August 20, 2004
IBM has announced the i550, a new POWER5-based i5 system the company said is designed to provide mid-sized businesses flexibility in matching IT purchases to business needs. The i550 is a one- to four-way server that can be configured with up to three Capacity On Demand (CoD) processors that can be activated temporarily to assist with short-term computing needs or permanently to accommodate growing business requirements. The i550 incorporates IBM’s new Virtualization Engine System Services including IBM Director MultiPlatform, a management tool for centralizing IT management and monitoring of multiple operating systems; and IBM Enterprise Workload Manager, which isolates problems and optimizes the machine’s application workload through a set of self-managing capabilities. In addition, the i550 can be purchased as a specially priced Solutions Edition available with eligible offerings from Independent Software Vendors including Clear Technologies, IBS, Integrated Distribution Solutions, Intentia, Lawson Software, Manhattan Associates, MAPICS, PeopleSoft, and SSA Global. A special competitively priced Domino Edition of the i550 is also available for clients migrating from Microsoft Exchange Servers or consolidating Domino servers. IBM also announced additional options for integrating and managing Intel-based Linux servers (to go along with existing Windows server options) in i5 servers. The IBM eServer i550 is planned to be available on September 10, 2004. Prices are available from IBM.
Coming swiftly on the heels of IBM’s initial i5 server announcements (in May), a question arises of just where the i550 systems fit in the company’s new POWER5-driven iSeries. The answer is perfectly in between IBM’s lower-end i520 offerings and the higher-end i570s. But beyond questions of “where?” the i550 also answers plenty of “whys?” Part of the issue is basic scalability. IBM’s i520 servers are one- and two-way boxes that offer no CoD processor options. In the i570 series, the lone four-processor model is only available in a two/four-way (with two CoD processors) configuration; and the first server to offer three CoD processors, like the i550, is the eight-way model. What does this all mean in practical terms? Primarily, by delivering the highly flexible and configurable four-way i550, IBM is keeping an eye on and out for existing low-end iSeries customers. When you calculate i5 systems’ innate POWER5 capabilities, and add in the new Virtualization System Services, the special Solution and Domino Editions, and new x86 server integration options, the i550 begins to look like a pretty easy and attractive step up to the world of POWER5 for lower-end iSeries fans who love the platform but need or anticipate needing some additional headroom.
Perhaps equally important, though, is the role the i550 could play in attracting a new generation of users to the iSeries. Over the past few years, IBM has done a good job of satisfying traditional iSeries users (who are among the most devoted IT customers on the planet) but has had trouble articulating the platform’s value to outsiders. That job has gotten notably harder as much of the market, especially in the SMB space, has shifted increasingly toward x86 solutions whose low acquisition cost charms tends to mask their management complexity flaws. The i550 is not likely to change any minds at the low end of the SMB market, but for mid-size businesses awash in Intel-based server sprawl and looking to put their business computing environments back on an even keel, the i550 makes a heck of a lot of sense. The real question here is whether IBM’s traditional iSeries sales force and VARs can step outside their traditional sweet spot and extend a hand to these potential new customers. If so, then the mid-section of the SMB market could shape up in some pretty interesting ways. If not, the i550 will be doomed to play the starring role in a production with a sadly, and unnecessarily, limited audience.
McAfee Inc., formerly known as Network Associates, announced this week that it has acquired Foundstone Inc. for $86 million in cash. Foundstone provides enterprise software, hardware, consulting services, and education activities to enterprises in order for them to protect themselves from external threats and unauthorized entries. Foundstone has a client base of some 400 customers, McAfee said, including companies like AT&T, Motorola, McKesson, and a number of government agencies. McAfee said it will continue supporting Foundstone customers and the development of Foundstone technology going forward. McAfee said the combination of its intrusion detection products and Foundstone’s services will provide customers with more complete protection against security threats.
Just as software vendors are realizing that their products can and must be delivered in a more realtime fashion, so too are security customers and vendors coming to the realization that security is something that needs to be addressed in a much shorter turnaround time frame than ever before. Vulnerabilities appear weekly, if not daily, and security vendors that respond on a monthly or quarterly basis are simply not cutting it anymore. The key value to any security product is its ability to shrink the window of time between a discovered flaw and its repair. By minimizing that time, the enterprise is shrinking its exposure to threats.
Given that simple reality, it makes sense that security vendors like McAfee are looking to offer realtime security services along with technology offerings. Technology can do so much, and is constantly at risk of being circumvented by increasingly skilled black hat hackers. At the same time, the value of information stored behind enterprise IT defenses continues to grow in value driving the increase in security awareness. We believe that IT security product vendors are going to have to either strike lasting relationships with security service providers or, like McAfee, buy them outright. For McAfee, which has recognized that its security technology brand is much more powerful under the McAfee name than with the Network Associates moniker, offering security services under a well known security brand may well be a winning combination going forward. One thing is clear, from our point of view: security is going to increasingly become a body shop operation as technology itself is rather dumb in the face of skilled and determined hackers. People build the stuff, people can defeat it. We see that the only meaningful way to thwart smart people is by stocking the other side of the enterprise moat with equally skilled individuals. While technology will continue to evolve to keep the lesser-skilled at bay, it will be the brains of humans that keep the real riff-raff off the battlements.
Email security vendor IronPort Systems has announced that its appliances and services will support Microsoft’s Sender ID email authentication standard. IronPort's C-Series security appliances (C10, C30, and C60) will include Sender ID authentication and validation checks for email source of origin and sender identity. IronPort’s reputation services, SenderBase and the Bonded Sender Program, will also use Sender ID data in its email sender accreditation process. Sender ID will be available and integrated into IronPort’s offerings in October 2004.
Email “Spoofing,” or identity forgery, is a method commonly used by spammers, virus, and Trojan writers, phishers, and other perpetrators of fraud, to maintain anonymity by falsifying their sending email addresses, making it difficult to prevent, identify, or prosecute. Sender ID technology prevents the forgery or “spoofing” of an email message’s origin by utilizing an additional DNS entry called an Sender Policy Framework (SPF) record. That record can be used by mail programs throughout the Internet to verify the source of mail. Tens of thousands of organizations (Internet domains) have published SPF records since the standard was introduced. It is to an organization’s benefit to do so, since it helps prevent the loss of reputation or other problems that an organization can face if their identity is stolen and used for fraudulent or other criminal activities. Meanwhile, Microsoft and the founder of SPF, Meng Weng Wong (Pobox.com), agreed to merge SPF with the Microsoft Caller ID standard, forming the basis for the new Sender ID standard that Microsoft submitted to the Internet Engineering Task Force in June for approval. Microsoft plans to begin checking inbound email to its Hotmail.com, MSN.com and Microsoft.com domains for valid Sender ID information starting in October and email messages that fail the Sender ID check will be subject to further screening and filtering. Also, America Online will begin using Sender ID checks on inbound email in September.
So, Sender ID is an emerging standard for enterprises and Internet domain holders to authenticate and screen email sender identity. But like most security-oriented technologies, it will only be effective if there is widespread adoption. While it is simple for Internet domain holders to publish an SPF record in the DNS, it will only be effective as a countermeasure if Sender ID technologies become widely adopted by email receivers. As well as submitting Sender ID to the IETF, Microsoft is also aggressively lobbying all the relevant constituencies such as service providers and vendors to implement support for the burgeoning standard. This makes sense, as an official standard supported out of the box by a wide variety of players in the industry is more compelling in this day and age than if Sender ID were another de facto standard with Microsoft at the helm. In any event Sender ID penetration will likely still be slow, as the industry takes a “wait and see” attitude. But if handled correctly by Microsoft, Sender ID could be the leader in Internet Domain authentication and provide needed relief to us all.
German IT security researchers announced this week that they had found two software vulnerabilities in the Windows XP Service Pack 2, vulnerabilities that could allow virus writers to work around new security features that are the core of the SP2 update. The researchers noted that they did not believe the flaws to be serious, yet Microsoft announced that it would deliver a patch for SP2. At the same time, Microsoft delayed the general release of XP SP2 beyond its original August 16 delivery date via automatic updates to resolve the vulnerability issue. In another announcement, Oracle said it would begin issuing monthly software patches in response to discovered vulnerabilities. Recently some thirty-plus vulnerabilities were discovered in Oracle products. Oracle plans to distribute the first batch of patches by the end of this month.
While the discoveries of vulnerabilities in XP SP2 must come as a source of great amusement for the critics of Microsoft and no small annoyance to Microsoft public relations, the fact of the matter is that such discoveries benefit not only Microsoft customers but the company itself. Creating secure IT products is not something that can be done solely within a development environment. As any reputable cryptographer will inform you, no cryptosystem is deemed secure or unbreakable until it has been hammered on in a complete public and transparent process. Vendors of cryptosystems who have not put their products through such a public crucible are to be avoided at all costs. So it is with other security products, in our view, as public road tests allow for a matrix of non-aligned expertise and brainpower to determine to a much more certain degree the true value of the security offered by particular products. White hat security testing and revelations of insecurity are highly preferable to black hat intrusions and destruction.
As a result, we suspect that companies like Microsoft, Oracle, and other IT vendors will be issuing regular security patches for the rest of history. One hundred percent security is and always will be unattainable, and in any and all cases is completely and utterly undesirable. The only way to make a home close to completely secure would be to have no windows, and a single entrance made of a bank vault door. Such a home would be largely if not completely uninhabitable. So would an IT footprint that met 100% security ratings. The lack of information access, transferability, and usefulness created by such a situation would render it completely useless and counterproductive. It is the ongoing integration of information and data access that creates greater security risks along with greater utility of the IT footprint itself. A judicious balancing act between information security and accessibility will remain the core of any and all discussions about IT security for the foreseeable future, and as such IT vendors and their customers need to have forthright security assessments based on this reality for real benefits to be accrued both customer and vendor.
In a phone interview with Reuters, Bill Amelio, the president of Dell Asia Pacific, said that Dell was exiting the low-end consumer PC market in China. Dell cites increasingly aggressive price competition at the low end for its decision to withdraw into higher price bands. Dell has typically focused on the corporate space for PCs in China, and claims it had been China’s number three PC seller earlier this year. China continues to be one of Dell’s largest markets overall.
Conventional wisdom in the U.S. and Europe is that Dell is the low cost leader. Dell has a history of replicating its direct sales success in various markets, and has built its competitive advantage not on R&D-driven technology innovation but on state-of-the-art manufacturing and distribution acumen combined with an optimized customer buying experience. However, it is one thing to drive this business model in countries where higher-cost goods are a staple in the market for both consumers and businesses; it is another thing entirely to drive the Dell model in a country where a dollar’s worth of margin is sometimes equal to an employee’s weekly salary, and where contracts and business are more about being a local with the right family connections than about positive customer experience scores. While it is tempting to chase competitors into the PC price spiral for prized Chinese customers, it is telling of Dell’s business strategy that they are withdrawing now.
Dell maintains that it knows exactly where costs are, where it will drive prices, and exactly where it must stop in order to remain profitable. Dell maintains that competitors can and do sell below cost to grow share but that Dell will not do so and will leave a market rather than sell below cost. To remain in the game in China, Dell must face competition that will drop prices well below $500 by eliminating the operating system or using lower-cost AMD processors rather than those of Intel. Dell sells only Intel processors, and has no plans to introduce AMD. That relationship with Intel benefits Dell, but means that at the low end, there are places they cannot go. This is one example of the business trade-offs that Dell makes in order to meet its overall strategies. It would appear that Dell knows where its strengths are in China and where it can leverage its business model. Equally, Dell understands its limitations and will bow out of a space rather than drive towards business problems in future quarters. Perhaps this is one of the reasons that Dell remains a Wall Street darling when other high-tech companies are facing increased irritation from customers and shareholders. If competitors want to beat Dell at their own game, they would do well to study Dell’s clear, focused understanding of its business model and its own limitations rather than chasing its street prices down the proverbial drain.