Imagine a second, simpler operating system on your PC with fixed features, so it’s more secure - after all, if you can’t add more programs you can’t add a virus either. It would have to start up quickly, so that Windows wasn’t waiting for it, so it would be ideal for listening to music and watching video. I’m not thinking about virtualization per se, although that’s one way to achieve something similar; this is two operating systems side by side, both with access to the PC hardware, but one of them does much more limited and circumscribed things.

Can you tell what it is yet?

No, actually, I’m not talking about Palladium - sorry, Microsoft Next Generation Secure Computing Base. That grew out of an attempt to reassure Sony that it would be OK to allow DVD movies to play on a PC without piracy becoming endemic and turned into a much more useful and visionary idea about using public key cryptography not to identify people but to secure machines. It would have been a good way to implement the DRM it was associated with in the public eye, though wouldn’t have forced it on anyone who didn’t want to run it. Palladium loaded a secure piece of software called the TOR that acted as a secure area that could only run trusted code (written to public APIs), where the apps would be invisible to the main OS - all secured by the machine-specific key in your TPM and some new technology from Intel. 

Ironically, trust was the issue with Palladium; nobody trusted Microsoft to either be building a secure system that didn’t impact on a very robust interpretation of free speech or if it was, to do it right. The smallest part of the concept made it in a couple of versions of Vista as BitLocker; whole disk encryption secured by the TPM.
But the Palladium concepts are showing up in a lot of other places, including the NSA’s Security Enhanced Linux and Citrix’s Security Enhanced Xen - a small OS that runs as a secure virtual machine with isolated applications, using the TPM and Intel’s new hardware virtualization technology …

Intel even uses the words Trusted Computing Base, which might be a hostage to fortune given the fate of Palladium. The DRM discussion hasn’t started yet, but there’s a trusted channel to the keyboard, mouse, memory - and the graphics subsystem, which is what some thought would allow copy-protected DVDs to be watched in the secure area of Palladium, without the option to copy them. This time around it’s more likely to be copy-protected downloads: killing off HD DVD has actually made Blu-Ray less likely to get mass adoption,  as player and disc prices stay high.

There are far more benefits to Palladium-style secure computing than protecting the movie industry or saving the banking industry from having to upgrade anti-fraud backends. You may keep your AV up to date and your company documents secure, but one in six of all PCs that touch the Google site has a bot and they’re all sending you spam.

And while the systems that look so much like Palladium that I get déjà vu are still a little way off, Asus is already selling machines with Express Gate. Granted, this is more like the embedded operating systems you see on a lot of media notebooks; it boots up in eight seconds and lets you see your photos and play your music. It has an Internet connection, so you can browse the Web without waiting for Windows. But it also uses the TPM in Montevina and you can treat it as an isolated operating system, says the press release: “Friends and family can use your notebook to nip online, use IM, listen to music, play and view without having access to your data, the system or the Windows environment.” Very Palladian.
-Mary

A comment from Wyse popped into my inbox the other day, criticising the government for using desktop PCs instead of thin clients which are “inherently more energy efficient” (surprise surprise).

David Angwin, director of marketing for EMEA, claimed that “thin client computers give users exactly the same applications and performance as a PC and run on as little a tenth of the electricity.” Certainly, Wyse is one of the few thin client manufacturers who can claim to support a wide range of applications; I know one financial company who had to replace the first batch of thin clients they tried with Wyse kit almost within the week because the others couldn’t cope with video clips. But is that power figure the whole story?

Earlier in the year I was talking to Barry Goodall at the Royal Borough of Kensington and Chelsea. He’s spent a lot of time and effort greening the council’s IT and although he’s a big fan of server virtualisation, he has a much less positive view of the green credentials of thin clients after he disproved the figures in a Frauenhofer Institute report on green computing. “The report said we could save million of pounds by using thin clients, so we were quite interested in this! We looked at some of the details and things leapt out at us; in particular the power consumption of PCs was markedly higher than ours - we use Dell desktops.”

He was checking his Dells anyway, because Dell was claiming upgrading to model 745s would save as much energy as changing from CRT to LCD screens. “We have an electricity monitoring gadget from Maplin which I highly recommend: don’t trust anything the manufacturers tell you! It’s very easy and you need to measure it yourself.” His measurements showed the model 745s used the same 60 Watts of power as the Dell kit he already had; Dell’s 45 Watt figure assumed energy management features that weren’t turned on by default. “Energy saving features in the BIOS count for nothing unless you enable hibernation in Windows!”

But 60 Watts or 45, it was still a far cry from the 120 Watts that Frauenhofer was assuming for a desktop PC. That’s what you’d expect from a top-end home machine with a high-power graphics card for gaming; business desktops are rather more frugal.

That wasn’t the only place he felt the sums didn’t add up. “Although the report said in the text that they had accounted for PCs being turned on maybe ten hours a day, terminal servers are typically running 24/7. If you tot up the number of hours people work out of the year, even though it feels like you work all the hours God sends, it’s actually about 2,200 and the figures in their tables hadn’t taken that into account. When we plugged in the correct figures they supported the opposite arguments; with the number of clients per server they assumed, it was more expensive in terms of CO2 than a typical fat client environment. Thin client can be more energy efficient but you need to be clever and turn some servers off when demand is low; you have to be monitoring the workload so you can turn some servers off overnight and come the morning, start turning them back on again - though you’re running a little bit of a risk that maybe one or two servers won’t start up and you’ll struggle a little.”

When I talked to Jon Stewart at Cisco about security trends recently, he slipped in a few network arguments (as you’d expect from a network company). “I have a feeling [that] what you’re going to end up seeing is very thin, light application suites that are endpoint based and a very rich experience using massive network build out. It’s already started to happen; definitely BT has gone down this route. You’re basically saying the end point is going to matter less at a computational level. The display and the keyboard and the system that you interact with, is the most valuable. Think about Lufthansa going to wireless on their planes, they’re trying to solve the inability to do work when you’re mobile. Everything about handset mobility, you’re trying to solve work when you’re mobile. But each time it happens, less and less computational necessity exists on the device - you’re just getting the service on the device.”

But do we care less and less about devices? Again, you’d expect Steve Ballmer to favour the PC, but he told his audience at the Partner Conference that actually, all the devices that are getting attention are fat (we just need to make them easy too). “It’s ironic, people talk a lot about whether people want thin clients. And I don’t deny people want reduced cost, and complexity of management. I think we’re all hearing that from our customers. But people don’t want to really give up the richness and capabilities of a rich client. We even see that in phones. What’s going on in phones today? Phones are actually getting richer. That’s what Windows Mobile is, that’s what the iPhone is, that’s what Symbian is, that’s what Android is: all of these things are getting richer, and Windows PCs will be the richest, most capable device that most people ever own.”

Chatting with Peter Biddle, ex of Microsoft and now at UK enterprise social networking startup Trampoline, he suggested that as usual, what matters is both the device and the network. “Think about it; when did you last do any useful work without being online?”
-Mary

Getting IT folk to agree is like herding squirrels, but there’s one thing we do seem to agree on, and that’s that virtualisation is a good thing. It saves money, it saves space, and above all, it saves energy. Throw in a bunch of offload processing for complex applications (a Tesla box or some Azul hardware) and you’re well on the way to a shiny green data centre.

With so many companies investing so much in virtualisation you’d think that software companies would be falling over themselves to develop licensing tools to support dynamic, flexible IT infrastructures. It’s surprising then to see that not only are they singularly failing to do so, but they’re also making it hard to justify installing software on a virtualised server. Microsoft has tried to appear to be a poster child for virtualisation licensing, but once you start drilling down into just what you can and can’t do with Hyper-V and the Windows Server 2008 Enterprise edition you’re in for an unpleasant surprise. Unless you’re ready to lock yourself into an Oracle-style site license there’s just no way to run your internal IT as a utility.

That’s good news for SaaS vendors like Salesforce.com, but it’s bad news for CIOs all around the world - and (in the long run) worse news for proprietary software developers. Why worry about falling over a hole in your Windows Server 2008 licence if all you really need is a set of virtualised Linux boxen running Apache, MySQL and PHP/Python/Perl. Fractional licensing is water off a duck’s back to open source and free software.

So what do proprietary software vendors need to do? First and foremost they need to realise that the landscape has radically shifted. Microsoft made one step in the right direction when it realised that cores didn’t equal CPUs and switched its licence model to handle the change in server architectures. It was quickly followed by much of the industry. Now the industry as a whole needs to accept that a server is an ephemeral construct which is tied to a purpose not to a specific piece of hardware, and businesses will need to be licensed either for a maximum number of live instances or for a total number of licenses over a set amount of time.

Why should a company by three server licences if it’s actually only going to have two live at any one time? Two licences should be sufficient. Of course there’s also the issue of disaster recovery, but those purchased licenses should also be able to handle snapshot images of the virtualised servers that are ready to be put into play at a moment’s notice.

At VMworld, back in February, BT’s Stefan van Overtveldt said that vendors weren’t ready for virtualisation licensing. As he said, “On a generic level what I would say is as I come from a software background myself I understand that it’s very hard for software vendors to look at different types of commercial agreements because tracking usage is harder than tracking physical copies”. It’s a perennial problem that goes back to the days of the mainframe - and one that vendors are unlikely to approach with much enthusiasm, especially as most businesses are actually over-licensed.

Any shift to fractional licensing will be likely to result in lower revenues (at least in the first instance), but even so, van Overtveldt is optimistic, and expects vendors to come up with appropriate tools and licenses, “The industry hasn’t come up with standards that say if you transmit this kind of data in this format we will track it and reduce your licensing costs automatically when you get below a certain level of usage. But I believe something will come.”

Let’s hope he’s right.

–Simon

Sometimes weeks have a theme. This last week’s was most definitely virtualisation.

Cannes in February is a refreshing change from an English winter, and it’s where HP were announcing their latest storage virtualisation platform - along with servers that come with VMware’s ESX 3i hypervisor built-in. Getting the right physical infrastructure for your virtualised server farm is becoming increasingly important, along with beign able to deploy your virtualised images quickly.

That’s where ESX 3i comes in handy - it’s a 32MB hypervisor that doesn’t need an OS. Boot your server, connect to the hypervisor from one of VMware’s handy management tools, and you’re ready to configure the hard disk and deploy all the virtual machine images you need (and if you’re using BEA’s Liquid VM thin Java servers that can be a lot!). Now that most of the major industry standard server vendors support ESX 3i, with hardware shipping from IBN, Dell and Fujitsu as well as HP, it’s going to be easy to quickly add new compute resources to a virtual infrastructure. All you’ll need to do is order the appropriate server from your usual vendor, shove it in the rack (or the blade host), and a few mouse clicks later you’ve got a server.

Microsoft is going to have to do a lot to compete with this. Its Hyper-V VM is still several months away - and it will still need its own partition to run and manage the rest of the virtual machines running on your server hardware. Sun’s xVM will have similar issues, as will the open-source Xen hypervisor.

HP’s launch was in its Sophia Antipolis offices, as VMworld Europe was just down the road. With more than 4500 attendees, it was definitely the place to be if you were running a virtual infrastructure. BT’s plans to roll out a service oriented virtual network with global load balancing was a benchmark for the maturity of virtual infrastructures, and a fascinating look at how businesses can encourage the move to virtualisation. BT’s decision to make physical server implementations subject to a rigorous review process and hefty chargebacks is intended to make this an economic decision - with virtualisation the clear winner on ease of deployment and lower costs.

At Vmworld Europe the thin client was one of the elephants in the room. While the server products got the stage time, client virtualization got a set of ropy demonstrations which were, to say the least, confusing. Conflating VMware’s impressive VDI virtualised desktop tools with managed desktop virtual machines, CEO Diane Greene demonstrated how virtual machines could be deployed to desktop PCs, and how thin client applications could be used offline and on the road. Given that presentation it would be easy to confuse two very different ways of managing virtualised desktop environments.

Microsoft made a lot more of client virtualisation at its 2008 server wave launch last Wednesday. That’s not surprising, especially when you consider that its big server success story of the moment is its relatively recent acquisition SoftGrid. Delivering applications over the network is a powerful way of controlling user desktops, and reducing your support costs. SoftGrid’s impressive sales figures are even more impressive, when you realise it’s only available through Microsoft’s volume licensing programme.

Perhaps the ideal infrastructure is a hybrid. VMware virtual servers hosting enterprise applications, with SoftGrid -wrapped applications streaming from the server network on to desktop PCs. The PCs themselves might be thin clients fed by Citrix’s tools running on an array of desktop blades somewhere in your data centre. It’s all a blast from the past - the mainframe is back.

This time, however, it’s an ever-growing array of industry standard servers hosting a virtual infrastructure, while applications are delivered to not green screens, but thin client devices with HD quality LCD panels. It’s a brave new enterprise IT world out there.

–Simon