issue 10 - sys-con.com's archive of magazines - SYS-CON Media

pdf.sys.con.com

issue 10 - sys-con.com's archive of magazines - SYS-CON Media

FROM THE EDITOR[ E D I T O R I A L B O A R D ]Editor-in-ChiefMark R. Hinkle mrhinkle@linuxworld.comContributing EditorIbrahim Haddad ibrahim.haddad@linuxworld.comEnterprise EditorGreg Wallace greg@linuxworld.comMigration EditorJon Walker jwalker@linuxworld.comCommercialization EditorPaul Sterne sterne@linuxworld.comDesktop Technology EditorTim Griffin tim@linuxworld.comReview EditorMatt Frye mattfrye@linuxworld.comEditorPhilip Peake philip.peake@linuxworld.comContributorsRob Jones rob@hotlinuxjobs.comDianne Ursini dianne@technalign.com[INTERNATIONAL ADVISORY BOARD]Wim Coekaerts, Director of Linux EngineeringOracleBrian E. Ferguson, PartnerMcDermott, Will & EmeryJohn Fowler, Executive VP, Network Systems GroupSun MicrosystemsGaël Duval, Cofounder/Director of CommunicationMandrakeSoftSamuel J. Greenblatt, Senior Vice Presidentand Chief Architect, Linux Technology GroupComputer AssociatesScott Handy, VP, Linux Strategyand Market Development IBMBruce Perens Perens, LLCStacey Quandt, Principal AnalystQuandt AnalyticsThomas Reardon, VP and General Manager,Client Product Group Openwave SystemsAlan Williamson SYS-CON MediaJohn Weathersby, Executive DirectorOpen Source Software InstituteRanajit Nevatia, Director of Linux StrategyVERITASAndy Astor, co-founder and CEOEnterpriseDB[ E D I T O R I A L ]Executive EditorNancy Valentine nancy@sys-con.comAssociate EditorSeta Papazian seta@sys-con.comOnline EditorRoger Strukhoff roger@sys-con.comResearch EditorBahadir Karuv, PhD bahadir@sys-con.com[ O F F I C E S ]SYS-CON MEDIA135 Chestnut Ridge Rd. • Montvale, NJ 07645Telephone: 201 802-3000 • Fax: 201 782-9600LinuxWorld Magazine (ISSN #1544-4511)is published monthly (12 times a year)by SYS-CON Publications, Inc.Postmaster send address changes to:LINUXWORLD MAGAZINESYS-CON MEDIA135 Chestnut Ridge Rd. • Montvale, NJ 07645COPYRIGHT © 2005 BY SYS-CON PUBLICATIONS, INC.ALL RIGHTS RESERVED. NO PART OF THIS PUBLICATIONMAY BE REPRODUCED OR TRANSMITTED IN ANY FORM ORBY ANY MEANS, ELECTRONIC OR MECHANICAL, INCLUDINGPHOTOCOPY OR ANY INFORMATION, STORAGE ANDRETRIEVAL SYSTEM, WITHOUT WRITTEN PERMISSION.FOR PROMOTIONAL REPRINTS, CONTACT REPRINTCOORDINATOR.SYS-CON PUBLICATIONS, INC., RESERVESTHE RIGHT TO REVISE, REPUBLISH AND AUTHORIZE ITSREADERS TO USE THE ARTICLES SUBMITTED FORPUBLICATION. ALL BRAND AND PRODUCT NAMES USEDON THESE PAGES ARE TRADE NAMES, SERVICE MARKS,OR TRADEMARKS OF THEIR RESPECTIVE COMPANIES.WORLDWIDE NEWSSTAND DISTRIBUTIONCURTIS CIRCULATION COMPANY, NEW MILFORD, NJNEWSSTAND DISTRIBUTION CONSULTANTGREGORY ASSOCIATES / W.R.D.S.732-607-9941 – BJGASSOCIATES@CS.COMFOR LIST RENTAL INFORMATION:Kevin Collopy: 845 731-2684, kevin.collopy@edithroman.comFrank Cipolla: 845 731-3832, frank.cipolla@epostdirect.comLINUX IS A REGISTERED TRADEMARK OF LINUS TORVALDSLINUXWORLD® IS THE REGISTERED TRADEMARK OFINTERNATIONAL DATA GROUP, INC.SYS-CON IS USING THE MARK PURSUANTTO A LICENSE AGREEMENT FROM IDGMassive Layoffs PredictedWith the U.S. economy and ITspending finally appearingto be making a comebackand China and India adopting ITfaster than you can say symmetricmultiprocessing, why am I predictinglayoffs?I’m not predicting layoffs so muchas a shift from vendors and serviceproviders who don’t support theintegration of open source andcommercial systems. You see, I leadsomewhat of a sheltered life – I usually speakwith people in the open source field, the ITprofessionals who drink the proverbial Kool-Aid.They already have IT plans that encompass opensource operating systems, such as Linux andother systems, and software that adhere to openstandards. However, as I try to expand my horizons,I’m finding more people who use vendorsthat are not interested in supporting open standardsor interacting with community-developedopen source software. They claim this puts themat risk because open systems are often untested.I’ll let you in on a little secret: even the commercialtested solutions often aren’t all they’recracked up to be; even worse, if there is aproblem, you are at the mercy of the vendors asthey dictate when they will be fixing bugs andadding features. Are you paying them for that?Here’s a novel idea: What if we moved software toa performance-based model where you pay yourvendor based on the level at which the softwaremeets your needs? That would be a nice change.How about a tool that claims to increase yourknowledge worker productivity and actuallydoes so. Rather than charging royalties, theysimply split the savings with you over the usefullife of the product. If it works, it might be moreprofitable for the vendor and it will yield greatersavings to the technology consumer.The reason I find the complaints of thosehemmed in by their vendors so offensive is thatas they complain about their woes, they continueto put themselves in harms way. Why wouldyou ever sign up for a product, service, or pieceof hardware that locks you into a long-use cycleand potentially has you following decisions mandatedby your vendor rather than your business.I am aware that there are certain tools out thereB Y M A R K R . H I N K L Eblog: mark.linuxworld.comthat are necessary for certain industries(e.g., medical, and manufacturing) andrequire specialization, but what aboutother types of industries where needscan be met by a multitude of solutions.I can’t emphasize this enough in theoffice suites; the release of OpenOffice.org 2.0 may have come and gone as hasStarOffice 8.0 by the time you read thisand with these new releases I expectthat even more people will find an alternativeto Microsoft’s Office Suite.The new paradigm of IT buying will be onewhere you buy services rather than licenses orat least support entitlements to IT products, andoffice suites are just one area of that. Also whenlooking for these gems I can see big opportunitiesin the following areas:• Databases: As we accumulate more and moredata, especially as a result of e-commerce and—continued on page 45A B O U T T H E A U T H O RMark Hinkle, the editor-in-chief of LinuxWorld Magazine, isvice president of Win4Lin Inc., a Linux software company thatspecializes in Windows-to-Linux migration. Mark served onthe Formation Board of The Desktop Linux Consortium and isthe author of an upcoming book from Charles River Media onWindows-to-Linux migration for business users.mrhinkle@linuxworld.comwww.LinuxWorld.com7OCTOBER 2005


The World’s Leading i-Technology PublisherCORE DUMPEDPresident & CEOFuat Kircaali fuat@sys-con.comVP, Business DevelopmentGrisha Davida grisha@sys-con.comGroup PublisherJeremy Geelan jeremy@sys-con.com[ A D V E R T I S I N G ]Senior VP, Sales & MarketingCarmen Gonzalez carmen@sys-con.comVP, Sales & MarketingMiles Silverman miles@sys-con.comAdvertising DirectorRobyn Forma robyn@sys-con.comNational Sales & Marketing ManagerDennis Leavey dennis@sys-con.comAdvertising Sales ManagerMegan Mussa megan@sys-con.comAssociate Sales ManagerKerry Mealia kerry@sys-con.com[ P R O D U C T I O N ]Production ConsultantJim Morgan jim@sys-con.comArt DirectorAlex Botero alex@sys-con.comAssociate Art DirectorsAbraham Addo abraham@sys-con.comLouis F. Cuffari louis@sys-con.comTami Lima tami@sys-con.comAssistant Art DirectorAndrea Boden andrea@sys-con.com[ S Y S - C O N E V E N T S ]President, EventsGrisha Davida grisha@sys-con.comNational Sales ManagerJim Hanchrow jimh@sys-con.com[ C U S T O M E R R E L AT I O N S ]Circulation Service CoordinatorsEdna Earle Russell edna@sys-con.comLinda Lipton linda@sys-con.com[ S Y S - C O N . C O M ]Information Systems ConsultantRobert Diamond robert@sys-con.comWeb DesignersStephen Kilmurray stephen@sys-con.comVincent Santaiti vincent@sys-con.comShawn Slaney shawn@sys-con.com[ A C C O U N T I N G ]Financial AnalystJoan LaRose joan@sys-con.comAccounts PayableBetty White betty@sys-con.comAccounts ReceivableGail Naples gailn@sys-con.com[ S U B S C R I P T I O N S ]888-303-5282201-802-3012subscribe@sys-con.comFor subscriptions and requests for bulk orders,please send your letters to Subscription DepartmentCover Price: $5.99/issueDomestic: $49.99/yr (12 issues)Canada/Mexico: $79.99/yrall other countries $99.99/yr(U.S. Banks or Money Orders)Back issues: $12 U.S. $15 all othersClimbing theLinux MountainSometime between the years1995 and 2004, Linux reachedthe mainstream of computerusers the world over. No longer was itall about Microsoft or the Mac. Nowthere was a new sheriff in town, and itwas a penguin packing some seriousheat.The average user indoctrinatedinto the Linux way of computing willno doubt find themselves climbing amountain at first. Like any new operating system,finding out even normal tasks and discoveringwhat does what constitutesthe learning curve process bywhich we all must understandany system.Linux is not a black box.There are no super secrets todivine from the interior dataof the device. What it is, however,is a consumer-friendlyoperating system providingmultiple ways to do a seriesof complex tasks most oftenleft to the intermediate user.Linux makes it easier.For example, to run Firestarterin Ubuntu Linux, clickon “Applications -> SystemTools - > Firestarter”. It mayask for a password, depending on if you are runningas root or not. Once prompted successfully,Firestarter opens and then runs in the background.Firestarter (a form of firewall protection) is justone of many unique applications that make Linuxa secure desktop environment. There’s also the“built-in” security of root access, which deniesanything that isn’t given permission beforehandby the user.Most Linux distributions come with at leastthree key features: Internet access tools, networkconfiguration tools, and a standard firewall. Suchfeatures are welcome in any distribution, but areespecially well laid out in Ubuntu Linux.B Y P A U L P A N K SMaking the jump easier are a seriesof excellent man pages on how to getstarted using Linux. These are normallyaccessible at the shell prompt. Eachman page describes command usageand switches – extra commands thatmake a single command more distinctin how the user wants it to perform.Because Linux is derived partiallyfrom Unix, many of the common commandsused are largely compatibleacross operating systems. In both Unix and Linux,commands such as “cp,” “grep,” “chmod,” and“rm” all work essentially thesame way. This is a good thing,because when a user wants touse “pico” in Linux and theyhave previous Unix experience,it just makes sense for the commandto work as before.Climbing the Linux mountainneed not be daunting. All that isneeded is a little preparation, abit of online help and, of course,patience. Rome wasn’t built ina day, and neither is Linux fullymastered in a day (or a week,for that matter). Taking time tolearn what makes Linux greatis part of the reason why Linuxis quickly becoming the world’spremier operating system for computers.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMA B O U T T H E A U T H O RPaul Panks is the author of “HLA Adventure,”an adventure game written in Randall Hyde’s HLA(High Level Assembly) language. His ultimate intentionwas for others to eventually contribute to this project,so in May 2003 he released it into public domain,including the source code, so others could add tothe game over time. Paul is a native of Phoenix,Arizona, an avid fan of pro football and creativewriting, and became interested in Linuxprogramming through Red Hat Linux and Fedora Core.dunric@yahoo.comwww.LinuxWorld.com9OCTOBER 2005


completebulletproofResourceManagementautomateidentitymanageZENworks®supplierssimplifyundeterminedsimplifysecurecutting-edgeblazinglower costsfoundationData CenterIdentityManagementconsolidateaffordclosebuildadaptablescalabilitySUSE TM LINUXEnterprise Serverevolveundefendableshutopenclosedsubjectintegrateunrestrictedenterpriseundefendedagileassailableopen upcapabledeliverallocateunresolvedunfastenedclearwide openmigratespread outspreadpeopleopenedexposedflexibilitygoconnectoutdoorsdesktopGroupWise®systemsfreedomcentralizedcollaborateuniteWorkgroupand CollaborationLinux Desktop 9functionalityDefine Your Open Enterprise.What does Open mean to you? Community? Security?Risk? Reward? Can it leverage legacy systems?Consolidate and simplify? Do you believe in its powerand potential?Introducing Novell software for the open enterprise— the only software that makes Open work for you.From desktop and data center to identity management,resource management and collaboration, ourflexible combination of open source and commercialsoftware delivers more than you ever imagined. Thepower to manage IT assets and effort automatically.Freedom from single vendor lock-in. Security that keepsthe right information safe and the right people informed.And the ability to connect people to performance andbusiness to possibilities. So you can build an openenterprise that makes sense for you — and your future.This is Novell software for the open enterprise. TheOpen you’ve wanted all along.This is your open enterprise.www.novell.comCopyright © 2005 Novell, Inc. All Rights Reserved. Novell, the Novell logo, ZENworks and GroupWise are registered trademarks; SUSE is atrademark of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.


ENTERPRISEMigrate and ConsolidateGuidelines for leveraging Linux to lower costs, ease management,improve resource utilization, and protect vital dataB Y A N I N D Y A M U K H E R J E EIn an all too familiar saga taking place in small-to-medium businesses (SMBs)everywhere, file/print, Web, e-mail, and application servers are multiplying at analarming rate in response to ever-increasing demands for processing power. Initially,the decision to bolster capacity-constrained servers by adding more seems like areasonable remedy for managing aggressive growth. However, when two-to-three additionalservers grows to 10-to-20 over time while being provisioned for extra cyclesto accommodate peak loads, this quick-fix solution mushrooms into a major IT problem,leading to accelerated operating costs, increasingly complex administration, andineffective resource utilization.A B O U T T H E A U T H O RAnindya Mukherjee is senior manager, StrategicPartners Group at BakBone Software.anindya.mukherjee@bakbone.comSince most SMBs have limited IT support,managing a sea of low-capacity,underutilized servers presents somedaunting challenges. Aside from the additionalexpense of updating operating systemversions and keeping software patches current,the tech team must ensure the integrityof all data residing on a platform that hasnot been optimized for reliability or highavailability. Conducting regular backup andrecovery operations can put further strainon already overburdened staffers who can’thandle the complexity of managing multipleservers with increasingly critical businessdata.As a result, more smaller and mid-sizedorganizations are seeking a simpler, morecohesive server strategy. Instead of dealingwith hundreds of dispersed, I/O boundservers, they are migrating to higher-performanceplatforms along with consolidatingtheir number of servers. According to MikeKarp, senior analyst at Enterprise ManagementAssociates in Westboro, Mass., movingup market in terms of processing power isan excellent opportunity to simplify infrastructure.“By replacing a handful of smallerservers with a single, high-performancesystem, companies can take a quantum leapin capabilities and be much better preparedto meet on-demand business requirements,”he said.‘Less is More’ Drives ServerConsolidationsThe concept of using fewer servers to domore work is the driving force behind mostconsolidation efforts. The goals are straightforward:contain costs, streamline management,and improve security while boostingreliability and asset utilization. To that end,selecting a powerful operating system thatcan handle workload peaks without sacrificingperformance and throughput leads manyorganizations to Linux. As an open sourcetechnology, Linux is also less expensive tolicense than many proprietary operating systems,making it an ideal match for the SMBmarket segment. Linux has the advantage ofbeing a robust, distributed environment withclustering capabilities that make it inherentlymore reliable than Windows and mucheasier to work with than various flavors ofUnix. ”The benefits of using Linux to buildup and out are pretty significant,” notesKarp. “As a powerful computing platform,Linux offers good potential for growth.”Today, a wealth of applications and softwareis available for the Linux environment,further reinforcing its rising appeal. “Thelong-term value proposition for organizationsmigrating to Linux is pretty clear,” saysAndy Wachs, program director for IBM’sLinux on Power solutions. “The ability to deployaffordable hardware and take advantageof many more software choices results inlower-cost server deployments.”High-end computing mainstays suchas IBM see Linux as an excellent operatingenvironment for SMB customers. Tuned forLinux, IBM’s eServer OpenPower serversleverage the company’s mainframe heritageand 64-bit architecture with enterprise-classIBM POWER5 processors, as well as additionalreliability, availability, and serviceability(RAS) capabilities. “When consolidatingmultiple servers onto a single platform, youneed a big enough resource that providesthe optimal sum of all the parts – with lotsof internal disk, memory, adapters, etc.,”explains Ron Gordon, IBM program directorfor pSeries Linux Marketing. “You need ascalable solution that makes it easy to addprocessors, memory, storage or adapters, aswell as cluster them together for higher availability.”Virtualization EnhancesBusiness FlexibilityPreviously available on mainframes,virtualization technology is now availableon entry-level servers to increase the useof processor, memory, local area network(LAN), and disk resources as well as enhancebusiness flexibility. With virtualization,applications are not bound to particularphysical servers, so companies can redistributeresources dynamically to accommodatefluctuating or peak workloads. “Virtualizationhas gained traction in the storage arenaover the past four years as a ‘never-ending’C-drive,” explains Karp. “Extending thisconcept of a common resource pool to applicationservers means it no longer matterswhich machine is running which application.”OCTOBER 2005 12 www.LinuxWorld.com


ENTERPRISEVirtualization can produce substantialimprovements in performance and reliability.IBM’s Hypervisor is an advancedvirtualization engine that is incorporatedinto firmware logic and therefore has lesssystem overhead than third-party virtualizationsoftware. The addition of micropartitioningcapabilities enables the IBMPOWER processor to run multiple instancesof an operating system in independentpartitions. Overall resiliency is improvedsince the operating system running in onepartition is protected from events occurringin other partitions. Therefore, the failureof one application is isolated and does notaffect other applications running in otherpartitions.Consolidating servers onto Linux and takingadvantage of virtualization and partitioninglets companies increase business agilitywhile becoming more responsive to theircustomers’ growing demands. Executivescan focus more attention on what deliversthe most value to their organizations andwidens their competitive edge instead of ITintricacies and complexities. With that said,a well-orchestrated consolidation effortrequires a phased deployment, starting witha thorough assessment of primary businessdrivers and processes.There are many rules for navigating asuccessful migration effort while ensuringa seamless cut-over to a consolidatedenvironment. “Each company has its ownindividual technical issues, corporate ITsociology, and business priorities that willbe impacted by a consolidation effort,”notes analyst Karp. “Start with a review ofkey business processes, then pick a pilotproject to test the different elements of themigration plan.”BakBone SoftwareBackup and Recovery TopsMigration PrioritiesA review of existing Service Level Agreements(SLAs) and other performanceparameters will help establish guidelines forkeeping the business running at optimumlevels. Additionally, an analysis of general infrastructureshould reveal variances betweenaverage and peak data traffic, providing asense of which systems and applications arefast approaching capacity and would be bestserved by consolidation.“You can’t move to a new platform withoutfirst determining how you are going toprocess—and protect—your vital data,” saysWachs. “Backup and recovery should be atthe top of the heap of consolidation andmigration priorities.” In fact, the notion ofbacking up and restoring mission-criticaldata becomes much more important in acentralized, consolidated environment sincethe potential of downtime can affect a muchlarger percentage of people and processes.For that reason, backup and recovery is oftenconsidered one of the most critical applicationsin any migration effort. “Fortunately,you can achieve better end-to-end supportby co-locating backup and recovery so thatit protects both physical and virtual servers,”he continues. Running backup and recoveryin an independent partition provides muchtighter control over the entire environmentwhile making it easier to prioritize differentworkloads, specify resource allocation orshare resources to improve utilization.An initial impetus for consolidating backupand recovery typically is cost. Maintainingseparate backup and recovery systems ondifferent platforms can be an expensive andtime-consuming burden. Solutions requiringminimal operator intervention and lowMore than a year ago, BakBone Software announced that its NetVault backup and recoverysoftware supported all IBM eServer pSeries systems running 64-bit Linux on IBM’s Power Architectureprocessors. The blend of BakBone’s data protection experience with IBM’s Linux on Power technologyis designed to reduce costs, consolidate workloads, and integrate on-demand computing environmentswithout sacrificing robust data protection.Adding NetVault’s advanced capabilities to the mix, such as virtual disk library (VDL) support,speeds both backup and restore efforts using fast disk-to-disk capabilities. One of the major benefitsof BakBone’s NetVault VDL is the ability to run multiple jobs at once to a disk, which eliminates theneed for more costly tape drives or libraries. Using NetVault’s built-in policy management allows ITmanagers to set policies that automate moving this data from the VDL to tape as well as dictatinghow long the data should reside on the VDL and/or tape. The addition of this near-line recoveryoption bolsters disaster recovery while providing a smoother transition to offsite, longer-term dataarchival as needed.services overhead can expedite deploymentand ease ongoing operation. For that reason,many organizations take advantage of serverconsolidation to deploy an integrated, robustsolution that is ideally suited for the Linuxenvironment and works well with other enterpriseapplications and databases.Maximizing ServerConsolidation ROIIn the final analysis, improvements in datamanagement are the acid test of any serverconsolidation. To get as much value as possibleout of the migration, cost savings, andprocess improvements should be weighedagainst capital expenditures over a six-toeightmonth period. For example, tallyingthe savings from migrating 20 servers thatare 10 percent utilized to one-to-five serverswith more than 50 percent utilization eachcan be measured in terms of equipmentexpenses, administrative labor costs, andsoftware license fees.Another important metric involvescomparing data management costs againstoverall data growth. “If the cost of managingand protecting your data is growing more orless commensurate with the increase in dataor addition of new servers, you are spendingtoo much and should look to consolidationand centralized backup and recovery toreduce the expense,” summarizes Karp.Of course, calculating the advantages andvalue of migrating low-capacity servers toa more robust platform will depend uponpressing business priorities and core competencies.For organizations in the mid-market,however, the success of any consolidationproject will be driven by the adoption ofbest-of-class server as well as backup andrecovery solutions that are designed to containcosts, increase security, and protect dataintegrity while simplifying management andimproving resource utilization.According to IBM’s Gordon, many smallto-mediumbusinesses can quantify andqualify return on investment in most serverconsolidations by factoring improvementsin manageability and reliability as well asbackup and recovery. “All things considered,most consolidations involving 10 or moreservers pay for themselves within a year,” heconcludes. “When you replace 20 low-capacityservers with one high-performancesystem that is much easier to manage andprotect, it’s pretty straightforward to extrapolateall the advantages.”LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMOCTOBER 2005 14 www.LinuxWorld.com


FEATUREgrowth impetus, given their attractive economiesand the typical insatiable applicationdemand for computing power. At a certainpoint, often around 16–64 nodes, clustermanagement gets problematic and expensivedue to growing workload schedulingrequirements, increasing cluster size, andthe increasing (and inherent) heterogeneityof software and hardware components.Every node added at this point increasesmanagement attention, magnifies complexityand business risk, and multipliesboth direct (overhead, labor) and indirect(lateness to market, hassle) costs. Addingto the complexity is a myriad of clusteringtools and applications, interconnects, MPIs,compilers and libraries, and managementtools.Large cluster sizes makes it even tougherto deploy applications quickly, fully controland monitor all resources, or respond torapid changes to user or business requirements.All of these issues conspire to reducethe organization’s return on IT assets andoverall business performance. Consequently,as new clusters scale or existing Linuxinfrastructures grow, there is an ongoingand critical need for software managementsolutions that can quickly and economicallyscale, manage, and troubleshoot clusters.“Clusters are enabling more work tobe undertaken and therefore are a majordriver in the growth of the HPC marketplace...therestill are clearly large hurdlesthat clusters will need to overcome inorder to expand the addressability of thetechnology...[including] the management ofa large number of nodes and greater levelsof parallelization of cluster applications aswell as the conversion of applications tocluster operating environments,” accordingto a 2004 IDC study. The pain around clustermanagement is shared across industries,processing needs, and user roles, representinga significant user concern.Fortunately, there are management solutionsthat reduce the pain and cost of buildingand scaling HPC clusters, even when thecluster size exceeds 1,000 nodes. Powerful,commercially available software solutionscan simplify and automate the management,scale out, and support of Linux clustersby bundling industry standard servers,operating systems, and application softwareinto an easily managed Linux datacenter.After deciding Linux clusters are the wayto go, knowing how to plan and implementa cluster is equally crucial. This requires asignificant amount of upfront analysis anda detailed, yet realistic, implementationmethodology.Implementing Linux ClustersDocument, Plan, Test, LaunchThe process of implementing clusters isno different than the usual project-planningmethodology including a review of goals,resources, staffing, and features. There are,however, some guidelines that can shortentime to implementation and results. Forexample, Scali has identified a number ofbest practices for deploying, scaling, andmanaging clusters. In general, investingmore time upfront in planning and testingwill bear rewards later on in terms ofreduced rework, cost, and deployment time.Baseline Information NeedsBefore beginning an implementation,two important lists should be created: ahardware inventory including specific informationon minimum hardware requirements;performance tests and specificationson how to set up and configure nodes;and an application inventory that wouldinclude information on install applications,fix run errors, and run and test performance.Hardware ProofTo minimize risk and the time associatedwith “going live,” it is useful to set up a miniproof of concept to avoid unanticipatedproblems during actual deployment. Theproof of concept helps to verify clustersoftware installation and review the performanceand reliability of the network andhardware. Installation requirements may becustomized to support hardware or othersoftware unique to the cluster and performance-testingtools to optimize performance.A management solution can handlereplication of those requirements acrossadditional nodes.Application ProofAll applications must be tested on themini proof of concept to ensure high performanceand robustness for stakeholders.As there are likely many different kinds ofoff-the-shelf, proprietary, and custom applicationsin the environment, this processmay take time with many fits and starts. It iscritical to configure, run, and test the applicationsto highlight missing functionality orcorrupted operation instead of relying onlyon third-party documentation. This processshould also be repeated for all software, toensure a complete environment.Following configuring and testing, thenext important phase is implementing thecluster. Successful cluster implementationshould incorporate the following steps:1. Communicate critical information onpolicies, system information, support,and application performance to clusterusers.2. Brief the operator on the design philosophy,system architecture, and userinterface as well as management tools,scripting, and nomenclature.3. Prepare the system for running your applicationsoftware through hardware migration.This may include power testingof any new hardware (i.e., master node,compute nodes, power systems), PXEboots, or changes to nodal BIOS settings.4. Once the new nodes are active, thesystem is ready for application migrationand testing.5. Upon completion of application proofing,commissioning can begin. At this stage,users and operators should be madeaware that the cluster can now run productionjobs and be aware of any missingor delayed features.Completion of these steps helps ensure arobust cluster implementation.Choosing Cluster ManagementSoftwareProven Commercial Software OffersSuperior ValueGiven the variety of possible tools, whatshould an IT manager be looking for in acluster management solution? The ultimatevision of cluster management is to managethe cluster as if it were a single server, makingit easy for applications to take advantageof the aggregate power of the individualnodes. However, this is more than justchoosing a piece of cluster managementsoftware and a methodology for deployingit. Without the proper planning anddue diligence, the wrong choice of clustermanagement software or implementationprocess can easily result in higher costs,longer implementations, and slower timeto results – spoiling much of the promise ofcluster computing.www.LinuxWorld.com17OCTOBER 2005


FEATUREEffective cluster management software ispredicated on a synergistic combination ofmanageability, enterprise-class installation,and configuration flexibility. A key considerationin choosing a management solution isthe importance of growing or updating thecluster over time. For many installations, clustersare built with an expectation that theywill be able to grow and support future technologies.This can mean a mix of hardware,processor, operating system, or interconnecttypes. Understanding the importance of thiswithin the environment is a key factor.For organizations with a greater sensitivityto application and business risk, anda high level of mission-critical work, theless risky and costly approach would beto deploy market-proven and supportedcommercial software solutions. Powerfulsoftware bundles conveniently integrate thekey elements of the hardware and systemsoftware stack with application managementtools into one convenient and testedpackage. Much of the value is aroundenhanced convenience, expert commercialsupport, comprehensive documentation,predictive development, third-partysupport, and integrated functionality. ThisRapid InstallationHow quickly a cluster can scale affectsthe time to results and its overall competitiveness.As IT assets and budgets becomemore dependent on business performance,the ability to rapidly deploy and manageclusters is seen as fundamental to marketsuccess. For example, many market-drivenfinancial services firms facing tight marketentrywindows for new products have wastedprecious weeks of revenue and hundredsof thousands of integration dollars trying toget clusters built and managed without theright tools. In addition, global car makersundertaking 24/7 design are often facedwith sudden and unexpected increasesin computing power demand. Too often,crucial design time is squandered whileincremental cluster nodes and applicationsare added to the existing infrastructure.Effective cluster management softwarepreempts the aforementioned business risk,enabling dynamic enterprises to rapidlyscale out clusters. This capability enablesmultiple installation options, is node-neutral(x86, EM64T, Itanium, Opteron), andfacilitates simple, automated installs ofthird-party applications and libraries.Enterprise-Class MonitoringAlso important to implementing clustermanagement is effectively monitoringresources for system optimization, planning,and troubleshooting once the clusteris up and running. Being able to quickly andsimply monitor system performance enablesthe user to preempt and troubleshootresource limitations before their impactis magnified. In addition, tracking theongoing performance of an environmentenables improvement in the performanceand reliability of the applications. A strongmonitoring environment should allow forboth proactive monitoring (being able toopen a window and review the system) andreactive monitoring, where the system generatesnotifications of any issues that comeup.“The value is in a pretested, preengineered software bundle”package would include the fundamentalcluster components: management andmonitoring tools, workload management,and installation and configuration software.Successful commercial solutions base theirvalue proposition around single point managementcontrol, rapid node installation,cross-platform configuration flexibility, andadvanced monitoring and troubleshooting.Single Point Management ControlClusters are complex, cumbersomeorganisms that defy simple deployment andcontrol. Without centralized control, it’sdifficult or even impossible to ensure maximumup time, effective scheduling, optimalresource allocation, and rapid cluster scaleout. The need for a single “view” into theenvironment is critical. By being able tohave a complete overview of the environment,it is possible to understand where thebottlenecks, issues, and opportunities are.Configuration FlexibilityTo minimize total cost of ownership anddeployment time and improve reliability,the solution needs to effectively copewith the complex, heterogeneous natureof every organization’s IT infrastructure.Growing clusters often contain multipleprocessors, operating systems, kernels,and interconnects (Ethernet, Myrinet,Infiniband, SCI), as well as a variety ofhardware form factors (blades and servers)and industry-standard Linux distributions.In many complex environments thisheterogeneity is a major barrier to applicationdeployment (slower time to value),cluster scale outs (inability to cope withunexpected surges in demand), and timelytroubleshooting (high cost of failure). Acluster management solution must beable to efficiently support a wide variety ofdifferent hardware and software vendors,both today and in the future.Choosing the Right VendorPedigree Is the WatchwordLeading cluster management solutionslike Scali bring a strong value propositionthrough long-term technological andproduct leadership. These include beingable to leverage heterogeneous “best ofbreed” processor, interconnect, and softwaresupport plus extensive configurationflexibility.• A fundamental understanding of theuser’s technical environments and challengesthrough deep exposure to multiindustryLinux cluster implementations.• A deep appreciation of the customer’sbusiness drivers experience as it impactstheir ability to quickly get to market/results,improve IT ROI, and minimizeTCO. Leading vendors feature enterprise-levelglobal support, extensivedocumentation, expert training, andpartnerships with leading software andintegration vendors.• A thorough understanding and appreciationfor the demands of HPC computing.Leading solutions emphasize resourceusability, system visibility, and manageabilityin addition to other key functionslike workload scheduling.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMOCTOBER 2005 18 www.LinuxWorld.com


Reduce Your Deployment and Support CostsMBX is the leader for your server and appliance manufacturing needs• Intel ® Pentium 4 Processor ® at 3.0E GHz• 1U Rackmount Chassis• 512MB PC3200 DDR• Maxtor 80GB Serial ATA Hard Drive• Dual Onboard Gigabit NIC’s• Includes CDROM, Floppy and Video• Lifetime toll free tech support• 3 Year Warranty$959 or lease for $33/mo.Or Promote Your Brand• Same Configuration as Above• Custom Branded With Your Logo• Worldwide Deployment and Support• Custom Branded Packaging Available• Configurations in 2U and 4U Available• Custom OS and Software Install• Custom Chassis Color Available• No Minimum Quantity Required$999 or lease for $38/mo.MBX is the leader in custom appliances. Many premier application developers have chosen MBX astheir manufacturing partner because of our experience, flexibility and accessibility. Visit our website orbetter yet, give us a call. Our phones are personally answered by experts ready to serve you.www.mbx.com1.800.680.0638Intel, Intel Inside, Pentium and Xeon are trademarks and registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. Lease calculated for 36 months, to approved business customers. Prices and specificationssubject to change without notice. Setup fee may apply to certain branding options. Motherboard Express Company. 1101 Brown Street Wauconda, IL. 60084.


TRENDSDevice Managementwith udev and HALB Y R I C H A R D P E T E R S E NHotplugging everything on Fedora Core 4This article discusses the implementation details for the new device managementmethods udev and HAL, now used on all Fedora Core 3 and 4 systems for all devices.It’s time to relearn how devices are managed!On Fedora Core 4, device files areno longer handled in a static way.Instead they’re now dynamicallygenerated as needed by udev and managedby HAL (Hardware Abstraction Layer).Previously a device file was created foreach possible device, leading to a verylarge number of device files in the /etc/devdirectory. Now, your system will detect onlythose devices it uses and create device filesfor those only, giving you a much smallerlisting of device files. Both udev and HALare hotplug systems, with udev used forcreating devices and HAL designed for providinginformation about them, as well asmanaging the configuration for removabledevices such as those with file systems likeUSB card readers and CD-ROMs.Managing devices is at the same timeeasier but much more complex. You haveto use udev and HAL to configure devices,though much of this is now automatic. Deviceinformation is maintained in a specialdevice file system called sysfs located at/sys. This is a virtual file system like /procand is used to keep track of all devices supportedby the kernel.In this article, I’ll cover the initial basicsof udev and HAL configuration and devicemanagement. The goal is to give you a senseof how devices are now managed on FedoraA B O U T T H E A U T H O RRichard Petersen holds a M.L.I.S. in Libraryand Information Studies. He currentlyteaches Unix and C/C++ courses at theUniversity of California, Berkeley.richardlpetersen@gmail.comCore 4 and where to go to find the rules thatnow determine how devices are created.udev: Device FilesDevices are now treated as hotplugged,meaning they can be easily attached andremoved. Their configuration is dynamicallydetected and does not rely on manualadministrative settings. The hotplug toolused to detect device files is udev, userdevices. Each time your system is booted,udev will automatically detect your devicesand generate device files for them in the/etc/dev directory. This means that the/etc/dev directory and its files are re-createdeach time you boot. It is a dynamicdirectory, no longer static. udev uses a setof rules to direct how device files are to begenerated, including any correspondingsymbolic links. These are located in the/etc/udev/rules.d files. As part of the hotplugsystem, udev will automatically detectkernel devices that are added or removedfrom the system. When the device interfaceis first created, its corresponding sysfs fileis located and read, determining any additionalattributes such as serial numbersand device major and minor numbers thatcan be used to uniquely identify the device.These can be used as keys in udev rules tocreate the device interface. Once the deviceis created, it’s listed in the udev database,which keeps track of currently installeddevices.As /etc/dev is now dynamic, any changesyou would make manually to the /etc/devdirectory will be lost when you reboot. Thisincludes the creation of any symbolic linkssuch as /dev/cdrom that many software applicationsuse. Instead, such symbolic linkshave to be configured in udev rules fileslocated in the /etc/udev/rules.d directory.Default rules are already in place for thecommonly used symbolic links, but you cancreate rules to add your own.udev rulesudev uses the udev rules.d files to dynamicallycreate your device files. The rulesfiles already present in the rules.d directoryhave been provided for your Fedora Coredistribution and are designed specificallyfor it. You should never modify these rules.To customize your setup, create your ownseparate rules files in /etc/udev/rules.d. Inyour rules file you would normally defineonly symlinks, using SYMLINK fields alone,as described in the following sections.These set up symbolic links to devices,OCTOBER 2005 20 www.LinuxWorld.com


TRENDSletting you access them with other devicenames. NAME fields are used to create theoriginal device interface, a task usually leftto udev.Each line maps a device attribute to adevice name, as well as specifying any symbolicnames (links). Attributes are specifiedusing keys, of which there may be morethan one. If all the keys match a device,then the associated name is used for it anda device file of that name will be generated.Instead of listing a device name, a programor script may be specified instead to generatethe name. This is often the case for CD-ROM devices, where the device name couldbe a cdrecorder, cdrom, or dvdrom.The key fields, such as KERNEL, supportpattern matching to specify collections ofdevices. These operate as standard filenameexpansion operations: *, ?, [ ]”. For example,mouse* will match all devices beginningwith the pattern “mouse”. The followingfield uses the KERNEL key to match on allmouse devices as listed by the kernel:KERNEL=”mouse*”The next key will match on all printerdevices numbered lp0 through lp9. It usesbrackets to specify a range of numbers orcharacters, in this case 0 through 9, [0-9]:KERNEL=”lp[0-9]*”The NAME, SYMLINK, and PROGRAMfields support string substitution codessimilar to the way printf codes work. Such acode is preceded by a % symbol. The codeallows several possible devices and namesto be referenced in the same rule. For example,%k references the kernel name for adevice.The udev Man page provides manyexamples of udev rules using various fields.On Fedora Core 4, the 50-udev.rules fileholds rules that primarily use KERNEL keysto designate devices. The KERNEL key is followedby either a NAME field to specify thedevice filename or a SYMLINK field to setup a symbolic link for a device file. The followingrule uses the KERNEL key to matchon all mouse devices as listed by the kernel.Corresponding device names are placedin the /dev/input directory, and the nameused is the kernel name for the device (%k):KERNEL=”mouse*”, NAME=”input/%k”You can use more then one key in a rule.The following rule uses both a BUS key anda KERNEL key to set up device files for USBprinters, whose kernel names will be usedto create device files in /dev/usb:BUS=”usb”, KERNEL=”lp[0-9]*”, NAME=”usb/%k”Symbolic LinksCertain device files are really symboliclinks bearing common device names thatare often linked to the actual device fileused. A symbolic link is another name fora file that is used like a shortcut, referencingthat file. Common devices such asprinter, CD-ROM, hard drive, SCSI, andsound devices, along with many others,will have corresponding symbolic links.For example, a /dev/cdrom symbolic linklinks to the actual device file used for yourCD-ROM.Symbolic links are created by udev usingthe SYMLINK field. The symbolic links fora device can be listed either with the samerule creating a device file or in a separaterule that will specify only a symbolic link.Rules that specify a symbolic link only willhave just a SYMLINK field with no NAMEfield. In this case the symbolic link is kepton a list awaiting the creation of its device.This allows you to add other symbolic linksfor a device in other rules files. For example,you could create your own rules file withsymbolic links for devices. Such a file wouldhave rules that used just SYMLINK fieldsfor devices. Rules with NAME fields wouldbe still be handled by the original udev rulefiles like 50-rules.udev.This situation can be confusing becausesymbolic links can be created for devicesthat are not yet generated. The symboliclinks will be defined and held until needed,when the device is generated. This is whyyou usually have many more SYMLINKrules than NAME rules, though the NAMErules actually set up device files. In the caseof removable devices, devices will not havea device name generated until they are connected.In the 50-rules.udev file you will find numerousSYMLINK rules for optical deviceslike the one shown here for SCSI CD-ROMs:KERNEL=”scd[0-9]*”, SYMLINK=”cdrom%e”In most cases, you’ll only need symboliclinks for devices, using the official symbolicnames. Most of these are already defined foryou. Should you need to create a symboliclink, you can create a SYMLINK rule for it.However, a new SYMLINK rule needs to beplaced before the name rules that namethat device. The SYMLINK rules for a deviceare read by udev and kept until a device isnamed. Then those symbolic names can beused for that device. You can have as manysymbolic links for the same device as youwant, meaning that you could have severalSYMLINK rules for the same device. Whenthe NAME rule for the device is encountered,the previous SYMLINK keys aresimply appended.Most standard symbolic names arealready defined in the 50-udev.rules file,such as audio for the audio device. In thefollowing example, the device is referencedby its KERNEL key and the symbolic linkis applied with SYMLINK key. This is onlya SYMLINK rule. There is no NAME key toname the device:KERNEL=”audio0”, SYMLINK=”audio”Hardware Abstraction Layer: HALThe purpose of the Hardware AbstractionLayer (HAL) is to abstract the processof applications accessing devices. Applicationsshould not have to know anythingabout a device, even its symbolic name. Itshould just have to request a device of acertain type, and then a service, like HAL,should provide what is available. Deviceimplementation becomes hidden fromapplications. HAL is a software project ofwww.LinuxWorld.com21OCTOBER 2005


ENTERPRISELogicworks’ LogicOps Managementand Monitoring PlatformB Y G R E G W A L L A C ETaking Linux, Apache, PostgreSQL, and PHP to their logical extremeLet’s play word association. I say “Web Hosting.” I bet “fat margins” didn’t jumpinto your head. More likely, you thought of some of the “where are they nows” of thebubble, like Exodus and PSINet. Let’s do another round – I say “New York City,” andI’d wager that “cheap rent” wasn’t the first thing you thought of, either. So it maysurprise you to learn that one hosting company that’s been around since 1993 andthat’s actually making money, Logicworks (http://www.logicworks.net), just happensto be based in New York City.What’s their secret? Talk to CEO,Carter Burden, and he’ll tell youthat they have low customer turnoverbecause of their superb support, andthat this also allows them to earn a modestprice premium over the competition.One customer raves: “I have been a clientof Logicworks for over 6 years. The servicehas been as close to flawless as anyone hasa right to expect.” – Director of Technology,Philadelphia MagazineSounds like a good formula: a satisfied,growing customer base and healthymargins even in a space-intensive businessin one of the most expensive real estatemarkets in the world.Just how does Logicworks manage to provideover-the-top customer service withoutblowing out their SG&A budget? Typically,the more a company spends on customerservice, the lower their margins, since theyneed to spend money on more customersupport reps. In the hosting business, companiescan incur costs buying third-partyA B O U T T H E A U T H O RGreg Wallace is co-founder and chiefmarketing officer of Emu Software, the Durham,NC-based maker of the NetDirector ConfigurationManagement System for Linux. He got hisMBA and masters of international affairs fromColumbia University in New York City andspent a year as a Rotary Foundation Scholarat the University of Barcelona in Spain.greg@emusoftware.comsystems to correlate servers to customersso that, when an issue arises or when thecustomer wants a new feature turned on,it can be accomplished in a controlled anddocumented way with minimal effort andat maximum velocity. When you’re talkingthree facilities, two live and one backupdata center, where all facilities are connectedvia an in-house Gigabit Ethernet MAN,you get an idea of the potential complexity.Scaling such a system smoothly as youincrease customers is also a daunting task.After struggling for years to make commercialsystems fit their needs, but failingto achieve the desired results, Logicworksembarked on a bold venture to build acustom integrated asset tracking, CRM, andsystem monitoring tool. Pause for a momentand take this in – not three tools – onefor asset tracking, another for customerrelationship management, and a third forsystem monitoring – but one tool that doesall three, and in which all three componentsare seamlessly connected. In June of thisyear, just before I became acquainted withLogicworks at a trade show in New York,they announced the availability of theircreation, which they call LogicOps.In the Beginning...Mr. Burden passionately explains hisrationale behind unifying Logicworks’operational data in one meta system. “I feltthat, in order for us to simultaneously meetour stringent customer service targets andkeep our operational costs in check, it wasimperative that we have a fully integratedplatform for all of Logicworks’ systemsmanagement activities. LogicOps ensuresabsolute precision and tight security controlsfor the services we offer now, and allthe services we plan to offer in the future.Even more important, LogicOps provides ahigh degree of transparency into our operationsfor our customers, giving them controlover their servers’ administration.”Through a demonstration of LogicOps, Iwas impressed with the sheer breadth of thetool. Using LogicOps, a customer can entera service ticket to add more RAM to oneof their servers, for example. A Logicworkssupport rep will then use the tool to assignthe task to a technician. When completed,both the support rep as well as the customerwill receive a notification that thetask has been completed. Then, when accountingneeds to reconcile their inventoryof RAM, they can use the same LogicOpssystem to track the customer to which thestick of RAM has been assigned, and when.Because LogicOps contains detaileddata about Logicworks’ datacenter layoutand chassis placement, it can also drawboth a top-down view of the datacenterspace, as well as a front view of each rack(see Figure 1). This allows management tomake decisions about expansion withouthaving to step foot in the datacenters andwithout tasking datacenter engineers with“gofer” tasks. This capability extends topower and switch/router capacity as well.Because LogicOps is a centralized repository,it provides engineers with an enormousOCTOBER 2005 24 www.LinuxWorld.com


ENTERPRISEFIGURE 1LOGICWORKS ENGINEERS CAN USE LOGICOPS TO QUICKLY VIEW RACKSAND TO VIEW ALL DETAILED INFO ABOUT THE SERVERS IN THE RACKS.FIGURE 2CONSOLIDATED ASSET INFORMATION, INCLUDING SERVICE REQUESTS,CUSTOMER CONTACT AND CONFIGURATIONSamount of data in a single location. Insteadof needing to search through multiplesystems to collect the information requiredto accomplish a task, be it an IP address, aphone number of a client, or the location ofa machine, they can find it all in one passfrom a consistent interface.Build It and They Will ComeBased entirely on open source components,LogicOps stores and representsassets (servers, racks, routers, VLANs, evenmemory modules), customer data (addresses/phonenumbers, authorized contacts,service requests), and network status(utilization, failures) as generic objectsin parent-child relationships. The unifiedtree structure groups all service elementsinto interconnected patterns, allowing forgreater transparency for the customer whilereducing Logicworks’ operational complexity.In building LogicOps, explains thesystem’s architect Bart Grantham, opensource software (OSS) was not a requirement,but rather it was a natural fit; mostof Logicworks’ engineers were comfortablewith OSS, and this choice provided themwith a lot of flexibility, which proved to becrucial as the project progressed. Price wasalso a factor, though not the deciding one.Furthermore, the team’s level of expertisewith OSS gave Logicworks’ managementthe comfort they needed to forgo the backingby a central authority that you get with acommercial package.Settling on Linux (currently Red Hat ES4)as the OS for the platform was easy giventhe team’s familiarity with Linux and theready availability of pre-made images forserver deployment. PostgreSQL was chosenas the database back end for a number ofreasons. Though not necessarily the fastestopen source database, the Logicworks teamliked the tool’s enterprise features as wellas their clean implementation. They alsofelt that the PL/pgSQL language made thedevelopment of stored procedures moreflexible and expressive, which became a bigplus at the end of the development cyclewhen, during final polishing of the application,the team achieved an enormousperformance boost by moving some smallbut complex pieces of the application logicinto stored procedures.The middleware language selected wasPHP for its ease-of-use and deployment andbecause of the good supply of developerswho know it. This has made finding newmembers of the team to support the applicationrelatively easy. For Bart and his team,this choice has also aged well with time.The team has found that the activity surroundingPHP includes strong communitysupport and a wide array of useful libraries,such as ADODB and Smarty, both of whichfound their way into LogicOps. They alsoliked the eAccelerator PHP code cache,which helped reduce system latency. Whileeminently satisfied with their choice of PHP,the group recognizes that Python wouldalso have been a good choice. Indeed, oneextension of the tool under considerationis a cross-platform desktop client that, ifimplemented, will use Python to deliver anenhanced user experience.Not surprisingly, Apache won the day forthe Web server, though, after reading aboutlighttpd’s speed and nice integration withPHP, the team is giving this alternative alook to see if it can deliver any performancegains.Beyond the core Linux/Apache/PostgreSQL/PHPstack, Bart is quick to mentiontwo other OSS projects that were absolutelyessential for being able to successfullymigrate from the company’s herd of legacysystems to LogicOps. These are:• UnixODBC, a simple and straightforwardODBC manager for *nix systems• FreeTDS driver for Microsoft SQL Serverand Sybase databases, which togetherwith UnixODBC allowed the Logicworksteam to bridge the gap between PHP onLinux and MS SQL Server on Windows2000• The UnixODBC/FreeTDS combinationproved to be rock-solid, stable, simple-tomanage,and extremely fastwww.LinuxWorld.com25OCTOBER 2005


ENTERPRISESource Code MattersFor maximum performance, the teamdeployed on a dual Opteron system withRed Hat ES4 for x86-64. Any componentsof the application stack that weren’tprovided by Red Hat for 64-bit support,they compiled themselves. Everything washumming until they hit a show-stoppingbug: the queries between UnixODBC andPHP5 resulted in segfaults if any fieldswere NULL. After recompiling with debuggingsymbols and spending a quality houror two with GDB, Bart smoked out theculprit – PHP thought that the length of thefield in the ODBC struct was the maximumvalue for a 32-bit integer, which struckhim as a suspicious number when dealingwith 32/64-bit compatibility. “After a quicklook at the sources for the two packages,I determined that where one was using asigned long long, the other was using anunsigned long, resulting in the misinterpretationof the field length that caused theout of control memory access. Changing asingle word in the declaration of the structin PHP5’s ODBC implementation solvedthe problem completely.”The take-away is that these kinds ofincompatibilities can occur in any software,open or proprietary – the difference herewas, because the software they were usingwas open source, Bart and team had theFIGURE 3CUSTOMER ACCESS TO LOGICOPS LETS THEM SUBMIT SERVICE REQUESTS.capability to solve the problem themselvesand get back on track. Furthermore, sincethis particular bug resulted from an incompatibilitybetween two different products,it’s uncertain that, had the team been usingclosed source tools, they could have cajoledtwo different proprietary software vendorsto work together to resolve the issue.FuturesWith the largest two components of thebuild out of LogicOps complete – namelythe initial deployment with networkdocumentation and the migration from theprevious proprietary ticketing system – theteam looks forward to having some funimplementing customer-managed DNS,customer management of complimentarymailboxes, and building out a demonstrationdatabase so that potential customerscan see both the public interface as wellas the interface Logicworks engineers use.Next comes tools for customers to defineservice request templates. For example,a customer could submit a request that,in case of failure of a master applicationserver, the application will automaticallyfailover to a backup database server. Thiscapability, says Bart, will allow Logicworksengineers to respond speedily to complexsystem warnings and failures, and to do soin accordance with their clients’ requirements.These components are slated tocome online in the next few months, afterwhich Bart and team plan to return to moreoperations-facing improvements. These willinclude an interface for managing firewallconfigurations and integration with theiraccounting system, and they’ll continuouslyevaluate additional features. At thecurrent pace, they estimate a year and a halfof work before they “run out” of systems tointegrate into LogicOps.Beyond this impressive short and mediumterm set of feature enhancements,they’re looking at polishing the code andpreparing it for release with an open sourcelicense. Having leveraged the strengths ofopen source software for the developmentof LogicOps, the company is unified in itsdesire to be a good open source citizen bygiving back. Bart and team will face challengeswith things like end-user documentationand building better support forout-of-the-box deployment, but, in Bart’sown words, “we definitely plan on sharingour secret recipes. After all, the real secret todoing well in this business is extraordinarycustomer service and there’s no place todownload that piece of software.”What It’s WorthOne of my favorite television advertisementsof all time was the post-bubble IBMad where the young engineer uses the word“cool” to describe a new IT project to awhite-haired executive, who immediatelygives him a tongue-lashing for how “coolcosts me money.” The engineer, whom theaudience is rooting for, quickly redeemshimself by explaining the business benefitsof the technology. To which the exec simplyreplies, “Cool.”LogicOps is a great, real-world example ofhow a very cool, and in this instance opensource-based, automation tool helps a businessin a tough market be more prepared,better informed, and more responsive.Being able to solve simple problems morequickly, and even automating solutions, allowsLogicworks to pay a lot of attention tocomplex customer problems. The LogicOpssystem has even drawn praise from Logicworks’SAS70 Type II certification auditorsbecause it doesn’t just track assets, but isflexible and extensible enough to trackcontrols and procedures as well.Cool.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMOCTOBER 2005 26 www.LinuxWorld.com


FIRST LOOKHow to Rapidly BuildNative XML ApplicationsB Y W E N D Y S C H O T TLAMP as complexity reducerWhatever happened to the days when a new college grad could be sent to a twoweekdeveloper’s course and come back proficient enough to develop and deploy smalldepartmental applications? J2EE – That’s what happened!Talk to most J2EE shops today andthey’ll tell you that expert developersare required, development cycles arelong, modifications are difficult, and maintenanceis costly. Development has becomeoverly complex and enterprises are lookingfor new ways to streamline the process andreduce costs.The LAMP software stack – Linux,Apache, MySQL, and PHP/Perl/Python– presents a strong alternative to traditionalarchitectures, reducing complexity andcost while enabling new innovation. Newtechnologies let developers take advantageof native XML to simplify the creation anddelivery of rich Web 2.0 applications andservices across the enterprise. To build suchapplications, corporate developers need aneasier way to create new applications andservices, using development environmentsthat are de-coupled from deployment formaximum flexibility.As new technologies evolve to supportthis demand, J2EE and .NET have a strongcontender in enterprise LAMP.The ActiveGrid Application Builder andLAMP Application Server are productsthat support native XML and leverage theproven Open Source LAMP stack. UsingActiveGrid, developers can deploy businessapplications in-house across commoditymachines or to virtually any ISP. Below isa brief overview of ActiveGrid, includingA B O U T T H E A U T H O RWendy Schott is a product manager for Active-Grid, an enterprise LAMP company based in SanFrancisco. Prior to ActiveGrid, she was a systemsengineer for NetDynamics, a J2EE applicationserver ultimately acquired by Sun Microsystems.wschott@activegrid.com.step-by-step instructions on how to use theActiveGrid Application Builder and LAMPApplication Server to rapidly build and flexiblydeploy a simple Web application.ActiveGrid Application BuilderThe ActiveGrid Application Builder providesa native XML development environment.Developers use a consistent XMLSchema and Web Services metaphor tointegrate all data sources. The ActiveGridApplication Builder uses wizards for commontasks such as importing data sourcesinto XML Schema and deploying applications.Working with this platform, it’s easyto graphically build new applications basedon standards such as BPEL (the BusinessProcess Execution Language) to defineapplication flow, XML Schema to representdata sources, XPath to specify queries, andXForms to define dynamic Web pages. Alllogic is automatically encapsulated as WebServices, which can be written in Python,PHP, Perl, or Java.Fully integrated features such as a Webserver, database, and debugger enabledevelopers to run demonstration applicationsimmediately and do real-time iterativedevelopment. In addition, the ActiveGridApplication Builder includes deploymentwizards to seamlessly deploy applicationsto in-house commodity grids or ISPs hostingthe LAMP platform.ActiveGrid LAMP ApplicationServerThe ActiveGrid LAMP Application Serverextends the Open Source LAMP stack withfeatures such as dynamic node registration,data caching, session management,transaction management, and interfacefragment caching. These features are implementedas both an Apache Module and aslibraries that run in ModPHP, ModPython,ModPerl, and Tomcat. The ActiveGrid LAMPApplication Server interprets applicationsat runtime and can make decisions basedon context, such as how to cache a set ofdata most appropriately across commoditymachines, or how to render a form fragmentfor a particular type of client and userrole.How to Build a Native XMLApplication Using theApplication BuilderBelow is a brief introduction to how toinstall and build a simple Web applicationusing the ActiveGrid Application Builder.A more detailed tutorial at http://www.activegrid.com/Tutorial.pdf explains eachof the steps below in greater detail.Getting StartedBefore you begin, install the ActiveGridApplication Builder. Simply download andrun the Application Builder Setup programfrom http://www.activegrid.com/try.php. The Application Builder comes witheverything you need to start creating applicationsincluding a built-in Web server,SQLite database, and sample applicationsincluding Python Pet Store, Google Web ServiceIntegration, and Amazon Web ServiceIntegration. The Application Builder is supportedon Linux, Windows, or Mac and canbe installed and ready to use in less than 15minutes.OCTOBER 2005 28 www.LinuxWorld.com


FIRST LOOKType of ApplicationsThe Application Builder has support forbuilding database-driven CRUD (Create, Retrieve,Update, and Delete) applications, WebService operational applications, and integratedWeb 2.0 applications that combinedata from both traditional databases as wellas Web Service operations. The ApplicationBuilder comes with an Application Wizardthat will let you quickly create applicationsbased on either a database or Web service.Below we will walk through building a simpledatabase-driven Web application.Creating a Simple DatabaseWeb ApplicationThere are two ways to build CRUD(Create, Retrieve, Update and Delete) applicationsusing Application Builder. Youcan choose to use the Application Wizard,which makes it quick and easy to build asimple application that supports the standardCRUD functions, or you can use theProcess Wizard to create a starter processin which you can manually define your applicationflow by adding XForms, Services,and Actions to your application.Follow these instructions to create asimple application using the ApplicationWizard, which will let you search, view, andmaintain account information.Create an Application: Select ToolsApplicationWizard to launch the ApplicationWizard. The Application Wizard will walkyou through the following steps to createyour application:• Step 1: Define the Data• Step 2: Define XForms to Generate• Step 3: Define Application Look and Feel• Step 4: Save your ApplicationAll files generated by the ApplicationWizard are standard XML files; so once yourapplication is created you can easily modifyany part of it by using the built-in XML editorsdescribed below.Step 1: Define the DataThe Application Builder represents alldata sources (i.e., RDBMS, ERPs, or customWeb Services) as XML Web Services whilestill using native connectivity to access thedata sources. From a developer’s perspective,the metadata for all of the data sourcesare represented as XML Schema. The ApplicationWizard will walk you through a seriesof screens that will let you connect to yourexternal database and select the complextypes (tables) for which you would like togenerate XForms. An XML Schema file (.xsd)will be generated to represent your datasource. This schema file can be viewed andedited using the built-in Schema Editor.The Schema Editor allows all changes madeto the Schema file be exported back to theoriginal data source.In this step you must define where yourapplication data is located. In this example,we’ll use a provided pre-configured externalSQLite database named petstore-SQLlite.Actions required:• Select from a database and then selectNext.• Select the data source called petstore-SQLlite and then select Next.• Select the Complex Type named Accountand then select Next.Step 2: Define XForms to GenerateThe Application Builder uses both standardBPEL to define an applications processflow and XForms to define an application’slayout. A Process (or BPEL file) containsXForms, Actions, and Services. By selectingthe XForms you want to generate, theApplication Builder will automaticallygenerate an application Process flow (.bpel)consisting of the selected XForms. You canlater use the Process Editor to add, delete,or modify XForms, Actions, and Servicesand the XForm Editor to edit the individualXForms.The Application Wizard will let you selectthe XForms you’d like to generate for eachcomplex type you selected. You can selectfrom the following XForms to generate:• Search / List XForms – Generates bothsearch and results lists XForms, where thesearch is based on either the first five attributesof the complex type or based onall index attributes.• Detail XForm• Edit XForm• Insert XFormActions required:• Leave the defaults to create the followingXForms (Select Search/List, Detail, Editand Insert XForms) then, select Next.Note: XForms are transformed at runtimeby the LAMP Application sever to HTMLpages based on the user’s role and the clientcontext. For example, if the user is usinga more advanced browser then tables arerendered as DHTML and JavaScript validationis used. If the user has an older browserversion then tables are rendered as staticHTML and all validation is done on theserver side. This lets developers concentrateon application functionality insteadof writing “if – then” statements to handledifferent browser capabilities.Step 3: Define ApplicationLook and FeelApplication Builder uses Skins (.skn) todefine your application’s look and feel; inaddition you can also pre-define such elementsas Headers, Footers, and NavigationStyle.The Application Wizard will let you definethe application’s Headers, Footers, andNavigation Style; these elements can bechanged later using the XForm Editor andediting the TopContainer.xform. Changesmade to this XForm are applied to allXForms in the current Process (.bpel).Actions required:• Enter the following application defaultsthen select Next.• Header – Account Maintenance• Footer – Company Confidential• Navigation Style – LeftIn addition, you can define an applicationSkin that will be applied to all processesin your application. You can definemany standard-style components suchas Color Schemes, Font Family, Font Size,www.LinuxWorld.com29OCTOBER 2005


FIRST LOOKTable Style, Navigation Style, and Title BarStyle using the Application Wizard. You canthen use the Code Editor to modify the Skin(.skn) file to change the application’s styleelements.Actions required:• Change any of the style options thenselect Next.Step 4: Save your ApplicationYou must now name your application anddefine the location where you’d like it to besaved. Once you’ve saved your application,the application wizard will generate theneeded XML files, and you are ready to runyour application.Actions required:• Give your application a name and selecta location where you would like it savedthen select Next.FIGURE 1SCHEMA EDITORRunning Applications:Application Builder comes with everythingyou need to run your applications,providing for real-time iterative development.You can choose to run your applicationsin the Application Builder developmentenvironment or by using any externalWeb browser.Test Run your Project: By default your projectwill run in the application builder. Youcan use an external browser by selectingOptions under the Tools Menu. Select theBrowser tab and point to the location of thebrowser you’d like to use when you test runyour applications.Actions required:• Select the Run menu option then selectRun. Select your Project and the name ofthe Process you’d like to run.FIGURE 2PROCESS EDITORModifying Your Applications:The Application Builder comes withthree main editors that can be used tomodify your application and the underlyingstandard XML files quickly. The graphicaleditors make it easier for developers to editthe Standard XML files without actuallyhaving to understand the underlying standardscompletely. In addition, the ApplicationBuilder also provides a code editor thatsupports the PHP, Python, and Perl scriptinglanguages.Below is a brief description of each of thebuilt-in editors.Schema Editor: The Schema Editor can beused to create, view, and modify a standardXML Schema file (.xsd). You can easilyimport schema elements from an existingdatabase using the Import Wizard or youcan forward engineer a schema using theSchema editor, and then export the schemaand any changes to the underlying datasource.Process Editor: The Process Editor is agraphical editor that can be used to create,view, and modify a standard BPEL file(.bpel). You can use the Process Editor tomodify an application’s behavior by addingor modifying XForms, Actions, and Services.The Process Editor provides additional wizardsand graphical editors for adding commonelements such as XForms and Actions.XForms Editor: The XForm Editor is agraphical editor provided to simplify theOCTOBER 2005 30 www.LinuxWorld.com


OCTOBER 200531www.LinuxWorld.com24/7Visit the Website Today!24/7


FIRST LOOKFIGURE 3XFORM EDITORwrapped with WSDL, the Web Services standardmethod for defining the inputs andoutputs of a procedure. This ensures that allbusiness logic has strongly typed inputs andoutputs. It also avoids the pitfalls of writinglarge systems in scripting languages.Deploying Your ApplicationOnce an application has been completed,it can be deployed across a grid of commoditymachines or to any ISP using theActiveGrid LAMP Application Server. TheApplication Builder comes with a deploymentwizard that guides you through selectingthe appropriate deployment pattern foryour new application.Note: Development isn’t dependent ondeployment, and decisions about sessionmanagement, data caching, etc., can bespecified and/or changed at any time withouthaving to rewrite the application code.ConclusionThe changing needs of today’s organizationsrequire a simpler, more scalable, costeffectivecomputing architecture. ActiveGridhas taken a close look at the applicationsand services that experts have built in-houseand productized their best practices to letcorporate developers take advantage of theOpen Source LAMP platform, low-cost x86-based grids, scripting, declarative programming,and industry standards. Using nativeXML and a simplified intuitive developmentenvironment, corporate developers canbuild rich Web 2.0 applications that optimizeenterprise computing resources and lowertheir total cost of ownership.FIGURE 4CODE EDITORcreation and editing of the standard XFormsthat are used to define an application’slayout. The XForm Editor lets you customizeyour application and preview the layoutin real-time. You can easily add XForm elementssuch as Groups, Fields, Text, Images,Buttons, and Links.Code Editor: The Code Editor, whichincludes an integrated debugger, collapsiblecode, breakpoints, and step-through,supports the popular easy-to-learn PHP,Python, or Perl scripting languages.Note: All business logic is automaticallyAvailabilityThe ActiveGrid Application Builder andLAMP Application Server 1.0, with featuresequivalent to current J2EE application servers,are available immediately through anindustry-standard Apache 2.0 Open Sourcelicense. To download, visit http://www.activegrid.com/try.phpor www.sourceforge.net. A commercially licensed data centergradeversion of the LAMP ApplicationServer will be introduced in Q4 2005, withadvanced features for dynamic node registration,data caching, session management,transaction management and interfacefragment caching. Fee-based enterpriseclassannual support and consulting isavailable for all versions.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMOCTOBER 2005 32 www.LinuxWorld.com


www.LinuxWorld.com33OCTOBER 2005


Q&AA Fork in the ProjectInterview with Andrew Eddie, lead developer of Joomla!In September, core developers of Mambo, the popular open source content managementsystem, announced a fork of the project, called Joomla!, with virtually allactive participants following the fork.Icaught up with Andrew Eddie, lead developerof the new Joomla!, to find out moreabout the decision to fork the Mambo project,and to find out how things are going so far.LWM: I’ll start with the hard questionfirst: What led you to the decision tofork Mambo?Andrew Eddie: Forking is a very serious decisionto make and one that I and the team didnot take lightly. In the words of Danny Devitoin the “War of the Roses,” “There are no winnersin a divorce, only degrees of losing.”Ultimately our decision to separate fromMiro was made on the basis that Miro had norespect for the decisions made by the MamboSteering Committee (MSC), the body thatconsisted of elected representatives fromMambo and appointments from Miro. Theyreneged on several key decisions and did notallow for what we considered to be appropriateconsultation with the stakeholders. Wewere quite disappointed when the new arrangementsfor the Mambo Foundation werepresented to us as “take it or leave it.”LWM: How is the new project organized?AE: In terms of Joomla! development, wehave kept a few things the same and madesome changes and additions in other areas.We have teams for development, stability,documentation, advocacy, and translation.We have new teams covering the areas ofusability and accessibility, coding standards,infrastructure, and also legals.We’ve also resolved to include more committedmembers of the community in semiformalpositions. We’ve created a structurefor several workgroups that will support mostA B O U T T H E A U T H O RMaria Winslow is the author ofThe Practical Manager’s Guide to Open Source,available at www.lulu.com/practicalGuidewinslow@windows-linux.comof our core teams, for example, for usability,NPO/NGO interactions, standards, etc.Overarching this structure is Open SourceMatters (OSM), which will be the foundingstone for a non-profit organization. LWM:What do you hope to accomplish with thenew organization? AE: Concerning OSM, theexact structure of this is yet to be formalizedand we are seeking advice on the bestmodels. Its primary aim isto provide continuity for theproject and ensure its assetscannot be held for ransomever again.Concerning Joomla!, wehave certainly learned afew things over the past fewmonths. Some of the newteams indicate what weare keen to achieve. GivingJoomla! the ability to complywith standards for peoplewith disabilities is high onour agenda and it is an area that will allowthe project to penetrate deeply into thegovernment arena.LWM: Will the development roadmapchange as a result of the fork?AE: The term fork probably best describesour situation although the word certainlyhas that awful “negative” connotation aboutit. Mambo and Joomla! are quite literallygoing to travel down two different paths.Some may argue the Joomla! is more a trunkand Mambo an offshoot because we carrythe team that created the better part of theMambo you see today.At any rate, yes, our roadmap will changeslightly. We have decided to put more emphasison increasing the stablity of the currentrelease. Joomla! 1.0 is an improvementon the latest equivalent version of Mamboand Joomla! 1.0.1 shows we are committedto keeping our products up to date.B Y M A R I A W I N S L O WWe are going to look carefully at Joomla! 1.1(equivalent to Mambo 4.5.3) and see howwe can improve our design standards andbring forward some desperately neededfeatures. Joomla! 2.0 is going to be an excitingnew rewrite from the ground up thatallows us to move forward in areas that arecurrently hindered by legacy issues andbackward compatibility.LWM: What has the user response been?AE: From my point of view we have receivedoverwhelming support from users in ourown community and have also receivedunanimous support from other prominentCMS projects. We certainlyrespect the fact that thereis still a lot of confusionout there, but I think over along period of time we havegarnered a lot of trust fromthe community because weconsider them an importantpart of the project. We arecertainly not perfect andhave made our fair share ofmistakes, but I think overallthe community trusts we willbe good stewards for Joomla!.LWM: What about the third-party market?AE: I think this is the most powerful area ofMambo and will continue to be for Joomla!Whether you love it or hate it, somehow wehave struck on a formula that allows people toeasily develop extensions and this is a testamentto our growth and popularity. It’s easy todevelop for Joomla! and we want to continuethis heritage, if not make it even easier.LWM: How do you feel things are going so far?AE: While it has been a hard road, and thereare certainly more challenges to face, I amsatisfied that I lead a team of dedicatedindividuals that would be the envy of anyopen source project on the planet. Joomla!would be nothing without teamwork and it’sa community – this is a fact we must never,ever forget. With our new and unique name,we finally get to print our own shirts!LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMOCTOBER 2005 34 www.LinuxWorld.com


INFORMATION SECURITYDesigning and Implementinga Security ArchitectureEnsure your assets are available, reliable, and safeB Y R I C H A R D W I L L I A M SInformation security is a top priority for many companies. Protecting informationfrom external threats such as hackers, viruses, and spam, as well as governmentalregulation requirements (SOX, HIPAA, NISPOM, etc.), are driving IT purchases beyondROI as C-level executives seek to assure shareholders (and themselves) that assets aresecure within the company complex. Viewed as today’s growth market, many software/hardware/servicecompanies are creating offerings to mitigate perceived risk oractual liability.The security environment within someorganizations may be somewhat lax– “safe” behind the routers, IDS, andfirewalls. In this article, I’ll discuss how tocreate a security architecture, includinganalysis, planning and prioritizing securityneeds, and I’ll examine the following topics:• Understanding security architecture• Balancing threats, costs, and the value ofsecured assets• Creating an architecture that fits the businessframework• A layered examination of security, includingnetwork access, application access,external access, and physical accessIn addition, references are provided atthe end of the article with links to usefulinformation.Understanding SecuritySecurity architecture differs from otherkinds of security in that it addresses requirementsfrom a high-level perspectiveas opposed to a tactical perspective. Whenpossible, you should understand yourcompany’s security requirements beforespecific security issues are implemented.A B O U T T H E A U T H O RRichard Williams is a senior product marketingspecialist for Symark Software in Agoura Hills,California, with over 20 years in systemsadministration, architecture, and design.It’s as important to know your own assets,where they are deployed, and what they’reworth to your company, as it is to knowwhat threats they are facing.Security architecture can become verycomplex. By looking at security from multipleperspectives, including external accessand physical security, network security,application and computer-specific security,you’ll be looking from the outside in as wellas from the inside out. These perspectivesmust also be balanced against other businessrequirements, financial and otherwise.Whatever model or security architectureyou use, you are trying to ensure that yourassets are available, reliable, and safe. ConsiderFigure 1.The confidentiality perspective preventsyour competition from siphoning off thecream of your company’s products. Theintegrity perspective protects your informationfrom unauthorized modification withverifiable, auditable access records. Theavailability perspective ensures that informationwithin your business is accessible atall times. Your security architecture shouldfocus on delivering these three attributes.Securing your information while keepingthe click-and-mortar business open andvibrant is a very challenging task.Dollars and SenseWhen planning your security architecture,you are governed by overriding factorsincluding time and money. In some cases,spending one makes more sense than theother. For example, a small company pushingtheir first product into the marketplacemay require a security architecture overriddenby cost above all (if the product doesn’tmake it to market, having a safe infrastructuredoesn’t matter). They may have tophase in security measures over time. At theother end, non-compliance with a regulatorysecurity standard could cost a company alarge account, or even threaten its ability toremain open for business.It’s also important to understand that thestrategic view of your enterprise securityarchitecture is a view of where you wantto be. Few companies can afford to startfrom scratch with regard to implementingsecurity. For example, your companymay currently address physical access withIntrusion Detection Systems, gateways, andfirewalls. These are integral elements of agood architecture, but alone they may notadequately address the risk to your company.To create the appropriate architecture foryour business, you need to strike a balancebetween the value of assets being protectedOCTOBER 2005 36 www.LinuxWorld.com


INFORMATION SECURITYand the cost of the protection. As a generalguideline, protect the highest valued assetsmost stringently. This may be your sourcecode and the servers it resides in, or perhapsthe marketing info including the initialpublic offering data. Tape backup intoan offsite location may provide adequateprotection for some businesses (based onthe cost/value analysis), while others mayrequire biometric access to the clean roomswhere prototyping is occurring. Securehigher-priority assets first, and keep movingforward with planned steps to reach asecure destination.Create a Security ArchitectureThat Fits the Business FrameworkAs we have seen, there are multiple perspectivesin a security architecture. Manymodels exist that may match one, some,or all of the important perspectives. Thereare many framework examples, includingthe Lattice, the Federal Enterprise ArchitectureFramework, the Clark-Wilson or Bibamodels, and many other reference models(see the hyperlink section for referencelinks to these and other frameworks). Ineach case, the common goal is to create abalance between the business needs andthe information systems that support them.Understanding what is important in relationto other things in your business helpsyou value both the assets and the correspondingprotection you will afford them.For example, Figure 3 is an X-Y graphthat shows assets increasing in value (upthe vertical axis), facing increasing risk overtime (on the horizontal axis extending tothe right).This simplistic representation shows themost highly valued assets facing the leastexposure to risk over time, descending invalue to assets that can withstand increasedexposure to risk over time. Whatevermethod you use, the value of assets in yourenterprise needs to be determined. Revisitthese models when you acquire additionalassets so that their value is properly establishedand defended. In this way, there isan ongoing evaluation of what assets arepresent and their security needs within thebusiness framework.Network Security Architecture– It’s Not Just FirewallsAnymoreAs your customer community growsmore sophisticated and begins to expectmore protection from your products orservices, the potential for accidental orIncreased asset valueFIGURE 1CostFIGURE 2IntegrityConfidentialityCIA TRIADCIABALANCING CIAFinancial / H.R. DatabasesFIGURE 3Production databasesR&D DatabasesERP ApplicationsMarketing DataASSETS VS RISKAvailabilityElectronic MailIncreased risk over timeValueTemporary Storageintentional misuse or attack within yourcompany grows as well. A majority of dataloss in companies today occurs via credentialedaccounts. Similarly, reliable andcorrect delivery of information on yourLAN or WAN is no longer guaranteed viaTCP/IP, with address spoofing and snoopingavailable to anyone on your network,unless network security is active from theinside-out as well. Evaluate this short list ofnetwork security mechanisms as potentialadditions to your security plan:• Data integrity checks and data encryption:Stored before and compared aftercritical data transmission, integritychecks can include encrypted totals,which can identify data transmissionerrors. Network transmissions usingencrypted totals need to use the same encryptionat each end of the transmission,either via the network or via the applicationafter delivery. Using different encryptionmethods for different types of transmissionsor different data streams makesdata transmission even more secure. SSH,SSL, and Secure Telnet are examples ofnetwork applications that encrypt theirdata in transmission. If you have multiplelocations (i.e., R&D in one office, financein another), data transmission betweenthe offices should be encrypted and thecontents verifiable.• Transmission logging: Storing an audittrail for transmissions or applications thattransmit data can include the transmissiondate, time, transmission type, source,and destination.• Transmission loss: In some cases, dataloss on an otherwise reliable networkcan indicate port-scanning activity (i.e.,someone viewing transmission sampleslooking for vulnerabilities). With 65,535TCP ports on a system (using TCP/IP asthe lion’s share of network traffic), activedata transmission to well-known portssuch as http (port 80) or telnet (port 23)are the tip of the iceberg, but are oftenthe first point of attack. To defend againstthis activity, keep port-scanning tools offof the network with a published mandatewww.LinuxWorld.com37OCTOBER 2005


INFORMATION SECURITYin security policies known to all employees,backed up by a periodic review ofhardware and software inventory on computers.Keeping unused ports closed andcurrent network patches on systems alsoenhances network security.• Change control review: While manysystem and network administratorsview change control as an impediment,reviewing network devices or softwarebefore they are introduced allows a largerperspective, including the security andbusiness framework. The extra time spenthere is inexpensive insurance over thesystem’s life cycle. This is particularly truewhen your company is starting up operations.Documenting and following bestpractices produces repeatable, reliableresults.Application SecurityWithin an enterprise there are manyapplications used for data input or reporting,communications, database access andmanagement, and Web services. Your actualmatrix may be simple, or very complex, buteach application should comply with yourbasic security architecture and businessframework. It is important to provide thehighest level of application security withoutimpairing the business capability.The Five WsWho, what, when, where, and why? Thesequestions should have clear, documented,Users System Who What When Where WhyBill SellIt01 smusa01 Creeate, query inventory,query ERM, modifypersonal account informationCindy prweb mkt01 Web design forSellIt01John SellIt01 sales01 Create orders, queryinventory/orderstatusSandy SellIt01 sales02 Create orders, queryinventory/orderstatusSteve SellIt01 sales03 Create orders, queryinventory/orderstatusFIGURE 1auditable answers before the installationof any application’s software. Who is theapplication’s primary user community?What is their business function? Whendo they require access to the application?Where is the application installed, and fromwhere is it accessed? Why is the applicationimportant? How does it meet businessneeds? In addition, the answers should beperiodically reviewed within the securityarchitecture to make sure they remain relevantand adequately addressed throughoutthe life cycle of the application.As each question is answered, security architectureissues will fall out. For example,a communications application is used bysales staff via remote access from anywherein the world at any time. The access allowssales to enter orders, query inventory and/order status, query ERM application modules,and modify personal account informationwithin specific sales parameters. Again,a visualization tool aides in this evaluation– consider Table 1.You can see many communicationsand application security issues emergefrom this simple case description. Theseissues may include remote access via VPNor IPSEC tunneling, http or https access,middleware application security, boundarytesting, address checking, and securitytesting to ensure that credentialing to thequeried applications is appropriate and atthe level required to do business (but nohigher).7x24 office Marketing, P.R7x24 VPN02, office Sales rep region 17x24 VPN03, office Sales rep region 27x24 VPN03, office Sales rep region 3Match each of the assets valued in yourenterprise security plan against this simpleset of questions and be prepared to addresssecurity concerns that emerge. Keep inmind that the goal is to enable businessprocessing while safeguarding assets at thehighest level possible. Often this is accomplishedby providing the lowest level of accessrequired for a specific business task aswell as testing the application for security.You will decide if the protection is worth therisk of leaving your operations open, or atwhat level you can afford to provide protection.External AccessYour company security architectureshould also allow external access at theleast privilege-required level. In the previousexample, sales staff access may happenfrom anywhere in the world. Your securityarchitecture should allow this access witha secure application, providing the highestlevel of security for accessing only theapplication(s) they require for their businessfunction.An example of this might be a companyproviding remote access to their developmentstaff for a variety of services, includingat-home development at all hours for principalprogrammers, file upload/downloadcapability to outsourced marketing/publicrelations firms, or potential customersaccessing the corporate Web site. In thesescenarios, the “who, what, when, where,and why” may resolve to thousands ofannual visitors accessing applications toget product, to pay for services, or to ask ageneral question. Access could occur fromanywhere in the world, based on the specificapplication access.The corresponding network securityrequirements to fit the business frameworkmight include http and https accesspassed from public networks to the privatecorporate LAN or WAN, thus allowingmiddleware applications to query customerrecord databases and payment processingapplications. These systems could bein separate data centers, requiring datatransmission on the corporate network topass from the internal Web/middlewaresystems to the database systems, to thefinancial systems, and return the requestedinformation to the viewer while complet-OCTOBER 2005 38 www.LinuxWorld.com


ing internal processing – all within stringent requirements for datasecurity.In a complex transaction model, having a security architectureand business framework provides guidelines and limits, helping toensure that business is done efficiently while maintaining the highestlevel of security possible. It’s no longer enough to determine thatthe data is secure in transmission. Denial of service attacks on thecorporate Web server can be catastrophic when each second of realtime represents hundreds or thousands of transactions. To keep thisfrom happening, to detect it, or to analyze it, companies need toactively protect the business from these type of actions.Physical AccessWith today’s phones, PDAs, handheld computers, and wirelesslaptops, the limits of physical access security have never facedstronger challenges, while the requirements continue to skyrocket.You should evaluate the kind of physical access required with thepotential threat. For example, are your company’s assets located inan area subject to natural or environmental threats, such as earthquakes,hurricanes, tornadoes or floods? Are your global resourcesin areas subject to terrorism or civil unrest? What about the likelihoodof corporate data theft or destruction by disgruntled employeesor ex-employees?It is likely that your organization faces some of these risks. Doesyour staff walk away from systems with active logins, leave theserver room door open, or leave keys in the server racks in machinerooms? The scope, detail, and expense of your physical access securityplan should also be compared to the value of assets and securedto the highest degree possible without adversely affecting normalbusiness functions. Installing screen locks that become active after15 seconds of idle time may cause considerable productivity loss, aswell as increase employee irritation. Requiring all documents to beshredded before disposal may only be required where vital data canbe compromised.The Sum of the PartsOngoing scrutiny, review, and modification of each of the areaspresented provide a basic groundwork for security architecture. Thekey word is “ongoing” – security architecture is not a static process.You can’t “set it and forget it.” Implementing the maximum level ofsecurity required by each asset in your business is a task measuredin man-years, not man-hours. But when compared to the value ofyour company’s information systems, isn’t it worth it?LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMReference Section• http://www.cisecurity.org/• http://www.sans.org/score/• http://www.itsecurity.com/dictionary/biba.htm• http://e-government.cabinetoffice.gov.uk/Resources/FrameworksAndPolicy/fs/en• http://www.attackprevention.com/ap/library/securitymodels.htm• http://www.crime-research.org/news/07.06.2004/320/• http://www.itsecurity.com/dictionary/cw.htmSubscribeToday! — INCLUDES —FREEDIGITAL EDITION!(WITH PAID SUBSCRIPTION)GET YOUR ACCESS CODEINSTANTLY!The major infosecurity issues of the day...identity theft, cyber-terrorism, encryption,perimeter defense, and more come to theforefront in ISSJ the storage and securitymagazine targeted at IT professionals,managers, and decision makersSAVE50% OFF!(REGULAR NEWSSTAND PRICE)Only$39 99ONE YEARwww.ISSJournal.comor 1-888-303-528212 ISSUESwww.LinuxWorld.com39The World’s Leading i-Technology Publisher


CASE STUDYTulane University Uses LinuxNetworx Cluster System......to speed biocomputing simulationsB Y M A R K R . H I N K L Eblog: mark.linuxworld.comTulane University is home to the Center for Computational Science (CCS), aunique facility designed to provide computational resources for research projectsacross many disciplines. The Center provides an infrastructure for investigators interestedin computational science to exchange ideas, produce research, and establishnew collaborations.The ChallengeA B O U T T H E A U T H O RMark Hinkle, the editor-in-chief of LinuxWorldMagazine, is vice president of Win4Lin Inc., a Linuxsoftware company that specializes in Windows-to-Linuxmigration. Mark served on the Formation Board of TheDesktop Linux Consortium and is the author ofan upcoming book from Charles River Media onWindows-to-Linux migration for business users.mrhinkle@linuxworld.comOne of these collaborative effortsinvolves a team of researchers performingcomputational simulationsof multi-scale models in biological systems.This research is funded through individualresearch grants from the National Instituteof Health (NIH), National Science Foundation(NSF), and National Aeronautics andSpace Administration (NASA), as well as aCenter grant from the NIH entitled “Biocomputing:Integrating Molecular/Organ-Level Function.”“Since computationally demandingsimulations of 3D models of bioelectricphenomena, fluid-structure interactions,and molecular dynamics simulation areimportant to these research projects, it wasimportant for the CCS to obtain a scalablehigh-performance computing system thatcould be easily shared among several differentresearch groups,” said Dr. Donald Gaver,director of the CCS.For example, Dr. Natalia Trayanova, professorof biomedical engineering, studiescardiac defibrillation – the application ofa strong electric shock to the heart to restorecardiac rhythm and prevent suddencardiac death. Despite the critical role thatdefibrillation therapy plays in saving humanlife, it is only known what happens onthe surface of the heart during these electricshocks. By using computer models, Dr.Trayanova is able to produce a 3D simulationof a heart to better understand whathappens during a shock within the cardiacwalls. This improved understanding isexpected to lead to new advancements andoptimization of the clinical procedure ofcardiac defibrillation.“Computer models and 3D simulationsare imperative to my research to betterunderstand how electric shock affects theheart,” said Dr. Trayanova. “Therefore, it iscrucial that the computing system we usebe capable of handling compute-intensiveworkloads and simulations.”Tulane’s existing biomedical server wasa shared memory machine, but the cost ofupgrading and maintaining the system wasalready quite costly – Tulane knew expandingthis existing system would be tooexpensive.“To achieve successful, accurate results ina timely manner for our researchers’ projects,we needed a computing system thatwas fast, reliable, but affordable,” said ReneSalmon, senior systems analyst for CCS.“Since the outcome of so many projectswould depend on the reliability and easeof-useof the system, we had to seriouslyconsider what type of computing systemwould benefit our users the most.”Investigating Linux ClustersTulane started looking for computing alternativesthat could fit within their budgetand provide the speed and reliability thatwas crucial for ensuring successful researchresults. After investigating several alternatives,Tulane became increasingly interestedin Linux clusters. This distributed computingplatform seemed to provide the price/performance ratio Tulane was interested inachieving. However, the researchers at theCCS were worried about the difficulty ofmigrating to a Linux cluster.“With a Linux cluster we could affordmany more CPUs, which allowed us to runmuch larger simulations and get faster resultsat a fraction of the cost,” said Salmon.“However, we were concerned about whatwould be involved in migrating our codesto a new system. Luckily, our researcheswere willing to adapt their codes to run on aLinux cluster.”The scalability of Linux clusters wasanother attractive feature for Tulane. Asresearchers received more grant moneyfrom various sources, they could add morecompute nodes to the cluster and increaseits computing power.“The great thing about the scalability ofLinux clusters is that it allows our research-OCTOBER 2005 40 www.LinuxWorld.com


ers to pool their resources so they canhave access to more CPUs and computingpower,” said Salmon.Managing the Linux ClusterSince the Linux cluster would be runningmultiple programs for different users, itwas imperative that the computing systemTulane chose be easy to use and manage.Tulane was drawn to the comprehensivemanagement tools offered by Linux Networx,especially the Icebox managementappliance and LinuxBIOS.“Since we knew the cluster would be runningmultiple programs for several projectssimultaneously, how we would manage thecluster became a big concern,” said Salmon.“After looking at Linux Networx’s managementtools, we were very impressed withthe capabilities of Icebox. The serial terminalserver and a remote-controlled powerdistribution were also critical for ensuring aproductive, scalable system.”Linux Networx’s expertise with Linux-BIOS, an open source BIOS alternative,was another management feature thatinterested Tulane. LinuxBIOS performs thesame basic functions as commercial BIOSonly 10–20 times faster. LinuxBIOS initializesthe hardware, checks for valid memory,and begins loading the operating systemin about three seconds. Most commercialBIOS require about 30–60 seconds to performthe same tasks. In addition, LinuxBIOScan be configured and accessed from withinthe Linux operating system. This meanschanges to the BIOS can be made remotelyto a single node or to all the nodes in a clustersystem.“LinuxBIOS was important to us for scalabilityreasons. We really liked the fact thatwe could make changes to the BIOS on theentire cluster from Linux with just a fewcommands,” said Salmon.With expertise in LinuxBIOS, comprehensivemanagement tools, and powerfulcomputing architecture, Linux Networxbecame Tulane’s choice for their first clusterimplementation.“We wanted a Linux cluster vendor thatcould provide us with an easy-to-managecluster that could scale and grow easily.Linux Networx did this for us,” said Salmon.Implementing a Linux NetworxCluster SystemStarting with a 20-processor Evolocitysystem, Tulane researchers quickly noticedthe benefits of Linux Networx cluster technologyand have scaled up their cluster fourtimes as additional grant money has beenreceived. Their Evolocity cluster now totalsover 80 AMD Opteron processors.“The scalability of the Evolocity clusterhas proved to be an essential feature aswe’ve quadrupled the cluster’s power sincewe first installed it,” said Salmon. “Scalingthe cluster has also been a fairly easyprocess as programs and codes were easilymigrated.”ResultsTulane researchers quickly noticed thebenefits and potential of Linux cluster technology.In the past, researchers were limitedto running small simulations, now they canrun much larger, complex simulations thanwas possible before.“Running large, detailed simulations isessential to our research efforts as it allowsus to better understand biomedicalfunctions,” said Dr. Trayanova. “Additionally,a quick turnaround time for runningsimulations is essential as there are severalresearch groups that need time on the clusterto complete their simulations.”Most important, with the power andcapabilities of the Linux Networx system,Tulane researchers can improve the qualityof their research and achieve much morefocused and valid results than they wereable to accomplish previously.“By completing these jobs in a timelymanner, researchers can get results faster,which helps advance the entire mission ofthe biocomputing program and allows us todo better research,” said Dr. Trayanova.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COM1 blog-n-play is the only FREE custom blogaddress you can own which comes instantlywith an access to the entire i-technology communityreadership. Have your blog read alongside with theworld’s leading authorities, makers and shakersof the industry, including well-known and highlyrespected i-technology writers and editors.2 blog-n-play gives you the most prestigious blogaddress. There is no other blog community in theworld who offers such a targeted address, whichcomes with an instant targeted readership .3 blog-n-play is powered by Blog-City, the mostfeature rich and bleeding-edge blog engine in theworld, designed by Alan Williamson, the legendaryeditor of JDJ. Alan kept the i-technology communitybloggers’ demanding needs in mind and integratedyour blog page to your favorite magazine’s Web site. www.LinuxWorld.com41OCTOBER 2005


CASE STUDYHarnessing DepartmentalResources in Cluster TechnologyIncrease compute power and save moneyThe minimal intervention required to manage a Scyld cluster significantly enhancedour productivity but in a cost effective manner.Even though Sandia National Laboratory’sCombustion Research Facility(CRF) was doing science for theDepartment of Energy (DOE) with realworldpocketbook impact, they were oftenlimited by a lack of supercomputer resourcesrequired to conduct numerical simulationsand analyze data. Knowing they had a tightbudget and needed massive compute power,Sandia’s CRF team and Penguin Computingput their heads together and harnessed thepower of several Penguin Altus Opteron serversusing Sycld Software’s Beowulf clustersoftware. This single departmental clustergave them over five million compute hoursper year and a fivefold increase in performance.The result was a dramatic increase inthe amount of research they could complete.It also saved CRF $150,000 a year in administrationoverhead. Being brilliant scientists,they were smart enough to invest that “foundmoney” in more compute nodes so they cancrank out even more research!—Joe Oefelein, senior member, technical staffSandia National Laboratory’s Combustion Research Facilitydynamics and combustion chemistry thataffect the performance and emissions ofcombustion devices.Simulations done by CRF are so complexthat a typical baseline case takes one to twoweeks. More sophisticated jobs need up toeight weeks of compute time. Nothing inhousewas powerful enough to do that sort ofwork so CRF had to rely on off-site supercomputergrants to complete their research.Because demand for supercomputing timealways exceeds supply, the CRF had to competefor resources at the handful of supercomputingcenters nationwide against other governmentfacilities, academic researchers, and other applicants.In the end, CRF got only a small fractionof the total compute hours per year needed toperform the required calculations.B Y J O S E P H C . O E F E L E I NThe SolutionTwo members of CRF’s technical staff,senior member Joe Oefelein and distinguishedmember Jackie Chen, realizedhigh-performance technology had evolvedto the point where CRF might be able tocost-effectively create a departmental scaleLinux cluster that would allow them to runmany calculations. With their own powerfulcluster to turn to as a first line of research,precious supercomputer time could bereserved for larger simulations that requiredsubstantial system support.“We purchased hardware from PenguinComputing [because] their system engineeringappeared to be the most robust,”Oefelein said. “We chose Scyld Beowulfbecause it is easier to use [than other options]and offered us a turn-key solution.The Scyld BeoMaster interface emulates aworkstation.”Within a day of arrival, the new Penguin/Scyld system was in place. It turned outthat the biggest implementation challengeto CRF was the time the staff needed to getthe computer lab prepared and the powerin place. Since then, the cluster has been incontinuous operation. Their new departmentalcluster gave them over five-millioncompute hours per year and a five-timeincrease in performance. The result was adramatic increase in the amount of researchthey could complete.The ChallengeThe DOE funds Sandia to find high-efficiency,low-emission solutions to complexcombustion problems. As part of this mission,the CRF conducts complex simulationsand analysis of turbulent reactingflows to study interactions between fluidA B O U T T H E A U T H O RJoseph C. Oefelein is a senior member ofthe technical staff at the Sandia NationalLaboratories Combustion Research Facility.He received a doctorate in mechanical engineeringfrom Pennsylvania State University in May 1997,an MS in mechanical engineering fromPenn State in December 1992, and a BS inmechanical engineering (with highest honors)from Rutgers University in May 1989.PENGUIN COMPUTING 142 NODE CLUSTER IN THE CRFCOMPUTATIONAL COMBUSTION AND CHEMISTRY LABORATORYPHOTO COURTESY OF SANDIA NATIONAL LABORATORIESOCTOBER 2005 42 www.LinuxWorld.com


GAMINGCASE STUDYLWM: Is there a Linux client?The Scyld Beowulf clustering softwareDenton: No, currently we run only on MSchosen by CRF also dramatically simplifiesWindows, since we utilize DirectX.ease of deployment and manageability. Thismeans three CRF principal investigators canLWM: Do you plan to provide a Linux client?access the Scyld Beowulf cluster from theirDenton: When there is sufficient demandworkstations just by using an informal queuefor one. This is a risky thing for us – itto manage shared use of the cluster. A singlewould take a lot of work to develop a newprocess ID space for the entire cluster onclient, and of course support it over thethe master node also means that the clusteryears that Camelot will continue to beseems like one computer so CRF can evenplayed. Camelot was written using a commercialgraphics engine API calledscale up incremental without redesign oradministrative effort. The ease of use of theNetImmerse that “sits” on top of DirectX.cluster also saved CRF $150,000 a year inWhen we start thinking about porting theadministration overhead.client to another OS, we’ll have to come up“It’s been clear as we’ve emerged fromwith another graphics engine solution, andthe shake-down phase that [the new serverthat will be time consuming.and cluster is] performing as promised. Thetime I need to manage the cluster is trulyLWM: If you don’t plan to provide a Linuxminimal,” said Oefelein.client at the moment, what would have“Cluster technology provides an affordablesystem with fairly significant capabil-to change in order for you to considersuch a move?ity dedicated to our problems,” concludedDenton: Having a huge upswing in theOefelein. “We expect to buy more clusters.amount of Linux desktop machines, plus aOther groups at Sandia also recognize thisand are currently evaluating Linux clusters.”commercially accepted 3D graphics standardthat we could port to. We are veryThe InstallationPenguin Computing created a 72-nodehappy with Linux as a back-end serverLinux cluster with 144 processors for CRF.technology – our entire business is basedThe Altus master node, back-up batterysystem, GigaBit Ethernet switch, andon it – but we feel that Linux client technologyis lagging a bit behind. It’ll catch upInfiniband are on one rack. Two other rackssoon enough, and when it does, we’ll thinkhouse Altus compute nodes with motherboardsand communication hardware.about porting.CRF invested in Infiniband because they knewLWM: OpenGL is the standard usedthat they would likely add another 72 nodes laterfor both OS X and Linux games, and isif the strong performance they expected materialized.The experiment results were even betterheavily backed by game companies likeid Software. id doesn’t use DirectX at allthan expected so CRF is adding more nodes.to my understanding, they use entirelyOpenGL, even for Windows.Advice from SandiaDenton: That’s true, but id is in the businessof making graphics engines that they1. Do your homework as to how your specificapplications perform on the clusterslicense to other companies (as well asbeing evaluated.developing games, of course). Mythic is2. Reliability is key. Cluster technology isn’tnot in that business; we licensed anperfect and depending on which productsengine technology to develop Spellbinderyou choose, you may need supplementaland Camelot with, and that happens to becluster management expertise in-house.based on DirectX on the Windows platform.Of course it’s possible for us to3. Buy in logical increments. Anticipatewhat you’ll need in the future especially ifyou work with uncertain budgets.license another technology that isAbout Sandia National LaboratoryCombustion Research Facilitymore portability friendly, but we needto have a compelling business reason to(http://www.ca.sandia.gov/CRF)do so.The CRF is an internationally recognizedDepartment of Energy Office ofLWM: Have the changes in Red Hat (theScience user facility. The CRF is home tosplit between its community Fedoraabout 100 scientists, engineers, and technologistswho conduct basic and appliedProject and its non-free RHEL) caused youany concern over which Linux platformresearch aimed at improving our nation’syou will use for your next offering, or forability to use and control combustionyour current platform?processes. The need for a thorough andDenton: Yes, we’re very concerned overbasic understanding of combustion andthe RHL/RHEL/Fedora split. It has causedcombustion-related processes lies at theus to closely re-examine our choice inheart of CRF research.both Linux distribution and server hardwarevendor (due to support issues withThe CRF is an Office of Science userfacility for broad-based research in energyalternate Linux distributions as we movescience and technology. Using the facility’sforward). As of now we still haven’t madeunique laser diagnostic capabilities, staffa decision as to what we’re doing, butresearchers and visiting investigators explorefundamental chemical reactivity andwe’re leaning toward creating and supportingour own internal Linux distributionrather than moving forward withdynamics problems, as well as conduct appliedstudies that support industry’s needsRHEL or Fedora.in areas such as engines and materialsLINUXWORLD MAGAZINE WWW.LINUXWORLD.COMprocessing.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMwww.linuxworld.comLinuxWorld MagazineThere is no escaping the penetration of Linux into the corporate world. Traditionalmodels are being turned on their head as the open-for-everyone Linux bandwagon rolls forward.Linux is an operating system that is traditionally held in the highest esteem by thehardcore or geek developers of the world. With its roots firmly seeded in the open-sourcemodel, Linux is very much born from the “if it’s broke, then fix it yourself” attitude.Major corporations including IBM, Oracle, Sun, and Dell have all committed significantresources and money to ensure their strategy for the future involves Linux. Linux hasarrived at the boardroom.Yet until now, no title has existed that explicitly addresses this new hunger forinformation from the corporate arena. LinuxWorld Magazine is aimed squarely at providingthis group with the knowledge and background necessary to make decisions to utilizethe Linux operating system.Look for all the strategic information required to better inform the community on howpowerful an alternative Linux can be. LinuxWorld Magazine does not feature low-level codesnippets but focuses instead on the higher logistical level, providing advice on hardware, tosoftware, through to the recruiting of trained personnel required to successfully deploy aLinux-based solution. Each month presents a different focus, allowing a detailed analysisof all the components that make up the greater Linux landscape.Regular featuresinclude:Advice on Linux InfrastructureDetailed Software ReviewsMigration AdviceHardware AdviceCEO Guest EditorialsRecruiting/Certification AdviceLatest News That MattersCase StudiesThe Leading Magazinefor Enterprise andIT ManagementSAVE 30%OFF!REGULAR ANNUAL COVER PRICE $71.76YOU PAY ONLY$49 9912 ISSUES/YR*OFFER SUBJECT TO CHANGE WITHOUT NOTICELINUXWORLD® IS THE REGISTERED TRADEMARKOF INTERNATIONAL DATA GROUP, INC.LINUXWORLD® IS THE REGISTERED TRADEMARKOF INTERNATIONAL DATA GROUP, INC.SUBSCRIBETODAY!WWW.SYS-CON.COMOR CALL1-888-303-5282FOR ADVERTISING INFORMATION:CALL 201 802.3020 ORVISIT WWW.SYS-CON.COMThe World’s Leading i-Technology Publisherwww.LinuxWorld.com 43 51OCTOBER MAY 2004 2005


PRODUCT REVIEWOpenGear’s CM4008Console access at a great price!B Y M A T T F R Y EI’ve been looking at a lot of console server and other out-of-band managementsolutions recently. These days, there’s no shortage of console servers, appliances tomanage console servers, and appliances to manage those applicances, each at enterprisecost availability.CM4008 SpecificationsList Price: $495OpenGear Inc. www.opengear.comSecurity and Authentication• Secure Shell (SSHV2)• IP packet and security filtering• TACACS+, RADIUS• PAP/CHAP authentication (dial up)• User access lists per port• Local authentication• System event syslogBut what if you’re responsible for thenetwork at a small business andyou’re looking for an out-of-bandmanagement solution on a small businessbudget? OpenGear’s CM4008 provides secureout-of-band management for just under$500. It provides real price performance ina convenient package for small businessconsole requirements by leveraging thepower of embedded Linux and open source.The CM4008 includes key networking andsecurity modules (OpenSSH, OpenSSL, PAM,Netfilter/IPTables and so on) too. OpenGearhas harnessed the power of open source toprovide a secure platform for infrastructuremanagement while keeping that platformeconomical for small businesses.The CM4008 is small, about the size ofwireless router, and has eight ports to connectservers via standard CAT5 cables (withserial adapters provided). The CM4008 easilyintegrates into your network by initiatinga connection immediately via DHCP.The OpenGear Quick Start Guide (provided)says that the CM4008 will default to192.168.0.1, but my unit picked up a DHCPA B O U T T H E A U T H O RMatt Frye is reviews editor of LinuxWorldMagazine, and a migration and technicalsupport engineer at Tekelec, a leadingdeveloper of switching and signalingtelecommunications solutions.mattfrye@linuxworld.comaddress of 192.168.0.105, so this addressseems to depend on your network configuration.Open the address with your browser andthe Web interface to the CM4008 greets you.Within minutes you can configure the serialports to allow access via telnet, ssh, or rawTCP (see Figure 1). Other common serialsettings can be configured, but no changeswere necessary for me to proceed. I was alsoable to add a user via the Web interface andthen authorize that user to one or all of theconsole ports. Once I had configured my username, password, and the serial port I need toconnect to, I configured a getty on my FedoreCore 4 box to allow console access on ttyS0. Iadded the following line to /etc/inittab:co:2345:respawn:/sbin/agetty ttyS09600 vt100Connecting to consoles is a snap withoutthe need to learn any extra commands orsyntax, and without any Java Web consoles.With the CM4008, you simply connect via theconfigured protocol using ports designatedfor each console port on the CM4008. Forexample, to connect to the serial console attachedto port 1 on the CM4008 via ssh, I ssh’dto the address of the CM4008 on port 3001.Examplessh -p 3001 mfrye@192.168.0.105Management• Web management (HTTP/HTTPS)• Command Line interface (Linux Shell)• SNMP• Port triggers and alerts• Port sniffing (simultaneous access to a port)• Online data buffering• Offline data logging (Syslog, NFS, CIFS)Accessibility• In-Band (Ethernet)• Out-of- band (dial up) - modem accessthrough DB9 port• Local access (though DB9 serial port)Other Protocols Supported• DHCP for dynamic IP assignment• NTP for time synchronization• PPP for dial up access• FTP, TFTP client for file transferUpgrades• Flash upgradeable• Unlimited free upgrades from online FTP sitePort Access• Telnet/SSH to Linux shell• SUN / Solaris ready – no inadvertent breaks• Break over SSH supportOther Features• Linux operating system• Full source code access enables customconfiguration• SSH Sessions on all poOCTOBER 2005 44 www.LinuxWorld.com


FIGURE 1FIGURE 2Depending on which terminal emulatoryou use, you may see slightly different outputto your screen. For instance, I initiallytested the CM4008 with Putty and foundthat passwords I entered into the consolesession were visible. Testing with xterm inFedora Core on my laptop showed no similarbehavior (see Figure 2).One of the pleasant features of theCM4008 is that you can connect to the serialconsole simultaneously from several differentconnections. Console access can beshared to allow teams to co-troubleshoot aproblem, or for training purposes as outputcan be seen on any of the console connectionsinteractively. For example, I was ableto display an entire software migration to ateam of new engineers by having them alllog into the CM4008 on the same port.All in all, I was very pleased with thesimplicity, ease of use, and value of theOpenGear CM4008 and would recommendit to small IT shops who have a need forout-of-band or console management. Thevalue provided by using embedded Linuxenables OpenGear to pass enormous savingson to customers. As a result, even inthe case of the CM4008’s 16- and 48-portrack mountable siblings, the cost ends upbeing one third to one half of the list priceof OpenGear’s closest competitors.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMFrom the Editor—continued from page 7other computer-related transactions,more businesses will have a need fordatabases, however, the per-seat accesslicense model is not attractive to me.Consider looking at MySQL (www.mysql.org) or PostgresSQL (www.postgres.org),especially where the data needs to bestored, but advanced database featuresare lost on many users. If you needhelp, you can turn to vendors MySQLAB (www.mysql.com) or EnterpriseDB(www.enterprisedb.com) for support.• File and Print Services: Perhaps my biggestgripe is with the file and print servicesmodel that requires client accesslicensing. Does the server require anymore support or attention from the vendorwhether it serves one user or 100? Isthere more value added by incrementaluser additions? I have a hard time believingthere is. So why be charged as if therewere? Consider Samba (www.samba.org)running on one of the many flavors ofLinux; you can still use a Windows desktopbecause Samba accepts connectionsfrom Windows, no CALs required.• Content Management Systems: Doingbusiness on the Web is a critical part ofcommerce for even small businesses, asis having the ability for data to flow fromthe enterprise to the end user. This canbe facilitated by user-friendly contentmanagement systems or complex Webapplications that require the ability toprovide services based on business logic.Consider the small to medium business,for example, Joomla! (www.joomla.org),or complex enterprise applications, forexample, JBoss (www.jboss.com) – bothare open source and have large and successfuluser bases, and once again thereare commercial support venues for thesesoftware packages.If you’ve read any of my previous editorials,you may envision me as a “biblethumping”preacher of sorts. The messagethat you need to start taking away from ourpublication, beyond the success storiesof Linux and product updates, is that notall commercial software is evil and not allopen source software is untested, and thatyou should look for solutions that are notapt to lock you into future decisions thatlimit your choice of vendors. Technologyshould add value to your business, nothold it captive.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMwww.LinuxWorld.com45OCTOBER 2005


BOOK ROOKERYLinux Made EasyB Y M A T T F R Y EA Q&A with Rickford GrantI recently had a chance to sit down with Rickford Grant, author of Linux for Non-Geeks, and talk with him about his new book Linux Made Easy (No Starch Press).A B O U T T H E A U T H O RMatt Frye is reviews editor of LinuxWorldMagazine, and a migration and technicalsupport engineer at Tekelec, a leadingdeveloper of switching and signalingtelecommunications solutions.mattfrye@linuxworld.comLWM: First of all, why, after writingLinux for Non-Geeks, did you decide towrite Linux Made Easy.Rickford Grant: The whole idea behindboth books is to get regular folks into whatis often considered a domain for geeks. Thatsaid, I am always looking for distributionsthat are easy to use and thus less intimidatingfor people who have been weaned on adiet of Windows all their lives.Linux for Non-Geeks is based on FedoraCore, which I felt (and still do) is a verystraightforward and well-supported distrothat really provides users with a real Linuxexperience, albeit without much of the thepain that you might encounter with somedistros. Still, it seemed that some people,especially those who just wanted a low-costout from Windows and were not necessarilyparticularly interested in Linux per se, stillfound things a bit more complex than whatthey were looking for. When I finally gotaround to trying Xandros, I felt I had foundwhat those people were looking for, and soI wrote Linux Made Easy. The two books,although seemingly similar in nature, arethus really written with slightly differentaudiences in mind.Another point I tried to address withLinux Made Easy was the area of applications.When I read through some of thereader reviews of Linux for Non-Geeks, Inoticed there were a number of commentsexpressing a desire for more coverage ofapplications. The train of thought seemedto be along the lines of, “Okay, so you sayLinux comes with all these great applications.So the GIMP is great, but what canI do with it? OpenOffice Draw is good forwhat? Drawing circles?” That sort of thing,you know. To address those rather validpoints, especially in a book that is targetedfor people who just want to get down to thedoing rather than the fiddling, I also addednumerous projects that would give readerssome hands-on experience with some ofthe major Linux applications.LWM: Do you think that after installingXandros, people will use it more andmore, and Windows less and less? Whatabout when great, new-for-Windowsonlysoftware comes out?RG: It certainly was the case for me. I can’thelp but feel that when users get crackingwith Xandros, they will be pleased by thefact that they are spending most of theirtime working or playing or whatever, ratherthan tracking down viruses and trying to ridtheir system of trojan horses. The fact thatthey will more than likely have more usableapplications on their Xandros side will nodoubt make their Windows world less andless atttractive.As for great new Windows-only software...well, what can you do? In a sense, a Linuxuser with a dual-boot setup has a bettersetup for such things than a Mac user, whooften suffers the same problem. A Macuser, after all, would have to have a wholedifferent machine in order to deal with thesituation.When it comes down to it, the numberof killer, must-have Windows apps you aretalking about is usually quite small for agiven user. As I mention every chance I get,I only resort to Windows on my own accordin order to play the Austrian card gameSchnapsen, the three different versionsof which are Windows-only apps. But fornow, it’s no big deal – just switch over tothe Windows side, stay off the Internet, andthen play or do whatever it is you do withthat app until you need to get back downto business. Then just switch back. You canjust think of it like rooms in a house: dinnerin the dining room, billiards in the familyroom, workbench in the garage. Not thatI’ve ever had a billiards table in my house...LWM: Why Xandros, as opposed to othersimilar distros like Ubuntu?RG: I was inspired to write Linux MadeEasy by Xandros, not the other way around.It’s just so easy. The installation is a nobrainer,and it will even repartition yourWindows disk for you so that you can createa dual-boot system without any hassles. Iknow that a few other distros, Madriva forexample, can do that, but my experiencewith Xandros’ partitioning capability hasbeen the best.It also has excellent package handling, awell set–up and stocked repository, and aInformationLinux Made Easy, The Official Guideto Xandros 3 for Everyday UsersRickford GrantNo Starch PressOCTOBER 2005 46 www.LinuxWorld.com


BOOK ROOKERYwell-organized interface. Having CD and DVD burning capabilitiesbuilt into the file manager, as it is in GNOME, is much, much betterand more convenient than having to resort to an outside app, suchas K3B, which most KDE-based distros seem to favor. It also seemedmore accomodating in terms of hardware, working on every pieceof junk I tried to install, and the fact that Skype is bundled with thesystem is just that much more icing on the cake.As for Ubuntu (and Kubuntu), I just don’t seem to get all thehoopla. Yes, it is a very nice, well-organized distro with unusuallyslick promotional graphics and a pleasant touchy-feely name. Butother than that, it’s not really all that different than Fedora Core...other than the fact that it is Debian based (as is Xandros) ratherthan RPM based. It just seems to me that it’s not particularly uniquein any way I can figure, so why all the hype? I might consider usingit instead of Fedora, but for a real newbie who wants as smooth atransition as possible, I would stick with Xandros.LWM: What role do you feel distros like Xandros will play inthe public sector, e.g., schools and government, where aneasy stable alternative to Windows could save taxpayers millions?RG: You said it right there: saving the taxpayers millions of dollars!It is no surprise that countries such as China are making theLinux switch a national project for just that reason. The Frenchgovernment too, for that matter. For government, there is really noreason not to switch over since there are not really any killer appsthat users need in order to work. The number of applications in theeducational field are more limited at the present time, but if schoolsystems were to make the commitment, the software would flow.Of course, government being what it is, there will always be opponentsout to protect their benefactors...oh, I mean constituents.It’s interesting to hear the arguments such people make as theywork to protect us from free software, though.LWM: Where do you see Linux on the desktop two years fromnow? Or five years from now?RG: There is no doubt in my mind that Linux will be more of aplayer in the desktop arena as years go by. How much of a playerdepends on the entities that package the various distros out theretoday. By this I mean that a major obstacle that could hinder theprogress of Linux on the desktop is the actual philosopy that laysbehind the Linux movement. The open source idea is the core ofwhat makes Linux Linux, and thus stands as a major attraction. Atthe same time, most distros take a purist approach to the bundlingof their distros in order to keep things totally open and not, forexample, including any software that requires any sort of licensing.Red Hat/Fedora’s no MP3 support is a good example. While this isfine in terms of keeping distros free and legal, it also stands as ahindrance to wider acceptance by present Windows users.Companies such as Xandros that have a variety of versions,some both free and for sale, have a unique opportunity to fill thegaps. They could do this quite easily by keeping their free versionsfree, while including licensed items, such as Windows-compatiblecodecs, encrypted DVD playback support, and MP3 playbackand encoding support, in their for-sale versions. TurboLinux, forexample, already includes some of these seemingly taboo (in theLinux world, anyway) features. Open source purists might balk atthe seemingly heretical notion, but the open source concept in itsstrictest form is lost on a casual Windows user, for example, whojust wants to be able to play a DVD (no doubt, when he or sheshould be working) without any fuss or philosophical abstractionsgetting in the way. Fair enough, I say. If they are willing to pay forthose added conveniences, why not let them?Of course, there are always going to be some folks who are nevergoing to make the switch. Some people just like to go to the computershop, stroll up and down the aisles looking at row after rowof shrink-wrapped software boxes, and then walk out after havingbought something. It’s just that simple consumer gene in each ofus. Some of us love to shop for clothes, others for cars, others forleeks and cauliflower, but for others it’s software. Such folks are notlikely to become Linux users any time in the near future.The progress Linux will make during the next few years, however,is sure to entice others. After all, it was only a few years that, cutepenguin aside, getting Linux up and running on your machinecould be a rather frustrating endeavor. Now, however, the installationprocess for just about any distro out there is much, mucheasier than that for a Windows installation, which most peopleseldom have the misfortune of enduring since they usually getWindows prebundled on their machines. Desktop and file managerfeatures have also become greatly improved, and the future is sureto hold more in store. It thus becomes a matter of time before allbut the diehard I-want-my-shrink-wrap types want to at last have acrack at Linux.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMLWM Advertiser IndexAdvertising Partner Web Site URL Phone # PageARKEIA WWW.ARKEIA.COM/DOWNLOAD 760-431-1319 8BLOG-N-PLAY WWW.BLOG-N-PLAY.COM 888-303-5282 41ENTERPRISE DB WWW.ENTERPRISEDB.COM 866-353-5615 15HP WWW.HP.COM/GO/BLADESMAG18 877-311-3620 6ISSJ WWW.ISSJOURNAL.COM 888-303-5282 39IT SOLUTIONS GUIDE HTTP://ITSOLUTIONS.SYS-CON.COM/ 201-802-3021 33LEVANTA WWW.LEVANTA.COM 877-LEVANTA 13LINUX WORLD MAGAZINE WWW.SYS-CON.COM 888-303-5282 43MBX WWW.MBX.COM 1-800-680-0638 19MONARCH WWW.MONARCHCOMPUTER.COM 800-611-0875 2,3NOVELL WWW.NOVELL.COM 10,11PARASOFT WWW.PARASOFT.COM/LINUXWORLDMAGAZINE 888-305-0041X3303 51REVELATION WWW.REVELATION.COM/LINUXWORLD/LWHOME 800-262-4747 5SUGARCRM WWW.SUGARCRM.COM 408-454-6941 52SYS-CON WEBSITE WWW.SYS-CON.COM 31WEBAPPCABERET WWW.WEBAPPCABARET.COM/JDJ.JSP 866-256-7973 27WILEY WWW.BN.COM 23WIN4LIN WWW.WIN4LIN.COM/TS-WP 512-339-7979 35General Conditions: The Publisher reserves the right to refuse any advertising not meeting the standards that are set to protect the high editorial quality of. Alladvertising is subject to approval by the Publisher. The Publisher assumes no liability for any costs or damages incurred if for any reason the Publisher fails topublish an advertisement. In no event shall the Publisher be liable for any costs or damages in excess of the cost of the advertisement as a result of a mistake in theadvertisement or for any other reason. The Advertiser is fully responsible for all financial liability and terms of the contract executed by the agents or agencies whoare acting on behalf of the Advertiser. Conditions set in this document (except the rates) are subject to change by the Publisher without notice. No conditions otherthan those set forth in this “General Conditions Document” shall be binding upon the Publisher. Advertisers (and their agencies) are fully responsible for the contentof their advertisements printed in ColdFusion Developer’s Journal. Advertisements are to be printed at the discretion of the Publisher. This discretion includes thepositioning of the advertisement, except for “preferred positions” described in the rate table. Cancellations and changes to advertisements must be made in writingbefore the closing date. “Publisher” in this “General Conditions Document” refers to SYS-CON Publications, Inc.This index is provided as an additional service toour readers. The publisher does not assume any liability for errors or omissions This index is provided as an additional service to our readers. The publisher doesnot assume any liability for errors or omissions.www.LinuxWorld.com47OCTOBER 2005


BUSINESSThe Membership ModelAn important part of the vitality of the Open Source movementAt LinuxWorld Expo in San Francisco, it occurred to me that I had overlooked avery important Open Source business model, the Membership Model. Confronted bya keynote speech by Stuart Cohen, the leader of the Open Source Development Lab(OSDL) (www.osdl.org), it became clear that I had jumped into the Advertising andConversion Models too quickly and had to back up and deal with the membershipphenomenon.B Y P A U L S T E R N E A N D N I C H O L A S H E R R I N GOSDL has more levels of membershipthan the Catholic Church.OSDLIndividualAcademicObservingBronzeSilverGoldPlatinumCatholic Church{ LaityPriestBishopCardinalPopeAs a businessman, the Advertising andConversion Models are more interesting,but from a raw power standpointthe Membership Model may be more important.So in the spirit of journalistic integrity,I have adjusted the Open Source BusinessModels graphic to correct this erratum.Open Source Business Models• Donation• Membership• Advertising• Conversion– Brand Ownership– Media Kit– Maintenance– Support– Add-ons (Dual License)• Professional Services– Support– IntegrationA B O U T T H E A U T H O R SPaul L. Sterne is general manager, Americas,Open-Xchange Inc., and managing partner, Sterne& Co. LLC. He is a sponsor of openResource,a wiki about the Open Source industry(http://sterneco.editme.com/home).sterne@linuxworld.comNicholas Herring is an associate, Sterne & Co.LLC, and a contributor to the openResource wiki.He has a Bachelors in Business Administrationfrom The George Washington University.Herring@sterneco.comOpen Source Development LabClearly, the most important, or at leastthe most respectable, membership organizationis the Open Source DevelopmentLab. It boasts three of the top maintainersas employees: Linus Torvalds (he who needsno introduction), Andrew Morton (Kernel2.6), and Andrew Tridgell (Samba). It canafford 48 full-time staff and contractors. Ithas offices in downtown Portland, Beijing,Tokyo, and Luxembourg. In venture capitalistparlance, it has a hefty “burn rate” of atleast $750,000 per month or $15,000 perhead – maybe more considering the celebritystaff.OSDL describes itself as a “big tent [notethe political metaphor for basically a politicalorganization] for vendors and customers,where members are not in competitionwith each other, but instead there exists ‘coopetition’between players to solve sharedproblems” – read Microsoft. The idea is thatshared costs lead to shared benefits. At thetactical level, OSDL is a lab or resource poolthat provides equipment and infrastructureto large-scale Linux technology projects tosupport enterprise and telecom applications.LaityIndividuals join for free but have no votingrights. Academics can join for $1,000 peryear, but can only vote in subcommittees.Observing members can join one “workinggroup” for $6,000, but can’t vote.PriesthoodFinally, with $12,000 in cash you can joinone working group as a Bronze memberand you get to vote. The Silver, Gold, andPlatinum levels are earmarked for largercompanies – defined as those with revenuein excess of $1 billion per year – which is apretty small group in the software industry,no more than 25 companies. At the Goldlevel, you get to nominate a member of theBoard of Directors. At Platinum, you get tonominate five (5) members of the 12 memberboard – which begs the question: Dothey have any platinum members? Membershipfees for the Gold and Platinum levels arenot disclosed on the OSDL Web site, so theyare clearly out of the reach of us humble folk.OSDL quantifies its value based on thetotal annual Linux-related revenues of itsmember companies. This figure totaled $9billion in 2004 – one-third of which wereclearly IBM and HPQ. ODSL also measuresits importance in terms of the 1,890 Linuxand 62 kernel engineers employed by OSDLmember companies. Members includeAMD, Cisco, Fujitsu, Hitachi, HP, IBM, Intel,NEC, Nokia, Novell, and Red Hat as well as70 small and medium-sized businesses.As Stuart Cohen stated in his keynotespeech, the Open Source movement hasbeaten back the attack of SCO by the jointeffort of its member organizations and nowOCTOBER 2005 48 www.LinuxWorld.com


BUSINESSfaces a new intellectual property threat,namely the “software patent,” from theindustry giant (he that shall not be named).In short, OSDL is the chamber of commerceof the Open Source community.ObjectWebObjectWeb is truly a Gallic institutionwith all the peculiarities of that wonderfulnation of 200 different cheeses and theEcole Polytechnique. It’s not a transparentAmerican chamber of commerce likeOSDL but a model of incisive planningand government funding. ObjectWeb(www.objectweb.org) is basically fundedand controlled by INRIA. INRIA translatesfrom the French into National Institute forResearch in Computer Science and Control.This institute has six locations throughoutFrance and is dedicated to fundamentaland applied research in information andcommunication science and technology. Itis comparable to a national lab in the U.S.,though without the emphasis on nuclearweapons development.Francois Letellier, an engaging manwho was nice enough to meet with me atLinuxWorld, is the leader of the organization.The ObjectWeb Consortium wasestablished in 2002 “to build a full set ofOpen Source middleware technologies forindustrial-strength distributed platforms.”Its main technical goal is to define andimplement a component-based, efficient,and scalable middleware architecture thatcan be easily configured and adapted todifferent application domains. Jonas is themost famous Open Source project to comeout of ObjectWeb. Jonas is an applicationserver that competes with BEA, WebSphere,and JBoss. Red Hat ships it with its applicationserver and SuSE Linux includes it in theSuSE Linux Enterprise Edition.To characterize ObjectWeb as a Jonas shopwould be unfair though. It hosts more than100 Open Source projects that range fromJ2EE architectural design to J containers. Itviews IBM’s recent acquisition of Gluecode,one of the main sponsors of a competingcomposite application framework calledGeronimo (hosted by Apache Software Foundation),as a threat to its basic mission.ObjectWeb is a bit more open than OSDL.Membership is free. Corporate members joinfor only €1.000. As of March 10, 2005, it had48 corporate or non-profit members and1,458 individual members. Its mailing listsare sent to 7,926 persons worldwide of which157 are in China. It has a development portalcalled the “Forge” used by 5,712 registeredusers for 109 projects. Each month its Websites are visited by about 150,000 unique IPaddresses.EclipseTo many people, Eclipse is an IBM front.It bills itself as an open platform for toolintegration built by an open community oftool providers. Eclipse (www.eclipse.org)competes with NetBeans from Sun. In thebattle of the downloads, Sun boasts 4.6 milliondownloads for NetBeans while Eclipsepegs its downloads at 50 million. We’ll haveto dig a little deeper into these numbers tounderstand what, if anything, they mean.Eclipse has a clever fee structure, andcharges more than OSDL and ObjectWeb.To become a Strategic Developer, organizationsmust have at least eight (8) developersassigned full-time to developing Eclipsetechnology and pay annual fees of 0.12%of revenue with a $250,000 ceiling. Actuate,BEA, Borland, CA, IBM, Intel, Iona, Nokia,Scapa Technologies, Sybase Inc., and WindRiver count themselves as Strategic Developers.Strategic Consumers must pay 0.2%of revenues with a $500,000 ceiling, but candecrease their fees by providing one or twodevelopers, reducing their fees by $125Kfor each developer with a floor of $50K. Ifanyone can explain to us the difference betweenthese two designations, please sendme an email. Members called committersmust be nominated by another committer,and have “write access” to all the contentof Eclipse, and don’t pay annual fees. Over90% of the committers are full-time paidemployees of member companies. StrategicConsumers include MontaVista Software,HP, SAP AG, and Serena Software.Another interesting category of memberis the Add-in Providers. To earn this designation,a company must have an Eclipsebasedoffering or commit to making suchan offering available within 12 months ofjoining. And Add-in Providers are requiredto publicly announce their support forEclipse. The annual membership fee forAdd-in Providers is $5,000. Add-in Providersinclude Accelerated Technology, Acucorp,Agitar, Aldon, Aonix, AvantSoft, CatalystSystems Corporation, CollabNet, Compuware,DataMirror, DDC-I, Discovery Machine,Embarcadero Technologies, ENEA,Ericsson, ETRI, Exadel, Fujitsu, Genitech,Genuitec, Hitachi, ILOG, INNOOPRACT, Inpriva,Instantiations, International TechnologyGroup, iWay Software, JasperSoft, JBoss,Kinzan, Klocwork, Logic Library, LombardiSoftware, M1 Global, M7 Corporation, Macromedia,Mercury, META-1, Micro Focus,MKS, mValent, NEC, Novell, NTT Comware,OC Systems, Omondo, Optena Corporation,Oracle, PalmSource, Parasoft Corporation,Pegasystems, Progress Software, QNX SoftwareSystems, Real-Time Innovations, RedHat, SAS, Secure Software, SlickEdit, SoftLanding Systems, Teamstudio, TechnologicArts, Telelogic, Tensilica, Texas Instruments,THALES, TimeSys, Unisys, VA Software,Versata, Wasabi Systems, and webMethods.Finally, Eclipse has Associate Members.Associate Members must be a standards organization,research institution, academicinstitution, open source organization, orpublishing organization that participates inthe development of the Eclipse ecosystem.There are no membership dues requiredfor Associate Members, that include ACMQueue, Addison Wesley, BZ Media, CMA(Communications and Media Arts), FawcetteTechnical Publications Inc., EclipsePlugin Central, Fraunhofer Institute forOpen Communication Systems (FOKUS),Object Management Group, Inc., Object-Web, OpenSystems Publishing, RTC Group,SocialPhysics, and Tsinghua University.Eclipse boasts an impressive board includingBechauf (SAP AG), Ed Cobb (BEA),Sam Greenblatt (CA), Jonathan Khazam (Intel),Michael J. Rank (HP), and yet anotherDave Thomson from IBM.Though the Eclipse business model isindeed clever, we wonder if they have properlynamed their members.SummaryThe Membership Model is an importantpart of the vitality of the Open Sourcemovement. The leading membership organizationsare well funded and organizedand provide important technical advances.But they owe their existence to political,not economic, factors. When these politicalforces recede, so will the importance of themembership organizations.Next month, we will look at the ConversionModel again and discuss how companiessuch as mySQL, Jboss, and Open-Xchange are doing.LINUXWORLD MAGAZINE WWW.LINUXWORLD.COMwww.LinuxWorld.com49OCTOBER 2005


ENTERPRISEWhere Are You Going, OSS?Supply and demandB Y G R E G W A L L A C EBob Young recently spoke at the TriLUG Linux Users Group in Raleigh, NorthCarolina. His talk covered several topics, from why he founded Red Hat, to his latestonline publishing venture, Lulu (www.lulu.com), to the need for greater public debateabout copyright and patent law. In response to a question from the audience aboutwhere he thinks Open Source Software (OSS) will dominate and where Proprietary,Closed Source software will excel, Mr. Young offered a very useful commentary.In his estimation, OSS will tend to dominatein customer environments that arerelatively tech savvy and in applicationareas that are relatively industry-independent.On the other hand, closed sourcesoftware will tend to be more successfulwith customers who are relatively non-techsavvy and in application areas that areindustry-specific (see Figure 1). He used hisown company, Lulu, as an example of onewhere OSS tends to dominate. At Lulu, hisstaff is very tech savvy due to the critical natureof technology to their business operations.On the flip side, Mr. Young providedan example of a dentist office software suiteas one where closed source tools wouldtend to dominate. The IT staff in dentist officestend to be less tech savvy, and the applicationis indeed industry-specific. Thesetwo factors – application type and customertype – can be thought of as driving the supplyand demand side, respectively, of theOSS penetration equation.A B O U T T H E A U T H O RGreg Wallace is co-founder and chiefmarketing officer of Emu Software, the Durham,NC-based maker of the NetDirector ConfigurationManagement System for Linux. He got hisMBA and masters of international affairs fromColumbia University in New York City andspent a year as a Rotary Foundation Scholarat the University of Barcelona in Spain.greg@emusoftware.comSupplyIn application areas that are substantiallyindustry-independent, there will be a tendencyfor more and better Open Source applicationsto exist. One reason for this is thatthe Open Source development model relieson a large number of developers to workcollaboratively on a particularpiece of software.Furthermore, often thedevelopers of a particularOpen Source projectare also users of thatapplication. Clearly, theless industry-specific anapplication, the larger theavailable pool of developerswill be. Think aboutthe well-known OSSprojects, and they seemto fit this model. Linux,Apache, BIND, Samba,Sendmail, MySQL, PostgreSQL,iptables, Snort,Asterisk – all, it seems tome, equally fit the needsof organizations across all industries.DemandOn the demand side, customers who arerelatively tech savvy, such as companies inthe telecommunications, high-tech, and newmedia industries, will have a higher propensityto prefer Open Source alternativessince their IT staff tend to have the technicalwherewithal to capitalize on the benefitsthat access to the source code brings. Thesebenefits include the ability to customize theapplication to suit their exact needs, as wellas the ability to troubleshoot problems theymay encounter with the application.As shown in Figure 1, the penetrationrates of the Linux operating system acrossdifferent vertical segments seems to substantiateMr. Young’s observation. In termsof application type, operating systemsshould be located near the top of the verticalaxis because they are not industry-specific.Databases are another application thatwould seem to be, by-and-large, industryindependentand therefore would fit closerto the top of the vertical axis. Hard data onpenetration rates of open source databasesby customer type was not readily available.However, on their Web site MySQL providesa list of their customers, which includeAlcatel, Bloomberg, BusinessObjects, Cendant,Cisco, Fujitsu, McClatchy, Micromuse,Scholastic, Sourcefire, Vonage, Wachovia,and WebTrends. A quick glance reveals thatmany, if not most, of the companies listedwould be aptly described as tech-savvy.This can be thought of as a framework foranalyzing where OSS is likely to be successful,and where traditional, proprietary softwaresolutions will tend have success. Whilethis is only one of many factors influencingthe ultimate success of any particular softwarecompany, at least this model does shedsome light on the degree of vulnerability toOpen Source competition that proprietaryvendors are likely to face.* SOURCE: EVANS DATA CORP. AND IBMOCTOBER 2005 50 www.LinuxWorld.com

More magazines by this user
Similar magazines