How can you fight spam with one of the most common email servers out there? After all, surely that should mean it’s an easy play for the spammers, with enough holes to get every V1agr4 advert and pump-and-dump scam into your users’ mailboxes.

It turns out it isn’t - and that the built-in tools are effective spam blockers.

If you’re not using Exchange 2007 Content Filter (or Exchange 2007’s Intelligent Message Filter) turn them on. This is one of the most effective weapons in your arsenal. It’s regularly updated, and it scans messages for common spam formats. Mesages are categorised and given spam ratings, which you can use to reject, quarantine, or file messages in users’ Junk Mail folders. CF is surprisingly easy to use - set it up, set the basic filtering rules, and then occasionaly check your quarantine mail box for false positives.

Exchange 2007 has even added whitelisting for persistently filtered false positives. Once a domain is whitelisted, there’s no more delving in the spam folders for Twitter invites or press releases from Kaspersky and Sophos.

I’d been running my server like that for some time, when I discovered another trick that turned out to make a huge difference. Exchange actually supports using real-time block lists (RBLs), which are lists of spam IP addresses hosted by services like SpamCop and Spamhaus. It’s trivially easy to add new block lists to Exchange - just find the lookup address on the block list site (Spamhaus’ is zen.spamhaus.org), and add it and the provider name in the Block List Provider section of Exchange’s anti-spam tools.

Without RBL support turned on I was getting 500 or so spam messages in my quarantine a day, making it hard to filter out the few false positives. With it on, I’m down to less than 100. Managing my spam is a lot easier - and with whitelisting, I’m having to look in the spam folder a lot less often…

–Simon

Did you ever have one of those days when everything seemed to be getting bigger?

I recently put the largest machine we’ve ever had onto our office network. A 64-bit server, with 6GB of RAM and 1TB of disk, it’s taken on the role of handling all our mail and files. When a new desktop PC arrives later this week, there’ll be over 7TB of storage on this small office network.

Just a couple of years ago we were surprised if we had more than 500GB of storage in an office. Turning back the clock still further, I helped design a UK-scale photo storage service, where we had a hierarchical storage system with a whole 3TB of spinning disk and 30TB of fast tape. Today’s fast external drives are making that architecture obsolete - our new server is using eSATA to do a whole server backup onto a 500GB drive. That back up? It only takes 30 minutes…

Outside out office the usual run of press releases seem focused on delivering larger and larger numbers. Cuil’s leaked launch (and the claimed size of its index) led Google to claim that it had indexed over 1 trillion web pages. That’s a pretty big number - 10 to the power of 12. It’s also the approximate number of bacteria living on the human body.

Closer to home, BT is claiming that it’s hooked up just under 17 million homes with broadband connections. It turns out that there aren’t many more homes to be connected, with broadband analysts Point Topic suggesting there are only around a million households that can migrate to broadband left - and around 9.6 million that don’t have internet access at all. The days of massive growth in broadband are behind us now, and what was a luxury is rapidly becoming a commodity. It would be interesting to see the spreadhseets at BT, as the company juggles the numbers to see how it can make money from running the data pipes.

After all, there’s plenty of scope for bringing the world online. Gartner recently suggested that there were over a billion PCs in use around the world (and soon there’ll be a billion transistors in each processor, thanks to Intel). While getting to a billion PCs in 30 years may seem a lot, there’ll be another billion in just 6 years, thanks to 12% annual growth. There
’s a lot of scope for significant social change here, as the emerging world (and especially the BRIC nations) start coming on line. The anglophile web will become just a part of a global, multi-lingual web - after all, even without the iPhone, China Mobile subscribers use more mobile data than any other network.

With all those machines, and all that information out there, there’s an issue of managing the information - and manging the storage it requires. The BBC has just such a problem.

The archive is currently managing about 700,000 digital items, with most of it still on discrete media (digital video tape, CDs, DVDs). There are about 280,000 actual master files, digitised from U-Matic video and 1/4″ audio originals, and from magnetic sound tracks. Then there are 60,000 viewing-quality video files, but these are held on CD-ROM in anticipation of a mass storage system. Overall they’re managing 12 petabytes, mainly on digital videotape - with a growth rate of about 400 terabytes a year, mainly on digital videotape.

If the numbers in your office are getting to big, be glad you’re not dealing with any of the really big numbers out there!

BT shareholders should stop worrying about the cost of fibre. Everyone wants fast broadband and the current plans aren’t so expensive that they’ll take years to pay off.

I noticed the other day that the market didn’t take well to the news that BT is really moving forward on plans to roll out fibre across to the UK to drag broadband speeds into the 21st century (think 8Mbps DSL is fast? - check out Korea, or Paris where they’re laying 30Mbps fibre). Cable coverage in the UK is a joke (NTL bought the cheapest demographic data it could find for high population density and ended up cabling multiple occupancy council estates where it couldn’t get licenses to offer a service and running out of money before it got round all the consumers and small businesses that actually wanted cable modems).

Now the analysts at Point Topic have done some interesting sums. BT’s proposal to cover 40% of the homes in the UK for £1.5bn works out at £150 per household - a lot less than the £800 each in previous calculations for doing all 25 million households. And making that pay dividends to all those worried shareholders will only take about £3 per household, according to Point Topic, because BT will be making savings on operating costs. Fibre means new services to sell; we might finally be able to get seamless roaming between landline calls, mobile calls and VOIP - it’s all IP underneath, after all. Some of the bandwidth will doubtless get eaten up by pay-for IP TV services.

And the regulator will need to keep an eye on who you can buy fibre from or we’ll be back to a monopoly faster than you can tell Sid pirated content isn’t the only reason anyone wants a fast connection (when did you last use an MSDN CD instead of downloading the ISO?). The industry has been asking OFCOM to promise it will be able to make money out of fibre as if it was something new and different. There may more trenches to dig in remote areas - although you can blow fibre down an existing conduit with compressed air - and you have to get the termination right, but it’s not rocket science. As Tim Johnson at Point Topic puts it, “by and large BT’s shareholders should be able to finance the investment, carry the risk and reap a good profit in return.”

Bandwidth; it’s a business, not a right, but it should be good business all round.
-Mary
 

Imagine a second, simpler operating system on your PC with fixed features, so it’s more secure - after all, if you can’t add more programs you can’t add a virus either. It would have to start up quickly, so that Windows wasn’t waiting for it, so it would be ideal for listening to music and watching video. I’m not thinking about virtualization per se, although that’s one way to achieve something similar; this is two operating systems side by side, both with access to the PC hardware, but one of them does much more limited and circumscribed things.

Can you tell what it is yet?

No, actually, I’m not talking about Palladium - sorry, Microsoft Next Generation Secure Computing Base. That grew out of an attempt to reassure Sony that it would be OK to allow DVD movies to play on a PC without piracy becoming endemic and turned into a much more useful and visionary idea about using public key cryptography not to identify people but to secure machines. It would have been a good way to implement the DRM it was associated with in the public eye, though wouldn’t have forced it on anyone who didn’t want to run it. Palladium loaded a secure piece of software called the TOR that acted as a secure area that could only run trusted code (written to public APIs), where the apps would be invisible to the main OS - all secured by the machine-specific key in your TPM and some new technology from Intel. 

Ironically, trust was the issue with Palladium; nobody trusted Microsoft to either be building a secure system that didn’t impact on a very robust interpretation of free speech or if it was, to do it right. The smallest part of the concept made it in a couple of versions of Vista as BitLocker; whole disk encryption secured by the TPM.
But the Palladium concepts are showing up in a lot of other places, including the NSA’s Security Enhanced Linux and Citrix’s Security Enhanced Xen - a small OS that runs as a secure virtual machine with isolated applications, using the TPM and Intel’s new hardware virtualization technology …

Intel even uses the words Trusted Computing Base, which might be a hostage to fortune given the fate of Palladium. The DRM discussion hasn’t started yet, but there’s a trusted channel to the keyboard, mouse, memory - and the graphics subsystem, which is what some thought would allow copy-protected DVDs to be watched in the secure area of Palladium, without the option to copy them. This time around it’s more likely to be copy-protected downloads: killing off HD DVD has actually made Blu-Ray less likely to get mass adoption,  as player and disc prices stay high.

There are far more benefits to Palladium-style secure computing than protecting the movie industry or saving the banking industry from having to upgrade anti-fraud backends. You may keep your AV up to date and your company documents secure, but one in six of all PCs that touch the Google site has a bot and they’re all sending you spam.

And while the systems that look so much like Palladium that I get déjà vu are still a little way off, Asus is already selling machines with Express Gate. Granted, this is more like the embedded operating systems you see on a lot of media notebooks; it boots up in eight seconds and lets you see your photos and play your music. It has an Internet connection, so you can browse the Web without waiting for Windows. But it also uses the TPM in Montevina and you can treat it as an isolated operating system, says the press release: “Friends and family can use your notebook to nip online, use IM, listen to music, play and view without having access to your data, the system or the Windows environment.” Very Palladian.
-Mary

A comment from Wyse popped into my inbox the other day, criticising the government for using desktop PCs instead of thin clients which are “inherently more energy efficient” (surprise surprise).

David Angwin, director of marketing for EMEA, claimed that “thin client computers give users exactly the same applications and performance as a PC and run on as little a tenth of the electricity.” Certainly, Wyse is one of the few thin client manufacturers who can claim to support a wide range of applications; I know one financial company who had to replace the first batch of thin clients they tried with Wyse kit almost within the week because the others couldn’t cope with video clips. But is that power figure the whole story?

Earlier in the year I was talking to Barry Goodall at the Royal Borough of Kensington and Chelsea. He’s spent a lot of time and effort greening the council’s IT and although he’s a big fan of server virtualisation, he has a much less positive view of the green credentials of thin clients after he disproved the figures in a Frauenhofer Institute report on green computing. “The report said we could save million of pounds by using thin clients, so we were quite interested in this! We looked at some of the details and things leapt out at us; in particular the power consumption of PCs was markedly higher than ours - we use Dell desktops.”

He was checking his Dells anyway, because Dell was claiming upgrading to model 745s would save as much energy as changing from CRT to LCD screens. “We have an electricity monitoring gadget from Maplin which I highly recommend: don’t trust anything the manufacturers tell you! It’s very easy and you need to measure it yourself.” His measurements showed the model 745s used the same 60 Watts of power as the Dell kit he already had; Dell’s 45 Watt figure assumed energy management features that weren’t turned on by default. “Energy saving features in the BIOS count for nothing unless you enable hibernation in Windows!”

But 60 Watts or 45, it was still a far cry from the 120 Watts that Frauenhofer was assuming for a desktop PC. That’s what you’d expect from a top-end home machine with a high-power graphics card for gaming; business desktops are rather more frugal.

That wasn’t the only place he felt the sums didn’t add up. “Although the report said in the text that they had accounted for PCs being turned on maybe ten hours a day, terminal servers are typically running 24/7. If you tot up the number of hours people work out of the year, even though it feels like you work all the hours God sends, it’s actually about 2,200 and the figures in their tables hadn’t taken that into account. When we plugged in the correct figures they supported the opposite arguments; with the number of clients per server they assumed, it was more expensive in terms of CO2 than a typical fat client environment. Thin client can be more energy efficient but you need to be clever and turn some servers off when demand is low; you have to be monitoring the workload so you can turn some servers off overnight and come the morning, start turning them back on again - though you’re running a little bit of a risk that maybe one or two servers won’t start up and you’ll struggle a little.”

When I talked to Jon Stewart at Cisco about security trends recently, he slipped in a few network arguments (as you’d expect from a network company). “I have a feeling [that] what you’re going to end up seeing is very thin, light application suites that are endpoint based and a very rich experience using massive network build out. It’s already started to happen; definitely BT has gone down this route. You’re basically saying the end point is going to matter less at a computational level. The display and the keyboard and the system that you interact with, is the most valuable. Think about Lufthansa going to wireless on their planes, they’re trying to solve the inability to do work when you’re mobile. Everything about handset mobility, you’re trying to solve work when you’re mobile. But each time it happens, less and less computational necessity exists on the device - you’re just getting the service on the device.”

But do we care less and less about devices? Again, you’d expect Steve Ballmer to favour the PC, but he told his audience at the Partner Conference that actually, all the devices that are getting attention are fat (we just need to make them easy too). “It’s ironic, people talk a lot about whether people want thin clients. And I don’t deny people want reduced cost, and complexity of management. I think we’re all hearing that from our customers. But people don’t want to really give up the richness and capabilities of a rich client. We even see that in phones. What’s going on in phones today? Phones are actually getting richer. That’s what Windows Mobile is, that’s what the iPhone is, that’s what Symbian is, that’s what Android is: all of these things are getting richer, and Windows PCs will be the richest, most capable device that most people ever own.”

Chatting with Peter Biddle, ex of Microsoft and now at UK enterprise social networking startup Trampoline, he suggested that as usual, what matters is both the device and the network. “Think about it; when did you last do any useful work without being online?”
-Mary

I wouldn’t be surprised to open a packet of cornflakes  and have a 3G USB dongle fall out, they’re getting so common. They may be convenient but they’re not the most efficient way to get a 3G connection on a laptop. A notebook with a built-in antenna gets 25% better bandwidth (because the better the signal, the more data throughput you get). And given that most 3G cells have only a 1Mbps pipe connecting them to the Internet , you need all the throughput you can get. 

The rumblings about EU regulation of SMS and mobile data costs carry on in the background along with OFCOM’s proposals for a voluntary code of conduct for ISPs to make sure your DSL line gives you the speed you’ve paid for, and OFCOM has also been making noises about checking out what speeds mobile broadband really offers. It’s a nice idea and it might concentrate the attention of the operators on the issue, but the speed you get depends on a mix of your handset, the Internet backhaul of the base station, how many other people are using data on the same base station - and the weather, so it’s hard to be precise.

I was impressed by the independent tests that Vodafone was trumpeting last month claiming they have the fastest HSDPA network. They’re claiming up to ten seconds faster to download a 2MB MP3 file (13.54 seconds) and four times faster to open a Web page (6.7 seconds). Anecdotally, Vodafone does feel faster than T-Mobile and Orange in the areas of London we visit, on EDGE and on HSDPA. With BT’s announcement today that it’s dropping backhaul pricing, if the mobile operators put in connections from the base stations to the Internet that are as fast as your connection from your phone to the base station, we’ll start to see which side of the network really needs to speed up.

I expect better battery life is also going to be better when you’re using built-in 3G than when you’re going through a USB port. The voltage won’t be much different but you can have much more sophisticated power management - and of course if you have a better signal, you don’t have to keep turning the radio up to try and improve things.

So Lenovo’s Centrino 2 announcements caught my eye today. Either the growth in the dongle market means Ericsson has dropped the prices of its 3G modules (scale, competition or a mix of the two) or Lenovo has decided that 3G is the best way to fight off the buzz around ultra-cheap machines like the Eee PC and Aspire One that cut features along with the price. Whichever it is, Lenovo is dropping the price premium for built-in 3G from around £100 to around nothing: from August 4th notebooks with a mobile broadband module will cost, and I quote, ”approximately the same price as those without”.

Although BT is now referring to the still-in-draft 802.11n proposal as a standard and putting it in the shiny new BT Home Hub (the rotating ten foot model of it at the BT event last night was a little scary), the n debacle drags on. At this rate, we might have HSDPA built into more laptops than 802.11n…
-Mary

I’ve been spending some time with the iPhone 2.0 software, and I have to say I’m pleasantly surprised with many of the new enterprise features.

Setting up an iPhone to connect to an Exchange server was quick, and relatively painless. Apple’s implementation of ActiveSync supports self-issued server certificates directly, and so smaller businesses can work the CEO’s iPhone without having to set up an expensive third-part certificate. Apple does provide a tool for helping configure multiple devices, and if you don’t use it each phone will have to be set up by hand, so you may prefer to stick with Blackberry or Windows Mobile for ease of management.

There is one big omission which will hamper the iPhone’s enterprise uptake: mail isn’t encrypted. So if your business is regulated in any way, and your staff work with sensitive information, then the iPhone - version 2.0 or not - will be strictly off limits. The fact there’s also no remote wipe (Apple says you can use Exchange’s tools for this, but our test device couldn’t be seen in Exchange’s device management tools) or device management beyond setup tools will also count against Apple’s latest software releases. Until Apple really understands the needs of enterprises the iPhone will remain the shiny phone on the CEO’s desk, not the workhorse device used by hundreds and thousands of staff.

Still, it is only a second generation device, and there’s plenty of time for Apple to fix its deficiencies.

If you really do want to use the iPhone with Exchange, what’s the experience like? We took some screenshots to show you what you and your users will see.

Making the inital connection is easy - all you need are an email address, a user name and password, and the DNS name of the Exchange server on the public internet. Once connected to an Exchange server you can manage accounts from the iPhone’s settings menu. You’re able to quickly switch functions, as well as choosing just how much mail is synchronised.

Mail can be pushed automatically using Exchange’s built-in ActiveSync (Apple has licensed it from Microsoft), or can be collected on a schedule. If you’re roaming and need to keep data bills to a minimum, switching to a manual fetch will help keep data traffic to a minimum - as well as increasing battery life!

Once you’ve set up Exchange mail, you’ll be able to see a list of all the mail folders in your Exchange account. The iPhone (unlike other mobile devices) will only automatically synchronise your main inbox, and you’ll need to manually download the contents of any other folders you wish to read.

Of course Apple handles HTML mail just fine, and you’ll get a good overview of your mailbox contents with headers and the first couple of lines of any message.

Mail doesn’t take up that much space - a large Exchange account (with sensible download windows) will only take a few tens of MB out of the iPhone’s 8 or 16GB storage. That leaves you plenty of space for applications - which already include tools from Salesforce.com and from Oracle. Applications download from the App Store, and open from the familiar launcher.

(Oh yes, and the new iPhone software makes it easy to take screenshots - just hold down the home button and tap the power switch. The screen will fade for a moment and you’ll find the image in the device’s camera roll.)

–Simon

Sure the iPhone is cool, but how many people are buying a smartphone just to get Web access at work?

A lot of our friends who blog using LiveJournal (probably the most community-oriented blogging platform) have commented recently that they’re losing access to LiveJournal and other sites at work - so they’re buying a smartphone so they can carry on accessing them.

I keep wondering how much of the recent jump in smartphone Web browsing is down to phones being almost good enough, networks being almost fast enough and data plans being almost cheap enough - and how much of it is annoyed or paranoid people being forced to put their social network in their pocket to stay in touch during the working day.

Some people are losing access to IM as well, which is stupidly counter-productive because it’s a fantastic work tool. Blocking IM is like not providing a telephone. I’m less certain about work use of social networks and blogs, because although they have some work benefits like networking, it’s often the employee rather than the company that gets the benefits - I might be networking to find a contact for my current project but if I move on, that contact isn’t much use to my company. And while I could see your status on Facebook, I could see it on IM as well, without the potential distractions. And let’s face it, Facebook is 99% distraction…

The Telegraph reported last year that 70% of UK companies agree with me and are blocking sites like Facebook. But I - and they - might well be wrong. Dell announced today that it’s giving all employees access to Facebook, MySpace, LinkedIn, Bebo, Orkut, Flickr, Twitter, FriendFeed, Plurk and other social sites because productivity issues pale into insignificance besides being out of touch with your customers. Dell opened up to Facebook weeks ago so staff could join in a competition it was running, but given how hard Dell is trying to look like a company that listens to customers, it’s useful for employees to be able to defend the company, solve user problems or just hear what its customers are saying to their friends. Passionate Dell employees are to feel more appreciated than the British Airways employees who defend the company in Facebook groups on their own time.

Marc Smith at Microsoft Research has spent years tracking online interactions - not to accuse people of wasting time, but to understand online social dynamics. He thinks Dell has the right idea because it’s finding out more about itself and “self awareness is such a powerful tool for businesses.” You could spend a lot of money on surveys, focus groups, BI tools and company meetings to find out what customers think of you and communicate that around the company. Or you could let everyone rub shoulders with customers and find out first hand.

If you want your employees keeping your users happy online, on top of not blocking their access, Smith suggests thinking of ways to give them credit for the time they put in helping them. Microsoft in Brazil was worried when all the discussion on a once-popular area of the official site went away; it turned out it had moved to a newsgroup that was tracked by Smith’s Netscan tool, because people liked being able to see when they contributed the most answers. If employees want access to Facebook, turn that into a business benefit by tracking who helps the most customers. Some supervision is going to be a good thing, along with a policy on what people can and can’t say; you can go into detail, or you can stick with something simple like the Microsoft blogging policy, which states that you have to be smart to work at Microsoft so don’t do anything stupid online.

But even if people are reading Facebook and LiveJournal and other sites for fun rather than work, I’m pretty sure management rather than censorship is the solution. This is nothing to do with the technology and everything to do with management and motivation. If you trust your users to have a phone on their desk and not spend the whole day talking to friends, can’t you trust them not to waste the day chatting in IM pr throwing food on Facebook?

People who lose a day to reading non-work Web pages of any kind - whether it’s Facebook or the BBC News or eBay or cat macros or anything else - are goofing off and you should be able to tell that through your normal management procedures. If you can’t tell whether someone is doing a good job by what they deliver, counting up the time they spend not working isn’t the answer, but monitoring is better than saying to your employees that you don’t trust them to behave professionally. Now that the work-life boundaries are not so much blurred as completely muddied, someone who spends an hour after lunch staying in touch with friends probably spends an hour after dinner catching up on work too.

I remember the week I discovered Usenet (my supervisor introduced me to it the first time we discussed my MSc thesis). I don’t remember much else I did that week; it was a huge distraction and I plunged straight in for hours on end. And at the end of the week I looked at how much time I’d wasted and thought ‘I’d better not spend too much time on this, I have work to do’.

Plus, once you’ve pushed them onto a mobile device that uses 3G rather than your Wi-Fi then you’ve lost all chance of tracking what they’re up to - and maybe they’re no longer as passionate about defending your company online either.
-Mary

I’m guessing that most of you  have already emailed your MEPs with a message roundly condemning the stealth attempts to pass legislation that will allow media companies to disconnect ordinary people from the Internet permanently just for the suspicion that they may be filesharing.

If you haven’t may I join my voice to those urging you to do so? It won’t take long (thanks to the folk at MySociety.org) and it will help preserve your rights online as well as saving the small and medium sized ISPs that do so much to keep Internet access prices competitive. It’s that last bit that’s key to IT professionals - the measures that the legislation proposes are too expensive and complex for most ISPs to implement, which will mean you’ll be left dealing with with just BT and Virgin for your business internet access - and I can guarantee that your monthly connectivity bills won’t go down as a result…

Here’s my letter. Don’t send exactly the same one - it’s your thoughts and words that matter:

I am writing to you as a constituent asking you to exert whatever influence you have with members of the IMCO and IMTR committees of the European Parliament to vote against amendments 2, 3, 4, 5 and 7 that have been introduced into the Telecoms package.

These amendments were introduced under the influence of industry lobbyists whose interests are in the attempted maintenance of obsolete business models that have become unsustainable; not only that, but they are an attempt to subvert earlier rejection by Parliament of explicit legislation to the same ends. The proposed measures are disproportionate, unworkable in practice, violate privacy and personal data security and would lead to entire families being denied access to the internet through the presumed guilt of one member. The European Parliament has already voted against them - they should not be passed by hiding them inside other important and much needed legislation.

Not only are they disproportionate, putting the onus on ISPs to detect and implement the measures required by the amendments is both an unfair measure and technically unfeasable. Many UK ISPs are small or medium sized businesses, and do not have the funds required to invest in wholesale tracking of their users’ actions. The amount of work required to implement these measures is large, and the techniques complex. The only organisations able to do this will be the incumbent carriers, reinforcing what is a de facto monopoly by putting small ISPs out of business.

There is, in fact, no way of identifying the difference between legitimate and illegitimate traffic in the manner described in the amendments. Many users use the same tools that are used to download copyright violations to install Linux, or get updates from Microsoft. If the tools proposed by the legislation aren’t perfect these innocent users will be tarred with the same brush as anyone violating copyrights. Even if it is possible to determine the type of data being accessed, it’s impossible to determine the actual state of the rights associated with it, or the intentions of the rights holders.

Innocent users also face the risk of having their home networks hijacked by third parties without their knowledge - and losing access as a result of third party actions. I’m more technically aware than most people, but it still took several weeks for me to find that someone elsewhere in my street was using filesharing software over my wireless network. Most home users don’t have access to the tools or the skills to find and identify these situations, yet the proposed legislation will make them liable for whatever happens on their home wireless networks.

I’m a technology journalist by trade, but I come from a technical background and helped found one of the UK’s first national ISPs, and also helped build the online presences of many major high street brands. The Internet has provided a boost to the economy, and these measures will reduce access to the Internet and by closing down small ISPs will increase the costs to the very users the European online economy needs.

The committees are scheduled to vote on this package tomorrow, 7th July, and I urge you to do what you can to have these amendments rejected and, failing that, to vote against the package yourself should it be presented for a vote by the Parliament as a whole.

I’m sorry that I’m sending this message with less than 24 hours to go, but I only found out about this today myself: so please do what you can to prevent these egregious and dangerous measures being codified into European law and to ensure that the European Parliament continues to represent the interests of its electors, even where those conflict with the short-term advantage of multinational corporations and their lobbyists.

Yours sincerely,

Simon Bisson

Remember you have a voice and a point of view, and it’s one that deserves to be heard.

–Simon

Getting IT folk to agree is like herding squirrels, but there’s one thing we do seem to agree on, and that’s that virtualisation is a good thing. It saves money, it saves space, and above all, it saves energy. Throw in a bunch of offload processing for complex applications (a Tesla box or some Azul hardware) and you’re well on the way to a shiny green data centre.

With so many companies investing so much in virtualisation you’d think that software companies would be falling over themselves to develop licensing tools to support dynamic, flexible IT infrastructures. It’s surprising then to see that not only are they singularly failing to do so, but they’re also making it hard to justify installing software on a virtualised server. Microsoft has tried to appear to be a poster child for virtualisation licensing, but once you start drilling down into just what you can and can’t do with Hyper-V and the Windows Server 2008 Enterprise edition you’re in for an unpleasant surprise. Unless you’re ready to lock yourself into an Oracle-style site license there’s just no way to run your internal IT as a utility.

That’s good news for SaaS vendors like Salesforce.com, but it’s bad news for CIOs all around the world - and (in the long run) worse news for proprietary software developers. Why worry about falling over a hole in your Windows Server 2008 licence if all you really need is a set of virtualised Linux boxen running Apache, MySQL and PHP/Python/Perl. Fractional licensing is water off a duck’s back to open source and free software.

So what do proprietary software vendors need to do? First and foremost they need to realise that the landscape has radically shifted. Microsoft made one step in the right direction when it realised that cores didn’t equal CPUs and switched its licence model to handle the change in server architectures. It was quickly followed by much of the industry. Now the industry as a whole needs to accept that a server is an ephemeral construct which is tied to a purpose not to a specific piece of hardware, and businesses will need to be licensed either for a maximum number of live instances or for a total number of licenses over a set amount of time.

Why should a company by three server licences if it’s actually only going to have two live at any one time? Two licences should be sufficient. Of course there’s also the issue of disaster recovery, but those purchased licenses should also be able to handle snapshot images of the virtualised servers that are ready to be put into play at a moment’s notice.

At VMworld, back in February, BT’s Stefan van Overtveldt said that vendors weren’t ready for virtualisation licensing. As he said, “On a generic level what I would say is as I come from a software background myself I understand that it’s very hard for software vendors to look at different types of commercial agreements because tracking usage is harder than tracking physical copies”. It’s a perennial problem that goes back to the days of the mainframe - and one that vendors are unlikely to approach with much enthusiasm, especially as most businesses are actually over-licensed.

Any shift to fractional licensing will be likely to result in lower revenues (at least in the first instance), but even so, van Overtveldt is optimistic, and expects vendors to come up with appropriate tools and licenses, “The industry hasn’t come up with standards that say if you transmit this kind of data in this format we will track it and reduce your licensing costs automatically when you get below a certain level of usage. But I believe something will come.”

Let’s hope he’s right.

–Simon