IT component.

Joanna: We are organized to partner with internal business clients or vendors who provide objectives and business requirements. We strive to figure out the smallest amount of an IT investment we can make to get this to work.

Rowan: We have both. Part of the dilemma is that the thing that sells the best is fear. I don’t want to use that to get business.

Joanna: One good example is security from an application perspective. It’s hard to talk about security investments in business terms. We put it into terms like “this is what it will cost us if we DON’T do this.” For example, a solution for spam required us to do research into what it was costing us overall. Once we put it together, the business was all for it. You have to put your business hat on and think “how can I make this important for a businessperson?” If you can’t, you may need to ask yourself why you’re pushing services on them that they may not need.

Jim: Can you give us insight into business-IT alignment? What about governance?

Rowan: Governance is the hardest part of IT. It’s not like the technology is easy. If it’s a business project with an IT component, I don’t usually get involved. It comes down to overall budget. The infrastructure we own and let people know exactly what it will cost to do it. We are a distributed IT firm, there are multiple groups. This is the most distributed and risk-prone organization I’ve worked in. It can be difficult for the business to exert control. It demonstrates risk, in security, compliance, methodologies, etc.

Joanna: Governance has become a word that nobody wants to use. It suddenly implies that IT is the holder of all the money and they are the ones that get to decide. We stopped using that word and position IT as a strategic business partner.

David: We have a highly decentralized IT set-up. We have about 600 globally and around 40 in the headquarters. We have 10 CIOs for each division, and within each division it is decentralized. We try to run each unit as autonomous. This is a close alignment with IT and business. However, then the problem of how do you have commonality between divisions and collaboration?

Jim: How can you minimize risk in distributed environment using standards and procedures?

David: The reality is it can be impractical for an organization. You end up with a patchwork of platforms and technologies. We have to accept that we’ll have multiple solutions. We can attempt to push a standard, but overall have a much more relaxed approach to manage everything. There is a lot of equality between divisions in what they can choose to purchase.

Joanna: Standards are easier to apply the further down the staff you are. The most important thing with any of this is to understand why you are making the decisions. If there is a process and pros and cons are identified, there is a clear record of why decisions were made.

Audience Poll: Everyone raised their hand that MORE standards were needed.

Audience Question: Are there inefficiencies in the data center in terms of energy and green IT? What are you doing about it?

Joanna: Everyone focuses on cars for carbon footprints. But, it’s really buildings…and then data centers. The data center has the same importance as any other efficiency. They need to be running as cheaply as possible. Corporations have a responsibility to make sure they are energy efficient.

Rowan: We recently did a carbon footprint analysis, and found that half of carbon comes from electricity, with half of that from the data center.

David: Every company does have a responsibility to look at its carbon emission globally. Consider international travel, flying, etc. As much as possible, we are not building data centers. We are using other people’s data centers in an effort to get out of the data center business.

Audience Question: How do you balance the good from standards with agile development and possible roadblocks?

Joanna: Luckily agile development is under the CIO’s control. You can see the lifecycle and savings that occur. When I look, I check what the standards are that I’m measuring by.

Jim: Does web 2.0 have any business meaning in your environment? If so, what are you doing about it?

Joanna: I’ve been in IT for 20 years. It’s another component to business IT investment, and has to be presented as such. As IT professionals we have a responsibility to identify what Web 2.0 is, and then translate to see if there is anything the company should be doing with it. Monitor it based on your current portfolio, and consider its impact.

David: It’s pretty important to our business as a media company. I don’t think it means one thing, it’s a term people use to talk about the web and what’s going on online. From mobile, to ajax, cloud computing or mashups - you can draw multiple conclusions. More and more business is being done online. We have a lot of growth opportunities online.

Rowan: Compliance, security, and privacy issues just explode with Web 2.0.

Introduction

Virtualization is a word used by consumers and also by IT. But, do we all mean the same thing?

A very cool video from Cisco provided answers to “what is virtualization” from an  engineering perspective, data center perspective, IT perspective and the user perspective (virtual world).

Virtualization is about breaking the bonds between applications and server hardware, nodes and networks, applications and operating systems.

Why is this interesting? Virtualization holds the promise to transform the way we work, live, learn and play.

Why virtualize?

The real estate boom over the last 30 years has driven people to the suburbs. People didn’t mind commuting for an hour with lower gas prices. Today, we have a weak economy and gas prices are high. Something has to change.

Many are opting to stay at home. Businesses are trying out telecommuting, some (like Cisco) are even offering telepresence. This helps by reducing carbon footprint. Corporations are breaking free from physical requirements. The global workforce is also having an impact on the network. These changes are having a huge impact on the network.

We are on the cusp of transitioning from virtualization to VIRTUALIZATION.

“One to many….many to one.”

This is Cisco’s idea of virtualization.

Consider the different roles we play in life - one to many. Spouse, executive, friend, parent, gym rat. This would be “one to many”. This is exactly what virtualization does. It allows you to partition resources off that you can use on the fly.

Where do I start?

Virtualization starts with server and storage. But, it’s the network that touches everything - it spans the physical, the virtual, and the cloud. This provides the connectivity to all these resources. The network brings transparency to the picture. It allows you to better monitor performance and better implement security - great benefits!

Why do I need this?

At Cisco, we saw that we were only using 20% of our storage utilization. We wanted to virtualize our datacenters. When we did that, we were able to get 68% storage utilization. For each year that we were able to defer buildup, we saved $40 million.

From a business standpoint, virtualization helps you differentiate and work faster. Provisioning in minutes, improved productivity and competitive differentiation, using less power (environmental impact), and up the ante of business continuity. If VMWare fails? It’s OK. You can reprovision it on the fly.

Is it for everyone?

IT organizations tend to be siloed. You have the IT side and the Operations side. Each has responsibility. For virtualization to work, these walls have to come down. The concept of virtualization depends on shared resources.

Metcalfe’s Law of the Network Effect

Everytime you add a node to the network, you increase the value. This is what happens with virtualization. Every device you virtualize increases the power of each device. More control of environment and more efficiency.

This leads to…

Cloud computing.

Wow, show of hands from the audience when Marie asked “how many are using cloud computing?” and “how many are using your own clouds?” - not a lot of hands were raised. Interesting considering the coverage cloud computing has and the focus of it.

Cloud computing has three possibilities at Cisco:

• Flexible infrastructure (hosting)
• Abstract services (APIs)
• Application services (SaaS)

Automation is going to be key, and will need to integrate virtualization-aware elements.

Can you imagine if you wanted interoperability in the cloud? People haven’t even begun thinking about it.

Conclusion

As you virtualize, your role will change. You will think more about strategy. But keep in mind these “minefields” of virtualization:

• Insufficient planning
• Lack of standards
• Weak security

Security cannot be an afterthought. It has to be planned. We’ve seen new forms of malware, hypervisor attacks, and root kit infections.

As higher expectations from end users evolve, we’re becoming not server oriented, but SERVICE oriented.

Tips:

• Think holistically
• Consider IT culture - equipment and people

Buying a lemon is always a bad thing – but when you pay $1 billion for it?! Back in 2005, Google bought a 5% stake in AOL for $1 billion and now is calling that investment “impaired”. That’s one way of putting it, so it’s a good thing Google has money to burn.

At LinuxWorld this week, Bob Sutor, VP of open source and standards at IBM, said that the next 10 years is “do or die” for open source software designed for specific industries. 10 years? That’s like 70 years in open source development time.

And finally…8/8/08…the Olympics are here! Network administrators around the world, except for Terry Childs, will be eyeing office network bandwidth closely as people go online to watch streaming video of the games. NBC and Microsoft will offer 2,200 hours of live video coverage with up to 20 simultaneous live streams of different events. Plus NBCOlympics.com will offer 3,000 hours of on-demand video content. The time difference means that much of the primetime events will be broadcast while the Western hemisphere is supposed to be hard at work. Me – I’m just glad it’s the weekend, and I can get the Olympics fix I’ve been waiting years for.

Ted Morgan, the head of Skyhook, explained in an interview that while GPS is certainly the gold standard, and while it works well in stand-alone devices designed for continuous use and navigation, it's not the right choice by itself for mobile devices. It can take 5 or 10 minutes for a GPS-only device to get an accurate fix on the satellites it needs to give you accurate information. (Various shortcuts can provide less accurate information more quickly.)

"This notion of 'tell a user or consumer to stand outside for 30 seconds before they can search for the nearest pharmacy' is pretty silly," Morgan said. He noted that with all the radios now found in newer mobile devices, using several of them produces a fast and much more accurate result. The iPhone 3G, for instance, sports quad-band 2G, tri-band 3G, Bluetooth, Wi-Fi, and GPS chips.

Morgan said that A-GPS (assisted GPS) already combines cell tower information with GPS. A cell phone can be told approximately where it is, and thus instead of cycling through 24 satellites, start with the two that are most directly overhead. This can reduce the time to gain a location to as little as 20 seconds, Morgan said, although any kind of movement usually lengthens the time to 30 to 60 seconds.

Skyhook's system takes advantage of this aspect of A-GPS. They let a GPS system grab onto two satellites quickly to correct data from their Wi-Fi Position System (WPS). Morgan said that this reduces the WPS error by 35 to 40 percent through "weak fixes."

Within cities' concrete canyons, "you can only get a true GPS fix about 70 percent of the time outdoor, but you get two satellites all the time," Morgan said. "In the entire footprint, we're able to use this hybrid technology, even though GPS is only available 70 percent of the time." Outside of metro areas, cell towers can still be used to improve GPS startup times.

Skyhook has continued to expand its European coverage for WPS; they cover about 8,000 cities in the US and Canada, which is roughly 70 percent of the population; "it looks exactly like a cellular coverage map," Morgan said, and includes "any town with five streets in it."

In Europe, their current big push, partly because of their inclusion in the iPhone, they cover 70 percent of population in the current countries--the UK, France, and Germany--but they're now at 50 percent of the population of the rest of Western Europe. They're working assiduously in Japan, Korea, Hong Kong, and Australia as well, and looking into China and India. India has very little Wi-Fi, so they may rely more on cell towers there.

The company also announced a partnership with wireless chip maker CSR today, which is a major providers of Wi-Fi and Bluetooth chips to computer and handset makers. Nearly a year and a half ago, Skyhook partnered with SiRF, the dominant worldwide chip supplier for stand-alone GPS gear, that's also making a push into mobile devices. Skyhook obviously needs a win with a cell chip maker, like Infineon, Broadcom, or Qualcomm, given the XPS technology, to score a place in tens of millions of cell phones beyond the iPhone.

Skyhook's technology most recently appeared in a soon-to-ship model of the Eye-Fi--the Explore. The $130 Secure Digital card with Wi-Fi built in allows you to take pictures with any camera, and have the Wi-Fi signal space recorded for later lookup when you upload photos. The pictures are geotagged with that information. The card can optionally be used with Wayport's 10,000 strong Wi-Fi network in the U.S for $15 extra per month. David Pogue of The New York Times recently wrote up the Eye-Fi Explore.

These days every one wants to be seen as green.  Larry Seltzer over on PC Mag has an interesting story from McAfee Avert Labs that using anti-virus on your computer is green. The reasoning goes that by keeping your computer free of malware, your CPU usage stays lower, thereby using less energy and lowering your carbon footprint.  OK, I get it.  My question is what about all of the extra CPU cycles that some of the bloated endpoint security suites use on all of these machines they are installed on.  I would bet that they far outweigh any energy savings from clean machines. 

I guess in place of wrapping yourself in the flag, the thing to do now is wrap yourself in the green thing. How long will it be until some company hires Al Gore to hawk thier technology. In the meantime I would beware of Jolly Green Giants.

These days every one wants to be seen as green.  Larry Seltzer over on PC Mag has an interesting story from McAfee Avert Labs that using anti-virus on your computer is green. The reasoning goes that by keeping your computer free of malware, your CPU usage stays lower, thereby using less energy and lowering your carbon footprint.  OK, I get it.  My question is what about all of the extra CPU cycles that some of the bloated endpoint security suites use on all of these machines they are installed on.  I would bet that they far outweigh any energy savings from clean machines. 

I guess in place of wrapping yourself in the flag, the thing to do now is wrap yourself in the green thing. How long will it be until some company hires Al Gore to hawk thier technology. In the meantime I would beware of Jolly Green Giants.

Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer and Windows Media Player – that would be present in a default installation.

In this very short report (download the full report), I perform a brief analysis how much smaller the software footprint is for Windows Server 2008 Server Core and examine a theoretical Server Core version of Windows Server 2003 over the past two years to gauge how much Server Core might convey in terms of reducing security updates.

As shown in the chart, looking at the Windows Server Security Bulletins over the past two years, 40% of them would not have applied to a theoretical Server Core build. The results of the analysis are encouraging in terms of security progress.  Check back in a few weeks and I'll publish my 90 day vulnerability study for Windows Server and we'll look at how this potential is being fulfilled...

Although several other quick-service restaurants like McDonald's lack any comprehensive Wi-Fi plan--Burger King, Wendy's, and Subway to name three of the largest--Wayport is locked out of working with direct competitors. This opens the potential for another firm to handle a several-thousand-location network. Wayport has worked with both McDonald's corporate-owned stores (about 2/3rds of stores in the U.S.), as well as reaching out to franchisees, who Lowden noted pay a predetermined flat rate for the service via McDonald's. "It's made them incredibly efficient to be able to offer this to their franchisees at one price, instead of variable pricing," he noted. Wayport acts as the layer between various telecom providers, applications and services, and the stores.

Wayport provides several kinds of back-office services, although credit-card processing was the first thing htey rolled out. They've extended to remote video feeds for security, Redbox DVD rental systems that are found in some McDonald's, and kiosks used for job applications. Lowden said Wayport offers things as straightforward but critical as a dial-up fail-safe when a broadband connection drops.

Wayport also manages AT&T's hotspot network, which puts them in the unwiring seat for the 7,000-odd Starbucks stores that will converted from T-Mobile to AT&T service during 2008. Wayport was once the clear leader in the hotspot builder market, with T-Mobile in the second position. Now, Wayport will be operating through a direct contract or management agreement over 18,000 hotspots in the U.S.; T-Mobile will likely be the second biggest with a couple thousand locations (Borders and FedEx/Kinko's tops among them). The No. 3 player is hard to figure. Panera?

I've been predicting for some time that media on the edge--music, videos, movies, and games stored on servers on the local Wi-Fi network--will be the next big development in venue-oriented Wi-Fi, with Starbucks likely far in the lead. Lowden wouldn't comment on any specific plans in the works, of course, but said generally, "Storing and caching all that content on the edge...hasn't been leveraged in the past, but it will be in the future to create a very unique experience." At Barnes & Noble, Wayport caches some multimedia data that's available to customers in the stores.

The advantage for in-store media storage is that you can leverage the speed of the local network, and add additional access points to distribute network load. The choke point is no longer the Internet connection, but local network speed. I expect--though Wayport, AT&T, and Starbucks haven't said it--that Starbucks infrastructure will be all 802.11n for this reason, likely with both 2.4 GHz and 5 GHz support for the best throughput in the higher-frequency band for media transactions. (In fact, I wouldn't be surprised if you could only buy movies via 5 GHz.)

Lowden also noted that the proliferation of mobile devices with Wi-Fi built in have led to them reaching out to venues that wouldn't have made sense for them to work with previously, and for unlikely candidates to reach out to them, too. Wayport is now working with a number of healthcare facilities that, while they have their own network infrastructure, wanted to outsource public access Wi-Fi (whether they choose to charge or underwrite it), and certain applications that they're not as experienced with running themselves.

A little history: In 2001 and again in 2004, the heat seemed to be on the public side of Wi-Fi: lots of money to be made, ostensibly, lots of partnerships and venues to be built, and an overcrowded supply of infrastructure builders. The year before, Wayport looked to be an also-ran in the hotspot provider business.

Despite being one of the earliest firms to put Ethernet and then Wi-Fi into hotels, and build out hotspots in airports; and despite their survival of the first hotspot meltdown in 2001 during the dotcom crash and brief venture capital shortage; and despite their early entrance into allowing wholesale pricing for hotspot aggregators; the firm seemed about to be eclipsed by apparently deep-pocketed Cometa (with AT&T, IBM, and Intel in various capital and support roles), Toshiba's mom-and-pop focused turnkey system, and T-Mobile, which had the Starbucks contract. What a difference a year makes.

Cometa, Toshiba, and Wayport contended for the contract to build out back-office and public-access service at McDonald's in the U.S., and Wayport won. Within a few weeks, Toshiba passed its few hundred locations to Cometa, which shut its doors in May 2004. Wayport, meanwhile, had cooked up a strategy for McDonald's that it announced later that month.

Their approach involved a fixed-rate charged for unlimited access by retail network partners for all the locations in their pool. This meant that partners had a fixed cost, instead of a per-session cost, and Wayport could obtain specific revenue even before usage by a partner ramped up. Wayport hasn't discussed the details of this arrangement in depth since, but has partnered with Sony with its Mylo, Nintendo with its DS game player, and ZipIt with its wireless messaging appliance.

The McDonald's deal also apparently gave Wayport a way to extend its work with SBC-later-AT&T; Wayport had earlier in 2004 became the managed-services contractor for SBC to build out The UPS Store/Mailboxes Etc. nationwide. (UPS dropped AT&T as its partner in mid-2007, although that didn't appear to have anything to do with Wayport's role.)

AT&T through Wayport developed its large resold/managed footprint that incorporated resale of Wayport's McDonald's locations with the UPS Store and a few hundred other managed locations, including a handful of airports. The Cingular acquisition of AT&T Wireless put more airports in SBC's hands, too. (SBC was once the 60 percent majority owner of Cingular; when SBC and BellSouth, the other owner, merged that put the newly rebranded AT&T in charge of Cingular which it relabeled as AT&T. Confusing, huh?)