Microsoft's security, identity integration plan dragging

Microsoft executives say the company's ambitious plan to integrate security and identity software is progressing slower than hoped but that the foundation for the work will be set early next year. "It is fair to say that getting this done in non-trivial," says Bob Muglia, president of Microsoft's server and tools business. "It is taken us perhaps a little longer in some areas then we would like, but we are pretty excited about the progress that we are seeing." The evolution of Microsoft WindowsMuglia says Microsoft is in the final test phase with ForeFront Identity Manager 2.0, which is one foundational element of the platform. It was previously known as Identity Lifecycle Manager. "This ties together the identity management across an organization and enables the foundation for security configurations and security policies that run on top." Muglia says. Identity Manager is slated to ship early next year. In April, Microsoft detailed a long-term security strategy that will see it combine its identity management efforts with its Forefront security products built for clients, servers and the network edge.

Microsoft plans to pull together Active Directory, Forefront software, third-party products and tie it all together with the forthcoming Forefront Protection Manager console (formerly called Stirling), a centralized management panel for all the Forefront security products also slated to ship in early 2010. Analysts have called the effort an ambitious plan that will challenge Microsoft to build coherent security architecture. The company plans to integrate its security and identity products under the Forefront brand, offer software-as-a-service versions and present it all as a layered defense of access and control for its corporate infrastructure software. Microsoft officials say the identity and security message is a natural outgrowth of last year's corporate reorganization that merged two business groups - Identity/Access and Security/Access - into the Identity and Security Business Group. "We don't see ourselves as providing the only solution that an enterprise customer needs for security; we see ourselves providing a broad foundation of security services that a company can rely upon," Muglia says. "Then we can work with the rest of the industry to meet the specific needs as they might have for their given organizations on a security basis." The foundation starts with Active Directory and its ability to manage identities and credentials and to integrate with the cloud via Active Directory Federation Services and the Windows Identity Foundation (formerly Geneva) when it ships near the end of this year. On top of that is the protection layer Microsoft will add that includes, among other tools, antivirus and antimalware capabilities housed in the Forefront products. Active Directory includes policies and privileges that extend to the edge of the network and are managed by Forefront Identity Manager.

Microsoft's Forefront lineup includes Forefront Endpoint Protection 2010 (formerly Forefront Client Security), Forefront Protection 2010 for Exchange Server (formerly Forefront Security for Exchange Server), Forefront Protection 2010 for SharePoint (formerly Forefront Security for SharePoint), Forefront Online Protection for Exchange (formerly Forefront Online Security for Exchange) and Forefront Threat Management Gateway Web Security Service (successor to ISA Server 2006). The unifying piece is Forefront Protection Manager, which ensures all the tiers are integrated and combined with security assessment data from third-party products. And Microsoft has said third-party partners would develop for Protection Manager, including Brocade, Juniper Networks, Kaspersky, Tipping Point and RSA. It's a heady slate of software and services, all built or acquired by Microsoft and its partners, that needs to come together into a logical whole. Protection Manager also will tie in with System Center Management tools, including Operations Manager and Configuration Manager. In April, Scott Crawford, an analyst with Enterprise Management Associates, said, "Microsoft has taken on a substantial challenge." Follow John on Twitter: twitter.com/johnfontana

Ten signs from companies that point to an upturn

With unemployment high and an outlook that's improving but still uncertain, the best responses coming out of the big tech companies about the immediate future is tempered optimism. But some of the more interesting clues about what's ahead for tech many be in the results of companies with a more specialized market focus. IBM's recent assessment that the economy has " really stabilized " may have best summarized expectations.

Here are 10 data points about the most recent third quarter. 1. If there's one industry to watch next year, it is clean technology. For instance, SunPower Corp.'s third quarter revenue was $466 million compared with $298 million in the second quarter. The federal government stimulus package set aside billions for a sector that's already heating up. That compares to $378 million in the third quarter of 2008. Its share price may have taken a hit on a lower outlook, but the company's career page lists 60 job openings. 2. Venture capital investments are increasing. There was a decline of 3% in the overall number of deals, according to report from PricewaterhouseCoopers LLP and the National Venture Capital Association. In the third quarter there was $4.8 billion in 637 deals, a 17% increase in terms of dollars from the prior quarter, driven by clean tech investments.

The slight decline in deals, from 657 in the prior quarter, may mean a shift to longer term investments, according to the industry association. 3. Hynix Semiconductor Inc., a memory chip maker in Seoul, on Monday reported a net profit of $207 million for the third quarter after seven consecutive quarters of losses. Revenues were $2.2 billion, a new record for the Lake Forest, Calif.-based company. 5. Last week, Riverbed Technology Inc.'s third quarter revenue was $102 million, an increase of 12% from $91 million from the second quarter and an increase of 18% from $86.5 million from the same period a year ago. It was also a 26% increase over the previous quarter. 4. Hard drive maker Western Digital Corp. said last week that it had finished it most recent quarter with 44.1 million hard drive shipments compared to 39.4 million shipments in the year ago quarter. The San Francisco-based company makes WAN optimization technology, which helps improve application response times, something SaaS (software as a service) applications, in particular, need. 6. Infinera Corp. revenues for the third quarter were $83.4 million, compared to $68.9 million for the second quarter this year, a 21% increase. It makes InfiniBand and Ethernet connectivity products. 10. Intel Corp. is a good company to end this list because its outlook on chips, with third quarter revenue of $9.4 billion, was up $1.4 billion from the prior quarter, and IT spending helped set the stage for an improving outlook.

The Sunnyvale, Calif.-based company makes digital optical networking systems sold to carriers and said its results demonstrated that customers are investing again. 7. Splunk Inc., a privately held company in San Franciscisco that produces a tool for searching, analyzing and troubleshooting IT infrastructure, said its year through third quarter revenue was $26.6 million, compared to $13.1 for the same three quarters last year. 8. Apple Computer Inc. sold 3.05 million Macs during the third quarter, a 17% increase over the year-ago quarter, evidence that for consumers, some things are indispensible. 9. Mellanox Technologies, Ltd., a company based in Sunnyvale, Calif. and Yokneam, Israel, reported $32.7 million in third quarter revenue this month, a 29% increase over its second quarter revenue of $25.3 million. It sees "momentum."

Gartner raises global chip forecast on strong PC sales

Gartner raised its revenue forecast for the global chip industry on Monday due to stronger than expected demand for PCs and mobile phones, as well as government stimulus programs that have boosted demand for chips. The revised figure is an improvement over Gartner's previous forecast calling for a drop of 17.1 percent to $212 billion. The market researcher predicts global chip revenue will reach US$226 billion this year, down 11.4 percent from $255 billion last year. Gartner also raised its projection for 2010, saying chip revenue will rise 13 percent to $255 billion, matching the all-time-high from 2008. The researcher had previously forecast 10.3 percent growth next year to $233 billion.

The strong recovery in PC demand has made microprocessors and DRAM two of the strongest performers in chips 2009, Gartner said. The new forecast marks the second time Gartner has increased its global chip outlook in less than three months. "The semiconductor market's recovery is well under way, and the outlook continues to improve as semiconductor suppliers post outstanding quarterly results," Gartner analyst Bryan Lewis wrote in a report on Monday. "PCs are the single largest application driving the semiconductor rebound: PC unit growth projections dramatically improved from double-digit declines at the start of 2009 to the current low-single-digit positive outlook," he added. DRAM in particular began to be profitable in the third quarter for some companies after almost three years of losses. Despite the positive news, Lewis warned that recent industry checks indicate PC orders may be slowing earlier than expected and that 2010 may get off to a slow start.

Verizon revenue up slightly in third quarter

Verizon Communications reported revenue of US $27.3 billion for the third quarter of 2009, up 10.2 percent from a year earlier, but up only 0.6 percent if revenue from the January acquisition of competitor AllTel is taken out. Gains in the quarter were largely driven by growth in mobile customers and subscribers for Verizon's Fios fiber-based broadband and television service. Verizon's net income for the quarter was $2.9 billion, down from $3.2 billion in the third quarter of 2008. Adjusted earnings per share were $0.60, beating analyst expectations of $0.59, according to Thomson Reuters.

Verizon CEO and Chairman Ivan Seidenberg cited free cash-flow growth that is 16 percent higher in 2009 than in 2008 as a highlight of the quarter. Verizon Wireless revenue was $15.8 billion for the quarter, up 24.4 percent over last year, or 4.9 percent on a pro forma basis. Free cash flow for the quarter was $10.7 billion, up by $3.3 billion from the third quarter of 2008. "Verizon continues to generate strong cash flow, which we have used in building the foundation for sustainable, long-term share-owner value," he said in a statement. "Even through the worst of the recession, we have continued to raise our dividend and to add new customers, expand markets and grow revenues based on the power and innovation of Verizon's wireless, broadband and global networks." Verizon reported 89 million mobile customers at the end of the quarter, with 1.2 million net additions, excluding acquisitions and adjustments. Wireless data revenue grew to $4.1 billion, up 28.9 percent on a pro forma basis. The company now has 3.3 million Fios Internet customers, up 49.2 percent over a year ago, and 9.2 million broadband subscribers, including DSL (Digital Subscriber Line). Wireline revenue overall was $11.6 billion, down 4.8 percent from the third quarter of 2008. Verizon also saved money by cutting about 5,000 employee and contractor jobs, 4,000 in its wireline division, during the quarter, said John Killian, executive vice president and chief financial officer.

Verizon's wireline division added 198,000 new Fios Internet customers and 191,000 new Fios television customers. The company expects to cut another 4,000 jobs in the fourth quarter, he said. The bad U.S. economy "continues to create headwinds" for the company, but Verizon is taking steps to keep costs down, Killian added. "I'm confident that when the economy gets better, we will see improvement in our results," Killian said during a conference call.

New H-1B hiring bill takes aim at tech firms

The two lawmakers who successfully added H-1B hiring restrictions to the financial bailout bill earlier this year have introduced legislation that would bar any firm that lays off 50 or more workers from hiring guest workers. Bernie Sanders (I-Vt.) and Sen. This legislation, introduced by Sen.

Charles Grassley (R-Iowa), could potentially affect a broad swath of tech firms that have laid off large numbers of workers but continue hiring. In February, Grassley and Sanders moved to prohibit any financial services firm that received money from the Troubled Assets Relief Program (TARP) from hiring H-1B holders. The high-tech industry overall has laid off more than 345,000 workers since August 2008, according to the two senators in the unveiing of what they called the Employ America Act. "With the unemployment rate over 10%, companies that undertake mass layoffs shouldn't need to hire foreign guest workers when there are plenty of qualified Americans looking for jobs," said Grassley, in a statement yesterday. That blanket restriction on hiring wasn't adopted, but Congress did agree to automatically make any firm receiving TARP funds "H-1B dependent." A company is considered H-1B dependent if more than 15% of their workers are on the H-1B visa, but the TARP restriction applies regardless of the percent of visa holders on the payroll. With the Senate expected to receive an immigration overhaul bill early next year, the prospects for any H-1B-related legislation is uncertain and probably unlikely to pass.

Companies that are H-1B dependent must, among the things, make good faith efforts to hire U.S. workers first. Grassley and U.S. Sen. That provision is aimed at Indian outsourcing firms . The legislation also sets higher salary standards for visa workers as well as anti-fraud provisions. Dick Durbin (D-Ill) introduced the H-1B and L-1 Visa Reform Act of 2009 earlier this year (S.887) that would set a number of restrictions on H-1B use, including the so-called 50-50 provision that would prohibit any firm with more than 50 workers from having more than half workforce on H-1B or L-1 visas. Conversely, U.S. Rep.

The Sanders-Grassley bill would apply as well to companies hire workers on the H-2B visa, which is used in occupations such as construction, health care, food service, among others. Jeff Flake (R-Ariz.) has proposed legislation that would to increase the H-1B cap and that would exempt foreign graduates of U.S. Ph.D. programs from counting toward a cap on H-1B visas. The bill wasn't available online Thursday.

Trial to begin in economic espionage case involving China

A jury trial is set to begin in a somewhat rare trade-secret theft case in which federal prosecutors are trying to prove that two engineers misappropriated trade secrets from a U.S. technology company to benefit China's government. The law was passed in response to a perceived need to protect U.S. trade secrets and intellectual property from foreign government-sponsored theft. The case is being prosecuted under a rarely used provision of the Economic Espionage Act (EEA) of 1996, which deals with the theft of trade secrets for the benefit of a foreign nation. There have been only five cases so far in which individuals have been indicted under this provision in the EEA. Last June, Xiaodong Meng, 44, a software engineer born in China, became the first to be sentenced under the law.

The current case is being heard in U.S. District Court for the Northern District of California and involves Lan Lee, a U.S. citizen and Yuefei Ge, a Chinese national. Meng was sentenced to two years and ordered to pay a fine of $10,000 after he pleaded guilty to, among other things (PDF document), stealing at least six source-code products and more than 100 other software components from his employer, Quantum 3D Inc. Both individuals were arrested in June 2006 for allegedly stealing trade secrets from their employer, NetLogic Microsystems (NLM), and another company, Taiwan Semiconductor Manufacturing Company (TSMC). They are accused of then using the stolen information to establish a start-up and of having tried to get funding for it from a Chinese government initiative called the "863 program." Both men have pleaded not guilty to the charges against them. The case is significant because to win, prosecutors will need to prove that the defendants knew their alleged theft would benefit the government of China, said Todd Sullivan, partner with Womble Carlyle Sandridge & Rice, PLLC. That is different from most trade-secret theft cases, which involve prosecution under a separate provision of the EEA that criminalizes domestic espionage, he said. "The government has to prove that a foreign government, foreign instrumentality, or foreign agent was involved," in the theft in order to win a conviction, Sullivan said. Jury selection in the case began today and the trial is set to begin on Wednesday.

It is unclear what kind of evidence the government has in its possession to back-up its allegations in this case, he said. Prosecutors alleged that the pair planned on using the misappropriated software to develop and market microprocessors in China and elsewhere via a company called Sico Microsystems Inc, which Lee had established in 2002. Prosecutors say documents found on computers belonging to Lee and Ge established a link between Sico and China's 863 funding program. But based on the fact that prosecutors are pressing ahead with the trial, they appear to believe they have the evidence linking the thefts to China, he said. "I am assuming the government has e-mail communications, or telephone conversations, between these employees and agents of the Chinese government," Sullivan said. "Or maybe they have payments going from a Chinese institutions to the engineers." Court documents filed in connection with the case allege that between May 2002 and July 2003, Lee and Ge illegally downloaded and installed on their systems components of TSMC's software that NLM was using to develop microprocessor products. One of the documents found on Lee's computer was a business agreement between Sico and a Beijing-based venture capital firm in which both parties agree to tap the 863 program for funds. The 863 funding program was apparently set up by China to encourage technology development in the country, especially in areas such as communications, laser technology and military applications. Another document talked about a plan by Sico to bid on a project in China on the 863 plan, while another one was a business plan seeking close to $4 million from the 863 program.

The indictment papers, however, stop short of directly making any allegations against China, other than implying that the allegedly misappropriated trade secrets would benefit the country.

Boise State ditches Cisco DNS

Boise State University, the largest university in Idaho, has replaced its aging Cisco Network Registrar software with appliances from BlueCat Networks that it says are easier to manage and less expensive to operate for Domain Name System  and Dynamic Host Configuration Protocol services. The fiber-optic backbone network is being upgraded to 10G Ethernet in December, with 100Mbps bandwidth to the desktop. Boise State's network links more than 170 buildings spread across its 175-acre campus in downtown Boise.

The network carries data and voice traffic, and it supports 2,300 IP-based phones. But when it comes to core network infrastructure services such as DNS and DHCP, the university decided Cisco's Network Registrar was too expensive to operate. Boise State is a Cisco shop; the university uses all Cisco switches, routers, IP phones, wireless access points and wireless controllers on its network, which supports 21,000 students, faculty and staff. Case study: The Google-ization of Bechtel   Boise State isn't the only organization to discover that it could save money by switching from DNS software to DNS appliances. Boise State had the same problem.

The Nevada Department of Corrections recently bought DNS appliances from BlueCat rival Infoblox to replace DNS software from Novell that was requiring too much time from network administrators. Until this summer, the university was running an old edition of Cisco Network Registrar - Version 5.5, which was at the end of its life - on a Windows server for its DNS and DHCP services. "It was very limited as far as what was actually in the database for DNS and DHCP, and what you could see through the [graphical user interface]," says Diane Dragone, network engineer at Boise State. "There was no easy way to see what was really in the database except through command line tools." In addition, Boise State had to do custom coding in order to make this older version of Cisco Network Registrar work with all the vendor tags needed for DHCP. Boise State needed to upgrade the Cisco Network Registrar software, but that option was too expensive, Dragone says. Dragone explored several alternatives, including DNS software from Novell, Microsoft and Men & Mice. Cisco ended support for Cisco Network Registrar Version 5.5 in May 2006, and it is now selling Version 7.0 of the software. "We didn't want to pay the price for upgrading the software; it became extremely expensive," Dragone says. But eventually she zeroed in on appliances, and ended up testing devices from BlueCat and Infoblox. The retail cost of the two appliances was $26,000. "It came down to cost," Dragone says. "Plus, there were a couple things in the [interface] of the management system that I liked better, but they were very small." Dragone said installation of the Adonis 1000s was easy. "I spent a few weeks on my own learning the interfaces on the Adonis system, the GUI interface and the command-line interface, until I had a good comfort level.

Boise State bought two BlueCat Adonis 1000 appliances, which are set up to be redundant to each other. Then I did a testbed of two small buildings…to roll them onto the system for DNS and DHCP so we could test our Active Directory integration and our VoIP to make sure we had no issues," she explains. She says she can patch the appliances in the middle of the work day, rather than scheduling off-hours maintenance. Dragone said it took three weeks to migrate the entire campus network to the DNS and DHCP services from the BlueCat appliances. "We had no helpdesk calls as a result of the conversion," she says. "People didn't really know it happened." Dragone's favorite features of the Adonis system are the search capabilities and the instantaneous replication between the master and slave systems. Boise State hasn't experienced any outages or other significant problems with the BlueCat appliances. "I have no complaints whatsoever," Dragone says. "I like all the reports that you can look at.

That has really come in handy." Operating modern appliances is a lot easier than keeping aging software running, Dragone says. "There are savings headache wise," Dragone says. "I spent an entire week in December trying to figure something out that never got resolved. The other thing I really like is the tool for checking your DNS database before you deploy your configuration. There were a lot of band-aid fixes on the old system to the point where we were shuffling around where the DHCP was coming from." Cisco declined to comment for this article. Among BlueCat's higher ed customers are UC Berkeley, UCLA, the University of Michigan and the University of Calgary. Branko Miskov, director of product management at BlueCat Networks, says more universities like Boise State are migrating to appliances for DNS and DHCP services. This segment now represents more than 10% of BlueCat's sales. "We've actually had some pretty significant traction in the higher ed market…in the last 18 months," Miskov says. "They're a little more diverse in terms of the feature sets they use, whereas a lot of enterprises are pretty much uniform.

The dorms have different requirements than the university buildings, so they really use the full extent of our gear." Miskov says universities are upgrading their core network services in response to the explosion of IP devices in dorm rooms, such as computers, PDAs and gaming consoles. "Each dorm room might require three or four IP addresses, and that's not even thinking about the faculty requirements," Miskov says. "For those that are rolling out VoIP, that introduces a whole slew of new IP addresses into the mix and makes it harder to manage."