IBM locked out of new government contracts

IBM has been banned from new government contracts by the Environmental Protection Agency. Apparently the suspension comes on the heels of subpoenas being issued to determine what, if any, illicit access IBM had to competitive bid information for an EPA bid. The existing contracts can continue as they are written, but they cannot be modified and new contracts cannot be signed until this is resolved.

Very strange, indeed. Especially the part about how any one agency can blacklist a vendor government-wide.

Additional info on the Vista SP1 compatibility issues

There has been a fair amount of discussion about issues with Vista SP1 having conflicts with some hardware configurations and various drivers. Some additional details have recently surfaced about the incompatibilities, and it is pretty damning of Intel. The gist of it is that the Intel 915 chipset is the problem. Microsoft initially didn't plan to support it on Vista and it was added in to the OS late in the development cycle because Intel had a ton of inventory and was still trying to sell the boards to make their numbers that quarter. So they bullied Microsoft into supporting the platform, and sold a ton of the boards to HP and Lenovo for use in their computers. And now those are the systems that don't take SP1 very well. Once Microsoft decided to support the hardware they probably should've planned on supporting it indefinitely, rather than just through the RTM stage, but this is still a pretty interesting look at the behind-the-scenes efforts in getting an OS out the door. Symantec is involved as well, with their Endpoint Protection driver, but the main issue seems to be Intel.

So much for the "Wintel" synergies, I guess.

Video conferenceing options continue to grow

One of the most exciting collaboration technologies is video conferencing. It has tons of potential, but has rarely managed to be realized, mostly due to high initial investment costs, high per-minute charges and interoperability issues. One by one these barriers are falling down, and some new developments seem to be taking things even further towards easy video conferencing for all.

Of the above barriers, two have been resolved over the past few years. Connectivity charges are down significantly thanks to the pervasive spread of IP-based solutions supplanting ISDN options. And the interoperability issues have been addressed through a move towards standards-based solutions and bridge services such as Courtroom Connect. That leaves initial investment as the main barrier to video conferencing.

Quanta and OoVoo, a hardware and software company, respectively, have teamed up to offer an HD video conferencing solution that is designed to be affordable and compatible with pretty much any HD display and internet connection. The device plugs in to an Ethernet connection, an HD monitor, a camera and a microphone and provides near-HD level quality at 512kbps. The goal is to provide the solution at a fraction of the ~$10K that a comparable Tandberg system costs, and they seem to be well on their way to doing so, though they haven't announced final pricing yet. The solution can also be terminated on a computer running the OoVoo software, making for a truly hybrid connectivity solution. Right now they seem to be marketing the system towards home users, but if it really works that easily and inexpensively there's a pretty good chance that it will show up in offices, too.

Also in the video conferencing space, Microsoft has a pretty cool product called RoundTable. RoundTable is a camera and phone device that allows for a 360° view of a conference table, with software that will activate the camera facing the person who is talking. It lets the remote side "see" everyone and always keep an eye on the person presenting. It is not as universal as the OoVoo/Quanta solution claims to be, but still pretty cool.

As remote collaboration continues to grow and the barriers continue to fall, solutions like these will become more and more common. This would seem to just be the start.

Dell getting into the ultraportable laptop space

After watching Apple and Lenovo break into the lead with their ultra-portable laptop models, Dell is looking to catch up. Their plan would appear to be the E series Latitudes, with specs similar to the Lenovo x300 series. Dell will have two models, with 12" and 13" displays, and the 13" model will sport an integrated optical drive and multiple HD options, including both spinning and SSD, according to engadget. The new laptops will also have fingerprint readers and broadband wireless options available...everything a traveling user could want. The laptops are expected to be available in September. Also being reviewed here.

Citrix joins the embedded hypervisor crowd

A while back VMware announced their 3i product, essentially embedding the ESX kernel onto a flash drive and having a server boot from that. The idea is that you don't need to deal with the installation of the hypervisor software so you can focus on just getting your guest OS sessions up and running.

Citrix has joined in that effort this week, announcing a deal with HP to market the Citrix XenServer HP Select Edition. The HP Proliant servers will come with XenServer Select, which is the base level version of the Citrix virtualization platform. Customers will be able to "easily" upgrade to the full version of the XenServer platform as well.

Citrix still trails VMware in overall functionality and number of OEM vendors, but this is a big step in closing the gap.

And as long as you're reading about virtualization here, I should note that Hyper-V from Microsoft hit the RC stage this week, meaning it is still on time to be 6 months late.

More in-flight connectivity coming

There have been a lot of efforts on the in-flight connectivity front in recent months, bringing us much closer to ubiquitous connectivity. Another airline has signed on to the effort, this time looking at voice service as the main attraction, with data as a secondary draw. Emirates has configured one of their airplanes to offer in-flight cell phone usage for voice calls and SMS messages. The crew will be able to disable the voice feature for overnight flights or otherwise at their discretion. Emirates plans to expand the service to additional airplanes (it is only on one right now) and also to add data and Blackberry service in the near future. So if you really want that extra level of connectivity, Emirates would appear to be another option.

SSD drives for laptops: Blessing or Curse?

When talking about SSD drives in laptop computers, everyone agrees on one thing: they cost a LOT. Based on that increased cost, there are very high expectations for performance. Of course, how that performance is defined and measured varies from person to person, and according to at least one researcher out there, the results are not good.

There's a report out on the 'net that is claiming 20-30% return rates for SSD drives, way above the numbers for standard spinning drives. The report claims that a significant portion of the returns are due to defects, not performance. Needless to say Dell is vehemently disputing the claims, as they are the "large manufacturer" that is implied in the report.

The most interesting thing about the Dell response is the admission that the SSD performance just wasn't up to the standards of regular drives. The testing they mention suggests that the drives perform like slow spinning drives. The good news that Dell shares is that they have a new version of the drives from Samsung that supposedly performs better than even the 7200 RPM drives that Dell has on the market. The new drive has a faster interface speed that apparently makes the drives perform reasonably well. They're being marketed by Dell as the "Dell Flash Ultra Performance SSD" so if you're in the market for an SSD in your laptop, aim for one of these. They're going to run you an extra $100, above and beyond the $1000 up-charge for the "regular" 64GB SSD drive and they only appear to be an option on the Precision model right now. And they're two weeks delayed in shipping. But if that fits your need, you might actually get the performance you're looking (and paying a LOT) for.

The other aspect of "performance" that comes with the SSDs is the reduction in heat and noise and the improvement in battery life. Those are realized even with the slower drives, and should remain with the new ones.

I don't know if the report is true or not, but it gave me a good reason to talk about the SSD technology and the improvements that have been realized recently, so I consider it worthwhile.

Getting "Beyond" admin rights for your applications

One of the biggest security issues that organizations face is that users are often local administrators of their computers. This means that they can do pretty much anything, including install malware or otherwise break the computer. So why do admins continue to let users be admins? One of the main reasons is that a number of applications are written poorly, under the assumption that the user will be an admin. This is easier for the programmers, but it makes managing an enterprise environment way more difficult. The solution seems easy enough - take away the admin rights from the users. But it gets very, very complicated when there are hundreds of applications that need to be vetted and managed to determine whether they require admin privileges or not, and if so how to trick them.

BeyondTrust has been working in the systems management space for a long time, with recent products focusing on dealing with the Vista User Access Control prompts, among other things. They now have a product on the market, Application Rights Auditor, that can be used to scan user workstations and determine which applications require administrative permissions to run. And the best part is that the tool is FREE!

The product consists of two pieces, a user agent and a management console. The user agent runs in the background, monitoring the running applications and feeding data back to a central repository, where the management console can query the data and report on it. By installing the agent on a representative set of computers (or all of them, if you want to be extra thorough) and letting users work normally for a few days you not only get an inventory of all the apps in use on the system (and who is using them) but also which ones require admin privileges.

BeyondTrust is hoping that you'll buy the Privilege Manager product, and that is one option, but it is also possible to shim pretty much every application running on Vista to trick it into thinking that it is running the way it wants to, without ever actually granting those rights. Or rights to files/registry settings can be selectively granted. There are a number of ways to skin the cat once you've caught it, and this tool seems to be a great option for doing just that.

Vista SP1 really available now

It is really, really available this time, to anyone who wants it, not just beta participants or TechNet subscribers or EA license-holders.

As has been previously discussed, this isn't a revolutionary release. It doesn't really "fix" everything and there are plenty of reasons to consider holding off on upgrading unless you're really excited by the features it offers (and if you are, let me know which ones, because I can't find any that make it truly compelling). Anyways, if this is what you've been waiting for your excuse is no longer valid. Happy installing.

Microsoft expands desktop virtualization platform

Looking to augment their desktop virtualization platform, Microsoft has gone shopping again. Today's purchase was Kidaro, a privately held company that focuses on centralized management of virtual desktops throughout an enterprise. Back in August Kidaro was featured as one of the Top 10 Virtualization companies to keep an eye on by Network World magazine. They like the company for a few reasons:

"Kidaro pushes the right buttons when it comes to desktop virtualization," says Andi Mann, senior analyst at Enterprise Management Associates. Managed Workspace is secure and seamless, and provides centrally managed, policy-based control that provides for employee mobility and keeps corporate data secure at the same time, he adds.

The mobile solution they have, known as Kidaro ToGo seems particularly interesting and appealing, especially for folks who move between workstations all the time and who are tired of dealing with the various issues that roaming profiles can present. That seems like the golden egg from the company to me.

An update on in-flight internet

It is still coming.

I think that the latest press release is just that, with very little substance, but it is still good to see that things continue to move in the right direction. Aircell, one of the two main competitors in the in-flight internet space, has suggested that they will be offering service on American Airlines Boeing 767s "this spring" for their flights between New York and LA/San Francisco. Other carriers will be following close behind, most notably Virgin America.

Aircell also announced pricing for the plan, at $13 for long flights and $10 for flights shorter than three hours. They may have a special deal for iPhone users, and they're looking to partner with Boingo and all the other WiFi hotspot providers, so if you've already got an access package for that you may be able to use it here as well. Most of the coverage I've seen of this has been on travel sites, not technology sites. Still it is something worth paying attention to. As connectivity becomes more ubiquitous, the ways we interact with our data will continue to shift. Smaller bits of data become more important as we grab them more readily, and this step definitely makes them more readily available.

Apple announces iPhone support for Exchange Server ActiveSync

The widely expected and discussed release of the SDK for the iPhone platform came with one nugget of information that corporate users have been waiting for since the device was initially announced - native compatibility with Microsoft's Exchange platform. Version 2.0 of the iPhone software will have native support of the ActiveSync client for Exchange 2003 and 2007. The new platform will include all the remote management features that ActiveSync enables, including remote wipe of devices (or "swiping clean the devices if they are lost or stolen" according to the CNN/Money article). The new software will also include a Cisco IPSec VPN client, a FaceBook application and a SalesForce.com interface customized for the device. Anyone else who want to write an app for the device is welcome to use the SDK and sell their apps through "The App Store." Apple will only be keeping 30% of the revenue from the sales for handling the transaction, which is borderline extortion if they don't allow direct sales as well, but I'm not completely sure that they aren't, so I'll withhold some judgement there.

Now that this has been announced I can finally stop on my repetitive rant about how the device is no good for corporate users and no threat to RIM - it most definitely is now. I'm still a little surprised that they ended up licensing the technology from Microsoft, but I think that was really the only way to make it work reliably. Plus, I haven't heard anything on the terms of that licensing agreement, so who knows.

Update (3.6.08 9:40p EST) - The updated software won't be available until late June (which probably means July), but it is coming.

Report from the 2008 Wave launch event

Every time one of these events comes along I get my hopes up that it will be useful, educational or even slightly entertaining. And every time I go home disappointed. Today's even was no exception.

Maybe I should've known something was up when they sent a Technical Fellow to give the keynote rather than a C-series exec. Don't get me wrong, the guy spoke well and was truly excited about the technology, but the fact that it was lesser material meant it didn't rate one of the big wigs. The keynote was nothing new, much less groundbreaking. They focused on the rationalization of IT, which is Microsoft's big push these days. Basically the goal is to move from IT being a cost center to a strategic value in any organization. This is done via lower TCO and more efficient systems, as well as increased manageability and control of the systems. It looks like the 2008 products will deliver on this, but it just isn't that sexy for a major launch event. Or maybe it is because the vendor "showcase" was horrible. Just the usual faces (AMD, Intel, Citrix, Novell, Nortel, EMC, etc.) and nothing exciting at all from any of them.

They also did a couple demos, including showing off the Hyper-V virtualization platform, IIS7, Terminal Services, SQL Server and a bunch of AD/GPO stuff. Some notes on each are below.

Hyper-V
Hyper-V is pretty slick, especially the integration with the various other Microsoft technologies like PowerShell and the Systems Center Operations Manager (nee MOM) tool. Being able to provision guest systems via PowerShell is very slick. So is the self-service portal for end-users requesting the VM and admin approval. I know that VMware has similar deployment tools available, but so will Microsoft, so VMware will be losing that advantage. VMware still has several other advantages, like Vmotion, that Microsoft doesn't, so Hyper-V will likely remain a dev environment tool for at least this revision, but progress is being made and VMware won't be alone out there forever.

Active Directory & Group Policy
This seems to be the main area of improvement for the Server platform, at least from an IT manager's perspective. The new Group Policy management tools have some great new features, including search filters and the ability to comment individual settings within the GPOs (and also search on the comments). They also allow for default template policies to be defined and then used to deploy actual policies within an organization. Microsoft has also integrated the Desktop Standard package that they recently purchased to allow for the management of many more settings and preferences, not just the pieces that have historically been part of GPOs. Policies can now control drive mappings, environment variables, shares, ini files, etc. This is a great improvement from a manageability perspective.

On the Active Directory front a number of changes have been implemented in the overall architecture. AD services now run as a service on the server, so you can stop the service and perform maintenance on the system (NTDSUtil) without rebooting the server into AD restore mode. Additionally there are some new options in AD Users & Computers to help prevent the accidental deletion of OUs and to provide access to most attributes of all objects, avoiding the need to use ADSIEdit. Password policies are no longer global; they can be applied to individuals, groups, OUs or any other collection of users you can manage to identify. Microsoft has also introduced the concept of AD snapshots to allow rollbacks should things go awry, including reversing of schema changes.

There is also the read-only domain controller. I mentioned it previously and it is actually better than I had thought. It can be configured to not cache any authentication data if you're really worried about it being compromised. But if the authentication data is cached and then the server is lost there are some very useful options. When you delete the object from AD you have the option of resetting the user passwords for any accounts that were cached on the server and/or generating a list of the users so that you can manually deal with the situation. Ironically, the read-only domain controller is a throwback to the good old days of the NT4 backup domain controllers that everyone celebrated the demise of, but that's a whole different post waiting to happen.

IIS7
The new incarnation of the IIS platform has a couple great features for operators of web server farms, but very little for the occasional web server operator. One nice feature is the ability to have a custom configuration file that all web servers base their metabase configuration on. This helps prevent the "new" server being misconfigured and breaking web apps. Also included are some new security models that allow for users to be granted admin rights for a specific web app rather than the whole server. Nice features, but nothing groundbreaking if you aren't running a hosting service.

Terminal Services
Much progress was made in the application presentation capabilities for Terminal Services. There is the new "Gateway" functionality that is comparable to the Citrix Web Interface + Citrix Secure Gateway/Citrix Access Gateway. Individual apps can be published and presented to end users through links (including a nice SharePoint module similar to the WISP from Citrix) and are accessed via an RDP connecction tunneled through SSL, allowing access from just about any network connection (no firewall issues) and the seamless window for the app. The other big deal about Terminal Services is that it means all the apps have to run on the 2008 systems. It is supposed to be relatively similar to Vista from an application compatibility standpoint, which is either really good news or really bad news, depending on whether your apps work on Vista. The UI isn't the Vista UI, so that will be interesting in terms of how the user experience plays out.

SQL Server 2008
Much like the IIS7 improvements, the SQL Server 2008 updates are targeted very much at organizations that heavily leverage SQL server services. Among the improvements are the ability to control CPU utilization on a per-database level and compliance policies that can be defined and tested against to ensure that all DBs are configured correctly. It doesn't look like the policies can be used for enforcement, but auditing isn't a bad start. The Business Intelligence pieces of SQL Server 2008 are also rather improved. The integration with the other Microsoft platforms - namely Office 2007, SharePoint and PerformancePoint - is very slick, which is great if you're using the data warehousing features.

Clustering
There are some interesting new features available in the clustering area. The presenters were real big on all the new wizards and checks that make cluster setup easier. I never really found it all that complicated, but I guess it can be. The 2008 version will support GUID Partition Table drives (>2TB volumes) and will also support geo-clustering without requiring the various nodes to remain on the same IP subnet. This is a big improvement in Exchange 2007 clustering for folks looking at the Standby Continuous Replication (SCR) option, as it now allows SCR to happen without spanning subnets across the WAN. There will be support for some cluster configurations in the Hyper-V environment, as well as several new migration tools to help move from 2003 to 2008 and from standalone systems to clusters.

So there was plenty of useful information, but nothing all that astonishing. Considering that it was a PR event more than anything else, I guess I shouldn't be surprised.

Ultra-portable laptop backup solution

Carrying around an external USB drive or even a thumb drive for making backups of your laptop is now officially antiquated. SanDisk has a new product coming out that combines a SD card reader for an expresscard slot (the new, smaller PC Card, formerly known as PCMCIA) and some backup software to provide local backups when up pop a card in the slot. Of course, a number of laptops already have SD slots in them, so this isn't completely new or groundbreaking, but it is pretty affordable ($39.99 MSRP, plus the SD card) for the adapter and the software.

They keep getting smaller; try not to lose your backups now that they are the size of a postage stamp.

Microsoft goes into the SaaS business big time

Since showing up at Microsoft a couple years ago, Ray Ozzie has been jonesing for a good Internet services approach to the traditional Microsoft licensing model - recurring revenue is way better than one-time software charges. Today a huge new step was taken in that direction.

Microsoft announced their intentions to get into the hosted services business, likely competing against some of their biggest resellers who are already in the hosting services business. Plans call for 20+ data centers around the world sized at half a million square feet each. Initially Microsoft will offer hosted instances of Exchange, SharePoint, Office Communications Server and Office Live Meeting, everything a company needs for collaboration.

The licensing is an interesting approach:

To help companies take advantage of Microsoft Online Services, Microsoft introduced a new licensing model with flexible options for customers.
New customers and customers without Microsoft Software Assurance can purchase Microsoft Online Services as a per-user subscription. Existing customers with Software Assurance on their Microsoft Client Access Licenses can purchase a user subscription at a discount, enabling them to maximize their existing Microsoft software investments. Customers with a subscription have rights to both Microsoft Online Services and to access on-premises server software, giving them the ability to blend Web-based services with on-premises software.

In other words, once you buy your licenses and you buy SA then you have the privilege of paying a little bit more to have Microsoft host the service for you. It makes sense that they'll charge extra for the hosting, though it will remain to be seen just how competitive that pricing is.

The release also discusses hosted/on-site hybrid solutions. This seems very similar to some existing offerings, such as the ForeFront anti-X service, though I'm guessing there are probably some other twists that will come around.

All in all, a huge new market opening up to Microsoft, assuming that people buy into it.

iPhone Goes Corporate, Part Deux

About 6 weeks ago I posted about some announcements from Apple regarding integration of the iPhone platform with more corporate email systems, most notably Lotus Notes. A couple more sources are starting to pick up on this theme, including some other bloggers and a financial analyst who seems to be predicting Exchange server integration as well in the coming weeks. Although the details on the Notes integration are pretty well known from the story a couple weeks ago, the Microsoft integration plans are pretty much unknown:

The analyst cites his own industry and developer sources, who suggest that after "months of beta testing" this weakness will be addressed with improvements in iPhone's ability to work with Exchange server and IBM's Lotus Notes.

"What isn't as clear to us is how Apple will accomplish this, whether this is from internal development (most likely), third-parties including MSFT (next likely) with its ActiveSync technology, or RIM Blackberry Connect (possible but less likely), or a combination of two or more."

I can't decide if this guy has inside information that he's being coy with, or if it is just wishful thinking. What I really can figure is how Apple would be able to do it with their own custom programming and not infringe on the various Microsoft patents while still providing real-time integration and performance. At that point it would make sense to just license the ActiveSync technology and save a lot of time and effort on the development side of things. Of course, that would also mean admitting that they need the technology from Microsoft, so that's probably not going to happen anytime soon from Apple.

The iPhone is a great device from a usability perspective, and I'd love to see it integrate with the Exchange platform as well as it does with the others out there, but I'm not sure that is really going to come to fruition. The folks at Apple also need to consider that many corporations have requirements of manageability of the devices above and beyond basic integration with the messaging platform. To truly get a foot in the door on the corporate side of things there are a number of additional things that would need to be considered, like lockout/password policies and remote wipe of the device, something that the BlackBerry and Windows Mobile devices have today and have had for some time.

It'd be nice, but I'm still not seeing the iPhone as a corporate tool in the immediate future.