Cisco - TABPI

VOLUME 20, NUMBER 21 n $6
NEWSPAPER PERIODICALS
NEWS & ANALYSIS
Adding polish to
Windows Server
Microsoft mulls add-on
technologies 7
IBM banking on
UML approval
Version 2.0 could fuel
new modeling tools 7
PC makers look
beyond desktop
Acer, MPC take aim at
server, storage space 12
Anti-spam push
picks up steam
Microsoft, Symantec
offer plans in D.C. 15
2.6 kernel: More
memory, storage
Linux database users
await new features 39
GWEEK LABS REVIEW: State-of-the-art
firewalls prevent the exploitation of
Web application holes PAGE 47
gWEEK LABS
May 26, 2003
From WEP
to WPA
and beyond
What to consider
when retooling 54
OPINION TIMOTHY DYCK
Seven years of
perspective 52
JOHN TASCHEK
Product activation sends
the wrong message 61
Feds to open
cyber-security
ops center
SUCCESS OF CENTER
WILL HINGE ON HIRING
OF HIGH-LEVEL LEADER
Blue Titan
unscrambles
Web services
Network Director
taps XML 56
Ultralight
Actius excels
at portability
Keyboard, speed
are trade-offs 59
SUN, ORACLE STRENGTHEN ALLIANCE 36 N SERENA ACQUIRES TEAMSHARE 38 N CISCO UPGRADES SWITCHES 42 N ZYXEL BOOSTS ZYAIR SECURITY 58
FOR DAILY TECH NEWS, ADDITIONAL REVIEWS AND MORE OPINION, GO TO IWEEK.COM
By Dennis Fisher IN BOSTON
and Caron Carlson IN WASHINGTON
officials at the department
of Homeland Security plan
to announce this week the establishment
of a national
cyber-security
center, which
brings all the
department’s
information
security assets
under one umbrella,accord-
Clarke:“The right
person” is key.
ing to people briefed on the plan.
So far, however, no one has
been named to head the center,
and security experts warn that
without a strong leader, the
center will lack the muscle it
needs to be effective.
One of the main drivers be-
[CONTINUED ON PAGE 16]

Editor in Chief Eric Lundquist
Executive Editor/News Michael R. Zimmerman
Director/Design Paul Schaffrath
Director/eWEEK Labs John Taschek
Managing Editor Sue Troy
Executive Editor Stan Gibson
Executive Editor/eWEEK Labs Deb Donston
Technology Editor Peter Coffee
NEWS
News Editor Scot Petersen
Deputy News Editor Chris Gonsalves
Department Editor John S. McCright
Online News Editor Rick Dagley
Online Editor Shelley Solheim
Senior Editors Jeffrey Burt, Caron Carlson,
Dennis Fisher, Peter Galli,
Paula Musich, Carmen Nobel
Senior Writers Dennis Callaghan, Renee
Boucher Ferguson, Evan
Koblentz, Darryl K. Taft,
Lisa Vaas
Exec. Asst. to Editor in Chief Colleen Shanley
gWEEK LABS
Technical Director, West Coast Timothy Dyck
Technical Director, East Coast Jim Rapoza
Senior Analysts Henry Baltazar, Jason Brooks
Cameron Sturdevant
Technical Analyst Francis Chu
Managing Editor Mary Stevens
Senior Writer Anne Chen
EDITORIAL PRODUCTION
Deputy Managing Editor Debra Perry
Deputy Copy Chief Jim Williams
Senior Copy Editor Frederick Ricketts
Production Designer Tara-Ann Fasulo
ART DEPARTMENT
Senior Art Director Stephen Anderson
Senior Macintosh Artist Paul Connolly
gWEEK
Publisher Brian M. Gleason
Business Manager John Dennehy
Marketing Mary Zagrobelny,
Group Marketing Director;
Caroline Tilghman,
Research Analyst
Ad Traffic Howard Lubinger, Manager
Production Manager Milena Emery
ZIFF DAVIS MEDIA
Chairman & CEO
Robert F. Callahan
Chief Operating Officer & CFO
Bart W. Catalane
Senior Executive Vice President, Publishing Operations
Tom McGrade
Executive Vice President & Editorial Director
Michael J. Miller
Executive Vice President, General Counsel & Secretary
Gregory Barton
SENIOR VICE PRESIDENTS
Jasmine Alexander (Technology & Sales Operations)
Derek Irwin (Finance)
Charles Mast (Circulation)
Sloan Seymour (Enterprise Group)
Dale Strang (Game Group)
Jason Young (Internet)
VICE PRESIDENTS
Ken Beach (Corporate Sales)
Tim Castelli (PC Magazine Group)
Charles Lee (Integrated Media)
Aimee D. Levine (Corporate Communications)
Jim Louderback (Editor in Chief, Internet)
Eric Lundquist (Editor in Chief, eWEEK)
Bill Machrone (Editorial Development)
David Mullen (Controller)
Beth Repeta (Human Resources)
Tom Steinert-Threlkeld (Editor in Chief, Baseline)
Stephen Sutton (Internet Audience Development)
Stephen Veith (Publisher, CIO Insight)
Senior Director, Manufacturing
Carlos Lugo
Director, International
Christin Lawson
eWEEK editorial staff members can
be reached at (781) 938-2600 or
(800) 451-1032, or via e-mail using the following formula: firstname_lastname@ziffdavis.com.
For example: eric_lundquist@ziffdavis.com (Don’t
use middle initials in address.)
eWEEK®, PC Week®, PC Week Netweek®, PC Week Shoot-Out®,
Spencer F. Katt® and Spencer F. Katt: Rumor Central® are registered
trademarks of Ziff Davis Publishing Holdings Inc. Copyright (c) 2002 Ziff
Davis Media Inc. All rights reserved. Reproduction in whole or in part
without permission is prohibited. For permission to reuse material in this
publication or to use our logo, contact Ziff Davis Media’s
rights and permissions manager, Olga Gonopolsky, via email,
olga_gonopolsky@ziffdavis.com; phone, (212) 503-
5438; fax, (212) 503-5420. For reprints, contact Lori
Noffz via e-mail, eweek@reprintbuyer.com; phone, (717)
399-1900, Ext. 104. Printed in the U.S.A.
FWEEK.COM
THIS fWEEK
find a weak point; build a firewall.
It’s an ad hoc approach, but it’s the one corporate IT is following as it
gropes its way to more secure Web computing. This week, eWeek Labs
West Coast Technical Director Tim Dyck reviews three Web application
firewalls designed to protect an extremely weak link in the Web infrastructure.
And application holes are often exploited. Tim says the vendors tell
him that customers come calling when they’ve failed a penetration test. The
products he reviews are for critical servers and take a Draconian approach
to security, eliminating access except by specifically allowed, or white-listed,
entities. Tested were Sanctum’s AppShield 4.0,
Teros’ Teros-100 APS 2.1.1 and Kavado’s InterDo
3.0. Teros won Tim’s Analyst’s Choice award.
Tim notes that we already have conventional
firewalls, of course, and two of these can be
used to create a demilitarized zone around
a particularly sensitive server. Then you can
add a Web application firewall and maybe
a database firewall. The result is a firewall
infrastructure that’s ripe for consolidation.
Tim predicts this will happen, with such larger
players as Check Point Software Technologies
leading the way.
Ah, security. We just can’t get enough. And if
you listen to Richard Clarke, we’re not about
L Tuesday,
check out
eWEEK’s online
exclusive interview
with
Richard
Clarke, former chairman of
the President’s Critical Infrastructure
Protection Board,
and find out why he’s so criti-
cal of the government’s
cyber-security strategy.
L Wednesday,
join Cameron
Sturdevant
for
an online
walk
through one of the latest
patch management
The NCC is expected to emerge
from the DHS next month.
to get enough of it from the Department of Homeland Security. Now that
he has left the government, Clarke is very active on the speaking circuit.
Dennis Fisher interviewed Clarke when he came to Boston last week and
heard Clarke reiterate his call for a National Cybersecurity Center with
direct access to the president.
But if you look at the organizational chart, the NCC appears buried beneath
levels of bureaucracy. Clarke has a point. For whatever reason, Clarke feels
he was slighted when the DHS structure was created, so it’s hard to tell whether
his critiques of the structure are objective or merely sour grapes.
Finally, some good news: Microsoft has listened to customers. As Peter
Galli reports, customers have told Microsoft that waiting three years for a
major product upgrade is too long. So Redmond plans to deliver new technologies
as incremental add-ons, “out of band” from the regular upgrade cycle.
The first candidates, as Peter reports, are likely to be Network Attached
Storage 3.0, Small Business Server 2003 and a version of Windows
Server 2003 for AMD’s processors. Customers get to enhance the products
at a pace of their own choosing. What’s not to like? ´
Till next eWEEK, send your comments to stan_gibson@ziffdavis.com.
products reviewed by eWEEK
Labs, PatchLink Corp.’s
PatchLink Update 4.0.
dFriday, get your fix of tech
rumors early:
Eweek.com posts
Spencer F. Katt’s
Rumor Central
column that night
each week.
MAY 26, 2003 n eWEEK 3

MAY 26, 2003
CONTENTS
NEWS&ANALYSIS
7 Microsoft is thinking about
strategies for future releases
of Windows Server 2003.
7 IBM eyes innovations that
tap UML 2.0, which is up
for a vote next week.
12 Acer and MPC unveil servers
and storage devices,
moving beyond the desktop.
12 Microsoft agrees to an
intellectual property license
with SCO.
14 Startup Device IQ hopes
to pick up where Thin-
AirApps left off.
15 Microsoft, Symantec and
AOL join the anti-spam
crusade.
15 The SNIA expects major
advances in communication
among storage devices.
16 Tools from Sunbelt are
designed to speed analysis
of network directories.
18 The Buzz
20 Nextel targets the enterprise
with new push-to-talk
and VPN services.
22 BMC and Quest tools
extend support for IBM’s
DB2 database.
22 Rendition’s TrueControl
focuses on extensibility
and administrative ease.
24 Face to Face: VP Masters
sees a bright future for
Sun’s high-end servers.
33 Security: The Department
of Homeland Security is restructuring
to give network
safety a higher profile.
36 Sun and Oracle strengthen
their alliance in an effort
to lower deployment costs.
36 Cisco rolls out new and
enhanced security management
tools.
37 CA’s and Veritas’ backup
and restore tools link suites
with other technologies.
37 Swingtide and Blue Titan
products take different paths
to managing Web services.
38 Serena gains collaborative
technology through its
acquisition of TeamShare.
39 Storage: The forthcoming
2.6 kernel will let Linux
tackle big, enterprise-class
database applications.
41 Tadpole Computer’s first
mobile workstation is fast
and inexpensive.
42 Cisco’s switch strategy
focuses on upgrades
and cost reduction.
42 SPSS and SAS will
expand Web tools’
predictive capabilities.
33
fWEEKLABS
54 Tech Analysis: WPA and
802.11i will boost WLAN
security, but IT staffs must
weigh all options
before retooling.
55 REVIEW: Linksys’
WRT55AG router
offers new flexibility to
organizations upgrading
WLANs.
56 REVIEW: Blue Titan sorts
out Web services but
needs better reporting.
58 Pings & Packets: SOAP
1.2 nears ratification; ZyXel
adapter gains Aegis client;
file size doesn’t matter for
WinZip 9.0 beta.
59 REVIEW: Sharp’s Actius
SECURING
WEB APPS
47 Tech Analysis:
New white-list
approaches provide
a higher level of
security for Web
applications.
47 REVIEW: Kavado,
Sanctum and Teros
firewalls plumb
HTML to lock down
Web apps, but similarities
end there.
50 Case Study:
AppShield has the
Web app security
prescription for
Blue Cross and
Blue Shield of
Kansas City.
redefines portability, but its
keyboard is cramped.
60 Tech Analysis: Storage
World highlights basics
and innovators.
62 REVIEW: A Net Express
update retools legacy apps
for Web services.
55
OPINIONS
3 This eWEEK: IT is using
firewalls to protect weak
links in Web infrastructures.
26 Eric Lundquist: Lessons
can be learned from older
technologies.
40 Peter Coffee: Statistics on
sleep deprivation point to
problems for employers.
44 Editorial: Internet merchants
should collect
state sales taxes.
44 Reader Mail
45 Free Spectrum: Wellintentioned
worms may be
dangerous and illegal.
52 Timothy Dyck: The driving
forces of today’s IT spending
will be here for a while.
61 John Taschek: “Activation”
aggravation is justified.
66 Spencer F. Katt chuckles
at a Freudian slip and
toasts Chi-Town spirits.
Clarke cover photo: Mark Alcarez
47
MAY 26, 2003 n eWEEK 5

16 SUNBELT
TOOLS SPEED
NETWORK
DIRECTORY
ANALYSIS
20 NEXTEL
SERVICES
OFFER DIRECT
ENTERPRISE
CONNECTION
24 SUN VP
DISCUSSES
FUTURE OF
HIGH-END
SERVERS
NEWS&ANALYSIS
Beyond Windows Server
MICROSOFT PLOTS HOW TO IMPROVE THE PLATFORM OVER THE LONG HAUL
By Peter Galli
With windows server 2003just a month out of the
gates, Microsoft Corp. is already looking at ways
to deliver add-on technologies and wrestling with
the issue of how to price these technologies.
“There is some deep thinking and strong con-
sideration going on inside the server team about how to best
stage future releases and what the core elements of our
strategy should be,” said Jay Jamison, director of product plan-
ning for the Windows Server division, in Redmond, Wash.
According to Jamison, one of the ways Microsoft intends
to deliver some of that functionality
is through an “outof-band”
mechanism, where
new technologies and tools
are delivered between major
server releases.
Out-of-band technologies
could range from tools and
things such as the group
policy management console
to layered add-on services,
such as the Real-Time Communications
Server, he said.
Sources close to Microsoft
said the company is expected
to release several out-of-band
upgrades to Windows Server
2003 this year, including an
iSCSI initiator, Network
Attached Storage 3.0, Small
Business Server 2003, Windows
Virtual Server and Windows
Server 2003 for Advanced
Micro Devices Inc.’s
processors. When asked about
the list, Jamison said, it
“sounds about right.”
Thompson: “Innovation does not
have to wait for major releases.”
When it comes to largeenterprise
customers, some
are willing to pay for additional
technology rather than
have it built into the core
operating system.
“We like the idea of being
able to choose what functions
we want to install on top of
the operating system. In
some ways, it would be less
problematic than having all
of this built into the core kernel,”
said Jeff O’Dell, vice
president of archi-
tecture for health benefits
provider Cigna
Corp., in Bloomington,
Conn. “But, on
the other hand, if
functionality is already
built into the
operating system, we
can just turn it on if we
want.”
Jamison said the majority
of new functionality made
available through the out-of-
Developers expect nod
for UML 2.0 standard
By Darryl K. Taft
The object management
Group will meet in Paris
next week to vote on Version
2.0 of Unified Modeling
Language, a language that
supports analysis and design
in a variety of tools and promises
to open new horizons
for developers.
The first UML 2.0 specifications
were adopted as OMG
standards in March—covering
Infrastructure, Object
Constraint Language and Dia-
33 DHS
REORGANIZES
TO GIVE NET
SAFETY HIGH-
ER PROFILE
band process will be things
that customers can download
and use freely.
“In some cases, there will
be new technologies made
available through this process
that may require an enterprise
server to run or could
require a Windows [Client
Access License] or the like,
but we have not made any
final decisions on this,” Jamison
said.
‘We like the idea of
being able to choose
what ... to install on top
of the operating system.’
—JEFF O’DELL
Dan Kusnetzky, an analyst
for International Data Corp.,
in Framingham, Mass., said
Microsoft is trying to uncou-
[CONTINUED ON PAGE 10]
gram Interchange Protocol. A
fourth specification, Superstructure,
is expected to be
voted on at the meeting next
week, completing the recommendation
process for the latest
UML version.
Few developers will be looking
forward to UML 2.0 more
than IBM. Sridhar Iyengar, a
Distinguished Engineer with
IBM, in Raleigh, N.C., and a
member of the OMG Architecture
board, said IBM
[CONTINUED ON PAGE 10]
MAY 26, 2003n eWEEK 7

NEWS&ANALYSIS
LATE NEWS
Microsoft tape
backup flaw found
MICROSOFT OFFICIALS LATE LAST WEEK CONfirmed
they are investigating reports that
tape backups made with Windows
Server 2003 cannot be read by older
versions of the operating system.The
problem lies within Windows’ built-in
NTBackup program.The 2003 version
writes 64KB blocks while older versions
use 32KB,industry analysts said.Thirdparty
backup programs that do not use
NTBackup.exe are not affected.
E-mail scam targets
Citibank customers
ANOTHER BANK-RELATED E-MAIL SCAM
began circulating last week,this one targeting
users of a money-transfer service
owned by Citibank.
The fraudulent e-mail attempts to lure
customers of the c2it money-transfer service
into divulging user names,passwords
and credit card numbers.The message
appears to be from c2it customer service
but is actually from a Hotmail account.
The e-mail arrives with the subject line,
“Your account is on hold.”
Salesforce offers
‘keys’ to CRM system
SALESFORCE.COM IS PLANNING TO SHORE UP
its application integration capabilities
with a new developer’s tool kit called
Sforce,which the company will
announce next week.The hosted CRM
services provider is partnering with
Microsoft,BEA,Sun and Borland for the
offering,which will give developers the
“keys”to the Salesforce.com system,
exposing code,system intricacies and
database key indices.The hosted service
will support Web services integration
with other applications and be preconfigured
for use with development tools
such as Microsoft’s Visual Studio .Net
and Borland’s JBuilder.Sforce should be
available June 3.´
10 eWEEK n MAY 26, 2003
WINDOWS SERVER 2003 FROM PAGE 7
ple updates from the basic release of
the platform itself. But the challenge
was the business, licensing and pricing
model under which these were
released.
“That is not clear at this point. Will
end users have any idea what the total
cost of operation will be if every now and
again Microsoft changes the prices on
some functions?” Kusnetzky asked.
Dave Thompson, corporate vice
president of the Windows Server Product
Group at Microsoft, said out-of-band
releases are effectively part of Windows
Server. “Innovation does not
UML FROM PAGE 7
researchers are looking into several innovations
using the new specification.
IBM will be looking to build a UML
profile for testing. This work will lead
to “using modeling not just for analysis
and design but for testing,” Iyengar
said. “We expect this technology will
become a standard,” he said.
IBM’s approach to modeling signals
a race with Microsoft Corp., which is
warming up to the OMG for similar purposes.
Microsoft will support modeling
in its upcoming Jupiter e-business suite,
which will compete with IBM’s Web-
Sphere.
Iyengar said IBM is also looking to
provide support for modeling business
rules and add business modeling standards.
The OMG has a business rules
working group to which IBM has submitted
a paper describing its work.
“But this is in the early stages,” Iyengar
said. Standards in these areas are
expected next year, he said.
In addition to its use of the MDA
(Model Driven Architecture) specification,
IBM is pushing toward a new
area, which Iyengar calls Model Driven
Business Integration, while the company
also has a focus on model-driven tool
integration and model-driven application
development, he said.
MDA allows developers to design,
build, integrate and manage applications
throughout the life cycle while separating
technology and business concerns,
Iyengar said.
EMF (Eclipse Modeling Framework)
is the glue that holds together IBM’s
modeling strategy. “EMF is the technology
that unifies the world of model-
have to wait for major releases,” Thompson
said.
Jamison suggested that a Windows
Server release in the “Longhorn” client
time frame, expected to ship in early
2005, is not likely. He did say that “Blackcomb,”
the major Windows release following
Longhorn, could be expected in
a time frame “roughly similar to how
we’ve done it before [three years].”
Jamison said this release will extend
the underlying security work in Windows
Server 2003 and build on the work
already done in .Net Framework and Universal
Description, Discovery and Integration
in Server 2003. ´
Modeling at IBM
�Being implemented in all major
brands: Rational,WebSphere,DB2
and Tivoli,with Lotus to come
�Modeling used for tools integration,application
development,data
warehouse management and Web
services
�Moving from MDA to Model Driven
Business Integration
�Mapping UML to Business Process
Execution Language
ing in WebSphere and DB2,” Iyengar
said. “The use of EMF will increase
within IBM and externally,” among
members of the IBM-sponsored
Eclipse.org organization, which oversees
the Eclipse open-source development
platform, he said.
“I was at an IBM Web services meeting
in Atlanta recently, and it is clear they
are with the [modeling] program,” said
Tom Henner, a principal with BankHost
Inc., an Atlanta-based banking company
that has used modeling to develop a
browser-based international banking
application. “BankHost developed its
application using IBM’s Rational Rose
for UML modeling,” Henner said.
In a report on IBM’s modeling strategy,
Aberdeen Group Inc. analyst Tim
Sloane, in Boston, said: “For competitors,
the fact that IBM has made modeling
central to its go-to-market model
for both IBM Global Services and IBM
products should give them pause for
consideration. Is your company positioned
to implement a similar plan?” ´

NEWS&ANALYSIS
Acer, MPC set server
sights on enterprise
OFFERINGS TO INCLUDE RACK-MOUNTED SYSTEMS
By Jeffrey Burt
Acer america corp. is
looking to expand beyond
PCs and laptops and reestablish
itself in the more
lucrative server and storage
space with new rack-mounted
systems and storage devices.
The Altos R300, a rackmounted
1U (1.75-inch)
server, is a one-way system
powered by Intel Corp.’s Pentium
4 chip running at speeds
up to 3.06GHz, said officials
Acer’s Altos R300 rack-mounted
server runs on Pentium 4 chips.
at the San Jose, Calif., company.
The unit, due this week,
is priced starting at $1,600 and
is targeted at midsize companies,
although officials said
several servers can be tied
together into a Linux cluster
to deliver high-performance
capabilities.
The company this summer
will add to that line the 2U
(3.5-inch-high), two-way
R700, based on Intel Xeon
chips.
Later this year or early
next year, Acer will ship the
Altos S300 and S700 storage
devices, officials said.
Acer’s parent company
sells the systems in Europe
and Asia, but this will be the
first time the company’s rackmounted
and storage devices
are introduced to North
America.
The moves represent a
growing trend among PC
12 eWEEK n MAY 26, 2003
makers, including Gateway
Inc. and MPC Computers
LLC, to branch out beyond the
desktop.
According to some IT
administrators and industry
observers, it is not yet
clear whether the companies
can grow beyond their
installed base of PC customers.
“We’re running all of our
mission-critical stuff on our
[Dell Computer Corp. and
Compaq]
servers,” said
Roy Cashman,
CIO for RUAN
Transportation
Management Systems
Inc., in Des Moines,
Iowa. “We would not take a
chance on a niche player ...
who didn’t have a market
presence.”
But that installed base
could be the place to establish
a presence. The State Journal-
Register, a Springfield, Ill.,
newspaper, has been an MPC
PC customer for almost four
years.
Based on that history, the
paper this year began buying
servers from the Nampa,
Idaho, company and will consider
its storage equipment
when the need arises.
MPC last week rolled out
its first two storage offerings,
the DataFrame 310fc Fibre
Channel product and a SCSI
counterpart, the 310s.
“From this point on, it’s virtually
100 percent MPC in
this building,” said Terry Claypool,
IS operations manager.
“They work very hard
to keep our business, both
with price and service.” ´
Microsoft covers back
with SCO Unix license
By Peter Galli
The crusade by the sco
Group to protect its Unix
intellectual property took
an unexpected turn last week
when Microsoft Corp. said it
was licensing the Unix source
code and patent from the
company.
“SCO approached us a couple
of months ago, and they
had a valid IP claim, and, as
we do quite regularly, we
agreed to a broad IP license
with SCO and as such have
stepped out of the fray,” said
Alex Mercer, a Microsoft
spokeswoman, in Redmond,
Wash.
In the last month, SCO,
of Lindon, Utah, has made a
number of moves, charging
that IBM, Linux and many
of SCO’s own customers are
violating SCO’s Unix IP.
Mercer said it was not
Microsoft’s intent to exploit the
IP license as a way to fund
SCO’s campaign against IBM
and Linux—which SCO is
suing for $1 billion—and
against Linux. “There is
absolutely no correlation
between the IBM suit and our
IP license with SCO,” she said.
Furthermore, Microsoft’s
agreement is not an admission
that the company and its
Services for Unix product violated
SCO’s IP but rather is
a pre-emptive move to avoid
possible complications, said
Mercer. Details about the
financial value and conditions
of the Microsoft-SCO deal are
confidential, and Mercer
declined to say whether
Microsoft is contemplating
other deals with SCO.
As for SCO, its legal moves
are not sitting well with some
customers. “More and more,
it looks like SCO is just
scratching the sides of the
well as they plummet to their
death,” said one SCO user,
who requested anonymity.
A Unix/Linux programmer
in Boston also questioned
whether Microsoft really
needed another Unix license
given that it held one of the
original ATT Unix licenses, the
same one Sun Microsystems
Inc. has. Microsoft’s Mercer
declined to comment.
But Chris Sontag, senior
vice president and general
manager for SCO’s intellectualproperty
division, said the
licensing deal ensured Microsoft’s
intellectual-property compliance
across all Microsoft
solutions and will better enable
Microsoft to ensure compatibility
with Unix and Unix services.
“There are many companies
in the IT industry who
acknowledge and respect the
intellectual property of software,”
said Sontag. “Microsoft
is showing the importance
of maintaining compatibility
with Unix and Microsoft’s
software solutions.”
The Open Source Initiative
last week hit back, updating
its attack against SCO. OSI,
a nonprofit educational association
with offices in Palo Alto,
Calif., is one of the principal
advocacy groups for the opensource
community. In a position
paper, OSI argues that
an SCO victory could do serious
damage to the open-source
community. “SCO’s implication
of wider claims could turn
Linux into an intellectualproperty
minefield, with potential
users and allies perpetually
wary of being mugged by
previously unasserted IP
claims,” it said. ´

NEWS&ANALYSIS
FRONT OFFICE
Oracle enhances
Sales application
ORACLE LAST WEEK RELEASED
Version 11.5.9 of its Oracle Sales
application, with several new
enhancements designed to help
salespeople.
The enhancements include
a new application called Oracle
Proposals, which generates personalized
sales proposals from
templates. These proposals can
then be tracked and monitored
for effectiveness.
This release also supports
tighter integration with Oracle’s
Order Management applications,
allowing sales representatives
to check customers’
credit histories during the
quoting process.
The software is available now
with suite and component pricing
models.
The next version of the software,
11.5.10, expected in nine
months to a year, will add new
capabilities for collaborative
selling and partner relationship
management, officials said.
—Dennis Callaghan
STANDARDS
OASIS ratifies
UDDI specification
THE ORGANIZATION FOR THE
Advancement of Structured
Information Standards last week
announced the ratification of
Universal Description, Discovery
and Integration Version 2 as an
OASIS open standard.
UDDI, the most broadly supported
Web services standard,
allows users to publish, find and
use Web services.
OASIS officials said members
of the OASIS UDDI Specification
Technical Committee include
Computer Associates International,
Fujitsu, IBM, Iona
Technologies, Microsoft, Novell,
OpenNetwork Technologies,
Oracle, SAP, SeeBeyond Technology,
Sun Microsystems, Tata
Consultancy Services and others.
—Darryl K. Taft
14 eWEEK n MAY 26, 2003
Handheld applications redux
DEVICE IQ SHUNS
MIDDLEWARE FOR APPS
By Carmen Nobel
Ateam of engineers and
developers from Palm
Inc.’s ill-fated enterprise
software group this fall will
launch a company that will aim
to create more enterprise applications
for more devices than
their previous employer.
To do it, Device IQ Inc. is
avoiding a generic
middleware platform
in favor of customizing
applications for
companies.
“There is an enormous
lack of good
device-side software,”
said Bob Pascazio,
president of Device
IQ, in New York. “So
there is some work we Palm
are doing on mobile
embedded systems—
that are not Palms or
phones—that do not
have an OS but communicate
to a PC periodically
through USB
[Universal Serial Bus]
or Bluetooth.”
Pascazio declined
to name the devices
for which Device IQ
will be designing software
because many of them have yet
to be released, but he said
the company is working on
applications for existing hardware,
too. “We are also writing
some sophisticated client-side
applications on phones, Palms
and Pocket PCs,” he said. “Also
for PDAs we have a Web site
deal, similar to Vindigo [Inc.’s]
offering.” Vindigo creates
Web-based, location-based
applications for several handheld
platforms.
Pascazio was a lead devel-
oper at ThinAirApps Inc., a
company that Palm bought
in December 2001 to create a
wireless middleware platform
for its Tungsten handheld line,
which is aimed at corporate
users. At the time, Todd Bradley,
then chief operating officer
of Palm, called the acquisition
“a linchpin of our longterm
enterprise and wireless
strategies.” But Palm nixed the
plans for the middleware,
Wavering on wireless
Microsoft Corp.
� 1998 Co-founds Wireless Knowledge Inc.
� 2000 Announces initial plans for Microsoft
Mobile Information Server, which will compete
with Wireless Knowledge
� 2001 Sells off Wireless Knowledge stake
� 2002 Announces phaseout of MMIS
� Early 2001 Announces plans to buy
Extended Systems Inc.; nixes the plans a few
months later
� Late 2001 Announces acquisition of
ThinAirApps
� 2002 Announces Tungsten line of handhelds
and accompanying middleware based
on ThinAirApps technology
� 2003 Reveals that it will not release middleware
for Tungsten
dubbed Tungsten MIMS
(Mobile Information Management
Server), a couple of
months ago, saying it no
longer fits its focus.
Life at Palm after the Thin-
AirApps acquisition was frustrating
up until Palm shut
down the New York office in
March, Pascazio said. “We had
Tungsten MIMS Version 1.8
almost out the door,” he said.
“It was an amazing product. It
worked on the Tungsten T with
Bluetooth to a GPRS [General
Packet Radio Service]
phone, worked on the Tungsten
C, Tungsten W, et cetera.
It had full groupware support
for Exchange, Domino,
IMAP. They dumped the
whole thing.” Palm officials
said the company’s future software
plans are based on partnerships
with large software
companies and carriers, which
like to choose their own backend
software.
“Some of the ThinAir technology
is still in use,”
said Jon Oakes, senior
director of business
solutions at Palm and
former CEO of Thin-
AirApps, who works
from his New York
home now that Palm’s
office there has closed.
“Some technologies
will be a part of the
IBM WebSphere Everyplace
Access suite.
We were proud to be
part of WEA Version
4.3.”
Explaining why
MIMS was nixed,
Bradley said in March,
“In the enterprise
arena, market conditions
have caused us
to rebalance our areas
of emphasis.”
Palm will still make client
software. Oakes said: “We will
continue to develop our own
software solutions. But we
intend to leverage software
partners for most of our backend,
connectivity-oriented
solutions.”
Palm has a history with IBM
competitor BEA Systems Inc.
In August, Palm announced
plans to work with BEA and its
WebLogic Server to develop
what was to be the first Web-
Logic Workshop control for
handheld devices. ´

War on spam gains 2 allies
MICROSOFT, SYMANTEC GO TO WASHINGTON TO PUSH NEW PRODUCTS
By Caron Carlson IN WASHINGTON
The anti-spam crusade is
gaining momentum as
industry players, including
Microsoft Corp. and
Symantec Corp., counter
pending bills on Capitol Hill
with legislative proposals of
their own.
To date, proposed ideas
have covered a wide range
of measures, from jail time
for repeat spammers to a tiny
charge on every piece of spam
sent. The Senate is slated to
sort through all the options
and vote on one proposal
before summer’s end.
Microsoft, of Redmond,
Wash., got into the act last
week when company Chairman
and Chief Software Architect
Bill Gates called for Congress
to create incentives for
e-mail marketers to adopt best
practices and become certified
trusted senders. As part of
the proposal, the Federal Trade
Commission would provide
a safe harbor for companies
that join an FTC-approved selfregulating
group. Legislation
would require marketers to
properly label their e-mail and
would give ISPs the right to
take spammers to court.
Symantec suggested to lawmakers
last week that legislation
should focus on false
labeling and require a physical
address in commercial bulk
e-mail. The Cupertino, Calif.,
company, whose brand and
products have been fraudulently
peddled by e-mail, also
asked Congress to give the
FTC more resources to prosecute
electronic fraud.
For America Online Inc.,
spam is the most important
issue today, Ted Leonsis, AOL
vice chairman, told the Sen-
ate Commerce Committee
last week. “There is raw anger
that spam generates,” Leonsis
said, adding that the government
needs
stronger tools to
track down the
most fraudulent
offenders.
Others maintain,
however, that
anger stems not
only from fraudulent
e-mail but
also from the
growing volume
of unsolicited
messages, to which ISPs contribute.
Charging that AOL,
of New York, operates its
“own personal spam com-
Schumer’s bill would give
repeat spammers jail time.
pany,” Ronald Scelson,
owner of Scelson Online
Marketing Inc., in Slidell,
La., told lawmakers that
some ISPs are
filtering out
legal messages
if they receive
one complaint,
driving bulk
e-mailers to
forge addresses.
Calling himself
“the most
hated person” at
the hearing,
Scelson said he
sends as many as 180 million
e-mail messages every day
and that it takes him less
than 24 hours to thwart an
NEWS&ANALYSIS
ISP’s spam filters.
The industry approaches,
which urge Congress to preempt
state anti-spam laws, are
largely consistent with the
longest-standing anti-spam
bill, the CAN-SPAM initiative
sponsored by Sens. Conrad
Burns, R-Mont., and Ron
Wyden, D-Ore. CAN-SPAM
would ban the use of false or
deceptive headers or subject
lines, require senders to provide
users with an opt-out feature,
and prohibit private
rights of action.
Consumer groups, and
many state attorneys general,
are calling on Congress
to take a tougher approach.
Sen. Charles Schumer, D-N.Y.,
is sponsoring a bill that would
establish jail time as a penalty
for serious, repeat spammers
and create a national
“Do not spam” list. Sen. Mark
Dayton, D-Minn., last week
suggested that a small tax on
e-mail would deter spam. ´
Smarter storage on horizon?
By Evan Koblentz
For several years, users have clamored
for more management features to be added
to existing hardware. Now, a number of
vendors are suggesting it’s better to build
smarter hardware in the first place.
In fact, technologies are under development,
according to industry experts, that improve
the way low-end RAID controllers communicate
with drive clusters and that enable highend
array intelligence to reside as objects in
central servers.
“The future of the storage industry looks
just like the future of the rest of computing,”
said John Webster, an analyst at Data
Mobility Group Inc., in Nashua, N.H. “People
build functions, express it in hardware or software,
and [eventually] express it in more efficient
ways of doing things.”
On the low-end storage front, users in the
future will be able to consolidate storage,
move drives among controller units, replace
failed parts and upgrade to new features—all
among different vendors and without having to
use backup data sets or remap every drive and
volume, said Wayne Rickard, chairman of the
Storage Networking Industry Association’s Technical
Council and vice president of advanced
technology at Seagate Technology LLC.
Such interoperability will be facilitated by the
Disk Data Format Provisional Working Group
proposed this month by Adaptec Inc., Dell Computer
Corp. and LSI Logic Corp., Rickard
said. Creating the standards could take two years,
said Rickard, in Scotts Valley, Calif.
In high-end storage, object-based storage is
also on its way to becoming a context-aware,
native technology. For evidence, users can look
to hardware such as EMC Corp.’s Centera and
software such as IBM’s StorageTank.
Instead of mapping logical units, numbers
and zones directly between servers and
storage, “with object-based storage, the devices
are doing all this themselves,” said Mike
Mesnier, co-chair of SNIA’s object storage
devices working group and storage architect
at Intel Corp.
By this fall, the working group will complete
its security and data sharing documents,
said Mesnier, in Pittsburgh. ´
MAY 26, 2003 n eWEEK 15

NEWS&ANALYSIS
Network analysis: Fast and frugal
SUNBELT TOOLS CUT
COSTS, SPEED TASKS
By Paula Musich
Sunbelt software inc.
hasdeveloped a pair of administrative
tools that deliver
fast, inexpensive analysis
of directory and network protocol
issues for administrators.
The Clearwater, Fla., company’s
directory reporting tool
works across multiple directories,
including those of
Novell Inc., Microsoft Corp.,
IBM and Sun Microsystems
Inc., as well as any LDAPenabled
directory. It reports on
security, integrity and com-
CYBER-SECURITY FROM PAGE 1
hind the center is the need
to improve the government’s
incident-response and information-sharing
capabilities,
which have come under fire
in both public and private sectors,
said Richard Clarke, former
special adviser to the
president for cyber-security,
who resigned earlier this year.
That criticism is likely to continue
unless the department
can attract a well-known security
expert to run the center.
“The center will never
become what it should be in
terms of the national locus for
policy unless there’s a nationally
recognized and high-level
person with high-level access
in the administration,” Clarke
said in an interview in Boston
last week. “Because otherwise
people will just consider it
another bureaucratic organization.
It’s very key that they
get the right person; very
key that person has access
to the president, the homeland
security adviser and
homeland security secretary.”
For others, however, such as
16 eWEEK n MAY 26, 2003
pliance in enterprise directories,
officials said. The Directory
Inspector tool, due this
week, lets directory or system
managers easily answer
such questions as: Where
are the users? Do some users
have too many security privileges?
Are there unused user
accounts? Are there duplicate
account names?
“It is a management issue
when you have multiple
directories,” said Alex Eckelberry,
president of Sunbelt.
“For companies with that
hodgepodge, to be able to report
on them from a single
view—this lets you distill
security experts in the private
sector, who have accused the
government of failing to
respond quickly to emerging
security threats and of being
difficult to deal with, the choice
of a leader for the national center
is not as crucial.
“I don’t think it’s possible
Clarke: New chief will need top access.
for the government to have
much of an effect. The government
acts in a reactive
fashion,” said Eric Stromberg,
senior electrical engineer at
The Dow Chemical Co.,
based in Wilmington, Del.
complex information.”
Directory Inspector, which
provides Wizards to guide
users through complex directory
data, is priced starting
at $1,295 for 500 user objects.
Sunbelt’s other tool, LANhound,
also due this week, cuts
the cost of basic protocol
analysis and network monitoring—especially
for switched
LANs—in a commercial-grade
product. The cost to capture
and analyze network protocols
such as TCP/IP, NetBEUI,
IPX/SPX and AppleTalk on
switched networks can be
high, since vendors often
charge for each remote seg-
“There will always be the leading
issues that eventually
cause government to react.
But as the government is
reacting to issues that were
birthed yesterday, new issues
are forming today.”
The national center will be
part of the Directorate of
Information Assurance
and Infrastructure Protection
at the DHS, Clarke
said. As a center of gravity
for government information
security, it will
combine the functions
of the National Infrastructure
Protection Center,
the Critical Infrastructure
Assurance
Office, the Federal Computer
Incident Response
Center and the National
Communications System.
As the DHS meshes
the center together, members
of Congress charged
with overseeing the department’s
cyber-security efforts
are scrambling to understand
how all the pieces will fit.
For example, two separate
House panels—the Commit-
MARK ALCAREZ
ment or switch port. Typical
protocol analyzers can start
at $1,000, plus $395 per remote
agent. LANhound, which
includes three remote agents
for $595, could greatly reduce
the cost to monitor and analyze
network traffic across multiple
segments.
“That pricing will make a
big difference,” said beta tester
Erik Goldoff, systems manager
at The HoneyBaked Ham Co.,
in Norcross, Ga. “You are
talking a factor of 10 cheaper.
With LANhound, it just starts
monitoring the network and
shows where the protocol
distribution is [and] what the
network statistics are.”
LANhound displays statistics
in charts and bar graphs
and lets users set alarms that
trigger a packet capture to
aid trouble-shooting. ´
tee on Science and the cybersecurity
subcommittee of the
Select Committee on Homeland
Security—have unsuccessfully
sought answers to
such questions as, How many
resources are being devoted
to cyber-security?
Cyber-security is among the
priorities for the Science and
Technology Directorate,
Charles McQueary, DHS
undersecretary of the directorate,
told the cyber-security
subcommittee of the House
Select Committee on Homeland
Security at a hearing in
Washington last week.
McQueary said the DHS
will create a technology clearinghouse,
which will enable
it to work in partnership
with private industry.
DHS officials said they are
still working out the details of
the national cyber-security
center, including its formal
name and organizational
structure. ´
For more on DHS,see.
story,Page 33.

NEWS&ANALYSIS
the
buzz
TECHNOLOGY
NEC desktop:
Cool and quiet
NEC ANNOUNCED IN NEW
York last week what it
calls the world’s first
water-cooled PC system—which
also
promises to be one of
the quietest.
The desktop PC’s
water-cooling system uses
liquid to cool off the CPU,
enabling operating noise to be
suppressed to about half that of a
conventional PC that uses a cooling
fan, or about 30 db, according
to company officials.
The machines, due this week,
come in two models: the
Valuestar TX server and the
Valuestar FZ desktop.
FINANCIALS
PC group fuels
HP’s second quarter
HEWLETT-PACKARD EARNED $659
million on $18 billion in revenue
for the second quarter, fueled in
large part by its PC group and
SCO’s implication of wider claims
could turn Linux into an intellectualproperty
minefield.
18 eWEEK n MAY 26, 2003
NEC’s desktop PC is the world’s
first water-cooled system.
printing division.
The numbers represent a
$100 million jump in revenue
over the previous quarter.
Chairman and CEO Carly
Fiorina said the company’s focus
is on building the business rather
than absorbing Compaq
Computer.
“We still have a lot to do, but I
feel confident that HP is no
longer an integration story,”
Fiorina said during a conference
call with analysts and reporters.
For the quarter ended April 30,
HP’s Personal Systems Group—
which includes such devices as
desktop PCs and laptops—made
$21 million in profit on $5.1 bil-
QUOTE OF THE WEEK
DOSI position paper on the SCO-vs.-IBM complaint
lion in revenue. Fiorina said the
gains made on the commercial
side of the ledger were offset by
seasonal weakness in the consumer
business.
BUSINESS
Does IT matter
anymore?
A MAY HARVARD BUSINESS REVIEW
article by Nicholas Carr claims
that, due to technology commoditization,
“IT doesn’t matter” as a
strategic advantage.
“By now, the core functions of
IT—data storage, data processing
and data transport—have become
available and affordable to all,”
the report said. Turning expenditures
on technology into the costs
of doing business is an evolution
similar to that of the steam
engine, the telegraph, the telephone
and the internal combustion
engine. Similarly, the report
said, overinvestment in technology
in the 1990s echoes overinvestment
in railroads in the 1860s.
The scary question is whether
“people have already bought most
of the stuff they want to own,”
said Bill Joy, chief scientist and
co-founder of Sun Microsystems,
who was quoted in the article.
Vendors that are evolving to survive
in this commoditized environ-
BY THE NUMBERS
ment include Microsoft, which
turned its Office software suite
into an annual subscription service.
That is a “tacit acknowledgement
that companies are losing
their need—and their appetite—
for constant upgrades,” the report
said.
PEOPLE
Oracle turns to
Wall Street analyst
ORACLE IS PLUGGING MORGAN
Stanley analyst Charles Phillips
into one of the company’s top
positions, the company
announced this month.
Phillips will become executive
vice president in the office of the
CEO and will report directly to
Chairman and CEO Larry Ellison.
The analyst, who’s reported on
the software industry for Morgan
Stanley since 1994, will focus on
customer-facing activities, partners,
corporate strategy and business
development, officials said.
Phillips has been ranked the
No. 1 enterprise software industry
analyst by Institutional
Investor magazine each year
since 1994, Oracle officials said.
He has also been recognized as
one of the Top 50 black professionals
on Wall Street by Black
Enterprise Magazine. ´
RDBMS new-license revenue
Worldwide revenue estimates for 2002 (in $ billions)
$7.5
$6
$4.5
$3
$1.5
0
2.4%
IBM Oracle Microsoft NCR Others
9.7%
14.3%
39.7%
33.9%
2001 REVENUE 2002 REVENUE
Source: Gartner Dataquest (May 2003)
9.2%
18%
33.9%
36.2%
2.7%

NEWS&ANALYSIS
SERVERS
StarView remotely
monitors systems
STARTECH.COM THIS WEEK IS
rolling out a tool designed to
enable IT administrators to manage
and monitor their servers
remotely via the Internet.
The company’s StarView IP2
enables BIOS-level remote control
of a single server or multiple
systems connected to a
KVM switch over TCP/IP. Using
the device, administrators can
reset, reboot and control the
servers through any Web
browser.
The StarView IP2 can support
servers from most vendors,
including Dell, Hewlett-Packard,
IBM and Sun, and is compatible
with most KVM switches,
according to the company.
The device will be available
this week, priced starting at
$999. —Jeffrey Burt
INTERNET
AOL 9.0 beta released
AMERICA ONLINE LAST WEEK MADE
its AOL 9.0 client available to
beta testers.
The software, code-named
Blue Hawaii, is a marked departure
from the last release, AOL
8.0, in offering a skinnable, or
changeable, user interface codenamed
Prescott. With it, AOL
members will have many more
opportunities to customize the
navigation and design of the AOL
client.
AOL 9.0 also introduces a
feature called QuickViews,
which allows members to
obtain information by rolling
their mouse over a feature.
—Craig Newell, ZDI
20 eWEEK n MAY 26, 2003
Nextel targets the enterprise
PUSH-TO-TALK AND VPN
SERVICES ON LINEUP
By Carmen Nobel
Nextel communications
Inc. is taking several
steps to strengthen its
reputation as a company
that caters to the enterprise.
The Reston, Va., company
is rolling out a nationwide version
of its renowned Direct
Connect push-to-talk service,
offering new software based
on technology from IBM, forging
partnerships with enterprise
application companies
and launching new hardware
throughout the year.
“When used properly, it has
the feel of a less disruptive
phone call. I use it especially
for quick questions or checking
if someone is available.”
The service has been credited
for giving the company
a higher average revenue
per user—$67 last quarter—
than its competitors. Other
carriers have voiced vague
plans to offer their own pushto-talk
services, but Nextel
officials shrugged off the idea
that this might make Nextel
lower its prices.
“We don’t think so,” said
Greg Santoro, vice president
The StarView IP2 manages servers. Direct Connect, which lets Nextel’s direct
a phone work like a walkietalkie,
is currently available
only within a customer’s local
calling area. But that will
change this summer. A longdistance
Direct Connect service
is in beta tests in Boston,
Southern California and
Florida. It will be widely available
in those areas by next
month, with service available
to more than half of Nextel’s
coverage area by July and
throughout the United States
by August, officials said.
Nextel plans to offer two
pricing options for Nationwide
Direct Connect: an
unlimited plan for $10 per
month or a pay-as-you-go plan
for 10 cents a minute.
The scanner attachment
will cost $249.
Mobile workers say a direct
connection is simply less of a
hassle than a phone call on
both ends.
“For certain types of communication,
push to talk is
particularly useful,” said
Christopher Bell, chief technology
officer at the People-
2People Group, in Boston.
enterprise connection
� Launching Nationwide Direct
Connect service this summer
� Offering a mobile VPN service
that uses IBM’s WebSphere
Everyplace Connection Manager
� Selling a bar-code scanner
attachment from Symbol for Nextel
phones
of Internet and Wireless
Services at Nextel. “We don’t
think [competitors] can create
a service that meets ours.”
In the meantime, Nextel
last week announced a new
VPN (virtual private network)
service based on IBM’s Web-
Sphere Everyplace Connection
Manager software. The VPN
compresses data up to three
times faster than previous
solutions, Nextel officials said,
and uses several encryption
standards, including Data
Encryption Standard, Triple
DES, RC5 and Advanced
Encryption Standard.
“It finally brings together
encryption and compression,”
Santoro said. “It was
either/or up until now.”
He added that Nextel is
working with several companies
that specialize in corporate
data applications, especially
for creating software
designed to run on the Black-
Berry 6510, an e-mail/phone/
walkie-talkie device that
Research In Motion Ltd. created
for Nextel’s network.
“We’re getting traction with
people who never thought
about using a BlackBerry
before,” especially in vertical
markets, Santoro said.
To that end, Nextel this
month began selling a barcode
scanner attachment
for its i88s and
i58sr phones.
Symbol Technologies
Inc.’s PSM20i
scanner clips on to the
end of the phone. It
weighs 1.4 ounces.
Users scan the bar
codes by pressing the
Direct Connect button
on the side of the
phone and then use
a Java-based application
to send the information
out over the iDEN, or
Integrated Digital Enhanced
Network.
The scanner requires
third-party software from a
company such as AirClic Inc.
to work properly, officials
said.
One device Nextel may not
be offering in the near future
is a phone that offers voice
over IP via 802.11 wireless
LANs. Although company
officials said earlier this year
Nextel and Motorola Inc.
are testing such a product,
Santoro said that the companies
test many things and
that Nextel has yet to commit
to a Wi-Fi phone. ´

NEWS&ANALYSIS
BMC, Quest tackle DB2
TOOLS BOOST MANAGEMENT IN
HETEROGENEOUS ENVIRONMENT
By Lisa Vaas
Users of ibm’s db2 software can
turn to tools from BMC Software
Inc. and Quest Software Inc. to
manage the enterprise DBMS.
BMC, as part of its Project Golden Gate
initiative to enable data management in
a heterogeneous environment, has added
support for IBM’s DB2 Universal Database
in its SmartDBA performance,
administration and recovery tools. Working
in the same vein, Quest is shipping
Quest Central for DB2 3, which is management
software for DB2 that features
deep diagnostic capabilities for IBM’s
database partitioning technology and support
for heterogeneous environments.
Both database management products
were rolled out at the annual International
DB2 Users Group Americas
conference in Las Vegas last week.
BMC’s tools include SmartDBA Performance
Management for DB2 UDB 2.5,
which provides event management, diagnostics,
visualization, administration,
Tool tracks network changes
By Paula Musich
The second release of
Rendition Networks Inc.’s
TrueControl network configuration
tool focuses on
greater extensibility and ease
of administration.
The software, which allows
users to track and better
control configuration changes
in routers, switches, firewalls
and load balancers in large,
enterprise networks, can
automatically detect when
changes are made and notify
appropriate network operators,
officials said.
Released last week, True-
Control works across multiple
vendors’ networking
22 eWEEK n MAY 26, 2003
space management and tuning of DB2
UDB environments. The software integrates
common alerts that let database
administrators more easily monitor, tune
and manage space within DB2 databases,
said officials at Houston-based BMC.
BMC’s SmartDBA tool watches DB2 systems.
Also included is SQL-BackTrack for
DB2 UDB 3, which allows DB2 users to
perform database backup and recovery
through the SmartDBA Web console. The
console also allows users to manage
Oracle Corp. and Microsoft Corp. SQL
equipment and is intended to
help reduce the repair times
when outages occur.
Competitive offerings from
AlterPoint Inc. rely on polling
devices to determine whether
a configuration change has
been made. But with polling
intervals as long as an hour,
detection can take time and
cost money, according to
Raghav Kher, president and
CEO of Rendition, in Redmond,
Wash.
The instability of networks
in a time of tight IT budgets
is focusing attention on ways
to reduce operational costs.
Automation is a key mechanism
to help reduce those
costs, said Peter Christy, an
analyst at NetsEdge Research
Group, in Los Altos, Calif.
“The network as a whole
is an unreliable system. Now
what’s important is that networks
become better and
cheaper to operate, and automation
is a key element to
making that happen,” Christy
said.
TrueControl serves as a
repository of log information
that includes comments from
network engineers about why
they made certain changes.
When a change results in
an outage, TrueControl can
be used to return the network
to an earlier, stable configu-
Server databases from one common spot.
SmartDBA Performance Management
for UDB 2.5 is slated to be available
next month. SQL-BackTrack for
DB2 3 is due in July with support for
DB2 UDB Versions 7.2 and 8.1.
Meanwhile, Quest Central for DB2
3 also supports heterogeneous environments.
A new compare-and-synchronize
feature allows DBAs to compare databases
and identify differences to ensure
that all changes are in place before
deploying applications into
production. The product also
features DB2 alerts and diagnosis
at a summarized database
level as well as at the level
of detailed partition.
Fast Communication Manager
in Quest Central for
DB2 3 allows DBAs to quickly
identify hot spots in multipartition
databases. This lets
them identify performance
problems at the summary level
and drill down into the partition
to get enough detail to
solve a given problem, according
to Quest officials, in Irvine, Calif.
Quest Central for DB2 3 supports DB2
7.1, DB2 7.2 and DB2 UDB Enterprise
Server Edition 8.1. Pricing starts at $1,500
for the Developer Edition and $10,000
for the Professional Edition. ´
ration, Kher said.
TrueControl Version 2.0
adds the ability to integrate
with Hewlett-Packard Co.’s
OpenView Network Node
Manager. TrueControl can be
launched from within an
OpenView console. Rendition
is also planning to integrate
with tools from NetIQ
Corp., BMC Software Inc.’s
Remedy Action Request System
and Computer Associates
International Inc.’s Unicenter.
Version 2.0 includes a software
development kit for
adding new drivers that allow
users to attach other networking
equipment not currently
supported. The release
is available now; prices start at
$29,990 for 75 managed
nodes. ´

NEWS&ANALYSIS
Face to Face: Clark Masters
Sun aims high
VP SEES LOTS OF VIGOR LEFT IN HIGH-PERFORMANCE COMPUTING
In recent months, sun
Microsystems Inc. has
made a big push into lowend,
low-cost computing.
The Santa Clara, Calif.,
company rolled out blade
servers as part of its N1 data
center virtualization strategy,
as well as two low-end x86
servers, and promised to
continue providing more of
the same. But high-end Unix
systems are still an important
part of Sun’s overall strategy,
and Clark Masters, executive
vice president and general
manager of the company’s
Enterprise Systems Products
group, spoke with eWeek Senior
Editor Jeffrey Burt about
Sun’s plans for its top-of-the
line servers.
Low-end servers and blade
servers have gotten a lot of
publicity. What is Sun doing
with high-end servers?
I think the high end matters
more today than ever,
really. At the $500,000-andup
price point—these are
[International Data Corp.]
data, not Sun data—in the
year 2000, it was 20-someodd
cents out of every server
dollar was spent on the halfmillion-
dollar-and-up market
range. At the end of 2002,
that was over 30 cents, so that
the amount of IT dollars
going toward the high end ...
is larger today than ever
before.
Is this because the systems are
more expensive or because there’s
24 eWEEK n MAY 26, 2003
Masters: High-end spending climbing.
a growing demand for them?
It’s two things. The weakness
in the market we see is more
the midrange.
So we’re seeing [high-end
server growth] with server consolidation
and data center
consolidation and the drive
toward efficiency. Also, we’re
seeing strength in government
spending, high-performance
technical computing [HPTC],
all of those things.
What’s driving the demand for
the really high end?
Two or three key factors that
I see. One is server consolidation.
Two years ago, when
I talked with customers, it was
all about staying out in front
of the wave. ... It was the dotcom
boom times. It was all
about deployment.
Now, today, it’s all about
doing more with less—total
cost of ownership. How do I
drive costs out of the system?
Another thing is, most
large organizations are
structured in business
units, and a lot of business
units have their own IT
infrastructure, and now I
think the political walls are
broken down, that cost
control is much more
important than the autonomy
of a particular business
unit. You see people,
to save costs, much
more willing to consolidate
workloads and combine
computing environments,
and that helps drive the
high-end server business
and data-center-class machines.
Regarding N1, can you provide
me with an idea of how
Sun’s largest servers—the 12K
and the 15K—fit in with that
strategy?
With N1, the better we can
do at driving up the utilization
and efficiency, the
more applications we
can dynamically provision.
That’s a huge
opportunity for us. So
with the software tools
we’re developing with
N1, to manage and
provision it, plus the
virtualization in the hardware
with domain and the Solaris
operating environment, with
resource management and
software partitions—or containers—we
have very powerful
technologies to leverage,
to simply be the best in the
world at that.
How important is HPTC to
Sun’s high-end computing strategy?
It’s very important to Sun up
and down the product line.
... We’re developing visualization
technology like Java
3-D, for example. That’s big in
the research and technical
computing area.
We’re finding that technical
[computing] has much more
growth potential and is becoming
much more integrated with
most every organization,
whether it be manufacturing
to do design optimization
before you actually do implementations
to biotech companies.
What are some of the other areas
in HPTC that Sun needs to
address?
We’re very good at large physical
memory, so that gives us
an advantage. High-bandwidth
I/O we have.
We have a storage business
and very good technology
there. When we get our Ultra-
SPARC 4 machines—and I
think in the worldwide analyst
conference I said we would be
introducing those before the
next analyst conference, so
about year-end or early part of
next calendar year—that will
have multiple threads ... so it
will double the floating-point
performance that we have in
the same footprint.
‘Today, it’s all about
doing more with
less—total cost
of ownership.’
Long term, we’re investing
in additional cluster technologies;
investing in InfiniBand
for high-speed networking,
for both I/O and machines to
machines; and also new processor
technologies and interconnect
technologies aimed
at HPTC. ´

NEWS&ANALYSIS
Eric Lundquist: Up Front
Golden-oldie lessons
Vendors and prognosticators are either
wringing their hands looking for the next big
thing or worrying that IT has become a lowpriced
commodity to be purchased like electricity
or paper clips. They could learn a thing
or two from mainframes, pay phones and backhoes.
Here’s why. The mainframe business has been predicted
to die ever since IBM developed the Model 704
in 1957. Full-time venture capitalist and part-time Fortune
columnist Stewart Alsop predicted that the last
mainframe would be unplugged in 1996. This month,
IBM once again proved Alsop’s and others’ predictions
to be ludicrously off the mark by introducing the z990,
code-named T-Rex. The advance of Intel-based microprocessors and Microsoft
software was supposed to be the equivalent of the cataclysmic asteroid impact that
wiped out the dinosaurs. It has been little more than a summer meteor shower.
Why do mainframes continue to
inhabit the planet? That they work as
advertised is probably the immediate
answer. The stories about old mainframes
still cranking out reports and
doing financials on some proprietary program
written in the 1970s are legion. A
second reason is that if you are willing
to invest—say, about $1 billion over four
years—you can make a mainframe
that looks a lot like what IBM is selling.
“We continue to invest in those features
and capabilities our customers
are asking for,” Peter McCaffrey, IBM’s
director of product marketing for the
zSeries of mainframes, told me. Combining
the reliability and scale of mainframes
with recent developments such
as Linux has created an alluring platform
for e-commerce.
What’s more, working on a platform
that pundits are forever declaring extinct
has proved motivational to IBM engineers.
“Every once in a while, they
have a good laugh over it. In the end, it
drives our engineers to constantly reinvent
the platform,” said McCaffrey.
26 eWEEK n MAY 26, 2003
Now, pay phones. They are ubiquitous
and yet underused in this era of cell
phones. When Intel introduced its
wireless chips under the Centrino
label, it produced a movie, ostensibly
humorous, that included a spoof on
pay phones. Now, Verizon is striking
back by adding wireless hot-spot capabilities
to its pay phones. Starting in New
York, Verizon is making hot-spot access
for 802.11-enabled devices free for Verizon
Internet access customers.
This is a smart move for Verizon
and a challenge to all those venture
capitalists who were betting on the
vendors of equipment you’d need to be
wirelessly logging on at McDonald’s as
you scarf down your Big Mac. Philip Nutsugah,
executive director for broadband
wireless at Verizon, said the company
intends to have 1,000 pay phone hot spots
in New York by year’s end.
Now take a guess what the following
quote refers to. “Every feature was
designed with productivity, serviceability
and reliability in mind.” No, it’s not
Scott McNealy trying to persuade you to
buy more Solaris, and it’s not Bill
Gates contending he finally has the security
thing under control. The quote was
part of a press release for the new John
Deere 710G backhoe introduced in
January and replete with new features
and technologies. In a 1997 article on
HotWired.com titled “50 Ways to Crash
the Net,” security expert Simson Garfinkel
included buying 10 backhoes as
one of the 50. That’s because, back
then, critical Internet backbones too
often ran through underground cables,
which too frequently fell victim to the
digging of backhoes.
When a backhoe blade sliced through
a cable and cut off Internet access to a
big chunk of Boston on May 13, I started
to wonder if backhoe technology is evolving
faster than the physical security of
the Internet.
I tracked down Garfinkel, now going
for his doctorate at MIT. While it
might take more than 10 backhoes to
do the job now, the physical security
of the Internet’s routers, name servers
and associated hardware remains far
too vulnerable for the elevated threats
the Net faces, Garfinkel said. “There
ERIC_ LUNDQUIST@ZIFFDAVIS.COM
Why do mainframes continue to inhabit
the planet? That they work as advertised
is probably the immediate answer.
is a very high risk of physical damage.
People tend to forget about physical
security,” he said.
Part of progress is the illusion that we
leave some things behind. But some
golden-oldie technologies stick around
for a reason. They’re good at what they
do. Still, that backhoe technology remains
one step ahead of Internet architects
should give us all pause. ´

Security: Government
DHS revamp on tap
IN WAKE OF CRITICISM, CYBER-SECURITY TO GET HIGHER PROFILE
By Caron Carlson IN WASHINGTON
After months of escalating criticism
from the IT industry that the
Bush administration is devoting
insufficient resources and attention
to cyber-security, the fledgling
Department of Homeland Security is
already restructuring to give network
safety a higher profile.
The organizational changes, due to
take place over the coming months,
will show that the executive branch is
taking cyber-security seriously, according
to Charles McQueary, undersecretary
for science and technology at the
new department.
McQueary addressed lawmakers here
last week at a hearing of the House Committee
on Science. The session took on
a very un-Washington, almost-surreal
quality as legislators chided civil servants
for not chasing after enough funding for
cyber-security research and development,
and civil servants answered that there
is plenty of money already being spent.
“We’re not lacking for funds,” Anthony
Tether, director of the Pentagon’s Defense
Advanced Research Projects Agency, told
the committee. “I funded every idea that’s
come forth in this area this year. We’re
more idea-limited right now than we
are funding-limited.”
Acting on ramped-up industry lobbying,
legislators took to task the DHS,
DARPA, the National Science Foundation,
and the National Institute of Standards
and Technology for not seeking out
or setting aside adequate funds for cybersecurity.
The preoccupation with national
security since the terrorist attacks of Sept.
11, 2001, was expected to unleash a torrent
of government spending on IT goods
and services, but the federal funds have
not been as forthcoming as the industry
had hoped.
According to committee Chairman
Sherwood Boehlert, R-N.Y., there have
been complaints from throughout the
research community that the DHS is not
focusing on solving network vulnerabilities
and that DARPA is operating
under reduced resources.
“It’s impossible to conclude that far
more needs to be done,” Boehlert said,
DHS’ Ridge (center) and DARPA’s Tether (right) are tuning out
Boehlert’s complaints that cyber-security gets short shrift.
NEWS&ANALYSIS
directing DARPA’s Tether to “enlighten
us as to why we’re moving in the wrong
direction.”
Most of DARPA’s resources are
directed at classified projects, according
to Tether, who said that a peek at
the agency’s classified budget would
make lawmakers more comfortable with
the funding level.
“We’re not concerning ourselves [with]
the commercial networks,” Tether said,
adding that DARPA is focused on solving
problems that the private sector
currently does not confront. The military
faces threats from “attackers whose
life depends on taking the network
down,” he said, and projects are under
way to make those networks increasingly
wireless and peer to peer.
“We’re really far ahead of the commercial
world in this regard,” Tether said,
adding that a prototype military network
with 400 nodes to use for simulated
attacks is in the works.
Last week, DARPA sent its data
mining report to Congress. Following
public outcry over the research last
year, the agency changed the project’s
name from Total Information Awareness
to Terrorism Information Awareness.
When President Bush disbanded
the President’s Critical Infrastructure
Protection Board earlier this year following
the resignation of its chairman,
Richard Clarke, responsibilities for cybersecurity
were transferred to DHS Secretary
Tom Ridge. However, the subject
was not given a sufficiently high
profile or a sufficiently high-ranking
executive to satisfy the industry.
Turning the tables and taking a shot
at the private sector, federal research officials
told the Science Committee last
week that if there is less-than-optimal
attention devoted to cyber-security today,
it is a result of problems in industry,
not the government.
“As a nation, our
greatest vulnerability
is indifference,” said
Arden Bement, NIST
director, citing recent
surveys indicating that
private enterprises “don’t
really see themselves as
a target.”
“They just haven’t
quite stepped up to ANDERSON
the plate,” said Bement,
in Washington. ´ STEPHEN
MAY 26, 2003 n eWEEK 33

NEWS&ANALYSIS
Sun, Oracle tighten alliance
COMPANIES TO REDUCE
DEPLOYMENT COSTS
By Jeffrey Burt and Lisa Vaas
It departments under
pressure to keep costs
down welcome a move by
Sun Microsystems Inc. and
Oracle Corp. to lower the cost
of deploying the two companies’
software and systems.
Sun, of Santa Clara, Calif.,
and Oracle, of Redwood
Shores, Calif., are tightening
their 20-year-long alliance
with what officials said will
result in a “no finger-pointing”
service and support scenario
for joint customers.
“What this means is you
have absolute, total choice
across the two product lines,
with only one throat to choke,”
said Scott McNealy, president,
chairman and CEO of Sun.
At an event in San Francisco
last week, McNealy and
Oracle Chairman and CEO
Larry Ellison spoke about how
many data centers in the
near future are going to run
smaller servers linked by technology
such as Oracle’s Real
Application Clusters and
running as one large system.
In support of that vision,
Sun has made available two
new low-cost, rack-optimized
servers, the Sun Fire V60x and
V65x. The V60x is a 1U (1.75inch-high)
one- to two-way system
powered by Intel Corp.
2.8GHz Xeon processors that
can run either Red Hat Inc.’s
Red Hat Linux or Sun’s Solaris
x86 Platform Edition. The
entry-level server—which is
aimed at such jobs as Web
serving, e-mail and caching—
also features up to 6GB of
memory and three Ultra320
SCSI hard drives, according to
Sun. The 2U (3.5-inch) V65x
can run one or two 2.8GHz
36 eWEEK n MAY 26, 2003
or 3.06GHz Xeons and comes
with up to 12GB of memory,
six 36GB or 73GB hard drives,
and up to six PCI-X slots,
Sun officials said. In addition,
McNealy said
Sun has formed a
global agreement
with Linux developer
Red Hat.
At the event,
McNealy and Ellison
said Oracle
software will run
with the Solaris
and Linux operating
systems on all
x86 hardware from
Sun. The software
includes everything
from the Oracle9i database
and Oracle9i application
server to Oracle Collaboration
Suite.
The two companies are also
going to ensure that Oracle
software can be automatically
deployed within data centers
powered by Sun’s N1 strategy,
an initiative to virtualize the
data center, enabling the
dynamic management of
Ellison, left, and McNealy, right, are looking to
populate data centers with smaller servers.
resources within the centers.
The two companies will
also integrate Sun’s StarOffice
suite with Oracle’s Collaboration
Suite and will collaborate
on joint marketing and
support programs.
Oracle users have been waiting
a long time for Oracle software
to run on low-cost Sun
boxes, according to Richard
Niemiec, president of the
International Oracle Users
Group and CEO of TUSC (The
Ultimate Software Consultants),
an Oracle consultancy.
“People [are saying that] this is
huge and that it’s about time,”
said Niemiec, in Chicago. “It’s
good for Oracle. They need
to be hardware-agnostic. They
have a large contingent on Sun
[hardware], and they need to
keep that contingent happy.”
Any ground gained at the
lower end of the market will
likely carve away territory now
claimed by Microsoft Corp.’s
SQL Server, Niemiec said.
“It positions Oracle at the
lower end to a much-greater
degree than they were previously,”
he said. “Another benefit
is that many people, for
their main server, have Sun.
For their departmental,
smaller servers, there’s now
potential to consolidate on
Sun as an alternative to SQL
Server.” ´
Cisco beefs up security tools
By Paula Musich
Cisco systems inc. continues to broaden
its portfolio of security management tools
with the introduction of 14 new and
enhanced security management, threat protection
and VPN offerings.
Among the upgraded offerings is the
Cisco IP Solutions Center Version 3.0 Security
Technology Module, which allows users
to set up common configurations for multiple
virtual private network devices from a central
location and push those out to remote sites.
The tool, introduced last week, also allows
the VPN tunnels to be pushed out from a
central location to remote locations, according
to early user Carol Henson, director of IT for
the U.S. Department of Agriculture, Rural
Development, in St. Louis. The organization
is using Cisco IP Solutions Center 3.0 as part
of a rollout of 2,500 VPNs to field offices, replacing
more costly frame relay links.
The module provides an audit trail function,
ensuring that “every VPN we install will be
installed the same way,” Henson said. “If we
have to make a change, we can make it
within the VPN and use [the Cisco Intelligence
Engine 2100 Series] to keep them all in
sync.”
Cisco also introduced Cisco Security Device
Manager Version 1.0, which manages Internetwork
Operating System-based security functions
for Cisco 830- and 3700-series access
routers. CiscoWorks Security Information
Management Solution 3.1 adds enhanced event
scoring, business impact and threat analysis
to the base security event monitoring function.
Version 2.2 of CiscoWorks VPN/Security
Management Solution integrates administrative
control of the Cisco Catalyst 6500 Firewall
and VPN services modules, monitoring
of Cisco intrusion detection systems, and support
for the new Cisco Security Agent. ´

Software links backup, SRM
CA, VERITAS HONE DATA
RESTORE UPGRADES
By Evan Koblentz
Summer upgrades for
Computer Associates
International Inc. and
Veritas Software Corp. backup
and recovery programs will
help users link existing suites
with other technologies.
Features in CA’s BrightStor
Enterprise Backup 10.5 and
Veritas’ Bare Metal Restore
4.6 are also part of the trend
of focusing on data restores.
With CA’s upgrade from
Version 10, users can set up
policy-based job scheduling,
linked with BrightStor Storage
Resource Manager and
related products, said Ed
Cooper, CA product manager,
in Islandia, N.Y.
Enterprise Backup also
now links to Unicenter’s soft-
ware distribution feature, for
sending backup configurations
to remote sites, and to
Microsoft Corp.’s Windows
Server 2003, through the Volume
Shadow Copy Service,
Cooper said. In
addition, it works
with software from
switch makers BrocadeCommunications
Systems Inc.
and McData Corp.
and now has a feature
for verifying
service-level agreements,
officials
added.
The new version
ranges from $5,000
to $20,000, Cooper
said. Available now, it includes
five licenses for BrightStor
Enterprise Portal.
User reactions are mixed.
“I really like the speed and
console that allows me to
manage all of the different
machines,” said Greg Taffet,
CIO of MxEnergy Inc., a
natural gas reseller in Stamford,
Conn.
Conversely, “I haven’t been
terribly impressed,” said Matt
Paull, systems administrator
at Redflex Traffic Systems
Inc., in Scottsdale, Ariz.
Web services get more options
By Darryl K. Taft
Two web services management
software suppliers announced new
products last week, approaching the
issue of managing Web services from
two perspectives.
Both Swingtide Inc., of Portsmouth,
N.H., and Blue Titan Software Inc., of
San Francisco, unveiled new Web services
management solutions, with
Swingtide offering a more passive
solution and Blue Titan delivering a more
active product.
Swingtide made its announcement at
the annual Association for Cooperative
Operations Research and Development
conference in Orlando, Fla. The
company announced two products,
Swingtide Monitor and Swingtide Scorecard,
which enable users to view, analyze
and manage the data they send
via ACORD, SOAP (Simple Object
CA’s BrightStor portal manages rival Veritas’ backup.
Access Protocol) or XML standards, officials
said. Swingtide Monitor tracks
the growth and business usage of Web
services and XML networks and not
the performance of the physical network.
Swingtide Scorecard is a methodology
for improving return on investment
from XML-based Web services.
Swingtide officials said the products
can be tailored to industry needs. The
first industry supported is insurance, for
which Swingtide has incorporated
complete ACORD standards into the
products. Future support will be added
for banking and securities trading.
Meanwhile, Blue Titan announced the
release of Network Director 2.0, its
Web services management solution that
delivers event-driven control for serviceoriented
architectures (see review,
Page 56).
New capabilities in Network Director
NEWS&ANALYSIS
“For the most part, I can get
away with Microsoft, the
built-in backup.”
For its part, Veritas, of
Mountain View, Calif., last
week announced Bare Metal
Restore 4.6, which can restore
a Windows server onto different
hardware from the
original, said Richard Harrison,
Veritas product manager.
With the new feature,
administrators don’t
have to wait for an
identical server to
arrive, and it is useful
in cases where
the original equipment
isn’t made anymore.
Bare Metal
Restore 4.6 requires
Veritas’ high-end
NetBackup software,
Harrison said.
Until next quarter,
the new version
will cost $695 for
Windows licenses and $895
for Unix licenses. After that,
licenses will cost $900 for Windows
and $1,000 for Unix,
Harrison said. ´
2.0 include fabric services, which expose
functions as Web services; active event
messaging; adaptive policy execution;
SOAP stack interoperability; and support
for emerging standards such as Web
Services-Security, Web Services-Policy
and Web Services-ReliableMessaging.
Jason Bloomberg, an analyst with Zap-
Think LLC, in Cambridge, Mass., said he
views Swingtide as unique in its category.
“Instead of rushing the first version
of their software product to market, they
developed an extensive professional services
offering to build relationships with
their customers, build awareness within
their selected target industry and to
gather a detailed understanding of
their customers’ needs,” Bloomberg said.
“By ‘passive,’ we mean that it monitors
XML activity without affecting it and
provides visibility into the XML on a company’s
network,” he said. “In contrast,
Blue Titan has an active management
approach that controls the traffic, ensuring
reliability and actively managing
security policies.” ´
MAY 26, 2003 n eWEEK 37

NEWS&ANALYSIS
Serena snaps
up developer
TeamShare
By Darryl K. Taft
Corporate developers are getting
more collaboration capabilities
in their development
tools, thanks to acquisitions by Serena
Software Inc. and CollabNet Inc.
Serena, of San Mateo, Calif., which
last week agreed to buy TeamShare Inc.
for $18 million, sells change management
solutions that automate
changes to enterprise code and content.
With TeamShare, a Colorado
Springs, Colo., developer of collaborative
software development solutions,
Serena plans to bolster its product line
with collaboration technology and
extend its reach in application life-cycle
management, company officials said.
Serena’s acquisition followed by a
few weeks CollabNet’s buyout of Enlite
Networks Inc., of Mountain View, Calif.
CollabNet is a Brisbane, Calif., provider
of collaborative software development
solutions; Enlite is an enterprise
collaboration technology startup
with a facility in Chennai, India.
A variety of software makers are
adding collaboration into core components
of their offerings, according
to Erica Rugullies, an analyst with Giga
Information Group Inc., in Cambridge,
Mass. However, “many vendors
will have to set back their collaboration
strategies as Microsoft
[Corp.] and IBM provide collaboration
tools,” Rugullies said.
Microsoft is moving collaboration
capabilities into its Windows operating
system with Windows SharePoint
Services, expected this year, and
IBM is componentizing its collaborative
offerings and making them
available through the various IBM
software brands, Rugullies said. “With
these two big vendors coming into the
market, it’s going to be harder and
harder for proprietary collaboration
tools to flourish,” she said. ´
38 eWEEK � MAY 26, 2003

Storage: OS upgrade
Bigger, better Linux
LINUX 2.6 TO HANDLE MORE MEMORY, THREADS, STORAGE OPTIONS
By Lisa Vaas
Users of linux databases are
drooling over the list of features
promised by the forthcoming
upgrade to the Linux kernel,
Version 2.6.
The Linux 2.6 production kernel,
expected to be released later this year, will
enable Linux to handle big, enterpriseclass
database applications. New features
integrated into the main kernel will spare
users the need to adopt
them as back-ported capabilities
in the 2.4 production
kernel. Such abilities
include support for much
larger amounts of memory,
support for a larger number
of threads, improved
networking performance,
increased storage and types
of storage, and better volume
management.
Tim Kuchlein, director
of IS at Clarity Payment
Solutions Inc., a developer
of prepaid electronic payment
systems, said the
ability for the kernel to support
extra memory will
enable his company to
work its database like
Google—running on all
memory, all the time.
Clarity will soon move
to the IBM DB2 8.1 database
running on Red Hat
Inc.’s version of Linux. To
get it all running with maximum
affordable memory, managers
plan to move to a 64-bit architecture and,
to that end, are checking out Advanced
Micro Devices Inc.’s 64-bit architecture.
The move could mean that Clarity
could kiss writing to disk goodbye.
“We want to have as much memory in
our systems as we can,” said Kuchlein,
in New York.
The ability to support 64 bits isn’t new
to the Linux kernel, but the affordability
of 64-bit boxes is, Kuchlein said. “Only
recently have you been able to buy
hardware without having to mortgage
your life to make use of [64 bits],” he said.
Kuchlein has priced IBM pSeries servers
with 16GB of memory at about $230,000,
compared with AMD boxes with two
CPUs and 8GB that sell for about $6,150.
But perhaps the most enticing lure
of the 2.6 kernel is its promise of better
volume management. “Sizing of partitions
and stuff is always a pain in the
[neck],” said Kuchlein. “You have what
you think will happen [with partitioning
needs], and you make plans, and two
NEWS&ANALYSIS
weeks later it changes. Just being able to
dynamically resize partitions is obviously
a very good thing.”
Officials at Aventis Behring—a company
that develops therapeutic proteins
to treat people with immune and
protein deficiencies, such as hemophiliacs—are
also itching to get their hands
on the 2.6 kernel. The reasons: better volume
management, asynchronous I/O
and better management of multiple
applications on one server.
Asynchronous I/O is appealing
because the company, based in King of
Prussia, Pa., is considering a project
deploying Web services on Linux that
requires scalability. “[Asynchronous I/O]
allows command queuing to improve
CPU utilization, which can result in performance
improvements for Web servers
and databases,” said Jesse Crew, manager
of global systems.
The ability to better manage multiple
applications on one server running
separate logical images
can help administration and
consolidation, as well as
reduce complexity and
lower costs. “From experience
with the Windows
environment, running two
applications on a single
server can cause coexistence
nightmares during future
upgrades of either one,”
Crew said. “With Linux,
we may be able to put an
end to these types of issues.
Running multiple applications
on the same server
knowing they are logically
partitioned makes things
easier to maintain.”
Vendors are just as excited
about the 2.6 kernel. For one,
Gary Ebersole, president of
ANTs Software Inc., maker
of a new high-performance
DBMS, said the company
will snap up 2.6 as soon as
possible. Motivating his decision
is, again, 64-bit address
space. Another draw is support for a large
number of threads, which will allow the
company to scale up on symmetric multiprocessing.
“We’ll grab as many threads
as there are microprocessors in the system,”
said Ebersole, in Burlingame, Calif.
“Good thread management in the kernel
is good.” ´
PAUL CONNOLLY
MAY 26, 2003 n eWEEK 39

NEWS&ANALYSIS
Peter Coffee: Port Scans
The case for rest
As i looped around the east edge of phoenix,
heading home from the GigaWorld IT Forum,
I heard NPR’s salute to National Night Shift
Workers Day conclude with a poem by Karen
Jane Glenn. “Let us now praise the night shift,”
she began. “Those on the 8-to-4, the 10-to-6 ... the sleepdeprived
... the wired.” I could relate. It seems as if every
week brings me more e-mail messages that are timestamped
during the interval that Navy men call the midwatch,
from midnight to four in the morning. And I
have to admit that I’m also sending more of those
midwatch messages myself.
As it happened, the theme of the conference I’d
just attended was “Deliver more with less.” I don’t remember seeing “less sleep”
as a formal part of the agenda—but as I listened to Glenn’s poem, it seemed as if
that topic should have been addressed. After all, National Science Foundation
statistics estimate U.S. adults averaging
less than 7 hours’ sleep at night;
other studies point to sleep-deprivation
effects that include difficulty following
discussions; poor judgment in complex
situations; difficulty in devising a
new approach to a stubborn problem;
and failure to notice changes in situations.
In practical terms, this means that
people aren’t functioning as well as
they should in everyday situations
such as planning a project, responding
to a cyber-attack, debugging an application
or monitoring network operations.
Spread thin by staff reductions, and
losing formerly productive time to diversions
such as extra security delays in airports,
people are putting in 10-hour and
even 20-hour days for what used to be
considered 8 hours’ pay. That may not
be as good a deal for the employer as
it first seems, if the extra hours represent
neutral or even negative contributions.
Yes, it’s great that people can work
at any time, from anywhere, but sleepdeprived
zombies aren’t the shock troops
40 eWEEK n MAY 26, 2003
of enterprise success—whether they’re
“the wired” of Glenn’s poem or not.
International operations can approach
the 24-hour day as a relay race, rather
than a marathon. IBM, for example,
has adopted a two-shift approach to some
of its software development efforts, with
teams in Seattle setting daily work
specifications for offshore teams in India,
China, Latvia and Belarus. Overnight offshore
development returns product to
Seattle the next day for review, and the
cycle continues.
The company says this process
reduces development cycles by 35 percent,
yielding time-to-market benefits
that are worth even more than the reduc-
tions in development cost. Note well that
this is not about stretching a given number
of people across a greater number of
hours: It’s about taking advantage of
the 24-hour day in operations that circle
the globe.
The problem with success stories like
this is that smaller companies may feel
that they must do likewise. I’m reminded
of former Avis CEO Robert Townsend’s
warning that some corporate behaviors
don’t scale well from large to small organizations.
The smaller company that
decides to open an office in Bangalore,
or outsource some of its operations to
a contractor in Tel Aviv, may find that
it has blunted its competitive edge of
being able to get close to its customers
and thoroughly understand their needs.
Being just like IBM, only a hundred
times smaller, is like being a miniature
elephant in an ecological niche that’s better
suited to a fox.
In organizations of every size, managers
need to avoid letting IT push their
people across the line that separates anytime/anywhere
flexibility from all-thetime/everywhere
expectation. When
intermediate deadlines start being
regarded as purely pro forma, and everyone
knows that the real schedule
squeezes three days on the timetable
into a 24-hour all-nighter at the end of
every product cycle, that’s a cultural
problem that has to be solved by cultural
forces. When managers treat
crash-and-burn schedules as a sign of
commitment and not as a problem to
be fixed, that’s a cultural force that
PETER_ COFFEE@ZIFFDAVIS.COM
Sleep-deprived zombies aren’t the shock
troops of enterprise success—whether
they’re wired or not.
pushes in the wrong direction.
C. Northcote Parkinson was right:
Work does expand to fill the time
available. IT can make that available
time appear to be “all the time.” I’m not
saying that our e-mail systems need a
curfew. I am saying that the human side
of management includes making it clear
that you want good hours, not just more
of them. ´

NEWS&ANALYSIS
SPARC workstation
is going mobile
By Jeffrey Burt
Tadpole computer inc.
is making good on its
promise to extend beyond
its high-end Unixbased
desktops with a line of
less expensive mobile computers.
The Cupertino, Calif., company,
whose primary customer
base has been
government
agencies, is
shipping
the first of
these products,
a 64-bit
Unix mobile
workstation
called the Spar-
cle.
The new notebook
is binarycompatible
with
Sun Microsys-
The
Sparcle
notebook has a
fast chip and low price.
tems Inc.’s SPARC chip technology
and Solaris operating
system. A high-end
version offers a 650MHz
SPARC IIi chip, 2GB of
memory and an 80GB hard
drive. It weighs in at 6.5
pounds, offers up to 3 hours
of battery life and comes with
StarOffice productivity applications
installed, said Tadpole
officials.
They said the Sparcle
should not be viewed as
just a notebook but more as
a server with notebook capabilities
that can run Java
applications. In addition, a
CPU-sharing technology lets
users run tasks in a background
mode via a wireless
802.11b Wi-Fi network.
The new laptop will be
available in several models
that range in price from about
$3,000 to $6,000—about
half that of Tadpole’s earlier
least expensive notebook, the
SPARCbook 5000. The average
price of a Tadpole product
until now was $25,000
to $30,000, officials said.
“The opportunity here is
to leverage the technical
piece and get a product out
there to the market, and a big
step in that is the price,” said
Mark Johnston, president
and CEO of Tadpole.
Though Tadpole traditionally
works in
the Unix space,
officials
said the
company
will keep an
eye on how Intel
Corp.’s 64-bit
Itanium chip and
Advanced Micro
Devices Inc.’s 64-bit Opteron
processor develop and
will consider them in the
future.
The Sparcle’s support for
64-bit processing is a first for
a mobile workstation, said
Kate Sullivan, an analyst with
International Data Corp., of
Framingham, Mass. Others,
including Dell Computer
Corp., Hewlett-Packard Co.
and IBM, offer only 32-bit
systems. As a result, Tadpole
will find its customers
among companies such as
oil and gas firms that run 64bit
Unix workstations and
haven’t yet ported their work
onto Linux or Windows, Sullivan
said.
Tadpole “will be trying for
different customers,” Sullivan
said. “Sixty-four-bit is a
very special requirement.” ´
eWEEK � MAY 26, 2003 41

NEWS&ANALYSIS
Cisco switching gears
UPGRADES, COST CUTS
KEY TO ITS STRATEGY
By Paula Musich IN SAN JOSE, CALIF.
Cisco systems inc.’s strategy
for switching—which
makes up 41 percent of
the company’s revenues—
includes a number of planned
upgrades as well as efforts to
streamline product development
and reduce costs, according
to company officials here.
Most new developments
focus on the high-end Catalyst
6500 chassis switch,
although many innovations
trickle down to other switching
platforms from there,
according to Charlie Giancarlo,
senior vice president
and general manager of product
development at Cisco.
Cisco is focusing its innovation
efforts on continued
manageability improvements
for this year and beyond—
especially on centralized management
functions that can be
“pushed out” to remote sites,
according to Andy Bechtolsheim,
vice president and general
manager of Cisco’s Gigabit
switching business unit.
Most often with security
functions, “there is a shortage
of experts,” Bechtolsheim
said. But Cisco, through its
experience running a large
global network, can “advise
customers on how best to
organize the security functions,”
he said.
Bechtolsheim acknowledged
that Cisco is working
on more global authentication
systems that can better safeguard
company secrets from
internal threats. For such protection,
a multilayer system is
required to ensure the right
people get access to appropriate
information.
In tackling configuration
42 eWEEK n MAY 26, 2003
management, which will
become more complex as
Cisco adds more switch functions,
Bechtolsheim said
Cisco’s goal is to automate
setup, configuration and maintenance
“as much as we can.
We want to give a single person
a view of the whole thing.”
In switch architecture, Luca
Cafiero, senior vice president
and general manager
of switching, voice and storage,
outlined Cisco investments
in high performance.
Cafiero said that a new chip,
code-named Sacramento, will
contain 180 million transistors
on a single chip—four
times as many as that of the
On tap at Cisco
Pentium 4 chip at the same
size. That is among 29 other
application-specific integrated
circuits in development at
Cisco today, Cafiero said.
Cisco’s new Catalyst 720
Supervisor module delivers
for the Catalyst 6500 chassis
the ability to support 40G-bps
throughput per slot today.
Cafiero said he expects to be
able to double that to 80G bps.
The time frame for release
of such capability is dependent
on customer demand,
he added.
Cafiero, as an aside, said
he does not expect to see
Ethernet data rates increase
by another factor of 10—
breaking into 100G bps, but
he does expect to see 40G bps
in the next two years. ´
SPSS, SAS take predictive paths
By Dennis Callaghan
Data mining stalwarts spss inc. and sas
Institute Inc. are each planning to add
more predictive capabilities to their
respective Web analytics software offerings.
SPSS announced last week a product called
Predictive Web Analytics, which will combine
the Chicago-based company’s NetGenesis Web
analysis software with its flagship Clementine
data mining software.
SAS, of Cary, N.C., is developing a bundled
offering of its own, to be known as SAS Web
Analytics. It is expected to be generally available
by the second quarter of next year, after a
limited test rollout in the first quarter. The application
is expected to combine elements of
five existing SAS products to enable predictive
analysis of Web site visits, officials said.
Most Web site analysis tools have usually
focused on historical analysis of visitors’ activities
at the site, such as page views, clickthroughs,
and the sites users came from or went
to. But predictive capabilities could take that
analysis and build customer segmentation models
that could build better sites and marketing
campaigns, as well as e-mail marketing
campaigns, to generate maximum response.
SPSS’ Predictive Web Analytics will add
Clementine’s data mining engine to
NetGenesis Web analytics so that users will
be able to detect patterns in large volumes
� Manageability enhancements
for the Catalyst 6500
chassis
� Sacramento chip to contain
180 million transistors
� Catalyst 720 Supervisor
module for the Catalyst
6500 to support 40G-bps
throughput
of Web data and predict the best way to
serve customers via the Web, officials said.
Clementine performs advanced predictive
analysis on customer behavior data in the Net-
Genesis eDataMart and reports the results of
that analysis to the NetGenesis reporting environment.
Users of Predictive Web Analytics will be
able to segment site visitors based on their
behavior; detect content and product affinities;
identify the most significant paths taken
through a Web site; and predict visitors’
propensity to purchase, view particular content
or to churn, officials said.
Predictive Web Analytics is available now,
with pricing starting at $135,000 plus services.
SAS, meanwhile, is developing a bundled
solution for predictive Web analysis that will
offer similar capabilities. While the company
already delivers predictive Web analysis
through its IntelliVisor hosted services for specific
vertical industries such as pharmaceuticals
and financial services, this bundled
solution will add predictive capabilities to SAS’
WebHound Web analysis tool, officials said.
Plans call for SAS Web Analytics to include
technology from WebHound as well as SAS’
Enterprise Miner, Web Report Studio, Portal
and Interaction Manager applications, although
the exact product bundling has yet to
be determined, officials said. ´