Boise State ditches Cisco DNS

Boise State University, the largest university in Idaho, has replaced its aging Cisco Network Registrar software with appliances from BlueCat Networks that it says are easier to manage and less expensive to operate for Domain Name System  and Dynamic Host Configuration Protocol services. The fiber-optic backbone network is being upgraded to 10G Ethernet in December, with 100Mbps bandwidth to the desktop. Boise State's network links more than 170 buildings spread across its 175-acre campus in downtown Boise.

The network carries data and voice traffic, and it supports 2,300 IP-based phones. But when it comes to core network infrastructure services such as DNS and DHCP, the university decided Cisco's Network Registrar was too expensive to operate. Boise State is a Cisco shop; the university uses all Cisco switches, routers, IP phones, wireless access points and wireless controllers on its network, which supports 21,000 students, faculty and staff. Case study: The Google-ization of Bechtel   Boise State isn't the only organization to discover that it could save money by switching from DNS software to DNS appliances. Boise State had the same problem. The Nevada Department of Corrections recently bought DNS appliances from BlueCat rival Infoblox to replace DNS software from Novell that was requiring too much time from network administrators.

Until this summer, the university was running an old edition of Cisco Network Registrar - Version 5.5, which was at the end of its life - on a Windows server for its DNS and DHCP services. "It was very limited as far as what was actually in the database for DNS and DHCP, and what you could see through the [graphical user interface]," says Diane Dragone, network engineer at Boise State. "There was no easy way to see what was really in the database except through command line tools." In addition, Boise State had to do custom coding in order to make this older version of Cisco Network Registrar work with all the vendor tags needed for DHCP. Boise State needed to upgrade the Cisco Network Registrar software, but that option was too expensive, Dragone says. Dragone explored several alternatives, including DNS software from Novell, Microsoft and Men & Mice. Cisco ended support for Cisco Network Registrar Version 5.5 in May 2006, and it is now selling Version 7.0 of the software. "We didn't want to pay the price for upgrading the software; it became extremely expensive," Dragone says. But eventually she zeroed in on appliances, and ended up testing devices from BlueCat and Infoblox. The retail cost of the two appliances was $26,000. "It came down to cost," Dragone says. "Plus, there were a couple things in the [interface] of the management system that I liked better, but they were very small." Dragone said installation of the Adonis 1000s was easy. "I spent a few weeks on my own learning the interfaces on the Adonis system, the GUI interface and the command-line interface, until I had a good comfort level. Boise State bought two BlueCat Adonis 1000 appliances, which are set up to be redundant to each other.

Then I did a testbed of two small buildings…to roll them onto the system for DNS and DHCP so we could test our Active Directory integration and our VoIP to make sure we had no issues," she explains. She says she can patch the appliances in the middle of the work day, rather than scheduling off-hours maintenance. Dragone said it took three weeks to migrate the entire campus network to the DNS and DHCP services from the BlueCat appliances. "We had no helpdesk calls as a result of the conversion," she says. "People didn't really know it happened." Dragone's favorite features of the Adonis system are the search capabilities and the instantaneous replication between the master and slave systems. Boise State hasn't experienced any outages or other significant problems with the BlueCat appliances. "I have no complaints whatsoever," Dragone says. "I like all the reports that you can look at. That has really come in handy." Operating modern appliances is a lot easier than keeping aging software running, Dragone says. "There are savings headache wise," Dragone says. "I spent an entire week in December trying to figure something out that never got resolved. The other thing I really like is the tool for checking your DNS database before you deploy your configuration.

There were a lot of band-aid fixes on the old system to the point where we were shuffling around where the DHCP was coming from." Cisco declined to comment for this article. Among BlueCat's higher ed customers are UC Berkeley, UCLA, the University of Michigan and the University of Calgary. Branko Miskov, director of product management at BlueCat Networks, says more universities like Boise State are migrating to appliances for DNS and DHCP services. This segment now represents more than 10% of BlueCat's sales. "We've actually had some pretty significant traction in the higher ed market…in the last 18 months," Miskov says. "They're a little more diverse in terms of the feature sets they use, whereas a lot of enterprises are pretty much uniform. The dorms have different requirements than the university buildings, so they really use the full extent of our gear." Miskov says universities are upgrading their core network services in response to the explosion of IP devices in dorm rooms, such as computers, PDAs and gaming consoles. "Each dorm room might require three or four IP addresses, and that's not even thinking about the faculty requirements," Miskov says. "For those that are rolling out VoIP, that introduces a whole slew of new IP addresses into the mix and makes it harder to manage."

Acresso who? Macrovision spinoff changes name, again

Under a legal threat from another software firm with a similar name, Acresso Software Inc. is changing its name to Flexera Software after just 19 months. Acresso sells software such as software its installation utility, InstallShield, and software license manager, FLEXnet, to software vendors and enterprises. The company will officially announce the change next Tuesday, but had already notified partners and customers on Thursday. It was spun out of Macrovision Corp. after the unit was acquired by venture capital firm Thoma Brava Cressley in April 2008. Macrovision retained the digital rights management (DRM) apps for which it is best-known.

Acresso, which the company said was derived from the Latin word "Cresco" for "to grow, increase" faced a "challenge" on its name from ERP software maker Agresso Software , said Randy Littleson, senior vice-president of marketing for Acresso. "Our executive team decided that there were better ways to invest our time and money, and that we didn't need this distraction," Littleson said. "The action we're taking will let us avoid a potential lawsuit." Acresso did not immediately return an e-mailed request for comment. It changed its company name in July to Rovi Corporation. Acresso was founded in 1980 and has annual revenue of about $475 million. That dwarfs Acresso, which has 375 employees and annual revenues of $115 million. It also has 3,500 employees at 16 offices globally.

Flexera will be the fourth name in five years facing long-time users of InstallShield, which was bought by Macrovision in 2004. Perhaps predictably, early public reaction to the new name tended towards the sarcastic. "As if the makers of InstallShield hadn't already done enough damage to their brand, let's just go change names yet again!" wrote Christopher Painter, an InstallShield consultant, on his blog yesterday. "Acresso Software is becoming Flexera Software for no apparent reason. Littleson said the company considered changing its name to Installshield, being that it is its best-known product, but ultimately came to the conclusion that it didn't represent the breadth of its application stable. Go ahead. #ScrambleMyBrands," another tweet said. He dismissed the notion, brought up by some bloggers , that the new name will cause legal trouble or just confusion with a solar and wind power company Flexera. "We're quite aware of it. We think this is very different, compared to when it was two software companies." That's one of the reasons why it's Flexera Software," he said. "How similar are we to an energy company?

IBM green city lab aims for Chinese government deals

IBM will develop green city planning applications with a Chinese municipality that it could sell in other government deals in China, the company said Wednesday. Shenyang, in Liaoning province, will pay IBM 275 million yuan (US$40 million) initially and invest further funds in the lab, IBM said. IBM and the northeastern city of Shenyang will launch a joint development lab for computer applications that help forecast water pollution trends, plot efficient traffic plans and devise caps on industrial carbon output, said Thomas Li, director of the IBM China Research Lab, in an interview.

IBM will provide intellectual property in data modeling, analytics and high-speed computing to kick start the lab, which will customize current IBM applications for use by the local government. IBM will also provide services such as placement selection for sensors that track water quality in city mains. One application, which balances carbon emissions and industrial output when given targets for each, will help Shenyang assess the environmental state of various industries in case it is one day required to assign carbon caps. But the joint lab will also develop new applications, which will cover public opinion analysis and food production monitoring in addition to city planning. IBM itself will give the lab the equivalent of 20 to 25 full-time researchers. The products that come out of the lab could later be sold to other local Chinese governments looking for green projects, said Li. IBM will give a cut of the sales revenue to Shenyang and a local university, both of which will contribute researchers to the lab, he said.

The deal creates a new model for IBM's cooperation with local governments and other partners, said Li. IBM has similar joint labs in other countries and is in talks with three other local Chinese governments about labs like the one planned for Shenyang, he said. It has sought the deals partly to place itself in areas of future public and private investment, both of which often follow government agendas, said Li. IBM has worked, for instance, with China's railway ministry to deploy train monitoring and service stations nationwide, and with the Wuxi city technology park on an application hosting and development platform IBM hopes to deploy around the country. IBM does much of its business in China with government bodies.

New Firefox security technology blocks Web attacks, Mozilla claims

Mozilla has released a test build of Firefox that adds new technology designed to stymie most Web-based attacks, the browser maker said Sunday. That would block any script or malicious code that's been added by hackers who manage to compromise the site or app. The technology, dubbed "Content Security Policy" (CSP), is a Mozilla-initiated specification targeted at Web site and application developers, who will be able to define which content on the site or in the online application is legitimate. Such attacks are generally tagged with the label of cross-site scripting (XSS). Preview editions of Firefox are available for developers to try out, said Mozilla in an announcement last week . "This isn't a single trick that's meant to counter a single kind of attack," said Johnathan Nightingale, the manager of the Firefox front-end development team. "This helps sites solve cross-site scripting, but it's more than that.

With CSP in place, Firefox will allow the former but will automatically block the latter. "It is in some ways similar to NoScript," said Brandon Sterne, Mozilla's security program manager, referring to the popular Firefox add-on that blocks JavaScript, Java, Flash and other plug-ins often abused by hackers. "The main difference is that the Web site itself is determining the policy. They now have a way to shut everything dynamic off, so that no matter what content gets added to a site, if it's on the page and they've sent us policy instructions in its header, we shut it down." Firefox is passing the baton to site and application developers, who will be able to separate the legitimate from the illicit content. NoScript is a great tool, but a large number of Web users are not sophisticated enough to manage the kind of decisions it requires." Nightingale and Sterne have pinned high hopes on CSP, which grew out of an idea first put forward by security researcher Robert "rsnake" Hansen in 2005. Last year, Hansen, the CEO of SecTheory, and Jeremiah Grossman, chief technology officer at WhiteHat Security, made headlines when they revealed details about how browsers were vulnerable to so-called "clickjacking" attacks . "Absolutely, this will drive a stake through the heart of cross-site scripting attacks," argued Sterne. "An attacker injects some script that harms the users of that site, that encompasses content injection. Google , the maker of Chrome, was not available over the weekend, but the company has previously said it generally doesn't comment on future product development. Out of the box, CSP [lets sites send] signals to the browser that says, 'We're gonna turn off everything by default.' Cross-site scripting will be neutered at that point." But Nightingale and Sterne realize that, even with nearly a quarter of the world's Internet users running Firefox, Mozilla faces a tough road if it's the only browser maker pushing CSP. "Both the Internet Explorer and Chrome teams have contributed to the design discussions of the specification," said Sterne. "They have some tentative interest in implementing it at some point in the future." Earlier this year, Eric Lawrence, a program manager on Microsoft 's Internet Explorer (IE) team, called CSP "a good idea" and "a promising approach" in a pair of entries on the official IE blog, but did not commit Microsoft to supporting the technology. "It's great to see that others are taking this threat seriously, as well," said Sterne.

Mozilla must also convince site and application developers that it's worth their while to use CSP. Nightingale and Sterne declined to name the sites that have expressed interest in using the technology. "The first step is for us to use it," said Nightingale, adding that Mozilla would turn one of its online properties into a guinea pig to show others that CSP is possible, and to iron out problems. The one thing they did say was that it wouldn't show up in the minor upgrade, Firefox 3.6 , that's to ship in November. The pair was also vague about when CSP would debut in a production version of Firefox. The first, and likely only, beta of Firefox 3.6 is slated to ship Oct. 13. "Whatever comes after 3.6, that's the earliest," said Sterne. Microsoft, for example, added a cross-site scripting filter to IE8 that the company said would block most attacks. Mozilla isn't the only browser maker trying to protect users from cross-site scripting attacks.

Preview builds of Firefox with CSP enabled can be downloaded for Windows, Windows Mobile, Mac and Linux from Mozilla's server . Sterne has also posted a demonstration page that graphically shows how various scripts are blocked by the technology.

Citrix desktop virtualization push: any device, any location

Citrix on Monday said its latest desktop virtualization software will give users access to high-definition desktops from any location and from just about any device, including PCs, Macs, thin clients, laptops, netbooks and smartphones. The latest version offers a range of server-and client-side virtualization options, including offline desktops hosted in local virtual machines; desktops hosted on blade PCs; hosted desktops based in virtualized servers; and hosted shared desktops. "Traditional PCs were designed for a very different world," Raj Dhingra, XenDesktop general manager, said during a press conference Monday. "Today, the world is flat and small. Citrix is betting that Windows 7 will drive a new wave of desktop virtualization adoption, and is releasing XenDesktop version 4 to take advantage of these expected new users.

We need to work in entirely different ways than before. Now it says XenDesktop with its accompanying FlexCast delivery technology is Citrix's first product "to support every major desktop virtualization model in a single, integrated solution." Citrix said XenDesktop will support high-definition graphics for all users with its HDX technology, which has been improved with support for flash multimedia, 3D graphics, webcams and VoIP, with optimized delivery to branch offices over WANs. Citrix claims that HDX requires 90% less bandwidth than competing technologies. A traditional PC that is locked to an office or a laptop is too confining." 13 desktop virtualization tools Citrix hinted at its all-devices strategy earlier this year when it brought virtual desktops and applications to the iPhone. XenDesktop 4 will be generally available Nov. 16 for prices ranging from $75 to $350 per user. The desktop virtualization market has lots of room for growth.

Customers using XenApp, Citrix's application virtualization technology, will be able to trade up to XenDesktop with discounts of up to 80%. Citrix is also enabling centralized management of virtual desktops and applications by integrating XenApp with XenDesktop, the company said. Fewer than 10% of data centers worldwide have virtualized desktops, according to ITIC lead analyst Laura DiDio. Citrix, Microsoft and VMware are all going after the virtual desktop markets, although surveys show mixed results when comparing the vendors. Thirty-one percent of customers plan to virtualize in 2010, according to an ITIC poll of 400 corporations. According to ITIC, 41% of companies using desktop virtualization went with Citrix, compared to 28% for Microsoft and 16% for VMware.

Citrix said XenDesktop 4 contains 70 new features to enhance performance and security. But when measuring by deployed seats, VMware has about a two-to-one lead over Citrix, according to Burton Group analyst Chris Wolf. But the key is delivering the right type of desktop based on users' varying needs, the company said. As many as 500 users can be accommodated by a single server in this model, according to Citrix. For example, task workers who share a similar set of applications may be best served by a shared, server-based virtual desktop, Citrix said. "This model gives each user a standardized, locked-down desktop ideally suited for jobs where user customization is not needed or desired," Citrix said.

By contrast, office workers who need more personalized desktops may be best served by a virtual desktop infrastructure model in which each desktop is a dedicated virtual machine. Blade PCs in the data center are ideal for delivering high-end applications to "power users," Citrix said. This model supports about 60 to 70 desktops per server, according to Citrix. Another option lets companies stream desktops to each user's device, which lets the user device run the desktop locally while letting administrators centrally manage the operating system, applications and data. The virtual applications can run offline, making them popular with mobile users, the company said. "By centralizing apps and delivering them as an on-demand service to existing desktops, this option offers many of the ROI and management benefits of a fully virtualized desktop with minimal setup costs, making it an ideal starting point for customers new to desktop virtualization," Citrix said in its XenDesktop announcement.

But for companies just starting out with virtualization, the simplest option may be to deliver virtual applications to traditional PCs, Citrix said. Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin