Vivek Kundra Out- Specific Licensing Terms

Billion-dollar idea for Apple 14 | Dell plus Perot 18 | Oracle eyes SaaS 20 Full disk encryption evolves 47 | Dr. Dobb’s: Programmer productivity 51

THE BUSINESS VALUE OF TECHNOLOGY Sept. 28, 2009

Windows 7 is the destination. So how will you get there? p.26 Winevitable

informationweek.com [Plus] GOVERNMENT CIO 50 Our first-ever analysis of top federal, state, and local execs p.35

A United Business Media Publication® CAN $5.95, US $4.95 Copyright 2009 United Business Media LLC. Important Note: This PDF is provided solely as a reader service. It is not intended for reproduction or public distribution. For article reprints, e-prints and permissions please contact: Wright’s Reprints, 1-877-652-5295 / [email protected]

COTHE BUSINESS VALUENTENTS OF TECHNOLOGY Sept.28, 2009 Issue 1,242 [QUICKTAKES]

18 Dell’s $3.9 Billion Gamble Its deal to acquire Perot Systems will have to get through thorny integration issues

20 Serious About SaaS Oracle may offer its software using a software-as-a-service model aimed at midsize businesses Microsoft Vs.‘Malvertisers’ 26 It files five civil lawsuits against COVER STORY suspected fraudsters Winevitable 22 Clouds Open Up Deciding to skip Vista was Cloud computing vendors rally easy. Now CIOs need to start behind open source API project planning a strategy for its successor, Windows 7. 4G Big Bang Verizon Wireless will try to light up its 4G network all at once next year, not market by market

24 Gold In The Clouds Vendors smell opportunity in federal cloud computing

New Look For USA.gov GSA plans to upgrade site and boost search abilities on 18 selected federal sites 20

informationweek.com Sept.28, 2009 5 [CONTENTS]

8 Links Research And Connect Reports from InformationWeek Analytics, events, videos, and more 14 Global CIO By Bob Evans 35 Government CIO 50 What we need is the iCloud—an Our first-ever analysis of top enterprise mobility platform that technology executives in federal, state, would leverage Apple’s strengths and local government—and how 16 CIO Profiles they’re embracing new expectations Tech’s Appeal William Shatner helped Chiquita’s CIO on the road to a tech career Dr. Dobb’s Report 47 Tech Strategy Programmer Productivity Full Disk Encryption Evolves Application life-cycle Opal standard paves the way for management tools keep self-encrypting hard drives developers focused 58 Practical Analysis By Art Wittmann Forget one size fits all—we need 51 sector-specific clouds 60 Down To Business By Rob Preston There are no federally orchestrated Contacts & Feedback “solutions” for businesses’ problems—in tech, or journalism 10 Editorial Contacts 10 Advertiser Index 12 Feedback

upcoming events: Windows 7 Virtual Event Attend this online event to get more insights into Windows 7 from Microsoft, testers, and peers. Find out more: techweb.com/win7-virtual

Wednesday, Sept. 30

6 Sept.28, 2009 informationweek.com Links Resources to Research, Connect, Comment TECH []InformationWeek Analytics Take a deep dive with these reports INNOVATION The Public Cloud How do you pursue IT innovation in the face of the current We gathered data on prices, services, contracts, plat- forms supported, and more to help you get started or economy? Our 2009 Informa- expand your use of public cloud services. tionWeek 500 companies stand informationweek.com/alert/iascloud out for keeping the pressure on for new ideas that drive Next-Gen BI Is Here business results. Here’s how Predictive analytics, real-time monitoring, they’re leveraging technology and the speed of in-memory technology for innovation this year: are changing the value proposition of business intelligence. Here’s a look at the many 60% Are increasing business new BI features and capabilities available. process efficiencies informationweek.com/alert/newbi 47% Are lowering IT or E-Health: One Step Closer business costs With a key requirements-setting exercise done, policy makers, vendors, and healthcare providers prepare to 37% Are introducing new embrace electronic healthcare systems in a bigger way. IT-led products or services for informationweek.com/alert/hcstimulus customers

Government IT Priorities In A Changing World Find out more in our report, free for a limited time: Federal agencies are under the gun to meet challenges informationweek.com/500/09/analytic.htm in tons of initiatives. Our poll shows what they’re doing. governmentpriorities.informationweek.com []More InformationWeek 10 Steps To Effective Data Classification Expert Advice It sounds simple enough: Define categories to protect information according to how devastating its loss would InformationWeek Analytics arms business technology deci- be to the organization. But it’s easier said than done. sion makers with tools to make smart IT choices using a informationweek.com/1242/backup unique combination of research and best practices. analytics.informationweek.com Why Automation Is Good For IT Untethering staff from manual chores doesn’t just re- BI And Healthcare duce the chance of errors. CIOs can also maximize virtu- Initiatives such as nationwide, alization and deliver more reliable business services. integrated e-medical record sys- informationweek.com/1242/datacenter tems won’t happen until we get beyond closed architectures. BI is a solid place to start. Privileged Identities: informationweek.com/1238/healthcarebi Watch Fresh way of thinking It Now about security Underground Security [ Attend this free Webinar focused on privacy and anonymity. Fritz Nelson exam- The presentation will highlight darknets—undergrounds ines the concept of where people anonymously and securely communicate and privileged identities share files. It happens Sept 30. Find out more: and how accounts, people, and pass- informationweek.com/1242/blackhat words must be man- s

aged efficiently. Let The News Find You e g a m

informationweek.com/ i

Get the news topics you follow delivered to your in-box. r e t i

video/privileged p

informationweek.com/getalerts u J

8 Sept.28, 2009 informationweek.com Print, Online, Newsletters, Events, Research

John Siefert Senior VP and Publisher,InformationWeek Business Technology ADVISORY BOARD Randall Mott Sr.Executive VP and Network,[email protected] 949-223-3642 Dave Bent Senior VP and CIO, CIO, Hewlett-Packard Bob Evans Senior VP and Global CIO Dir., [email protected] 412-661-3091 United Stationers Jeffrey Neville CIO, Eastern Rob Preston VP and Editor In Chief, [email protected] 516-562-5692 Robert Carter Executive VP and Mountain Sports CIO, FedEx John Foley Editor, [email protected] 516-562-7189 Denis O’Leary Former Executive VP, Michael Cuddy VP and CIO, Chase.com Chris Murphy Editor, [email protected] 414-906-5331 Toromont Industries Art Wittmann Editor, [email protected] 408-416-3227 C.K. Prahalad Professor of Business Laurie Douglas Senior CIO, Publix Administration,University of Michigan Tom Smith VP, Web Analytics, [email protected] 716-633-0822 Super Markets Alexander Wolfe Editor In Chief, InformationWeek.com, Dan Drawbaugh CIO, University of Mykolas Rambus Head of Technol- [email protected] 516-562-7821 Pittsburgh Medical Center ogy and Special Projects,Forbes Media Stacey Peterson Executive Editor, Quality, [email protected] Kent Kushar VP and CIO, M.R. Rangaswami Founder, 516-562-5933 E.&J.Gallo Winery Sand Hill Group Lorna Garey Executive Editor,Analytics, [email protected] 978-694-1681 Carolyn Lawson CIO, California Stephanie Stahl Executive Editor, [email protected] 703-266-6030 Public Utilities Commission David Smoley CIO, Flextronics Fritz Nelson Executive Editor,[email protected] 949-223-3608 Jason Maynard Senior Analyst, Ralph J. Szygenda Group VP and David Berlind Chief Content Officer,TechWeb, [email protected] Berkowitz Capital CIO, General Motors 978-462-5315

REPORTERS EDITORS INFORMATIONWEEK BUSINESS READER SERVICES Charles Babcock Mike Fratto TECHNOLOGY NETWORK InformationWeek.com The destination for Editor At Large Managing Editor/Labs DarkReading.com breaking IT news, and instant analysis Open source, infrastructure, virtualization Networking and security Security Electronic Newsletters Subscribe to [email protected] 415-947-6133 [email protected] 315-299-3558 Tim Wilson, Site Editor InformationWeek Daily and other newsletters at in- Thomas Claburn Jim Donahue [email protected] formationweek.com/newsletters/subscribe.jhtml Editor At Large Chief Copy Editor IntelligentEnterprise.com [email protected] Events Get the latest on our live events and Net Security, search,Web applications App Architecture events at informationweek.com/events [email protected] 415-947-6820 Doug Henschen, Editor In Chief ART/DESIGN [email protected] Analytics Go to analytics.informationweek.com Paul McDougall for original research and strategic advice Editor At Large Mary Ellen Forte NetworkComputing.com Senior Art Director Networking and Communications How To Contact Us Software, IT services, outsourcing [email protected] [email protected] 212-600-3187 Mike Fratto, Site Editor informationweek.com/contactus.jhtml Sek Leung [email protected] Editorial Calendar Mary Hayes Weier Senior Designer informationweek.com/edcal Editor At Large ByteAndSwitch.com Enterprise software, business intelligence, Katherine Lechler Storage Back Issues 800-444-4881 Mike Fratto, Site Editor software as a service, RFID Associate Art Director [email protected] [email protected] 734-761-9396 Reprints INFORMATIONWEEK ANALYTICS PlugIntoTheCloud.com Wright’s Reprints, 1-877-652-5295 Marianne Kolbasuk McGee analytics.informationweek.com Web: wrightsreprints.com/reprints/?magid=2196 Cloud Computing E-mail: [email protected] Senior Writer Art Wittmann John Foley, Site Editor IT management and careers Managing Director [email protected] Media Kits And Advertising Contacts [email protected] 508-697-0083 [email protected] 408-416-3227 createyournextcustomer.com/contact-us bMighty.com J. Nicholas Hoover Lorna Garey Technology for Small and Midsize Business Letters To The Editor E-mail Senior Editor Executive Editor, Analytics Frederic Paul, Publisher and Editor In Chief [email protected] name, title, Desktop software, Enterprise 2.0, collaboration [email protected] 978-694-1681 [email protected] company, city, and daytime phone number. [email protected] 516-562-5032 Heather Vallis Dr. Dobb’s Portal Subscriptions Managing Editor, Research Web: informationweek.com/magazine Serdar Yegulalp The World of Software Development [email protected] 508-416-1101 Jonathan Erickson, Editor In Chief E-mail:[email protected] Senior Editor [email protected] Phone:888-664-3332 (U.S.) 847-763-9588 (Outside U.S.) Linux, open source INFORMATIONWEEK.COM [email protected] 516-562-5029 Mitch Wagner Andrew Conry-Murray Executive Editor, Community New Products and Business Editor [email protected] 213-514-5597 Index Information and content management [] [email protected] 724-266-1310 Cora Nucci For Advertising and Sales Contacts Managing Editor, Features and Reviews go to createyournextcustomer.com/contact-us or call Martha Schwartz (212) 600-3015 Marin Perez [email protected] 508-416-1130 Associate Editor Roma Nowak Autonomy www.autonomy.com ...... 4 Qwest www.qwest.com ...... 15 Mobile, wireless, smartphones Director,Online Operations and Production [email protected] 415-947-6734 [email protected] 516-562-5274 CA www.ca.com ...... 11, 37, 45, C4 Rally www.rallydev.com ...... 52

W. David Gardner Tom LaSusa CTIA www.citashow.com ...... 59 SAS Institute www.sas.com ...... 13 News Writer Managing Editor, Newsletters Networking, telecom [email protected] Citrix www.citrix.com ...... 2, 3 Seapine Software Inc. www.seapine.com . . . . .50 [email protected] Jeanette Hafke Dell www.dell.com ...... 40, 41 ShoreTel www.shoretel.com ...... 34 Antone Gonsalves Senior Web Producer News Writer [email protected] DTsearch Corp www.dtsearch.com ...... 56 SMS Memory Module Assembly ...... Processors, PCs, servers [email protected] Nevin Berger Senior Director, User Experience Gimpel Software www.gimpel.com ...... 54 www.smsassembly.com ...... 57 [email protected] Eric Zeman IBM www.ibm.com ...... C2, 1, 19, 21, 27, 29 SonicWALL www.sonicwall.com ...... 49 Mobile, wireless [email protected] Steve Gilliard Senior Director,Web Development Infragistics Inc. www.infragistics.com ...... 53 Sprint www.sprint.com ...... 9 [email protected] CONTRIBUTORS ITWatchDogs www.itwatchdogs.com ...... 57 St. Francis Nursing Home ...... 57

Michael Biddick [email protected] INFORMATIONWEEK VIDEO Microsoft www.microsoft.com ...... 7 Trend Micro Inc. www.trendmicro.com ...... 17 Randy George [email protected] informationweek.com/tv National Instruments ...... 57 Tripwire www.tripwire.com ...... 46 Michael Healey [email protected] Fritz Nelson Executive Producer Joe Hernick [email protected] [email protected] NEC America www.necus.com ...... C3 VeriSign www.verisign.com ...... 43 Please direct all inquires to reporters Programmer’s Paradise ...... Verizon Wireless www.verizonwireless.com . . .31 in the relevant beat area. www.programmersparadise.com ...... 55 Workday www.workday.com ...... 23, 25 Copyright 2009 United Business Media LLC.All rights reserved.

10 Sept.28, 2009 informationweek.com Write to us at feedback [email protected]

has seen. Despite that, HP is out and technology you oversee? —Rob Preston Sun in on Exadata 2. —Bob Evans informationweek.com/1241/preston.htm informationweek.com/1241/evans3.htm IT provides the reliable basis for every Oracle could become the next IBM-like competent decision that is made by sole source for apps, operating soft- anyone who manages or works for an ware, hardware, and services. But Larry organization, or buys from or sells to Ellison has to close the deal first. Right the organization. It’s of critical compet- now, the Sun franchise is dropping at itive importance to every organization about a 50%-per-year rate. Do the that competent decisions are made compounding math and by 2011, Sun correctly and in a timely fashion. is no longer a top-tier brand welcomed But it’s important to understand the into IT shops. As time goes by, I’m less function of the board. Boards may be confident this deal ends up working as confined to certain roles and purposes, Oracle planned. —Catalina588 and often—except in the case of management boards—these roles and pur- Chevron’s IT Transformation This was not a surprise to anyone. As poses aren’t the same as organizational Some CIOs put their heads down Oracle leverages Sun’s hardware, HP management’s (the distinction being during a recession, waiting for a re- has to look for another partner. My that a commercial corporate board covery. Not the CIO of Information- guess is that Microsoft stands to benefit commonly governs, and management Week 500 honoree Chevron, Louie in this fight with an Exadata replace- acts to implement the board’s resolu- Ehrlich. —Bob Evans ment on the Wintel platform using tions). Board roles may be manage- informationweek.com/1241/evans.htm SQL Server and HP hardware. How ment or governance or working or ad- soon? Depends on if Steve Ballmer is visory, for example, and in each of With financial resources like Chevron watching this trend. —GajaKannan these roles, their concerns for IT may possesses, the company’s CIO should vary considerably. —Robin Oliver empower every IT and business oper- Oracle respins Exadata on the latest ations manager with employee usage Sun gear. But Exadata version 1 ran data. Performance, security, and com- on nice HP hardware, and yet it was Lessons From Real-World pliance are driven by use of the net- anything but a commercial success. Data Breaches work. By empowering local managers So what makes customers wary of this We break the code of silence on data with relevant information, Chevron Oracle offering? And does v2 do any- breaches to show how criminals op- would be putting authority where the thing to address those issues? erate. —Greg Shipley responsibility lies. Too often, large en- Customers know that if they buy Ex- informationweek.com/1239/databreach.htm terprises centralize this kind of infor- adata, they’re just getting an expensive mation. It’s akin to having straight- Oracle Real Application Clusters appli- Let’s expand on your third guideline: line reporting to the CEO by every ance, with all the warts and scaling Understand the limits of your security employee: Too much information! problems of RAC and parallel query. systems. We tend to forget that data is Simple reporting tools can provide The core database is decades old and the most critical asset, yet we spend useful information to keep IT and was just never designed for the kind of inordinate resources trying to protect business goals in line. —Smithwill high-end data warehousing workloads the infrastructure, perimeter, servers, being tackled by the MPP shared-noth- etc. An information-centric security Oracle Dumps HP After ing database vendors —Anonymous approach of protecting the data itself r k c i l

‘Most Successful Intro Ever’ is the only logical approach to keep it F / r e z t Oracle says a new product co-created Needed: Boardroom Chops secure. The breaches mentioned in l e M . with HP has generated the biggest How comfortable would you be in ar- your story could have been prevented T b o c a new-product pipeline the company ticulating the business value of the with such an approach. —Anonymous J

12 Sept.28, 2009 informationweek.com

globalCIO BOB EVANS

Apple’s Next Billion-Dollar Idea

teve Jobs, who whipped the keiretsu- ganizations they lead: Jobs must outmaneu- bound music industry, is just the guy ver and outthink Schmidt, and that means Sto lure into his web the brilliant but new businesses, new opportunities—and sometimes bumbling players in enterprise new risks. mobility. If he creates the iCloud—an enter- 3) Technology vision. With the industry- prise-mobility cloud service—he’ll position shaking success of the iPod, followed by the Apple at the incredibly strategic intersection even-more-disruptive phenomenon of the of real-time information and robust mobile iPhone, Jobs proved he’s without peer in access to it. imagining the future for mobile technology Let me present the Most enterprise software companies are and experiences. still struggling to let hundreds of millions 4) Marketing muscle. Apple has made it- iCloud, an enterprise of mobile workers around the world seam- self one of the best-known and most-desired lessly extract real-time and relevant infor- brands in the world, with a self-sustaining mobility platform mation from enterprise apps, databases, buzz factor. It’s one of the few companies that that would leverage and gobs of unstructured content, could make the cloud cool. B A L C and many of the patchwork solu- O I 5) A huge and committed fol- L O the unique strengths tions are brittle and complex. G lowing. Apple has a global cult of Those kludgy connectivity con- customers fiercely devoted to its of Apple and its one- glomerations just won’t cut it products and experiences. For of-a-kind founder anymore. the iCloud project I’m proposing, What we need, folks, is an en- this mega-attraction extends to terprise mobility cloud populated companies, few if any of whose with the information that powers global CEOs could say no if Steve Jobs called business. And Apple—maker of iTunes, cre- them up one day and asked for their help ator of App Store, shifter of paradigms—can creating an enterprise mobility cloud that be the master contractor and chief strategist, would change the world. pulling together the technologies and gadgets 6) Charisma. Jobs and Apple have tons of from other suppliers to make the iCloud real. this essential ingredient, but what Jobs and Here’s how: Apple don’t have is big-time cloud technol- 1) Political skill. Jobs toppled the mono- ogy experience. But Amazon does, and it has lithic music industry by outflanking it with its own high-octane CEO in Jeff Bezos, and the iTunes phenomenon, which he later sur- its cloud power will be indispensable in help- passed with the App Store mega-phenome- ing Apple battle Google. non. So, yes, Jobs can herd cats. 7) A wildly popular mobile device. Yeah, 2) Personal will. Apple’s biggest competi- I think the iPhone qualifies as that. tor is Google, and Jobs’ biggest competitor is The iCloud enterprise mobility solution: Eric Schmidt. The ouster of Schmidt from coming soon to a mobile mess near you? Apple’s board earlier this year was strategi- cally necessary but also personal—how could Bob Evans is senior VP and director of it not be?—as Schmidt’s company made a InformationWeek’s Global CIO unit. Write to number of moves into markets led by Apple. Bob at [email protected]. For a longer It’s not as much interpersonal animus as it is version of this column, go to informationweek intensely personal commitments to the or- .com/1242/evans.htm.

14 Sept.28, 2009 informationweek.com Read other CIO Profiles at CIOprofiles informationweek.com/topexecs

Career Track enabling access to our enterprise How long at current company: systems from remote locations in a 3-1/2 years cost-effective manner.

Career accomplishment I’m most How I measure IT effectiveness: proud of: The formation of a strong The most basic, yet important, met- partnership between the business ric I use is the number of business units and IT through the introduc- partners who seek me out to discuss tion of a strong IT governance new business initiatives and how IT process. For example, the forma- can help support them, versus the tion of a portfolio review commit- number who seek me out to com- tee, steering committees, and a plain about IT service delivery. matrix model that maintained our The other basic metric used is ROI with the business. service calls. Tracking service calls provides details on a number of im- Most important career influencer: portant factors: uptime of critical William Shatner. When I was in my systems, problem systems requiring formative years, I was enthralled significant work, vendor issues, etc. with the concept of the personal computer. I saw Shatner hawking Vision the Commodore VIC-20 computer, MANJIT SINGH Advice for future CIOs: Always and although I’d never even seen CIO, Chiquita Brands be open to new ideas, even if they Star Trek at the time, there was International don’t make immediate sense. something about the ad that got me Colleges/degrees: Binghamton to ask my parents to buy one. That University, BS in mathematics/ The next big thing for my busi- firmly set me on the IT path. computer science; Indiana University, ness will be ... the implementation MS in computer science of seed-to-shelf traceability for all On The Job fresh produce. Leisure activity: Tennis Size of IT team: Enough to get the job done—approximately 220. Tech vendor I respect most: Steve Best way for CIOs to cope with Jobs, for taking technology from the economic downturn: Remain Top initiatives: ordinary to extraordinary focused on adding value to your Business leader I’d like to have lunch business and not simply being a >> Hyperion Financial Planning: To with: Jim Kilts, former CEO of Gillette service provider. Now is the time improve our forecasting and budg- for you to help your business leap Smartphone of choice: BlackBerry eting processes. over its competitors. If I weren’t a CIO, I’d be ...a venture >> Enterprise data warehouse: This capitalist The federal government’s top tech- is an initiative to build an enter- nology priority should be ... to prise data warehouse to support ex- fund upgrades and improvements in tensive business intelligence capa- the country’s aging technology infra- bilities. Doing this will allow structure and systems: broadband, real-time access to pertinent data wireless, homeland security, etc. that lets the business make at-the- moment decisions. Kids and technology careers: A tech career can be incredibly >> Support for our expanding oper- rewarding if you focus on having ations in new markets: For Chiq- a broader impact by leveraging uita, the biggest challenge is usually technology.

16 Sept.28, 2009 informationweek.com [QUICKTAKES]

IT SERVICES Dell’s $3.9 Billion Perot Gamble

ell’s $3.9 billion deal to ac- wonders if Dell has the quire Perot Systems could be management chops to a boon to its own sagging for- make it happen. “Perot is tunes and to business cus- very methodical and some- Dtomers looking to implement new archi- what stiff and regimented,” tectures like virtualization and cloud Martin says. “That’s not the computing. But the PC and server maker culture that Dell has had. will have to manage thorny integration ... The integration issues issues as it absorbs a company known for are not going to be trivial.” its rigid, by-the-book culture and re- In its favor, Dell deepened liance on a market—healthcare—where its bench strength earlier Dell has little experience. On top of these this year, hiring IBM’s top Does Perot give Dell issues, Dell is a relative neophyte when M&A guru, David Johnson, [a winning hand? it comes to IT services and M&As. whose experience could be Not that there isn’t a plan. Dell wants to crucial to Dell’s ability to add Perot’s op- Perot has weathered the recession marry its hardware and automation soft- erations without alienating customers or fairly well, but if Dell is to seriously chal- ware with Perot’s integration and out- employees. Dell has made six acquisi- lenge IBM and HP-EDS in outsourcing, it sourcing services so it can offer end-to- tions in the past two years, with its only will have to take a company founded in end “solutions,” mirroring earlier moves major one being the $1.4 billion 1988 by billionaire and gadfly politician by rivals Hewlett-Packard and IBM. takeover of storage specialist EqualLogic. H. Ross Perot well beyond its healthcare Dell has the iron and applications At IBM, Johnson oversaw 14 significant base. Perot Systems derives half its rev- needed for advanced data centers. It acquisitions last year alone. enue from healthcare, 25% each from the bundles VMware’s View virtual desk- One possible hitch: Johnson’s partic- commercial and government sectors. top offering with its Latitude and Opti- ipation isn’t assured. IBM sued the exec Dell says it plans to do just that, call- plex PCs and PowerEdge servers to earlier this year for breach of contract, ing its agreement to acquire Perot an create an off-the-shelf virtualization asking a judge to force Johnson to “anchor” for other moves. The deal will package. Dell also has tweaked a line honor a noncompete clause. bring Perot Systems capabilities to a of servers to reduce heat emissions and much “wider set of customers” says optimize performance on Microsoft’s Time To Diversify Michael Dell, who envisions parlaying cloud-based Azure operating system. Integration risks aside, many ob- his company’s strength in numerous For its part, Perot brings integration, servers say Dell has little choice but to commercial segments into new accounts deployment, and systems management diversify. The recession, commoditiza- for Perot, which is on pace for $2.5 bil- expertise. It recently launched a cloud in- tion, and competition from a renewed lion in sales in the current fiscal year. tegration service, advising customers on HP have taken a toll on the company. Dell hopes to close the deal later this cloud offerings and how to combine Dell’s PC sales slumped 33% in the most year or in early 2010. Meantime, cus- cloud-based products from different ven- recent quarter, while sales of servers and tomers of both companies will need to dors, and Perot can host and manage it storage products were off 22% and 19%, keep a close eye on the merger. For hard- all from one of its massive data centers. respectively. The company’s reliance on ware buyers, there’s the potential to fall Michael Dell says it’s a winning hardware-related products for 90% of its victim to up-selling as Dell will no doubt v o

hand, combining “two iconic IT revenue has saddled it with an anemic push service offerings to to its existing d n a L / brands who share a common vision of operating margin in the 5% range. client base. And Perot customers need to e u q r a

reducing IT complexity and total cost JPMorgan analyst Mark Moskowitz guard against bundled deals that look m a L n i

of ownership.” called the Perot deal “a good first good up front but hide the true cost of v e K / s It sounds good, but Steve Martin, a step” in Dell’s campaign to cut de- the individual pieces. —Paul McDougall r e t u e

partner at Pace Harmon consultants, pendence on boxes. ([email protected]) R

18 Sept.28, 2009 informationweek.com [QUICKTAKES]

USING GOOGLE DOCS? charges a monthly fee. The Google Docs, Google’s online whole On Demand program word processing app, is becom- “is being reviewed right ing more popular among business users, IDC finds.Almost now,” Keever says. 20% of 262 executives in an IDC In a June conference call, survey say Google Docs is CEO Larry Ellison said widely used in their organiza- Oracle’s goal is to be the tions, up from less than 6% in To be No.1, everywhere “No. 1 on-premises appli- October 2007.It’s not yet re- [ placing Microsoft Office, which cation company, and the 97% of respondents use, but it SUBSCRIPTION PRICING No. 1 on-demand applica- sounds like there’s a new bar- tion company.” This will re- gaining chip in the upcoming Oracle Sounds Serious quire a “very gradual shift Office 2010 negotiations. over a period of a decade,” “Longer term, the two are on a collision course,”says IDC’s About Midmarket SaaS he said, adding that Oracle Melissa Webster. expects its on-demand racle is considering So far, the vendor has lim- business to grow faster than INTEL’S LAPTOP TURBO Ooffering its software ited the SaaS model to Ora- its on-premises business. Intel has brought out its high- aimed at midsize compa- cle On Demand CRM and However, Ellison didn’t est-performing mobile chips to date with its Core i7 quad-core nies using a subscription- Beehive, its relatively new commit Oracle to a multi- processors for laptops,including based, software-as-a-service collaboration software. Ora- tenant approach. top editions for gaming and model that the company cle offers conventional app Midmarket companies are professional workstations.Based has largely steered clear of hosting under its Oracle On clamoring for on-demand on Intel’s 45-nanometer Neha- to date. Demand program, using a options, Keever says. Ora- lem microarchitecture,the chip’s trick is a “turbo boost”that in- One possibility it’s consid- single-tenant model in cle’s largest U.S. midmarket creases the clock speed of the ering is subscription-based which a customer pays the integrator, DAZ, reports individual cores dynamically to pricing for the JD Edwards same license and mainte- 70% to 80% of customers meet workload demands. ERP suite, which mostly ap- nance fees it would to run want Oracle software hosted. peals to midmarket compa- software on premises and They “don’t want to be in the MORE FROM MULESOFT MuleSoft,supplier of the light- nies. “It’s on Safra’s desk,” also pays Oracle for the data data center business,” he weight open source enterprise says Mark Keever, VP of Or- center resources to run it. In says. —Mary Hayes Weier service bus Mule,is adding a acle’s midmarket application contrast, a multitenant SaaS ([email protected]) lightweight application server, program, referring to Oracle model generally shares Tcat Server,to its portfolio.Mule- president Safra Catz. “It’s servers and other data cen- Read Bob Evans on Oracle-SAP Soft is the renamed MuleSource, an open source company something we’re interested ter infrastructure across midmarket plans: information headed by Ross Mason that sells in doing at Oracle.” multiple customers and week.com/1241/evans4.htm subscriptions for the Mule ESB. Mason calls Tcat Server,based ROGUEWARE on Apache Tomcat Server,a new type of app server that will be used as “Web middleware,”let- Microsoft Takes On ‘Malvertisers’ ting IT manage from one location instances of Tomcat in the icrosoft is trying to to be a Vonage ad turned Microsoft doesn’t even cloud or on premises. Mtake a hard line on ma- out to be malware that know the names of the alleged licious online advertisers— served readers fake warn- crooks, however, as the suits MICROSOFT ERP DEALS Microsoft built its ERP business “malvertisers”—by filing five ings that their computers are part of its attempt to find on acquisitions, and it’s at it state civil lawsuits against were infected, along with a and stop them. Investigators again, buying industry-specific suspected fraudsters in what link to buy “antivirus soft- have leads that could be used software from four small ERP the software giant claims are ware” to clean them up. to subpoena service providers, vendors that’ll be added to its the first-ever legal moves This type of rogueware is companies, and people with Microsoft Dynamics AX suite. against this activity. becoming more efficient and knowledge of the fraudsters’

The software focuses on pro- r k c i l

The suits come on the lucrative, with 374,000 new identities, Microsoft says. F

cess manufacturing, profes- / a b a sional services, and retail. heels of an attack on the versions of rogueware ap- —Kelly Jackson Higgins, r u k a S

New York Times’ Web site, pearing in the second quar- DarkReading.com i h c i u

where what was purported ter, PandaLabs finds. ([email protected]) Y

20 Sept.28, 2009 informationweek.com [QUICKTAKES]

WHERE’S AMAZON? Project Aims To Crack Proprietary Clouds

group of prominent ect. Amazon isn’t, though Acloud computing ven- Gutmans says open source No“teaser”trials for them dors—Amazon.com is no- developers will ensure that [ tably absent—is rallying be- Amazon’s EC2 computing WIRELESS hind an open source project service is included. Gutmans that promises to make appli- says discussions are happen- Verizon’s 4G Big Bang cation services available ing with Amazon about join- across data centers. Zend ing “and the door is always erizon Wireless plans to vices such as Irex Technolo- Technologies, supplier of open.” Simple API also will Vlight up its 4G network gies’ e-book reader, General the PHP scripting language, provide access to cloud doc- based on LTE technology in Motors’ OnStar system, and launched the Simple API ument storage services, in- one fell swoop next year, even court-ordered elec- project, with IBM and Mi- cluding Amazon’s SimpleDB. rather than deploying it in a tronic bracelets. Verizon crosoft among the first ven- Simple API also will pro- conventional market-by- has certified more than 55 dors to sign on. vide access to queue ser- market rollout. devices to operate on its 3G Providers of cloud com- vices, which move messages The deployment “will be network, and they’ll be puting, meaning on-demand between two remote com- as close to all at once as available for use with the capacity delivered over the puters and ensure delivery. possible,” says Tony Mel- LTE network. The com- Internet, each tend to have IBM will contribute ad- one, Verizon Wireless’ chief pany, jointly owned by Ver- some proprietary parts, mak- apters for its cloud services technology officer. “We izon and Vodafone, has trial ing it difficult for an applica- and data storage. Microsoft want to give our customers sites outside Boston and tion to work with services will supply the project with a significant footprint,” he Seattle. from more than one provider a PHP software develop- adds, not “tease” them with Amid persistent rumors at a time. The goal of the ment kit for its Azure cloud trial rollouts. that the LTE rollout is be- LTE (for Long Term Evo- hind schedule, Melone in- lution) is the carrier’s next sists it’s on track, though Even basic operations aren’t portable generation of wireless the carrier hasn’t given spe- across vendors’ clouds, Gutmans broadband. It promises cific launch dates beyond says, and that’s stalling adoption. greater speed and capac- pledging to have 25 to 30 ity—key considerations for markets live next year. By Zend-led project is to provide services, which are due to companies pushing more the end of this year, the a common API set from go live in November. PHP, enterprise applications to company will have an app which developers may call already widely used to build smartphones. store set up so developers services regardless of which Web sites and Web apps, However, wireless users can build products and vendor data center they’re in. frequently will be the lan- will need to buy new de- services that tap LTE’s Cloud adoption is being guage for cloud applica- vices to take full advantage bandwidth. slowed by “the lack of porta- tions, predicts Lew Moor- of LTE’s speed, Melone says, Rival AT&T plans field bility across cloud applica- man, chief strategy officer though existing devices will trials of LTE in 2010, with tion services for even the for Rackspace Cloud. continue to work as they deployment in 2011, saying most basic operations,” says Simple API may also be- have. The LTE network will that’s when sufficient 4G- Zend CEO Andi Gutmans. come an enabler of private use much of the infrastruc- compatible devices will be Through Simple API, an ap- clouds, where an application ture of Verizon Wireless’ available. For next year, it’s plication should be able to running in a company’s own existing CDMA network, in- promising upgrades of its tap into different vendors’ data center can call external cluding towers and back- 3G network—to HSPA 7.2 services without the need to cloud services or shift part of haul gear. technology—in 25 of the 30 change the app’s interface. its workload to an external LTE will connect conven- largest U.S. markets. Rackspace and Nirvanix cloud. —Charles Babcock tional mobile phones and —W. David Gardner also are members of the proj- ([email protected]) smartphones, as well as de- ([email protected])

22 Sept.28, 2009 informationweek.com [QUICKTAKES]

New Look For USA.gov Gold In The The General Services Admin- istration plans to upgrade its USA.gov site and improve Clouds search capabilities across se- lect federal Web sites. USA.gov, the government’s main public-facing Google wisely showed needs. Among the re- Web portal, will get a new up at the U.S. government’s quirements that cloud look and content manage- recent cloud computing an- service providers can ment capabilities in the nouncement with a plan to anticipate: dedicated [Kundra has a plan next 12 months, says Dave offer cloud services tailored infrastructure rather McClure, GSA’s new associate to the needs of government than multitenant; location- 110,000 square feet of data citizen services and commu- agencies. You can bet that specific data storage inside center space in northern Vir- nications administrator. Amazon.com, IBM, Mi- the United States; detailed ginia, according to DataCen- Changes to the site are crosoft, Salesforce.com, and information on data center terKnowledge.com. And easier now that it’s hosted by other cloud providers will facilities; accreditation in Amazon CTO Werner Vogels Terremark’s Enterprise Cloud follow suit. designated government in a blog post says he’s “look- services, McClure says.That’s In a speech at the NASA specifications (FISMA, for ing forward to working saving about $1.7 million a Ames Research Center, fed- example); and government- closely with the federal CIOs year on operations and capi- eral CIO Vivek Kundra out- specific licensing terms. to make sure our services can tal, and the site responds lined how cloud computing These are not insignifi- meet their requirements.” faster to demand spikes. will help the government re- cant changes. For example, Salesforce has been a McClure wants to use im- duce costs and simplify IT offering cloud services on longtime proponent of the proved search to make infor- architectures. The govern- dedicated hardware is a multitenant architecture, mation more accessible.“We ment spends $19 billion a have a tsunami of informa- year on infrastructure main- Bottom line: Cloud providers see tion,” he says.“The chal- tenance alone; if even a government dollars on the horizon. lenge isn’t necessarily put- small portion of that sum [] ting information online or shifts to cloud services, even accessing it. It’s put- providers could net millions break with the multitenant but Marc Benioff’s company ting information online in a in government money. architectures that many already knows how to break way that’s easy to consume I have no inside informa- cloud service providers from that mold. and digestible.” tion on Amazon, IBM, Mi- prefer. But they will do And Microsoft, in a re- The search strategy may in- crosoft, or Salesforce, but what they must to get the markable display of cloud clude using machine-learning the opportunity to offer business of federal cloud portability, is already taking for improved results and let- cloud services to Uncle customers. steps to move its Windows ting users sift through multi- Sam is simply too great for Google’s plans include en- Azure cloud infrastructure ple content types.One goal is them to pass up. And it’s suring that all federal data from a data center in one to integrate search across clear the feds are eager to remains in the United state to another to avoid a sites,including Recovery.gov, deploy cloud services. Wit- States. Security checks will hefty cloud tax. You can be Data.gov,and USAspending ness the nascent Apps.gov be conducted in conjunc- sure that Microsoft is capa- .gov.GSA may even offer site, announced by Kundra tion with government agen- ble of developing a govern- search as a service to other at Ames, which lets federal cies on Google’s data center ment cloud. agencies,McClure says. agencies buy and deploy employees. Google was the first ven- t r —J. Nicholas Hoover cloud apps. There’s growing evidence dor to reveal plans for a gov- a H c i n ([email protected]) Of course, commercial that cloud providers are ernment cloud. It won’t be i m o D cloud services will be preparing to serve this mar- the last. —John Foley / A S A

tweaked to suit government ket. Amazon has leased ([email protected]) N

24 Sept.28, 2009 informationweek.com [COVER STORY]

Most CIOs aren’t on the Windows 7 upgrade path just yet.Time to start planning.

By J. Nicholas Hoover

o one ever system from another era, particu- got fired for not buy- larly in terms of security, and is losing Windows Vista. ing Microsoft support. Still, just 16% of Let’s face it: CIOs didn’t have companies plan to implement Windows 7 to make that tough a call on the last big within a year, our InformationWeek Analytics survey of PC operating system upgrade. With three- 1,414 business technology pros finds, while just over a fourths of companies skipping Vista and third have no plans. sticking with XP, according to our latest re- The good news is that Windows 7 is looking like a Nsearch, it became clear soon after the Vista launch that the solid operating system—nine of 10 companies that have safe bet was for companies to avoid the OS, with its appli- tested it rate it as at least satisfactory, and more than a cation compatibility problems and heavyweight hardware third consider it excellent. Vista, in comparison, even to- requirements, and wait for the next version. day gets a poor rating from 43% of survey respondents. Now it’s decision time. “The pervasive view out there is that 7 is probably better Windows 7 is here for businesses (the consumer re- than Vista, and I’m buying it,” says Jim Green, CIO of lease is scheduled for Oct. 22) and holds tantalizing im- Los Angeles County Public Health, which has about provements in terms of security, employee productivity, 5,000 PCs. “We’re not applying the old, standard ‘wait and bandwidth management. Think about it. Are you re- till SP1’ approach. The strategy is to begin upgrading as ally playing it “safe” to stick with stable and trusted friend soon as we can.” XP again, despite the fact that it was first released eight Green’s in the middle of a PC refresh now and has been years ago? Consider that this safe haven is an operating moving new PCs to Vista, but his employees have the

26 Sept.28, 2009 informationweek.com [COVER STORY] WINDOWS 7

most up-to-date technology at home and want it at work, he says. He sees WHAT’S YOUR TIMELINE FOR WINDOWS 7 DEPLOYMENT? significant usability improvements in Don’t know Within 6 months Windows 7, to which he’ll upgrade 13% 6% many of the agency’s PCs. Within 12 months At ETS-Lindgren, which makes en- 10% ergy measurement and management products, the reasoning is concrete 10% Within 24 months cost savings. Global IT architect Jeff No plans at this time 37% Border says 70% of the company’s 3% Longer than 24 months 600 existing PCs can run Windows 7 14% without the major hardware upgrades As needed to replace retired PCs Vista requires. So he expects he can 3% 3% Other slow new PC purchases while still 1% Whenever Windows 7 Service Pack 1 releases Whenever Windows 7 upgrading older machines to Win- Service Pack 2 releases dows 7. Plus, he cut licensing costs by negotiating to become an early Data: InformationWeek Analytics Windows 7 Survey of 1,414 business technology professionals adopter. For food giant Del Monte, the over- dissatisfaction driving people off Win- In fact, the biggest factor driving all picture of an operating system that’s dows XP, which runs on about eight of companies to upgrade is the end of XP easier to use is the productivity pay- every 10 business PCs. Taken to- support, which doesn’t sit well with off, even if it can’t pin that down to a gether—positive reviews of Windows 7, many CIOs. “I really don’t like the ex- hard ROI. “If you have a computer XP’s ongoing popularity, and Vista’s on- tremely costly upgrade cycle Microsoft that you’re using 40 hours a week, and going flop—just about half of all com- kind of forces on you,” says Jay Wallis, you’re traveling with it, and it’s easy to panies have firm plans for a Windows CIO of commercial roofing company use, easy to start up and shut down, 7 deployment, ranging from the next six Empire Roofing, who has no firm plans easy to find things, and you don’t have months to more than two years. for Windows 7. “Right now, for us at to become your own little IT people to least, XP seems to be a very stable plat- diagnose your own problems, that’s an The XP Factor form, so rocking the boat is something increase in productivity,” says Microsoft is giving mixed messages we have to take very seriously. At least Jonathan Wynn, Del Monte’s manager about the death of XP. Mainstream sup- through the Vista part of history we’ve of advanced technology and collabo- port for the OS ended in April, mean- gone through now, I’m a little distrust- rative services. ing Microsoft will offer security up- ful of Microsoft.” In fact, Wallis consid- Wynn also believes that giving em- dates but no free tech or warranty ers XP to be so stable that he’s not very ployees the latest Microsoft software support, with hot fixes for Software As- worried about losing the extra support helps employee retention. Yet compat- surance customers. Extended support from Microsoft. ibility problems scared Del Monte will end in 2014. However, Microsoft, That’s a sentiment we hear echoed in away from Vista, and its 2,900 PCs al- bowing to market pressure, agreed to many of our executive interviews. The most all run Windows XP SP3. Now let customers downgrade to Windows University of Massachusetts Memorial the company hopes to start migrating XP until April 2011. (Companies can’t Hospital also is sticking with XP. to Win 7 within a month. buy XP anymore, so to stay on it they “There’s a point when we will move While Win 7 tempts, there’s no great buy Vista and downgrade to XP.) out of XP because it will simply run out of support,” says CIO George Benckle, but for now, he’ll rely on DIG DEEPER Why Business IT Shouldn’t Shrug Off Chrome OS baseline support. Google’s plan for an operating system isn’t just consumer Benckle’s decision isn’t for lack of tech glitz.It also sends a message about where the Web research. His team is running Win- plays in the future of your employees’desktops. dows 7 in its labs, but none of the new operating system’s features stand Download at informationweek.com/alert/chromeos2 out enough to demand a change. “Is there anything Windows XP can’t do?” See all of our reports at analytics.informationweek.com he says. “I just can’t make those fea-

28 Sept.28, 2009 informationweek.com ture arguments to save money with older PCs. Microsoft did a number of Windows 7.” things under the hood in Windows 7 Plenty of people agree. The lack of a to improve the use of RAM and multi- business driver for upgrading, and the processing. While Microsoft recom- lack of a solid ROI case, are among the mends the same hardware for Win- top five barriers to Windows 7 adop- dows 7 as for Vista, several early tion, according to our survey. But there adopters plan, based on their testing, are actually plenty of things Windows to run the new OS on PCs with as lit- 7 can do that XP can’t. tle as 512 MB of RAM. Improved security is a major driver Pacific Northwest National Labora- behind the decision to upgrade, right tory is one of those. Having skipped behind the end of Windows XP sup- Vista, it plans to be “very aggressive” in port. XP lacks support for Network rolling out Windows 7, says CIO Jerry Access Protection, which came with Johnson. He’s most interested in Win- Vista and continues in Win 7. That dows 7’s security features, which fit provides the ability to control a com- with the focus the Department of En- puter’s access to a corporate network ergy—of which Pacific Northwest Lab based on its security settings. Vista also is a part—is putting on cybersecurity. brought in BitLocker hard-drive en- But his move will be hastened by the cryption and User Account Control se- fact that Windows 7 can run on those curity prompts, while Windows 7 adds smaller-RAM PCs. BitLocker To Go, which encrypts USB At ETS-Lindgren, where global IT keys. BitLocker setup also has been architect Border estimates that Win- simplified and User Account Control dows 7 can run on 70% of the com- made less intrusive. pany’s PCs, the company hopes to have Windows 7 also gives IT more con- Windows 7 on as many as half of its trol over the applications users can PCs by April, while allowing the com- run, thanks to AppLocker. AppLocker pany to buy fewer new PCs. “There are lets admins create a whitelist of apps a lot of assets we have that we could that can be installed, plus room for ex- actually keep and renew the warranty ceptions based on hashes, vendor or on rather than replace,” he says. “I’m file name, file version, and product telling my finance people this is an op- name. It can manage executables, Win- tion we have that we didn’t have be- dows installer files, and DLLs, so that fore.” Border also recently renegotiated employees don’t install or use incom- his enterprise licensing agreement with patible, dangerous, or unwanted soft- Microsoft, slashing his costs by adopt- ware or files. ing early. Windows XP has none of those fea- Microsoft also is promising that tures and requires additional software new tools in Windows 7 will cut help or hardware purchases to add them. desk calls. For example, employees “Windows XP came out in 2001. Data can use a feature to record an error compliance, leakage, all those things and send the video to the help desk. have changed since then, and that’s New troubleshooting features let help what’s keeping people up right now,” desks set up automatic troubleshoot- says Jason Leznak, a group product ing scripts for common problems. manager for Windows. However, even companies that covet Windows 7 features will face a big bar- Win 7 Easier On The Hardware rier given tight IT budgets. Garry One big rap against Vista was the Robinson, IT manager for KSLA News beefy hardware requirements—in- 12 in Shreveport, La., has been testing cluding 1 GB of recommended RAM Windows 7 for six months and likes —that made it impractical to run on the new security options, especially [COVER STORY] WINDOWS 7

AppLocker. But the station recently hardware, Microsoft released new or full install. To keep all the programs put PC upgrades and new operating improved compatibility testing tools for and settings in a move from XP to system licenses on hold. “If things get Win 7 to software vendors, system Windows 7, large companies can use better in 2010, we could start replacing manufacturers, and even companies Microsoft’s User State Migration Tool existing machines,” he says. looking to upgrade. or its System Center Configuration In terms of customer complaints Manager. Smaller customers will need Microsoft Learns Its Lessons about Vista, “there was a lot to go to back up individual PC data else- Microsoft CEO Steve Ballmer struck around,” acknowledges Jon DeVaan, where and use the Windows Easy a defiant tone when speaking to finan- Microsoft’s senior VP of Windows core Transfer tool. Microsoft also advises cial analysts this summer about the up- OS. “The biggest part of that was that companies upgrading from XP to coming Windows 7 release. “I think we had to work differently. We had to Windows 7 to do compatibility test- many of you think we have problems be a more reliable partner, and we had ing with the Application Compatibil- we don’t have in the Windows busi- to deliver higher quality.” ity Toolkit. ness,” Ballmer said. Microsoft also is offering a number Having skipped Vista, Del Monte Still, Microsoft does seem to have of new or upgraded free tools to help this time is working closely with Mi- learned the hard lessons of Vista. For companies work through their de- crosoft to ensure application compat- example, Microsoft early on promised ployment cycle, including an asset ibility, using Microsoft tools to deter- Vista would have a whole new file sys- management tool, the application mine if software is attempting to write tem, which it then didn’t deliver. With compatibility tool, and a deployment data to directories or make calls to Windows 7, the company kept mum tool to help with data migration from files that no longer exist in Windows on features until it was sure; there was XP machines. 7. With help from a Microsoft engi- no mid-development overhaul this That’s one source of Win 7 com- neer, it developed what it calls time. To avoid the reputation Vista plaints—companies can’t upgrade di- “shims” to force otherwise incompati- earned for incompatible software and rectly from XP to Win 7; it requires a ble programs to run on Win7. The

INFORMATIONWEEK ANALYTICS Win 7’s Server Ties—Blessing Or Curse? indows 7 is getting most of the fanfare,but Win- “better together”may work well for marketing,but in the real dows Server 2008 R2 also hit the enterprise last world, companies deploy server and desktop operating sys- month. Since many of Win 7’s top features re- tems on different schedules and with different priorities. Re- Wquire running R2, you’ll need to factor the new quiring IT to fully convert its network in order to take advan- server operating system into your desktop plan. That could tage of functionality is counterintuitive. create problems for IT teams. Consider BranchCache.It’s a great feature that dramatically In our recent InformationWeek Analytics Windows 7 survey, improves network file access throughout the entire network, two-thirds of the 669 respondents with Win 7 deployment not just in remote offices.Problem is,it works only with R2 and plans cite the operating system’s new features as the primary Win 7 clients, with no functionality at all for XP or Vista. The driver or a contributing factor to migrating.Yet key Win 7 fea- result is a chicken-and-egg situation: A company’s server tures,including DirectAccess,BranchCache, improved search, team is likely to delay a major upgrade until it benefits the power management,and better offline folder access,depend majority of end users.Meanwhile,desktop groups will see not on R2 server functionality. That was by design, as Microsoft having access to these features as one more reason to put off consolidated the two core development teams, desktop and Win 7 deployment.The answer for CIOs looking to break the server, as one application group. logjam may be to tempt server teams with server-centric fea- “We really got some engineering efficiencies from joint de- tures, such as the Active Directory recycle bin. Once R2 is in velopment,” says Ward Ralston, Microsoft’s group product use, the Windows 7 client is markedly more attractive. manager for Windows Server.“We were able to take some fairly complex design enhancements and focus them around Michael Healey ([email protected]) is president of Yeo- the single release schedule.” man Technologies. This is an excerpt from an upcoming In- However, while joint development allows for a tighter fea- formationWeek Analytics Report. See more of our original ture set,the idea breaks apart once you leave the lab.The term research at analytics.informationweek.com

30 Sept.28, 2009 informationweek.com [COVER STORY] WINDOWS 7

company also has worked to create a KSLA’s Robinson sees XP Mode as a dows 7 system requirements. formal XP-to-7 upgrade process using good option for running applications For large deployments, companies System Center Configuration Manager that have trouble printing from Inter- will have to be Software Assurance that takes about 30 minutes for a full net Explorer 8, which comes bundled customers and shell out extra money upgrade, leaving users’ files and docu- with Windows 7. “From what I’ve per client to access the Microsoft Desk- ments as they were. been able to do in my testing, I have top Optimization Pack and Microsoft Still, with Vista’s application compat- not found anything that wouldn’t be Enterprise Desktop Virtualization, or ibility problems still fresh in mind, and able to work in the XP virtual ma- MED-V, which includes management the huge XP installed base, the Win- chine,” he says. features. Another possibility, also indows 7 feature that companies plan to Yet some may find XP Mode less use- cluded in MDOP, is Microsoft’s App-V use above all others is one that lets ful than they’d hoped. First, it requires application virtualization technology. them hedge their bets: XP Mode. that a full version of XP be installed on XP Mode, a virtualized instance of any PC that uses it. Second, Microsoft The App Compatibility Test XP that runs alongside Windows 7, is aiming XP Mode mostly at con- Application compatibility looks lets companies run applications that sumers and small businesses and hasn’t much further along than at the same break under Vista or Windows 7. The included management tools; XP Mode point in Vista’s release, but it remains a end user can load those applications has to be installed and managed at each major concern: It’s the second biggest like any other, from an icon on the individual PC. Third, it requires an ex- barrier to upgrading, according to our desktop or via the start menu. tra 1 GB of RAM beyond initial Win- survey. After all, Windows 7 was built

IN PRACTICE 32-Bit Gear In A 64-Bit World he whole Windows line—XP, Vista, Win7, and server Enter the convoluted workarounds: I set up a print-to-PDF editions—has been shipping in 32- and 64-bit edi- driver on my 64-bit machines and had the results printed by tions,and most new hardware comes with 32- and 64- default into a shared directory that the 32-bit machine would T bit device drivers. poll periodically for new documents. Or, print to .PDF on the But what if you’re migrating a printer, scanner, or Webcam local machine,and then invoke an XP Mode instance of Acro- from an age before 64 bit? That can be a problem.While 32-bit bat Reader to print. apps generally run fine on 64-bit Windows,32-bit device driv- Scanners are the other hardware class hard hit by the ers aren’t so lucky.There’s no mechanism in Windows to take a 32/64-bit changeover.Like printers,they tend to remain in use 32-bit device driver,wrap it in an emulation layer,and use it in a long time.The best fix comes from programmer and former Win64. So here are some options for keeping that hardware NASA/Jet Propulsion Lab staffer Ed Hamrick, who wrote Vue- working and out of the landfill. Scan as a generic device driver to work with a staggering vari- Windows 7’s XP Mode is one option, since it creates native ety of scanners.It has limitations,but for $40,it’s cheaper than 32-bit support through a copy of XP in a virtual machine. But a new scanner. XP Mode doesn’t allow direct interface to the device.You need Another solution is the virtualization approach described an application.For a scanner,you use a program to acquire an above for printers.A third possibility is to use a Linux box or a image from the scanner; for a printer, a program to perform a virtual machine with the scanner plugged into it, and access print action. that remotely.Most any scanner you have should work as is. In general,32-bit printers involve either a very quick fix or a When it comes to 32- vs. 64-bit systems, we’re in a transition very convoluted process. The quick fix: If the printer under- phase, something like the 16- to 32-bit transition that took stands generic PostScript or Hewlett-Packard’s PCL, you can place when Windows 95 gradually eclipsed Windows 3.1. Until likely install a generic 64-bit driver. HP offers one, as does all that legacy hardware is out of service—which may not be VueScan.The bad news is that advanced features such as col- for a good long time to come—the 32/64-bit divide will need to lating will be lost. be spanned with ever-increasing creativity. The worst case is a printer that uses a proprietary wire pro- —Serdar Yegulalp ([email protected]) tocol, not PostScript or PCL. Ink-jet printers are infamous for this, as well as some laser printers, like my HP LaserJet 1000. Longer version at informationweek.com/1241/windows7.htm

32 Sept.28, 2009 informationweek.com on the same code base as Vista, so if an BranchCache. (Your mileage may vary.) application still doesn’t work on Vista The new server operating system today, it more than likely won’t work will be a tough sell alongside a sub- on Windows 7. stantial desktop investment. To make And there are some kinks still to be it, the OS also promises more sophisti- worked out. Symantec, for example, is cated server virtualization, particularly working to fix an endpoint security Live Migration, which allows the software incompatibility that creates a movement of running virtual ma- prompt showing a Windows 7 PC isn’t chines among physical servers, a fea- secured when in fact it is. Del Monte is ture that’s revered by users of VMware, one of several companies that cited this the No. 1 virtualization vendor. Gart- specific problem as holding back plans ner recently predicted that Microsoft’s to move to Vista right away. virtualization market share would Older industry-specific and financial Johnson:“Very aggressive” Win 7 plan triple by 2012, as it continues to in- apps often are a problem, as companies [ crease its functionality. Other server need to weigh whether it’s worth as they continue to support VPNs until additions are a management interface rewriting the app to be compatible all employees are on DirectAccess. for Active Directory that lets admins with a new operating system. “In Vista, ETS-Lindgren plans to deploy Win- restore accidentally deleted identities, your only choice was to fix the app,” dows 7 and Windows Server 2008 R2 an enhancement to let virtualized ap- says Tony Scott, CIO of Microsoft, hand-in-hand and is considering Di- plications appear in a PC’s start menu, which already has rolled out Windows rectAccess for its hard cost savings. In support for up to 256 logical proces- 7 to more than 100,000 employees order to support Windows 7, it sors, and the ability to automatically and contractors. “However, today would need to upgrade its Cisco VPN classify and set policies for files based there’s a lot of different virtualization software, increasing that license cost. on their type. technologies you can use to mitigate But if DirectAccess passes its per- In this economy, it would be against those issues, so it’s not a binary formance tests, it won’t need the shocking to see a stampede to Win- go, no-go kind of thing.” Cisco software and thus could elimi- dows 7 unless it promised hard cash nate that recurring cost, while also savings, which it doesn’t. Still, it’s Features Employees Will Notice simplifying connectivity for its global surprising to see more than a third of Two of the most hotly anticipated workforce, Border says. companies with no plans for Win 7. features of Windows 7 are DirectAc- BranchCache caches content either More than half have done some test- cess and BranchCache, each of which on a dedicated caching server in a re- ing, at least. requires the new Windows Server mote office, or by using peer-to-peer For those laying plans, the driving 2008 R2 to be installed as well (see caching on PCs in that office. Access- forces are the end of XP support and story, p. 30). ing the cached content doesn’t eat up improved security, and after that some DirectAccess lets end users access precious WAN capacity. However, impressive new features. Some, like Del corporate networks remotely without BranchCache doesn’t do some of the Monte, trust that the upgrade will de- having to sign on with virtual private more advanced protocol tweaking of liver on hard-to-measure productivity network software. As soon as a Win- more expensive, standalone WAN op- improvements and employee retention. dows 7 PC configured with DirectAc- timization appliances. In the end, Microsoft has come up cess boots up and finds an Internet ETS-Lindgren is just starting a pilot with a solid operating system, yet it has connection, it authenticates via an en- test of BranchCache, but Border says it a lot of work to do to bring businesses crypted tunnel to a DirectAccess can defer some additional spending on around to upgrading. They skipped server. The related VPN Reconnect fea- WAN optimization. “We have some Vista, stayed on XP, and don’t feel any ture automatically reconnects users to pretty tough users, 12 permanent loca- worse for having done so. Their budg- their VPN if a connection is lost. tions around the world, and we’ve ets don’t have room for nice-to-haves. To the user, the DirectAccess benefit spent a lot of money on WANs and So, yes, Microsoft makes a more com- is rather simple: no more annoying WAN optimization technology,” he pelling case for upgrading to Windows VPN to log into. IT departments could says. In a Microsoft case study, Tai- 7 than it did for Vista. But it needs to.

n see the savings from not making fur- wanese IT services company Systex es- a v i l l u

S ther investments in VPN infrastruc- timated it will save 20%, or $100,000, Write to J. Nicholas Hoover at m o T ture, though that might be long term on its annual bandwidth costs by using [email protected]

Sept.28, 2009 33

Our first-ever compilation of top tech executives in federal, state, and local government—and how they’re managing new expectations

The job of government CIO hasn’t employees and 300 million “customers.” hasn’t gotten easier, but it’s certainly grown more Kundra is challenging his peers to manage all interesting. CIOs at federal agencies are under of that more effectively, efficiently, and securely, pressure to adopt new technologies, deliver on while exposing data feeds in the interest of gov- the promise of “open government,” and shed ernment transparency. He wants federal CIOs to outdated procurement practices. At the state and concentrate less on infrastructure and more on local level, the pressures are much the same; the “unlocking value.” To do so requires fresh ap- resources, often less. proaches—cloud computing, social media, de- How are CIOs managing these challenges? In- velopment competitions, bite-size IT projects. formationWeek and our recently launched Informa- CIOs in many government offices are respond- tionWeek Government set out to identify top tech- ing. Our list includes IT leaders from the Depart- nology leaders at all levels of government who are ment of Defense, NASA, the intelligence commu- embracing and responding to these new expecta- nity, and civilian agencies, in addition to cities tions. Our top 50 is a Who’s Who of government and states. There are a handful of non-CIO titles IT influencers from San Francisco to Washington. here, too—executives such as Jeffrey Zients, the One of the things that sets government IT Office of Management and Budget’s chief per- apart from most corporate IT departments is formance officer, whose responsibilities are sheer scale. It’s one of the first things that federal joined at the hip with those of federal CIO Kun- CIO Vivek Kundra points to when he talks about dra and federal CTO Aneesh Chopra. the task at hand. Federal agencies spend a com- Some of these CIOs you’ll recognize; others bined $76 billion annually and manage more keep a low profile. All have their work cut out than 10,000 systems, in support of 1.9 million for them.

By John Foley and J. Nicholas Hoover, with Siddharth Ninan

informationweek.com Sept.28, 2009 35 [GOVERNMENT CIO 50]

Aneesh Chopra White House

s the nation’s first federal CTO and associate director for tech- Anology in the White House’s office of science and technology policy, Aneesh Chopra advises the president on federal R&D spending on technology, attends a White House staff meeting each morning, and sits and projects, the IT Dashboard is on both the National Economic Coun- Vivek Kundra helping Kundra and agency CIOs cil and Domestic Policy Council. Office of Management and Budget make better decisions on how to In addition to areas such as biotech proceed with troubled projects. He’s and nanotech, Chopra is involved in also a proponent of cloud comput- plotting out administration plans for alk about a super-size IT ing and of revamping federal IT pro- the smart grid, cybersecurity, and budget. Vivek Kundra, the curement processes; the recently healthcare IT. Shortly Tfirst CIO of the United States, launched Apps.gov online store- after he took the fed- oversees $76 billion in federal IT front, where agencies can order eral CTO job, Informa- spending. In doing so, he’s putting an cloud services, represents both inter- tionWeek asked Chopra emphasis on execution, transparency, ests in one place. about his priorities. and a “new approach” to how gov- Kundra is urging federal CIOs to They included promot- ernment agencies think about their think differently about IT. He wants ing economic growth IT resources. them to focus less on data centers through technology in- In his new role, Kundra is trying and infrastructure, and more on how novation, supporting to duplicate some of his successes the government can serve as “a plat- Obama administration initiatives such as CTO of Washington, D.C., where form” for new kinds of applications as healthcare and broadband infra- he led efforts around opening gov- and services. “You can’t drive change structure, and instilling a culture of ernment data to the public, cloud if you’re spending your money on in- open government. computing, and improved project frastructure,” Kundra said a few Chopra helps agencies draw up management. weeks ago at the InformationWeek 500 their R&D budgets and is engaged Kundra’s been one of the Obama Conference. with academia and private industry, administration’s leaders on trans- As the U.S. CIO, Kundra is in touting the benefits of private sector parency and accountability, helping charge of policy and strategic plan- innovation. He sees deeper govern- to launch federal Web sites devoted ning for federal IT investments. He ment engagement with innovative IT to data streaming (Data.gov), stimu- also chairs the federal CIO Council leaders and the creation of regional lus tracking (Recovery.gov), and IT and oversees government-wide en- university alliances as ways to spur performance (IT Dashboard). By terprise architecture to ensure inter- innovation. Chopra has made several providing more data on IT spending operability and cybersecurity. trips to Silicon Valley in an effort to establish a dialogue with the tech DIG DEEPER industry and find ways to work Government 2.0:Technology Leadership Redefined together. Open Government Federal agency CIOs are being asked to support the In his prior job as Virginia’s secre- principles of open,collaborative,participatory government. tary of technology, Chopra advised High-Potential Technologies Security,virtualization,and business intelli- the governor on the intersection of gence are among the most promising technologies,according to our survey. government and technology, co- Management Challenges IT talent and procurement reform top the list. chaired the state’s healthcare IT coun- Get this at:informationweek.com/1242/report_govt2 cil, and encouraged development of Virginia’s technology industry. See all our reports at analytics.informationweek.com

36 Sept.28, 2009 informationweek.com [GOVERNMENT CIO 50]

tion’s cloud computing efforts, with federal CIO Vivek Kundra describ- ing GSA as a “center of gravity” for Linda Cureton its cloud initiatives. She has worked NASA with Kundra to develop a forthcom- ing cloud computing storefront— the new Apps.gov portal—which fter a year-long search, NASA will provide agencies with a stream- has just named Linda Cureton lined approach to procuring cloud- Aas its CIO. Cureton shifts over based resources. from her previous role as CIO of With a $550 million IT budget, NASA’s Goddard Space Center. GSA is responsible for the Data.gov NASA is moving ahead with IT and Recovery.gov Web sites. Some services contracts under the IT Infra- of its other IT investments include a structure Integration Program, valued property management and inven- at more than $4 billion. Reviewing tory system used by the GSA Public RFPs for that Buildings Service, a shared-services program will be Casey Coleman operation of financial systems for among Cureton’s General Services Administration GSA and other agencies, a long-run- first tasks. She ning order-processing system called also will manage FSS-19, and an online shopping the centralization n two years as the General Ser- source called GSA Advantage. Going and consolida- vices Administration’s CIO, forward, GSA will focus increasingly tion of IT at I Casey Coleman has standard- on identity and access management, NASA and will ized, consolidated, and begun to vir- Coleman says. have a hand in IT projects at NASA’s tualize the agency’s IT infrastructure, Coleman has an active public space centers. while incorporating ITIL best prac- presence, writing her Around The At Goddard, Cureton was a driving tices to cut costs and improve cyber- Corner blog and posting on Twitter. force in the adoption of social me- security and IT performance. She’s She was formerly CIO of the GSA’s dia—starting a popular blog, posting also expanded the GSA’s telework Federal Acquisition Service, headed to Twitter, and pushing development program. the agency’s office of citizen services, of a social network called Spacebook Coleman has emerged as a key and worked as a software and sys- that’s built with open source. She’s player in the Obama administra- tems engineer at Lockheed Martin. been an early proponent of cloud computing, too. A recent blog post titled “In Search Of The Lost Art Of IT Management” hints at how Cureton sees the role of the CIO. She refers to a need for dis- cipline and “artistry” in managing IT. “The CIO must evolve from being the deliverer of IT, because now most people can get that, to helping organ- Franklin Baitman Jeff Zients Ken Theis izations use that information to get Social Security OMB Michigan the knowledge they need for mission Baitman oversees IT As deputy director As CIO of Michigan, success,” Cureton writes. capital planning,e-gov- for management at Theis drives the state’s IT Before moving to Goddard, Cureton ernment,and cyberse- the Office of Manage- agenda and manages a was the deputy assistant director of the curity for the Social Se- ment and Budget, staff of 1,700.He re- office of science and technology and curity Administration. Zients oversees per- cently declared Michi- deputy CIO at the Bureau of Alcohol, The agency is building a formance manage- gan a “PCI compliant” Tobacco and Firearms, and she held $750 million data center ment across federal state.Next up: He’s con- various management positions up to to host exploding data agencies, including templating construction acting CIO at the Department of En- volume,including med- more than $75 billion of a data center for ergy. Earlier, she worked in various IT ical records. in IT spending. cloud computing. positions at the Department of Justice.

38 Sept.28, 2009 informationweek.com THE GOVERNMENT CIO 50 Full profiles at informationweek.com/1242/govcio50 Lonny Anderson National Security Agency Top tech exec at agency on leading edge of intelligence gathering Franklin Baitman Social Security Agency in early stages of constructing $750 million data center Roger Baker Veterans Affairs As new CIO,put 45 troubled IT projects on hold Dr. David Blumenthal Health & Human Services Sonny Bhagowalia Dept.of Interior Oversees advanced earthquake-detection system David Blumenthal Health & Human Services Brings physician’s point of view to national health IT coordination Blumenthal,the national Charles Boucher SEC Responsible for successor to popular EDGAR financial database coordinator for health IT, Dave Bowen FAA Top project is NextGen air traffic system is leading the effort to Robert Carey Navy Building enterprise network to replace Navy-Marine intranet use technology to mod- Michael Carleton Health & Human Services Has hand in development of national health information network ernize healthcare and Aneesh Chopra White House Top IT adviser to President Obama cut costs.One goal:a na- Brook Colangelo White House Provides technology to President Obama and staff tionwide interoperable, Casey Coleman GSA At center of federal IT procurement,including cloud computing privacy-protected net- Paul Cosgrave New York City Deployed wireless network;revamped emergency communications work for healthcare. Linda Cureton NASA New CIO assumes responsibility for multibillion-dollar I3P contracts Cybersecurity Coordinator White House Key,unfilled position;appointment expected shortly Michael Duffy Dept.of Treasury Implemented Electronic Federal Tax Payment System Stephen Fletcher State of Utah Developing statewide security framework and cloud strategy Chad Fulgham FBI Building Next Generation Identification biometric system Emma Garrison-Alexander TSA Employing advanced X-ray technology and biometrics at airports Priscilla Guthrie National Intelligence Promotes information sharing across 16 intelligence agencies Danny Harris Dept.of Education A Ph.D.who wears two hats:CIO and deputy CFO Jeffrey Sorenson Army Vance Hitch Dept.of Justice “OneDOJ”initiative promotes information sharing within agency The Army’s CIO since Jerry Johnson Pacific Northwest Lab Brings a business mind-set to national lab’s IT operations 2007,Lt.Gen.Sorenson Chris Kemp NASA Ames Developed one of U.S.government’s first compute clouds has been working to- Gopal Khanna State of Minnesota As president of NASCIO,has influence over state CIO issues ward a standard IT archi- Vivek Kundra OMB Oversees federal IT budget of $76 billion tecture.Areas of focus in- William Lord Air Force New to job;devising a more structured cyberdefense strategy clude virtualization, Melodie Mayberry-Stewart State of New York Pushing broadband and emergency communications enterprise data manage- Martha Morphy National Archives Driving effort to create national Electronic Records Archive ment and warehousing, Beth Noveck White House Key decision maker behind Obama’s government transparency push SOA,e-mail,and global Edward O’Hare GSA Helping to drive adoption of Networx network services contracts ID management. Troy Pearsall In-Q-Tel Behind-the-scenes player influences CIA tech investments Ross Philo Postal Service Managing big upgrade to consolidate three networks into one Nitin Pradhan Dept.of Transportation Strategy,policy leader with responsibility for $3 billion IT budget Tom Pyke Dept.of Energy Projects include public outreach on energy conversation Grant Schneider Defense Intelligence Agency Directs IT strategy behind military intelligence efforts Jim Seligman Centers for Disease Control Creating a “public health grid”and vaccine management system Jeffrey Sorenson Army Driving virtualization,enterprise data management,social media Ann Speyer Smithsonian Institution Tackling job of making art collection electronically accessible Richard Spires Dept.of Homeland Security Projects include digital overhaul to border security Al Tarasiuk CIA Bobbie Stempfley DISA Agency provides IT systems and resources to all military branches Projects Tarasiuk has Lemuel Stewart State of Virginia (former) Whistle-blower called attention to troubled outsourcing contract spearheaded as the Susan Swart Dept.of State Promotes use of social media,e-diplomacy,collaboration tools CIA’s CIO include Web Teri Takai State of California California’s first CIO tries to hasten completion of major projects 2.0 adoption, SOA, and Al Tarasiuk CIA Initiatives include Web 2.0,SOA,and IT modernization IT modernization.He Ken Theis State of Michigan Driving private sector partnerships for IT training and jobs reports to CIA director Chris Vein San Francisco Behind city’s 311 Twitter service and DataSF.com site Leon Panetta and is a David Wennergren Dept.of Defense Responsible for IT strategy that spans military branches member of the CIA’s cor- Chris Willey Washington,D.C. Apps for Democracy contest is a model for other metro areas porate board. Jeffrey Zients OMB Brings metrics-based approach to IT procurement,performance

Sept.28, 2009 39 [GOVERNMENT CIO 50]

The department also has Roger Baker developed TreasuryDirect, Veterans Affairs which lets investors buy and manage Treasury securities online. And Treasury’s Elec- tronic Fraud Detection Sys- lmost as soon as he took the tem has detected hundreds of reins as CIO of the Department millions of dollars of fraudu- A of Veterans Affairs earlier this lent tax rebate claims. year, Roger Baker began an overhaul Prior to joining Treasury, of how the department manages IT Duffy was deputy CIO at the projects. Department of Justice, where Veterans Affairs already had under- he directed development taken a review of 307 major IT proj- and implementation of the ects before Baker came in. He took agency’s law enforcement and coun- that information and ran with it, tem- Michael Duffy terterrorism information-sharing porarily halting 45 Treasury strategy and the deployment of a projects that had been multiagency tactical wireless com- identified as being over munications system. budget, past due, or ichael Duffy has been the At Treasury, Duffy is responsible for both, and reassessing Treasury Department’s CIO planning, acquiring, implementing, the best approach for M and deputy assistant secre- and managing the department’s tech- those that could be tary for information systems since nology resources. One area of atten- salvaged. 2007, leading the department’s IT tion is cybersecurity, where Treasury is He’s now looking to policy planning, security, and shifting its focus from the network turn the VA’s IT operations into a met- e-government initiatives. perimeter to data management and rics-driven, performance-based cul- Among Treasury’s recent projects is protection, Duffy said in a recent in- ture with the introduction of what he the Electronic Federal Tax Payment terview with Federal News Radio. In calls the Project Management Ac- System, which lets individuals and doing so, he’s looking to learn from countability System. As part of that ef- businesses pay federal taxes by phone the experiences of other federal agen- fort, the managers of any project that or online, saving the time and cost cies. Says Duffy, “One of my mantras misses three development milestones associated with paper processing. is, I don’t want to reinvent the wheel.” have to prove why it shouldn’t face the chopping block. “We need big change here at VA to change the culture that systems get developed in,” Baker says. He’s investing in healthcare IT—including interoperability between VA and Department of Defense health IT systems—working to strengthen cybersecurity at the VA after several wor- Beth Noveck Chris Vein Danny Harris risome breaches, and trying to improve White House San Francisco Education customer service. His team is creating a public IT performance dashboard that As deputy CTO for open As CIO of San Francisco As the Department of Ed- shows metrics beyond what’s available government, Noveck (city and county),Vein ucation’s CIO and deputy on the wider federal IT Dashboard. drives the Obama Ad- oversees IT strategy in CFO,Harris oversees IT Baker was brought in to the VA to be ministration’s trans- one of the country’s services,cybersecurity, a change agent and has a background parency initiatives, in- most tech-enabled and financial systems. that should help. He was formerly CEO cluding transforming metro areas.He recently The agency is redoing its of IT services company Dataline; CIO at WhiteHouse.gov into a oversaw a 311 Twitter student financial aid sys- General Dynamics and the Department platform for engaging service rollout that lets tems and has moved of Commerce; and an executive with the public in policy citizens report problems many IT operations to Visa, CACI International, and Verdix. discussions. and ask questions. managed services.

42 Sept.28, 2009 informationweek.com [GOVERNMENT CIO 50]

partment supporting 19 state agencies. Her private Paul Cosgrave sector experience includes New York City Ford Motor and EDS. Takai is California’s first state CIO and a member of ppointed New York City’s the governor’s cabinet. She commissioner of the Depart- advises Schwarzenegger on A ment of IT and Telecommuni- the strategic direction of IT cations in 2006, Paul Cosgrave has led resources, as part of the the city’s IT with a focus on e-govern- state’s broader moderniza- ment and customer service. tion and transformation ef- Cosgrave conceived and implemented forts. Her CIO Web site “PlanIT: Better Government Through (www.cio.ca.gov) includes a Customer Service,” described as the strategic plan and project-tracking city’s first-ever comprehensive tech strat- Teri Takai feature that lists major IT projects by egy for coordinated, effective, and effi- California cost and scorecard rating. cient citywide IT implementation. The job at hand—managing so Cosgrave also re- many large and expensive proj- vamped the opera- hen she signed on as CIO ects—hasn’t been fast or easy. In Au- tion of New York’s of California in December gust, officials gathered to reform the 311 problem resolu- W 2007, Teri Takai shoul- state’s IT procurement processes. tion and information dered not only a huge responsibility, They set a goal of reducing the time service, letting citi- but some say a big mess. The state had it takes to complete major IT proj- zens send pictures about 10,000 IT workers, including ects—typically three to five years— and video over the 144 departmental and agency CIOs, to two years. The thinking is that Internet to its call and 111 in-progress IT projects with a shorter projects will translate into center so municipal staff get more de- sticker price exceeding $6 billion. cheaper ones. tailed information about the problems Takai was recruited by California Takai sees a glass half-full. Califor- people are complaining about. Governor Arnold Schwarzenegger nia’s aging IT infrastructure provides Cosgrave spearheaded the New York from Michigan, where, as that state’s a “golden opportunity” to reform City Wireless Network, which lets CIO, she created a centralized IT de- and rebuild, she says. emergency responders access finger- prints, mug shots, maps, and streaming videos over a high-speed network. Another project, the Emergency Com- munications Transformation Program, stemmed from communication failures experienced during the Sept. 11, 2001, terrorist attacks in the city. In response, the city modernized its 911 system to better handle incoming emergency calls and dispatch first responders. Ross Philo William Lord Dave Bowen A native of Queens (one of New Postal Service Air Force FAA York City’s five counties) and ap- CIO Philo oversees Lt.Gen.Lord was ap- CIO Bowen has his hands pointed by Mayor Michael Bloomberg, computers and net- pointed CIO in July.One full with an overhaul to Cosgrave is an IT veteran with experi- works linking 28,000 area of responsibility is the Federal Aviation Ad- ence in both public and private sec- locations and 650 the Combat Information ministration’s air traffic tors. He led the IRS through its Y2K applications.The Postal Transport System,which control system.In devel- transition, helped form the Transporta- Service runs a huge costs $500 million annu- opment is the NextGen tion Security Administration, and led intranet connecting ally to run.Cybersecurity Air Transportation Sys- an enterprise architecture consulting facilities across the is another focus; the Air tem,which promises to team in the design of the FAA’s country with its Wash- Force recently deployed increase air travel capac- NextGen Transportation System. ington headquarters. a new cybercommand. ity and safety.

44 Sept.28, 2009 informationweek.com techSTRATEGY

[STRATEGIC SECURITY] Full Disk Encryption Evolves Opal standard paves the way for self-encrypting hard drives

arlier this month, the Naval Hospital in Pensacola, Fla., HOW SOFTWARE AND HARDWARE APPROACHES COMPARE began notifying thousands of Pros Cons individuals that personally Eidentifiable information about them Software > Widely deployed > May not support all systems had been lost when a laptop disap- > Flexible encryption options > Costly peared. In August, the National > Strong management options > Potential performance impact Guard announced that a laptop con- > Susceptible to cold boot attack taining personal information on Hardware > OS agnostic > Requires new laptop 131,000 members had been stolen. (Opal) > Great performance > Most only supports 128-bit AES We could go on—rarely does a > Inexpensive > Limited management options month go by without an organization > Immune to cold boot attack revealing the loss or theft of a laptop brimming with sensitive data. Full disk encryption, or FDE, is Now, adoption of a new standard software-based FDE suites that can the preferred mechanism to address for hardware-based FDE, called Opal, help you avoid all these problems. this threat because, as the name im- aims to alleviate some of that pain. With software-based FDE products, plies, the technology lets IT encrypt the data on the drive can only be ac- the entire hard drive so that sensitive The Need For FDE cessed when the operating system is data is protected, no matter where it No organization can plead igno- booted and the encryption keys un- resides. But unfortunately, FDE rance of encryption options. Mi- locked. But the technology isn’t per- adoption comes at a price: complex crosoft Windows, Mac OS X, and fect—software-based FDE also has and costly deployments, additional Linux all have built-in support for drawbacks. First, a number of soft- licensing fees, and one more appli- file-system-level encryption. ware FDE products don’t support cation for IT to support. But while encrypting a file system, Linux or Mac OS X. Second, depend- or providing an encrypted folder on ing on the age and processing power an employee’s laptop, is better than of the laptop, the encryption process At A SELECTED FULL DISK nothing, it still leaves too much to can slow down a machine. Glance [ENCRYPTION PLAYERS chance. Did the employee put all sen- Finally, encryption keys are stored sitive data into that target folder? Was in the computer’s memory, which anything left in caches or temporary makes them vulnerable to a class of Opal hard-drive manufacturers: Fujitsu, Hitachi, Samsung, Seagate Technology directories? And perhaps most criti- so-called “cold boot” attacks, in which cal, without FDE, if a device is stolen encryption keys are recovered in RAM. Opal management software vendor: or lost, how do you definitively know Wave Technology that all of the sensitive information it Enter Opal contained was encrypted? In January 2009, the Trusted Com- Laptop vendors shipping Opal drives: Short answer: You don’t. puting Group released the final spec- Dell, Lenovo Vendors including Check Point ification of the Opal Security Subsys- Software-based FDE vendors: Check Software (via its PointSec acquisi- tem Class, a standard for applying Point Software, Guardian Edge, McAfee, tion), Guardian Edge, McAfee (via its hardware-based encryption. Microsoft, PGP Safeboot acquisition), and PGP offer Moving hard-drive encryption into

informationweek.com Sept.28, 2009 47 [techSTRATEGY]

hardware has a number of advantages. needs a way to access the data on the nicate with endpoints. We’re aware of For starters, it works with any OS. It drive. Conversely, if an IT administrator only one vendor—Wave Technology— also moves the computational over- leaves, the organization must be able to that’s shipping a management platform head of the encryption process to ded- change admin accounts. to tie all of this together. Wave uses a icated processors, alleviating any com- Another necessary function is the “pre-boot” operating system to set up puting load on the system’s CPU. ability to report on the state of a given admin and user accounts for unlocking In addition, the encryption/decryp- laptop or asset. If a device goes miss- the hard drive’s encryption keys before tion keys are stored in the the OS boots, and also has hard-drive controller and a Windows agent that can never sit in the system’s sync these accounts with memory, making “cold Active Directory. boot” attacks ineffective. So will software-based Hardware-based FDE FDE products go the way also simplifies the key es- of the dodo? Not likely— crow dilemma—that is, organizations with global the need to manage en- software FDE deployments cryption keys. Simply put, aren’t about to rip them the keys used by the hard out. It also will take time drive can be unlocked for companies to swap in only by a passphrase en- laptops with Opal-compat- tered during the pre-boot ible drives. Software FDE sequence. The passphrase vendors certainly don’t is sent to the hard drive project a sense of urgency, controller before the OS either. McAfee and Check boots, so the keys never Point say they see the need leave the hard drive’s for managing hardware- hardware. Also, multiple and software-based FDE. passphrases can be config- But neither has announced ured to unlock those keys. timelines for Opal support. Note that software- In contrast, on the man- based FDE products do ufacturing side, vendor allow you to choose the support for hardware- encryption algorithm and based FDEs is good. In the variable key strengths, last six months, Fujitsu, while most Opal drives Hitachi, and Samsung are limited to AES-128. have debuted Opal-com- We see this as being an is- pliant drives, and system sue only for organizations vendors Dell and Lenovo that require specific algo- are shipping laptops with rithms or larger key sizes. Opal-based drives. In fact, the hardware-based ap- Management’s A Must proach is going to come Consider yourself faster than some FDE ven- warned: Without an integrated manage- ing, can you demonstrate beyond a dors are envisioning. The technology ment infrastructure, enterprise deploy- reasonable doubt that the drive was in- will find a warm reception among or- ment and support of Opal-compliant deed protected via encryption? This ganizations struggling with their FDE hard drives will be a nightmare. There capability will have a major impact on strategies, because the advantages are are a few key features that are essential. compliance with state breach disclo- too compelling to ignore. For starters, organizations must manage sure laws and limit the fallout from po- boot passwords and password resets. If tential data loss. Greg Shipley (gshipley@neohapsis) is an employee leaves, becomes unavail- These use cases require a centralized CTO of Neohapsis, an information secu- able, or just forgets the password, IT management platform that can commu- rity and risk management firm. informationweek.com Sept.28, 2009 49 Programmer Productivity Newest ALM tools keep developers focused and on task

ultitasking is good formatics, who has spent years ex- ers—Tasktop and Sun Microsystems when it comes to com- amining developers’ work environ- to date—have built full-featured en- puter programs, letting ments. It then takes them 25 min- terprise versions that implement task them do more with utes to return to the original task. management via task-focused user Mless. But when computer program- Keeping programmers productive interfaces. These tools are proving to mers start multitasking, productivity in these fragmented work en- flies out the door. vironments is a challenge for For one thing, when programmers large software developers as have to shift tasks, it takes “a really, re- well as for IT shops develop- ally, really long time,” says Joel Spol- ing for end users. In both sky, host of the Joel On Software Web cases, application life-cycle site and co-founder of Fog Creek Soft- management tools and pro- ware. Programmers have to keep a lot cesses can help. They auto- of things in their heads at once, Spol- mate steps—such as change sky says, and the more they remem- management, build processes, ber, the more productive they are. and testing—in the develop- “A programmer coding at full throt- ment process, off-loading tle is keeping zillions of things in their work from developers and “A programmer coding head at once,” he says, “everything cutting back on the number of at full throttle is keeping from names of variables, data struc- interruptions they face. zillions of things in their tures, important APIs, the names of ALM tools like Microsoft’s Vi- head at once.” —Joel Spolsky utility functions that they call a lot, sual Studio Team System/Team even the name of the subdirectory Foundation Server and IBM’s Jazz/Ra- be particularly effective in reducing where they store their source code.” tional Team Concert have begun to ad- information overload and improving On top of that, as applications have dress the problem of keeping develop- programmer productivity. become more collaborative, complex, ers on track by identifying individual modular, and distributed, developers units of work they need to complete. Filter Out The Noise are having to track an increasing num- The emerging class of task man- Task management tools identify ber of tasks and deal with more inter- agement ALM tools take this a step the information about a system that’s ruptions from the people with whom further by providing more targeted relevant to the programmer’s task, so they’re collaborating. As a result, information and less of it. These tools that only the relevant information is they’re multitasking more frequently give developers only the information presented. By tracking a developer’s and becoming less productive. that’s critical to accomplishing a interactions with the information re- How bad is the problem? Develop- task—that is, the tools and processes lated to a task, each uniquely identi- ers spend an average of 11 minutes necessary for task management. fiable element of information is as- r k c i l

F on one task before being interrupted The Eclipse open source Mylyn signed a degree-of-interest ranking. / o n i h to deal with another, according to project is the main implementation of The more frequently and recently the p a r e

S Gloria Mark of the University of Cal- a task-focused user interface. Mylyn developer has interacted with an ele- o h n i J ifornia at Irvine’s Department of In- provides the skeleton on which oth- ment of information, the higher that

Read all about software development at Dr. Dobb’s Portal: ddj.com

informationweek.com Sept.28, 2009 51 D r. Dobb’s Report [APPLICATION LIFE-CYCLE MANAGEMENT]

element’s DOI ranking for that task. need at their fingertips, making it possi- time sheets and track actuals vs. esti- DOI rankings are used in several ways: ble to do one-click multitasking by sav- mates in an Agile planning process. >> Elements below a certain DOI ing the task context and allowing it to be Cubeon is another Mylyn-inspired threshold can be filtered out to reduce re-sorted later. Task context also can be toolset. Developed by Sun Microsystems’ the number of elements the developer shared among developers, enabling the NetBeans group and hosted on Google has to deal with. capture and reuse of expertise. This Code, Cubeon makes tasks a key part of >> Elements can be ranked accord- means that developers who want to fo- the NetBeans Java development environ- ing to their DOI so that those of high- cus on fixing a particular bug can config- ment. It’s integrated with issue-tracking est interest are at the top of a list. ure their workspace so that only code, systems that manage and maintain lists of >> They can be color-coded to indi- comments, mail, tools, and other items uncompleted tasks, software bugs, and cate ranges of DOI rankings. related to that bug are displayed. other issues. Cubeon monitors work ac- >> Finally, the display of structured in- tivity to identify what’s important, then formation elements can be automatically Mylyn Options improves productivity by reducing the managed based on DOI. For instance, Of the two Mylyn-inspired toolsets searching developers need to do. It sup- text corresponding to elements with low released to date, Tasktop’s Tasktop Pro ports tasks such as debugger breakpoint DOI can be automatically elided. is an enterprise version that integrates management, where code is broken into The Eclipse Mylyn project is an im- commercial ALM tools such as Atlass- more manageable, modular pieces for de- plementation of a task-focused user in- ian’s JIRA, Rally Enterprise, Danube’s bugging, and connectors to the Trac inte- terface. Mylyn reduces information ScrumWorks, IBM Rational’s Clear- grated software configuration manage- overload and makes programmer multi- Quest, CollabNet TeamForge, and ment project. NetBeans is in the process tasking more manageable by making ThoughtWorks Studio’s Adaptive ALM. of releasing version 1.1 of Cubeon. task management a core part of Eclipse Tasktop extends Mylyn’s productivity Developers aren’t going to stop multi- and integrating open source issue track- benefits to the rest of developers’ work tasking. Given that, it’s critical that we give ers such as Bugzilla and Trac. by letting them handle programming them tools, like Cubeon and Tasktop Pro, Once the tasks are integrated, Mylyn tasks alongside e-mail, scheduling, and that limit the information and interrup- monitors a developer’s work to identify similar apps, within the same work en- tions, and keep them focused on the most relevant information and uses this con- vironment. Since developers explicitly important tasks. —Jonathan Erickson text to focus the integrated development activate tasks when working with Task- ([email protected]) environment on the task at hand. This top, they can also use their task activa- puts the information that developers tion history to automatically fill out Continues on p. 54

52 Sept.28, 2009 informationweek.com D r. Dobb’s Report [APPLICATION LIFE-CYCLE MANAGEMENT]

Nokia Takes Task Management For A Spin s a company with innovation look at how task management might make with application life-cycle management wired deep in its DNA,it should its engineers work even smarter. technologies used for project management come as no surprise that Nokia Tasktop provides Eclipse-based integra- and collaboration. The key benefit is to has decided to take a close tion that bridges developers’ coding tools make it easier for engineers to switch be- A tween programming tasks by showing only the code relevant to a specific task.For a developer returning to a task,the task-focused interface answers the question “Now where was I?”Tasktop is commercial software based on the open source Mylyn project. Nokia’s Tasktop Deployment project has two components: A development component that integrates Tasktop and Nokia’s Eclipse-based Carbide integrated development environment,and Tasktop connectors to Danube’s ScrumWorks Pro and the software configuration management tools used

MORE DR. DOBB’S ONLINE Optimizing Algorithms informationweek.com/1242/algorithm Why Multicore Needs Virtualization informationweek.com/1242/multicore

by Nokia engineers.The deployment process takes the product of the Tasktop development component and deploys it in a way that maximizes adoption of the software.We use the Agile Scrum process to manage development and deployment, letting us respond to lessons learned along the way. ATasktop feature that will prove useful in seeing whether we’re on track is “instrumen- tation.” It provides a clickstream of user ac- tions in Eclipse, letting us build a picture of how people are using Tasktop,Carbide,and other Eclipse-based tools. User information is obfuscated,so we can’t use this feature to monitor individuals’ work. Instead it tells us that “500 users are regularly using the XYZ tool”or “30% of users are regularly using feature X,but next to no one is using feature Y.”

Andy Boyle is principal specialist and IDE concept owner at Nokia.

Continues on p.56

54 Sept.28, 2009 informationweek.com D r. Dobb’s Report

Agile Meets ALM

yndi Mitchell, managing director of Thought- Works Studios, recently talked about Agile development and application life-cycle management Cwith Dr. Dobb’s editor in chief Jonathan Erickson. Dr. Dobb’s: Does Agile make it more difficult to achieve effective ALM? Mitchell: No, Agile engineering practices, when applied effectively, make it easier to know what’s really going on in a project or within a code base. Agile does place heavier demands on ALM tool providers. Most tools are too prescriptive to support the adaptive nature of Agile once the application life cycle gets under way. Still others cover only one aspect of the application life cycle, leaving end users to cobble together disparate tools to support the entire application life cycle. Dr. Dobb’s: Is it really possible to automate all or part of the ALM process? Mitchell: Yes, though it may not always be desirable. Any place in the application life cycle where humans are required to repeatedly perform manual steps will create an opportunity to introduce errors and waste valuable resources, and these are all strong candidates for automation. Of course, there may be corner cases where the cost/benefit trade-off of automating a particular aspect of a particular stage in the life cycle doesn’t make sense. Dr. Dobb’s: Do ALM and Web 2.0 butt heads, or are they simpatico in terms of life-cycle management? Mitchell: They’re largely simpatico, but one area where they often butt heads is around the rich user experience of many Web 2.0 apps. Many of the dynamic “Ajax-ey” toolkits are difficult to test with current automated func- tional testing approaches, and this can make automating some aspects of of the application life cycle very painful. Dr. Dobb’s: What’s been the biggest change in ALM the last few years? Mitchell: There is a growing recognition that the scope of ALM is far broader than just project, program, and requirements management; it must extend to development, deployment, support, and maintenance. Of course, ALM tools need to support this entire scope as well, including a holistic approach to good Agile engineering practices. Dr. Dobb’s: Are we missing any steps? Mitchell: In an Agile environment, it’s helpful to think of the ALM process not at as sequential phases or steps, but rather as a series of short work increments, each including just enough analysis, design, development, testing, and deployment to deliver a bit of business value. The right processes and best practices are continuously discovered and improved.

informationweek.com practicalAnalysis ART WITTMANN

The Industry-Specific Cloud

he recent InformationWeek 500 Confer- voluntarily use his cloud and give up their ence had an amazing lineup of speak- own IT infrastructures. In a town where Ters, among them Werner Vogels, the budget and budget authority equate to power CTO of Amazon.com, and the federal CIO, and prestige, it’s not going to be an easy sell. Vivek Kundra. These two speakers were par- One deal killer will be any inability to meet ticularly interesting to me: Kundra because whatever requirements Congress might dream he sees a cloud infrastructure as critical to up for data sharing, privacy, and security. the federal government, and Vogels because Although I don’t think he meant to do it, of the leadership position Amazon has Vogels reinforced this notion that one size Amazon’s Vogels staked in cloud computing. They convinced probably won’t fit all when it comes to cloud me that we have yet to see the most useful it- computing. Vogels is at heart a computer sci- reinforced the notion eration of cloud computing: the industry- entist, and when he talked about security, he specific cloud. described the VPN approach that Amazon that one size For Kundra, the attraction to all things now offers: “You set it up, you administer the probably won’t fit all cloud is obvious. He’s dealing accounts and policies—just with hundreds of agencies, all like you would in your own when it comes of which have grown inde- data center.” It sounds good in pendent IT infrastructures a presentation; too bad life isn’t to cloud computing over the years. If he’s to that simple. Security is checked achieve the level of trans- through audits, and auditors parency, efficiency, and secu- look to see if you’ve complied rity that is his mandate, he’ll with either industry regulations get there by building one set or best practices. Because you (or just a few sets) of central- found a way to approach secu- ized services for use through- rity doesn’t mean that you’re in out the federal government compliance. rather than by trying to fix all those individ- The last thing Vogels wants is to start twist- ual infrastructures. ing and turning the Amazon cloud into While Kundra’s need is pretty clear, the something that can meet the arcane require- way to achieve his endgame isn’t. Could he, ments of every regulation. If the sensible ap- for instance, use Vogel’s cloud to meet his proach Amazon has taken isn’t good enough, needs? As Kundra speaks, he talks mainly then look for a different service. And it’s my about building a purpose-specific federal bet that you’ll find one. Federal, state, fi- cloud that can meet the needs of the vast ar- nance, pharma—you name it and someday ray of agencies. And while he talks about the there will be a sector-specific cloud for it. possibility of using off-the-shelf software for some purposes, he isn’t thinking about build- Art Wittmann is director of InformationWeek ing the government’s cloud that way. Analytics, a portfolio of decision-support tools It’s easy to dismiss that attitude as the typical and analyst reports. You can write to him at D.C. bureaucratic mentality that wants every- [email protected]. Register to see all thing custom built to government specs. But reports at analytics.informationweek.com. the reality is that Kundra faces the nearly im- Download our free report on public clouds at possible job of getting the federal agencies to informationweek.com/alert/iascloud.

58 Sept.28, 2009 informationweek.com

down toBusiness from the editor ROB PRESTON

Government To The Rescue

an Rather, the defrocked former CBS at least in the short term. However, the IT value Evening News anchor, recently called chains of U.S.-based companies continue to be Don President Obama to set up a spe- managed from the U.S., where much of the in- cial commission of the good and the great to tellectual property still resides and much of the make recommendations on how to save qual- value is still added. If U.S. policy makers start ity journalism in America—and by exten- telling those companies who they can hire and sion, journalism jobs and the industry itself. how they must function, they’ll start relocating Calling a vibrant national press “an immedi- even the core of their operations elsewhere. ate national priority,” Rather suggested gov- In a speech last week, Obama addressed In media as in tech, ernment financial support and the establish- the national competitiveness issue with the ment of not-for-profit foundations as possible broadest of proposals: increasing investment there are simply no alternative business models. As he sees it, the in research, education, and Internet infra- news business and the national interests it structure; promoting competitive markets federally orchestrated serves must transcend the pedestrian forces and entrepreneurship; and focusing on “na- “solutions”when of commercial supply and demand. tional priorities” such as healthcare and clean I got to thinking about Rather’s rather curi- energy technologies—all supported by more customers ultimately ous ideas when contemplating the future of than $100 billion in Recovery Act funding. the IT profession. Whenever I suggest that More specific is Rochester Institute of Tech- dictate the terms public policy can do only so much to slow nology professor Ron Hira. In a thought-pro- of commerce or divert the global economic forces reshap- voking article in Issues In Science And Technol- ing the tech industry and profession, readers ogy, Hira calls on the government to take the respond that I’d be changing my tune if it following steps toward preserving U.S. STEM were my job on the line. But as Rather’s call to (science, technology, engineering, and math) arms suggests, the news media and all related jobs: collect and share more detailed and jobs are being turned upside down as much timely data on the globalization of innovation as the U.S. tech industry is. And in media as in and R&D; set up an independent institute to tech, there are simply no government-orches- study the implications of that globalization on trated “solutions” when customers ultimately the U.S. economy; engage unions and other are dictating the terms of commerce. What’s worker groups in the STEM policy discussion, “fair” is what the market says is fair. not just employers; establish continuing edu- As much as many people would like to see cation and training programs for displaced domestic-content legislation, tax disincen- STEM workers oriented around “geographi- tives, or visa clampdowns to keep things as cally sticky” skills; and require that public- they were, the global economy no longer sector procurement favor tech products de- abides such intervention. Employers, at least, veloped in America. have a way of routing around employer-averse Most are noble endeavors, especially the policies, mainly by moving operations to focus on education and sticky-skills training. where the climate is more favorable to them. But don’t count on the government to lead This isn’t a judgment of what’s right or the tech industry to the promised land. wrong. It’s simply what is. Suraj Prakesh, VP of global delivery for India-based Wipro, Rob Preston is VP and editor in chief of rightly notes that offshore outsourcing is con- InformationWeek. You can write to Rob at sidered an American boardroom success story, [email protected].

60 Sept.28, 2009 informationweek.com